Commission Guide (V100R002C00 04)

Quidway S9300 Terabit Routing Switch
V100R002C00
Commission Guide
Issue 04
Date 2009-11-10
Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © Huawei Technologies Co., Ltd. 2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Proprietary and Confidential

Commission Guide Contents
Contents
About This Document.....................................................................................................................1

1 Commissioning Process............................................................................................................1-1
2 Commissioning Preparations...................................................................................................2-1
2.1 Preparing the Hardware...................................................................................................................................2-2
2.2 Preparing the Software....................................................................................................................................2-2
2.3 Preparing the Tools.........................................................................................................................................2-3
2.4 Preparing Data.................................................................................................................................................2-4
3 Precautions..................................................................................................................................3-1
4 Basic Commissioning................................................................................................................4-1
4.1 Logging In to the S9300 Through the Console Port.......................................................................................4-2
4.2 Checking the System Information...................................................................................................................4-5
4.2.1 Checking the Health Status of the S9300...............................................................................................4-5
4.2.2 Checking the Software Versions............................................................................................................4-8
4.2.3 Checking the Status of Boards...............................................................................................................4-9
4.2.4 Checking the Status of Interfaces.........................................................................................................4-10
4.2.5 Checking the License...........................................................................................................................4-11
4.3 Setting the System Name..............................................................................................................................4-12
4.4 Setting the System Time...............................................................................................................................4-13
4.5 Switching User Level....................................................................................................................................4-15
4.6 Configuring the Remote Login Function......................................................................................................4-15
4.6.1 Setting the Management IP Address....................................................................................................4-16
4.6.2 Configuring the Telnet Service............................................................................................................4-18
4.6.3 Configuring the FTP Service................................................................................................................4-20
4.6.4 Configuring the SSH Service...............................................................................................................4-22
4.6.5 Configuring the ACL to Filter Access Users.......................................................................................4-25
4.7 Configuring IP Routing.................................................................................................................................4-27
4.7.1 Configuring the Default Route.............................................................................................................4-27
4.7.2 Configuring OSPF................................................................................................................................4-28
4.8 Saving the Configuration..............................................................................................................................4-30
5 Typical Service Commissioning..............................................................................................5-1

5.1 Configuration Guide - IP Service ...................................................................................................................5-3
Issue 04 (2009-11-10) Huawei Proprietary and Confidential i

Contents Commission Guide
5.1.1 ARP Configuration.................................................................................................................................5-3

5.1.2 DHCP Configuration............................................................................................................................5-15
5.1.3 IP Performance Configuration.............................................................................................................5-18
5.1.4 IP Unicast PBR Configuration.............................................................................................................5-24
5.1.5 UDP Helper Configuration...................................................................................................................5-31
5.2 Configuration Guide - IP Routing ................................................................................................................5-33
5.2.1 Static Route Configuration...................................................................................................................5-34
5.2.2 RIP Configuration................................................................................................................................5-42
5.2.3 OSPF Configuration.............................................................................................................................5-51
5.2.4 IS-IS Configuration..............................................................................................................................5-91
5.2.5 BGP Configuration.............................................................................................................................5-122
5.2.6 Routing Policy Configuration............................................................................................................5-155
5.3 Configuration Guide - Network Management............................................................................................5-175
5.3.1 SNMP Configuration..........................................................................................................................5-175
5.3.2 RMON and RMON2 Configuration...................................................................................................5-190
5.3.3 NTP Configuration.............................................................................................................................5-197
5.3.4 LLDP Configuration..........................................................................................................................5-212
5.3.5 NQA Configuration............................................................................................................................5-227
5.4 Configuration Guide - Ethernet...................................................................................................................5-321
5.4.1 Ethernet Interface Configuration........................................................................................................5-322
5.4.2 Link Aggregation Configuration........................................................................................................5-324
5.4.3 VLAN Configuration.........................................................................................................................5-330
5.4.4 VLAN Mapping Configuration..........................................................................................................5-340
5.4.5 QinQ Configuration............................................................................................................................5-351
5.4.6 MAC Address Table Configuration...................................................................................................5-363
5.4.7 MSTP Configuration..........................................................................................................................5-369
5.4.8 BPDU Tunnel Configuration.............................................................................................................5-376
5.4.9 LDT Configuration.............................................................................................................................5-402
5.4.10 RRPP Configuration.........................................................................................................................5-403
5.5 Configuration Guide - Multicast.................................................................................................................5-477
5.5.1 Layer 2 Multicast Configuration........................................................................................................5-478
5.5.2 IGMP Snooping Configuration..........................................................................................................5-483
5.5.3 IGMP Proxy Configuration................................................................................................................5-486
5.5.4 IGMP Configuration..........................................................................................................................5-497
5.5.5 PIM-DM Configuration......................................................................................................................5-506
5.5.6 PIM-SM Configuration......................................................................................................................5-511
5.5.7 MSDP Configuration..........................................................................................................................5-529
5.5.8 Multicast Route Management............................................................................................................5-550
5.6 Configuration Guide - Reliability...............................................................................................................5-558
5.6.1 DLDP Configuration..........................................................................................................................5-559
5.6.2 Smart Link Configuration..................................................................................................................5-561
5.6.3 VRRP Configuration..........................................................................................................................5-571
ii Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Commission Guide Contents
5.6.4 BFD Configuration.............................................................................................................................5-599

5.6.5 Ethernet OAM Configuration.............................................................................................................5-609
5.6.6 Hot Backup and Active/Standby Switchover Configuration.............................................................5-627
5.7 Configuration Guide - QoS.........................................................................................................................5-628
5.7.1 Class-based QoS Configuration.........................................................................................................5-628
5.7.2 Traffic Policing and Traffic Shaping Configuration..........................................................................5-641
5.7.3 Congestion Avoidance and Congestion Management Configuration................................................5-657
5.7.4 Mirroring Configuration.....................................................................................................................5-661
5.8 Configuration Guide - Security...................................................................................................................5-670
5.8.1 AAA and User Management Configuration.......................................................................................5-671
5.8.2 DHCP Snooping Configuration.........................................................................................................5-678
5.8.3 IP Source Guard Configuration..........................................................................................................5-698
5.8.4 ARP Security Configuration..............................................................................................................5-700
5.8.5 Traffic Suppression Configuration.....................................................................................................5-706
5.8.6 IP Source Trail Configuration............................................................................................................5-708
5.8.7 URPF Configuration..........................................................................................................................5-709
5.8.8 ACL Configuration............................................................................................................................5-711
5.9 Configuration Guide - MPLS......................................................................................................................5-714
5.9.1 Static LSP Configuration...................................................................................................................5-715
5.9.2 MPLS LDP Configuration.................................................................................................................5-735
5.9.3 MPLS TE Configuration....................................................................................................................5-785
5.9.4 MPLS Common Configuration..........................................................................................................5-899
5.9.5 MPLS OAM Configuration................................................................................................................5-903
5.10 Configuration Guide - VPN......................................................................................................................5-926
5.10.1 VPN Tunnel Management................................................................................................................5-926
5.10.2 GRE Configuration..........................................................................................................................5-954
5.10.3 BGP/MPLS IP VPN Configuration..................................................................................................5-973
5.10.4 VLL Configuration.........................................................................................................................5-1053
5.10.5 PWE3 Configuration......................................................................................................................5-1135
5.10.6 VPLS Configuration.......................................................................................................................5-1197
A Appendix...................................................................................................................................A-1
A.1 Testing the Optical Power of the Interfaces on the S9300............................................................................A-2
A.2 License Description.......................................................................................................................................A-3
Issue 04 (2009-11-10) Huawei Proprietary and Confidential iii

Commission Guide Figures
Figures
Figure 1-1 Commissioning flowchart...................................................................................................................1-1

Figure 4-1 Console port of the S9300..................................................................................................................4-2
Figure 4-2 Creating a connection.........................................................................................................................4-3
Figure 4-3 Configuring the connection port.........................................................................................................4-4
Figure 4-4 Setting the communication parameters...............................................................................................4-4
Figure 4-5 Typical networking of commissioning.............................................................................................4-16
Figure 4-6 Networking diagram for configuring OSPF.....................................................................................4-28
Figure 5-1 Networking diagram for configuring ARP.........................................................................................5-4
Figure 5-2 Networking diagram for configuring routed proxy ARP...................................................................5-6
Figure 5-3 Networking diagram for configuring intra-VLAN proxy ARP..........................................................5-8
Figure 5-4 Networking diagram for configuring inter-VLAN proxy ARP........................................................5-11
Figure 5-5 Networking diagram for configuring Layer 2 topology detection....................................................5-13
Figure 5-6 Networking diagram for configuring the DHCP relay agent............................................................5-16
Figure 5-7 Networking diagram for disabling the sending of ICMP redirection packets..................................5-19
Figure 5-8 Networking diagram for disabling the sending of ICMP host unreachable packets........................5-22
Figure 5-9 Networking diagram for configuring PBR based on the protocol type............................................5-25
Figure 5-10 Networking diagram for configuring PBR based on the packet length..........................................5-28
Figure 5-11 Networking diagram for configuring UDP helper..........................................................................5-32
Figure 5-12 Networking diagram for configuring static routes..........................................................................5-34
Figure 5-13 Networking diagram for configuring BFD for static routes...........................................................5-38
Figure 5-14 Networking diagram for configuring the RIP version....................................................................5-42
Figure 5-15 Network diagram of configuring RIP to import external route......................................................5-46
Figure 5-16 Networking diagram for configuring the basic OSPF functions....................................................5-51
Figure 5-17 Networking diagram for configuring a stub area............................................................................5-58
Figure 5-18 Networking diagram for configuring an NSSA area......................................................................5-63
Figure 5-19 Networking diagram for configuring DR election of an OSPF process.........................................5-67
Figure 5-20 Networking for configuring an OSPF virtual link..........................................................................5-73
Figure 5-21 Networking diagram for configuring load balancing among OSPF routes....................................5-78
Figure 5-22 Networking diagram for configuring OSPF GR.............................................................................5-83
Figure 5-23 Networking diagram for configuring BFD for OSPF.....................................................................5-86
Figure 5-24 Networking diagram for configuring basic functions of IS-IS.......................................................5-91
Figure 5-25 Networking diagram for configuring IS-IS route aggregation.......................................................5-97
Figure 5-26 Networking diagram for configuring the DIS election.................................................................5-102
Issue 04 (2009-11-10) Huawei Proprietary and Confidential v

Figures Commission Guide
Figure 5-27 Networking diagram for configuring IS-IS load balancing..........................................................5-107

Figure 5-28 Networking diagram of IS-IS GR configuration..........................................................................5-112
Figure 5-29 Networking diagram for configuring BFD for IS-IS....................................................................5-116
Figure 5-30 Networking diagram for configuring basic BGP functions..........................................................5-122
Figure 5-31 Networking diagram for configuring BGP to interact with an IGP..............................................5-128
Figure 5-32 Networking diagram for configuring BFD for BGP....................................................................5-133
Figure 5-33 Networking diagram of BGP route selection................................................................................5-139
Figure 5-34 Networking diagram for configuring a BGP RR..........................................................................5-144
Figure 5-35 Networking diagram for configuring a BGP confederation.........................................................5-150
Figure 5-36 Networking diagram for filtering the received and advertised routes..........................................5-155
Figure 5-37 Networking diagram for applying a routing policy to the imported routes..................................5-161
Figure 5-38 Networking diagram for configuring IP FRR on a public network..............................................5-166
Figure 5-39 Networking diagram for configuring IP FRR on a private network.............................................5-170
Figure 5-40 Networking diagram for configuring basic SNMP functions.......................................................5-175
Figure 5-41 Networking diagram for specifying an NMS to manage the S9300.............................................5-177
Figure 5-42 Networking diagram for configuring different NMSs to access the S9300.................................5-180
Figure 5-43 Networking diagram for configuring different NMSs to access the S9300 (inform mode).........5-184
Figure 5-44 Networking diagram for configuring the batch statistics collection.............................................5-188
Figure 5-45 Networking diagram for configuring RMON...............................................................................5-191
Figure 5-46 Networking diagram for configuring RMON2.............................................................................5-194
Figure 5-47 Networking diagram for configuring the unicast client/server mode...........................................5-197
Figure 5-48 Networking diagram for configuring the NTP peer mode............................................................5-202
Figure 5-49 Networking diagram for configuring the NTP broadcast mode...................................................5-204
Figure 5-50 Networking diagram for configuring the NTP multicast mode....................................................5-209
Figure 5-51 Networking diagram for configuring LLDP.................................................................................5-213
Figure 5-52 Networking diagram for configuring LLDP when an Eth-Trunk is used on the network............5-217
Figure 5-53 Networking diagram for configuring LLDP when an interface has multiple neighbors..............5-223
Figure 5-54 Networking diagram for configuring the ICMP test.....................................................................5-228
Figure 5-55 Networking diagram for configuring the DHCP test....................................................................5-230
Figure 5-56 Networking diagram for configuring the FTP download test.......................................................5-232
Figure 5-57 Networking diagram for configuring the FTP upload test............................................................5-234
Figure 5-58 Networking diagram for configuring the HTTP test....................................................................5-237
Figure 5-59 Networking diagram for configuring the DNS test......................................................................5-238
Figure 5-60 Networking diagram for configuring the traceroute test..............................................................5-240
Figure 5-61 Networking diagram for configuring the SNMP query test.........................................................5-242
Figure 5-62 Networking diagram for configuring the TCP test.......................................................................5-244
Figure 5-63 Networking diagram for configuring the UDP test......................................................................5-247
Figure 5-64 Networking diagram for configuring the Jitter test......................................................................5-249
Figure 5-65 Networking diagram for configuring the MAC Ping test.............................................................5-251
Figure 5-66 Networking diagram for configuring the LSP Ping test...............................................................5-254
Figure 5-67 Networking diagram for configuring the LSP Jitter test..............................................................5-257
Figure 5-68 Networking diagram for configuring the LSP traceroute test......................................................5-260
vi Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Figure 5-69 Networking diagram of the MPing reserved group......................................................................5-264

Figure 5-70 Networking diagram of the MPing for common group addresses................................................5-266
Figure 5-71 Networking diagram of MTrace...................................................................................................5-272
Figure 5-72 Networking diagram for checking the multicast path from the multicast source to the local S9300
...........................................................................................................................................................................5-277
...........................................................................................................................................................................5-283
...........................................................................................................................................................................5-288
Figure 5-75 Networking diagram for configuring the PWE3 Ping test on the single-hop PW........................5-293
Figure 5-76 Networking diagram for configuring the PWE3 Ping test on a multi-hop PW............................5-297
Figure 5-77 Networking diagram for configuring the PWE3 Trace test on a single-hop PW.........................5-303
Figure 5-78 Networking diagram for configuring the PWE3 Trace test on a multi-hop PW..........................5-307
Figure 5-79 Networking diagram for configuring an NQA test group............................................................5-313
Figure 5-80 Network diagram for configuring the NQA threshold.................................................................5-317
Figure 5-81 Networking diagram for configuring Ethernet interfaces.............................................................5-323
Figure 5-82 Networking diagram for configuring link aggregation in manual load balancing mode.............5-325
Figure 5-83 Networking diagram for configuring link aggregation in static LACP mode..............................5-327
Figure 5-84 Networking diagram for configuring trunk..................................................................................5-331
Figure 5-85 Typical networking of VLAN configuration................................................................................5-333
Figure 5-86 Typical networking of MUX VLAN configuration......................................................................5-336
Figure 5-87 Typical networking of VLAN damping configuration.................................................................5-339
Figure 5-88 Networking diagram for configuring VLAN mapping of single VLAN tag................................5-341
Figure 5-89 Networking diagram for configuring VLAN mapping of double VLAN tags.............................5-344
Figure 5-90 Networking diagram for configuring flow-based VLAN mapping..............................................5-347
Figure 5-91 Networking diagram for configuring QinQ on interfaces............................................................5-352
Figure 5-92 Typical networking of selective QinQ..........................................................................................5-355
Figure 5-93 Typical networking of selective QinQ..........................................................................................5-359
Figure 5-94 Networking diagram for configuring the MAC address table......................................................5-364
Figure 5-95 Networking diagram for configuring the limitation on MAC address learning based on VLAN
...........................................................................................................................................................................5-366
Figure 5-96 Networking diagram for configuring the limitation on MAC address learning based on VSI.....5-368
Figure 5-97 Networking diagram for configuring basic MSTP functions.......................................................5-370
Figure 5-98 Networking diagram for configuring port-based BPDU tunnels (different roles).......................5-377
Figure 5-99 Networking diagram for configuring port-based BPDU tunnels (same role)...............................5-383
Figure 5-100 Networking diagram for configuring VLAN-based BPDU tunnels...........................................5-388
Figure 5-101 Networking diagram for configuring QinQ-based BPDU tunnels.............................................5-395
Figure 5-102 Networking diagram of single RRPP ring with multiple instances............................................5-404
Figure 5-103 Networking diagram of crossed RRPP rings with multiple instances........................................5-418
Figure 5-104 Networking diagram of crossed RRPP rings with multiple instances........................................5-441
Figure 5-105 Networking diagram of tangent RRPP rings with multiple instances........................................5-462
Figure 5-106 Networking diagram for configuring static Layer 2 multicast for a VLAN...............................5-479
Figure 5-107 Networking diagram for configuring multicast VLAN replication on the S9300......................5-481
Issue 04 (2009-11-10) Huawei Proprietary and Confidential vii

Figure 5-108 Networking diagram for configuring VLAN-based IGMP snooping.........................................5-484

Figure 5-109 Networking diagram for configuring a static router interface....................................................5-487
Figure 5-110 Networking diagram for configuring a multicast group policy..................................................5-489
Figure 5-111 Networking diagram for configuring prompt leave for interfaces in a VLAN...........................5-491
Figure 5-112 Networking of VLAN-based IGMP proxy.................................................................................5-494
Figure 5-113 Networking diagram for configuring basic IGMP functions......................................................5-497
Figure 5-114 Networking of the SSM mapping configuration........................................................................5-501
Figure 5-115 Networking diagram for configuring basic PIM-DM functions.................................................5-507
Figure 5-116 Networking diagram for configuring PIM-SM multicast network.............................................5-512
Figure 5-117 Networking diagram for performing the SPT switchover in PIM-SM domain..........................5-521
Figure 5-118 Configuring the PIM BFD networking in the shared network segment.....................................5-526
Figure 5-119 Networking diagram for configuring basic MSDP functions.....................................................5-530
Figure 5-120 Networking diagram for configuring inter-AS multicast by using static RPF peers..................5-539
Figure 5-121 Networking diagram for configuring anycast RP.......................................................................5-545
Figure 5-122 Networking diagram for changing static multicast routes to RPF routes...................................5-551
Figure 5-123 Networking diagram for connecting the RPF route through static multicast routes..................5-554
Figure 5-124 Disconnection of one fiber.........................................................................................................5-559
Figure 5-125 Networking diagram for configuring load balancing of active and standby links of the Smart Link
group..................................................................................................................................................................5-561
Figure 5-126 Networking of Smart Link application.......................................................................................5-567
Figure 5-127 Networking of a VRRP backup group in master/backup mode.................................................5-571
Figure 5-128 Networking diagram for configuring VRRP in load balancing mode........................................5-575
Figure 5-129 Networking diagram for configuring VRRP fast switchover.....................................................5-579
Figure 5-130 Networking diagram of a VRRP management group in master/backup mode..........................5-583
Figure 5-131 Networking diagram of VRRP management groups in load balancing mode............................5-588
Figure 5-132 Networking diagram of fast switchover in a VRRP management group...................................5-595
Figure 5-133 Networking diagram of single-hop BFD (for Layer 2 forwarding link)....................................5-599
Figure 5-134 Networking diagram of multi-hop BFD.....................................................................................5-602
Figure 5-135 Networking diagram for associating the BFD session status with the interface status..............5-605
Figure 5-136 Networking diagram for configuring EFM OAM......................................................................5-610
Figure 5-137 Networking diagram for testing the packet loss ratio on the link...............................................5-613
Figure 5-138 Networking diagram for configuring basic functions of Ethernet CFM....................................5-616
Figure 5-139 Networking diagram for associating EFM OAM with Ethernet CFM.......................................5-624
Figure 5-140 Networking diagram for configuring priority mapping based on simple traffic classification
...........................................................................................................................................................................5-629
Figure 5-141 Networking diagram for re-marking the priorities based on complex traffic classification.......5-631
Figure 5-142 Networking diagram for redirecting packets based on complex traffic classification...............5-635
Figure 5-143 Networking diagram for configuring traffic statistics based on complex traffic classification
...........................................................................................................................................................................5-638
Figure 5-144 Networking diagram for configuring QoS CAR........................................................................5-642
Figure 5-145 Networking diagram for configuring traffic policing based on a traffic classifier.....................5-646
Figure 5-146 Networking diagram for configuring traffic policing for host packets.......................................5-652
Figure 5-147 Networking diagram for configuring traffic shaping..................................................................5-654
viii Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Figure 5-148 Networking diagram for configuring congestion avoidance and congestion management........5-658
Figure 5-149 Networking diagram for configuring local port mirroring.........................................................5-661
Figure 5-150 Networking diagram for configuring remote port mirroring......................................................5-664
Figure 5-151 Networking diagram for configuring flow mirroring.................................................................5-667
Figure 5-152 Networking diagram for using RADIUS to authenticate users..................................................5-672
Figure 5-153 Networking diagram for using HWTACACS to authenticate and authorize users....................5-675
Figure 5-154 Networking diagram for preventing the bogus DHCP server attack..........................................5-679
Figure 5-155 Networking diagram for preventing the DoS attack by changing the CHADDR field..............5-681
Figure 5-156 Networking diagram for preventing the attacker from sending bogus DHCP messages for extending
IP address leases................................................................................................................................................5-684
Figure 5-157 Networking diagram for limiting the rate for sending DHCP messages....................................5-687
Figure 5-158 Networking diagram for configuring DHCP snooping..............................................................5-689
Figure 5-159 Networking diagram for enabling DHCP snooping on the DHCP relay agent..........................5-694
Figure 5-160 Networking diagram for configuring IP source guard................................................................5-698
Figure 5-161 Networking diagram for configuring ARP security functions...................................................5-700
Figure 5-162 Networking diagram for prevent man-in-the-middle attacks.....................................................5-704
Figure 5-163 Networking diagram for configuring traffic suppression...........................................................5-706
Figure 5-164 Networking diagram for sending a whitelist item to the CPU....................................................5-707
Figure 5-165 Networking diagram for configuring IP source trail..................................................................5-709
Figure 5-166 Networking diagram for configuring URPF...............................................................................5-710
Figure 5-167 Networking diagram for disabling URPF for the specified traffic.............................................5-711
Figure 5-168 Networking diagram for configuring static LSPs.......................................................................5-715
Figure 5-169 Networking diagram for setting up a static LSP.........................................................................5-725
Figure 5-170 Networking diagram for configuring local LDP sessions..........................................................5-735
Figure 5-171 Networking diagram for configuring a remote LDP session......................................................5-740
Figure 5-172 Networking diagram for configuring an LDP LSP....................................................................5-745
Figure 5-173 Networking diagram for configuring transit LSPs.....................................................................5-749
Figure 5-174 Networking diagram for configuring static BFD for LDP LSPs................................................5-755
Figure 5-175 Networking diagram for configuring dynamic BFD for LDP LSPs..........................................5-761
Figure 5-176 Networking diagram for configuring LDP FRR.........................................................................5-767
Figure 5-177 Networking diagram for configuring synchronization of LDP and an IGP...............................5-773
Figure 5-178 Networking diagram for configuring LDP GR...........................................................................5-779
Figure 5-179 Networking diagram for configuring static CR-LSPs................................................................5-785
Figure 5-180 Networking diagram for configuring an RSVP-TE tunnel.........................................................5-792
Figure 5-181 Networking diagram for configuring RSVP authentication.......................................................5-801
Figure 5-182 Networking diagram for setting attributes on the MPLS TE tunnel...........................................5-806
Figure 5-183 Networking diagram for configuring MPLS TE FRR................................................................5-817
Figure 5-184 Networking diagram for configuring MPLS TE auto FRR........................................................5-828
Figure 5-185 Networking diagram for configuring MPLS TE FRR................................................................5-837
Figure 5-186 Networking diagram for configuring CR-LSP hot standby........................................................5-846
Figure 5-187 Networking diagram for configuring RSVP GR........................................................................5-853
Figure 5-189 Networking diagram for configuring static BFD for TE tunnels...............................................5-866
Issue 04 (2009-11-10) Huawei Proprietary and Confidential ix


Figure 5-191 Networking diagram for configuring dynamic BFD for RSVP.................................................5-881
Figure 5-192 Networking diagram for configuring LDP over TE...................................................................5-890
Figure 5-193 Networking diagram for configuring PBR to an LSP for public network packets.....................5-899
Figure 5-194 Networking diagram for configuring basic MPLS OAM functions...........................................5-904
Figure 5-195 Networking diagram of configuring MPLS OAM protection group .........................................5-912
Figure 5-196 Networking diagram for configuring the tunnel policy for the L3VPN.....................................5-927
Figure 5-197 Networking diagram for configuring the L2VPN tunnel binding..............................................5-940
Figure 5-198 Networking diagram for configuring static routes......................................................................5-954
Figure 5-199 Networking diagram for configuring dynamic routing protocol................................................5-959
Figure 5-200 Networking diagram in which CEs access a VPN through the GRE tunnel of the public network
...........................................................................................................................................................................5-963
Figure 5-201 Networking diagram of configuring the Keepalive function on two ends of a GRE tunnel......5-971
Figure 5-202 Networking diagram for configuring BGP/MPLS IP VPN........................................................5-974
Figure 5-203 Networking diagram for configuring BGP ASN substitution....................................................5-986
Figure 5-204 Networking diagram for configuring Hub&Spoke.....................................................................5-993
Figure 5-205 Networking diagram for configuring the HoVPN....................................................................5-1003
Figure 5-206 Networking diagram for configuring the OSPF sham link.......................................................5-1011
Figure 5-207 Networking diagram for configuring multi-VPN-instance CE................................................5-1023
Figure 5-208 Networking diagram for configuring VPN FRR......................................................................5-1035
Figure 5-209 Networking diagram for configuring double reflectors to optimize VPN backbone layer......5-1044
Figure 5-210 Networking diagram for configuring local CCC connection...................................................5-1054
Figure 5-211 Networking diagram for configuring remote CCC connection................................................5-1058
Figure 5-212 Networking diagram for configuring SVC VLL......................................................................5-1064
Figure 5-213 Networking diagram for configuring the Martini VLL............................................................5-1070
Figure 5-214 Networking diagram for configuring a local Kompella VLL...................................................5-1076
Figure 5-215 Networking diagram for configuring a remote Kompella VLL...............................................5-1079
Figure 5-216 Networking diagram for configuring the inter-AS Martini VLL Option A.............................5-1086
Figure 5-217 Networking diagram for configuring the inter-AS Kompella VLL Option A..........................5-1094
Figure 5-218 Networking diagram for configuring Martini VLL FRR (asymmetrically connected CEs)....5-1104
Figure 5-219 Networking diagram for configuring Kompella VLL FRR (asymmetrically connected CEs) 5-1119
Figure 5-220 Networking diagram for configuring a dynamic SH-PW (using LSP).....................................5-1136
Figure 5-221 Networking diagram for configuring a static MH-PW.............................................................5-1142
Figure 5-222 Networking diagram for configuring a dynamic MH-PW.......................................................5-1149
Figure 5-223 Networking diagram for configuring a mixed MH-PW...........................................................5-1165
Figure 5-224 Networking diagram for configuring PW FRR - CEs are asymmetrically connected to PEs through
Ethernet links...................................................................................................................................................5-1173
Figure 5-225 Networking diagram for configuring inter-AS PWE3-Option A.............................................5-1190
Figure 5-226 Networking diagram for configuring Martini VPLS................................................................5-1198
Figure 5-227 Networking diagram for configuring Kompella VPLS............................................................5-1204
Figure 5-228 Networking diagram for configuring LDP HVPLS.................................................................5-1211
Figure 5-229 Networking diagram for configuring static VLLs to access a VPLS network.........................5-1217
Figure 5-230 Networking diagram for configuring inter-AS Martini VPLS Option A.................................5-1228
x Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Figure 5-231 Networking diagram for configuring inter-AS Kompella VPLS Option A.............................5-1236
Issue 04 (2009-11-10) Huawei Proprietary and Confidential xi

Commission Guide Tables
Tables
Table 2-1 Hardware checklist...............................................................................................................................2-2

Table 2-2 Software checklist................................................................................................................................2-3
Table 2-3 Tool checklist.......................................................................................................................................2-4
Table 2-4 Data checklist.......................................................................................................................................2-4
Table 3-1 Deployment and upgrade checklist......................................................................................................3-1
Table 3-2 Ethernet LPUs......................................................................................................................................3-2
Table 4-1 COM1 properties..................................................................................................................................4-5
Table 4-2 Data plan............................................................................................................................................4-13
Table 4-3 Data plan............................................................................................................................................4-13
Table 4-4 Data preparation.................................................................................................................................4-17
Table 4-9 ACL classification..............................................................................................................................4-26
Table 5-1 Mapping between protected VLANs and instances.........................................................................5-404
Table 5-2 Master nodes, and primary and secondary ports on the master nodes.............................................5-404
Table 5-5 Edge transit nodes and edge nodes on the subrings.........................................................................5-417
Table 5-8 Edge nodes, assistant edge nodes, public port, and edge port of the subrings.................................5-440
Table 5-10 Master nodes, and primary and secondary ports on the master nodes...........................................5-462
Table 5-11 QoS provided by the S9300 for upstream traffic...........................................................................5-645
Table 5-12 Congestion avoidance parameters..................................................................................................5-657
Table 5-13 Congestion management parameters..............................................................................................5-657
Table A-1 License Controlled Items....................................................................................................................A-3
Issue 04 (2009-11-10) Huawei Proprietary and Confidential xiii

Commission Guide About This Document
About This Document
Purpose
his document describes how to verify basic functions of the Quidway S9300 Terabit Routing
Switch(hereinafter referred to as the Quidway S9300) during the deployment to ensure stable
and reliable running of the Quidway S9300 on the network.
Related Versions
The following table lists the product version related to this document.
Product Name Version
S9300 V100R002C00
Intended Audience
This document is intended for:
l Data configuration engineer
l Commissioning engineer
l Network monitoring engineer
l System maintenance engineer
Organization
This document organized as follows.
Chapter Content
1 Commissioning Process This chapter describes the general commissioning process

of the S9300.
2 Commissioning This chapter describes the preparations for hardware,

Preparations software, tools, and data required for the commissioning.
Issue 04 (2009-11-10) Huawei Proprietary and Confidential 1

About This Document Commission Guide
Chapter Content
3 Precautions This chapter describes the precautions for commissioning.
4 Basic Commissioning This chapter describes how to commission a single S9300

after the installation of hardware. During this
commissioning procedure, you need to check whether the
S9300 can work normally and whether you can log in to the
S9300 remotely.
5 Typical Service This chapter describes how to commission the services of

Commissioning the S9300 according to the network planning.
A Appendix This appendix describes the maintenance operations that

can be used during commissioning.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
DANGER
Indicates a hazard with a medium or low level of risk, which

if not avoided, could result in minor or moderate injury.
WARNING
Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or supplement

important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
2 Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Boldface Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic Book titles are in italics.

Courier New Examples of information displayed on the screen are in
Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
&<1-n> The parameter before the & sign can be repeated 1 to n times.
# A line starting with the # sign is comments.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Boldface Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.

About This Document Commission Guide
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Updates in Issue 04 (2009-11-10)

Compared with the Updates in Issue 03 (2009-09-20), this release has the following updates:
The following chapter is added:

l License Description
The following chapters or sections are modified:

l Some names of reference documents.

The following chapters or sections are modified:
4 Huawei Proprietary and Confidential Issue 04 (2009-11-10)

l Precautions
l Parameters

The following chapters or sections are added:
l Precautions
l Switching User Level
l Configuring the Default Route
The following section is deleted:

l Configuring IS-IS

Initial commercial release.

Commission Guide 1 Commissioning Process
1 Commissioning Process
This section describes the general commissioning process of the S9300.

This document describes the procedures for commissioning the S9300 in sequence. The
commissioning engineers can follow the procedures to complete the commissioning.
Figure 1-1 Commissioning flowchart
Start
Preparations
Basic Commissioning
Typical service commissioning
Issue 04 (2009-11-10) Huawei Proprietary and Confidential 1-1

Commission Guide 2 Commissioning Preparations
2 Commissioning Preparations
About This Chapter
This section describes the preparations before commission.
2.1 Preparing the Hardware

This section describes the hardware that you need to prepare and check before commissioning
the system.
2.2 Preparing the Software
This section describes the software that you need to prepare before commissioning the system.
2.3 Preparing the Tools
This section describes the tools that you need to prepare before commissioning the system.
2.4 Preparing Data
This section describes the information to be collected about the hardware configuration,
networking, and data planning. This facilitates the data configuration.

2 Commissioning Preparations Commission Guide
2.1 Preparing the Hardware

This section describes the hardware that you need to prepare and check before commissioning
the system.
Table 2-1 describes the hardware checklist.
Table 2-1 Hardware checklist

No. Item Description
1 Power supply and l Ensure that the protection cover of the OT

grounding terminal of the power supply is installed and
fastened.
l The power cables and grounding cables are
connected properly and are in good contact.
l The power cables, grounding cables, and
power distribution switches are labeled
correctly and clearly.
l The connectors of the external grounding
cables and protection grounding cables of
the cabinet are connected correctly, without
any damage.
l The power supply is in the normal state.
2 Cables and connectors The serial port cables for local maintenance,
network cables, POE cables and optical fibers
meet the following requirements:
l The cable connectors are tight and firm.
l The cable sheath is intact.
3 Connected device l Determine the physical location of the

connected device.
l Ensure that the connected device works
normally and can be used for
commissioning.
NOTE
The hardware installation engineers should have already checked items 1 and 2 listed in Table 2-1. To
ensure the proper connection of the hardware, the commissioning engineers can recheck the preceding
items.
2.2 Preparing the Software

This section describes the software that you need to prepare before commissioning the system.
You should get the software for commissioning ready before commissioning the system. Table
2-2 describes the software checklist.
2-2 Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Commission Guide 2 Commissioning Preparations
Table 2-2 Software checklist

1 System software Generally, the system software is installed on the S9300

package before delivery. Before commissioning, you can also visit
http://support.huawei.com to download the system
software package if necessary. The path for obtaining the
system software package is Software > Version
Software > Data Communication Product Line >
Ethernet Switch > Quidway S9300.
2 License The license controls the MPLS and NQA features of the
S9300.
Log in to http://license.huawei.com and generate the
license by using the LAC (or contract number) and ESN.
For the method of applying the license, see the Guide of
S9300 license application and operation. The path of the
document is Documentation > Data Communication >
Product > Ethernet Lanswitch > Quidway S9300 >
Public Information.
3 Software tools All the software commissioning tools should be available.

The common tools are as follows:
l HyperTerminal: used for logging in to the S9300
through the COM port. To use the HyperTerminal on
the Windows operating system, choose Start >
Programs > Accessories > Communications.
l TFTP and FTP tools: used for loading software to the
S9300. You can visit http://support.huawei.com to
download the tools from Software > Mini-tool
software > Core Network Product Line > Fixed
Core Network NGN > Software of FTP and TFTP.
2.3 Preparing the Tools

This section describes the tools that you need to prepare before commissioning the system.
Commissioning is implemented through tools. Therefore, you should get the commissioning
tools ready before commissioning the system.
Table 2-3 describes the tool checklist.

2 Commissioning Preparations Commission Guide
Table 2-3 Tool checklist

1 Cables l One RS232 serial port cable: used for logging in to the
S9300 through the Console port.
l Two network cables: used for commissioning the Eth
port or other services.
l Several optical fibers, XFP optical modules, and SFP
optical modules: used for connecting the S9300 to
other devices.
2 Maintenance A maintenance terminal, generally a laptop with the

terminal HyperTerminal program. It is used for logging in to the
S9300 and performing commissioning.
3 Auxiliary device Optical power meter: used for testing the actual input and
and meter output power, receiver sensitivity, and overload optical
power of optical interfaces.
2.4 Preparing Data

This section describes the information to be collected about the hardware configuration,
networking, and data planning. This facilitates the data configuration.
Table 2-4 describes the information to be collected.
Table 2-4 Data checklist

1 Hardware configuration Types and slot IDs of the boards
2 Networking and data The networking and data planning mainly

planning includes the following items:
l Networking mode
l IP address allocation method
l VLAN IDs
l Service types and data planning
l Data of the connected devices

Commission Guide 3 Precautions
3 Precautions
This chapter describes the precautions for commissioning.
Precautions for Deployment and Upgrade
Table 3-1 Deployment and upgrade checklist

No. Check Item Description
1 Have you applied for the licenses of the The MPLS and NQA features are
MPLS and NQA features? available only after you apply for the
licenses. In addition, to use the MPLS
feature, you must install the enhanced
LPU on the S9300.
2 Which types of Eth-Trunks does the The S9300 supports the Eth-Trunks in
S9300 support? manual load balancing mode and the
Eth-Trunks in static LACP mode. The
Eth-Trunks on the two connected
devices must work in the same mode;
otherwise, the Eth-Trunks cannot be
used.
3 Whether the boards of the S9300 need The MPUs and LPUs of the S9300 may
to be reinstalled? not contact well with the backplane
during the delivery because of some
reasons such as bump. If an exception
occurs, you can try to reinstall the
boards.

3 Precautions Commission Guide
Classification of LPUs
Table 3-2 Ethernet LPUs

Name Short Remarks
Name
48-port 100M Ethernet optical LPU F48SA Support support 32K MAC address
(EA, SFP) entries; not support synchronization
Ethernet or 1588v2.
48-port 100M Ethernet optical LPU F48SC Support 128K MAC address entries;
(EC, SFP) not support synchronization Ethernet
or 1588v2.
48-port 100M Ethernet electrical LPU F48TA Support 32K MAC address entries;
(EA, RJ45) not support synchronization Ethernet
or 1588v2.
48-port 100M Ethernet electrical LPU F48TC Support 128K MAC address entries;
(EC, RJ45) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48SA Support 32K MAC address entries;
LPU (EA, SFP) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48SC Support 128K MAC address entries;
LPU (EC, SFP) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48SD Support 512K MAC address entries;
LPU (ED, SFP) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48TA Support 32K MAC address entries;
LPU (EA, RJ45) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48TC Support 128K MAC address entries;
LPU (EC, RJ45) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet optical G48TD Support 512K MAC address entries;
LPU (ED, RJ45) not support synchronization Ethernet
or 1588v2.
48-port 100M/1000M Ethernet PoE G48VA Support 32K MAC address entries;
electrical LPU (EA, RJ45, POE) not support synchronization Ethernet
or 1588v2.
4-port 10GE optical LPU (EA, XFP) X4UXA Support 32K MAC address entries;
not support synchronization Ethernet
or 1588v2.

Commission Guide 3 Precautions
Name Short Remarks

Name
4-port 10GE optical LPU (EC, XFP) X4UXC Support 128K MAC address entries;
and 1588v2.
2-port 10GE optical LPU (EA, XFP) X2UXA Support 32K MAC address entries;
and 1588v2, or .
2-port 10GE optical LPU (EC, XFP) X2UXC Support 128K MAC address entries;
or 1588v2.
24-port 100M/1000M Ethernet optical G24SA Support 32K MAC address entries;
LPU (SA, SFP) not support MPLS and MPLS VPN;
not support netstream; not support
synchronization Ethernet or 1588v2.
24-port 100M/1000M Ethernet optical G24SC Support 128K MAC address entries;
LPU (EC, SFP) not support synchronization Ethernet
or1588v2.
24-port 100M/1000M Ethernet optical G24SD Support 512K MAC address entries;
LPU (ED, SFP) not support synchronization Ethernet
or 1588v2.
24-port 100M/1000M Ethernet optical G24CA Support 32K MAC address entries;
+ Combo electrical LPU (SA, SFP/ not support MPLS and MPLS VPN;
RJ45) not support netstream; not support
12-port GE optical LPU (SA, SFP+) X12SA Support 32K MAC address entries;
not support MPLS and MPLS VPN;
not support netstream; not support
24-port 100M/1000M Ethernet T24XA Support 32K MAC address entries;

electrical and 2-port GE optical LPU not support synchronization Ethernet
(EA, RJ45/XFP) or 1588v2.
24-port 100M/1000M Ethernet optical S24XA Support 32K MAC address entries;
and 2-port GE optical LPU (EA, SFP/ not support synchronization Ethernet
XFP) or 1588v2.
NOTE
l The Small Form-Factor Pluggable (SFP), SFP+, and XFP are pluggable optical modules.

Commission Guide 4 Basic Commissioning
4 Basic Commissioning
About This Chapter
This section describes the basic commission operations.
4.1 Logging In to the S9300 Through the Console Port

When establishing the local configuration environment through the Console port, you can
connect to the S9300 through the Windows HyperTerminal.
4.2 Checking the System Information
This section describes how to check the health status, software version, board and interface
status, and license of the system.
4.3 Setting the System Name
Set the system name according to the network planning. The system name identifies a device
and facilitates maintenance.
4.4 Setting the System Time
If the system time is set correctly, the S9300 can work with other devices normally.
4.5 Switching User Level
If a user logs in to the S9300 with a low user level, to obtain more operation permissions, the
user needs to switch to a high user level.
4.6 Configuring the Remote Login Function
This section describes how to configure the remote login function to enable users to log in to
the S9300 and deploy services in the center equipment room.
4.7 Configuring IP Routing
This section describes how to configure IP routing, including OSPF routing and IS-IS routing,
to implement the connectivity at Layer 3.
4.8 Saving the Configuration
After the commissioning, it is recommended that you save the current configuration.

4 Basic Commissioning Commission Guide
4.1 Logging In to the S9300 Through the Console Port

When establishing the local configuration environment through the Console port, you can
connect to the S9300 through the Windows HyperTerminal.
Prerequisite
Before logging in to the S9300 through the Console port, you need to complete the following
tasks:
l Power on the S9300.

l Identify the Console port of the S9300, as shown in Figure 4-1. The CON port in the figure
is the Console port.
Figure 4-1 Console port of the S9300
NOTE
There is a Console port on both the master MPU and slave MPU of the S9300. You need to use the
Console port of the master MPU for commissioning. The MPU whose ACT indicator is on is the
master MPU.
l Connect the COM port of the computer to the Console port of the S9300 through a serial
port cable.

Procedure
Step 1 Start the Windows HyperTerminal on your computer.
Choose Start > Programs > Accessories > Communications > HyperTerminal to start the
HyperTerminal on the Windows operating system.
Step 2 Create a connection.
As shown in Figure 4-2, enter the name of the new connection in the Name text box and choose
an icon. Then, click OK.
Figure 4-2 Creating a connection
Step 3 Set the connection port.

In the Connect to dialog box as shown in Figure 4-3, select the COM port of the computer or
configuration terminal from the Connect using drop-down list box. Click OK.

Figure 4-3 Configuring the connection port
Step 4 Set the communication parameters.

In the COM1 Properties dialog box as shown in Figure 4-4, click Restore Defaults.
Figure 4-4 Setting the communication parameters

Table 4-1 COM1 properties
Parameter Value
Bit per second (Baud rate) 9600
Data bits 8
Parity check None
Stop bits 1
Flow control None
----End
Operation Result
After the preceding operations, press Enter. If the <Quidway> prompt is displayed, it indicates
that you have logged in to the S9300. Then you can enter commands to configure or manage the
S9300.
If you fail to log in, click the disconnection icon and initiate the call again. If the login still fails,
return to Step 1 to check the parameter settings or check the physical connection. After the
checking, log in again.
4.2 Checking the System Information

This section describes how to check the health status, software version, board and interface
status, and license of the system.
4.2.1 Checking the Health Status of the S9300
Run the display health command to check whether the health status of the S9300 meets the on-
site deployment requirements.
4.2.2 Checking the Software Versions
Check whether the running software versions and hardware information meet the on-site
deployment requirements.
4.2.3 Checking the Status of Boards
Check whether all the boards are available and running normally.
4.2.4 Checking the Status of Interfaces
Check whether the interfaces are in the normal state.
4.2.5 Checking the License
Check whether the license file is loaded and whether the usage of the license is normal.
4.2.1 Checking the Health Status of the S9300

Run the display health command to check whether the health status of the S9300 meets the on-
site deployment requirements.

Prerequisite
You have successfully logged in to the S9300.
Precautions
You can run the display health command in any view to check the health status of the S9300,
including the usage of the CF card and Flash card, CPU usage, memory usage, power supply
status, fan status, voltage, and temperature.
Procedure
Step 1 Run the display health command to view the health status of the S9300.
<Quidway>display health
Disk Usage Information:
System disk usage at 2009-02-10 19:39:26 46 ms
-------------------------------------------------------------------------------
Slot Device Total Memory(MB) Used Memory(MB) Used Percentage
-------------------------------------------------------------------------------
4 flash: N/A N/A N/A
cfcard: 1000 397 39%
5 flash: N/A N/A N/A

cfcard: 1000 334 33%
-------------------------------------------------------------------------------
System Voltage Information:

System voltage at 2009-02-10 19:39:26 61 ms
-------------------------------------------------------------------------------
Slot Card SDR No. SensorName Status Upper Lower Voltage.(V)
-------------------------------------------------------------------------------
1 - 2 3.3V normal 3.9592 2.6460 3.3516
- 3 1.05V normal 1.2642 0.8428 1.0682
- 4 1.25V normal 1.4994 0.9996 1.2740
- 5 1.8V normal 2.1560 1.4406 1.8130
- 6 2.5V normal 2.9988 1.9992 2.4892
- 7 12V normal 14.3590 9.5450 12.0350
- 8 1.2V normal 1.4406 0.9604 1.2152
2 - 2 3.3V normal 3.9592 2.6460 3.3320

- 3 1.05V normal 1.2642 0.8428 1.0584
- 4 1.25V normal 1.4994 0.9996 1.2642
- 5 1.8V normal 2.1560 1.4406 1.8130
- 6 2.5V normal 2.9988 1.9992 2.5088
- 7 12V normal 14.3590 9.5450 12.0350
- 8 1.2V normal 1.4406 0.9604 1.2054
3 - 3 3.3V normal 3.9592 2.6460 3.2536

- 4 2.5V normal 2.9988 1.9992 2.5872
- 5 1.8V normal 2.1560 1.4406 1.7444
- 6 1.5V normal 1.8032 1.1956 1.5288
- 7 1.2V normal 1.4406 0.9604 1.1760
- 8 1.05 normal 1.2642 0.8428 1.0976
- 9 1.2V normal 1.4406 0.9604 1.2544
- 10 12V normal 14.4600 9.6600 12.1200
4 - 2 3.3V normal 3.9592 2.6460 3.3320

- 3 2.5V normal 2.9988 1.9992 2.5088
- 4 12V normal 14.3590 9.5450 12.1180
- 5 1.8V normal 2.1560 1.4406 1.8130
- 6 1.1V normal 1.3230 0.8820 1.1074
5 - 2 3.3V normal 3.9592 2.6460 3.3320

- 3 2.5V normal 2.9988 1.9992 2.5284
- 4 12V normal 14.3590 9.5450 12.0350

- 5 1.8V normal 2.1560 1.4406 1.8130

- 6 1.1V normal 1.3230 0.8820 1.1074
-------------------------------------------------------------------------------
System Power Information:

System power at 2009-02-10 19:39:29 817 ms
-------------------------------------------------------------------------------
PowerNo Present Mode State Current(A) Voltage(V)
-------------------------------------------------------------------------------
PWR1 YES DC Supply N/A N/A
PWR2 NO N/A N/A N/A N/A
-------------------------------------------------------------------------------
System Temperature Information:

System temperature at 2009-02-10 19:39:30 182 ms
-------------------------------------------------------------------------------
Slot Card SDR No. SensorName Status Upper Lower Temperature.(C)
-------------------------------------------------------------------------------
1 - 1 G24CA_VA TEMP normal 88.00 0.00 38.00
2 - 1 G24CA_VA TEMP normal 88.00 0.00 38.00
3 - 1 G48SD_VA TEMP1 normal 88.00 0.00 40.00

- 2 G48SD_VA TEMP2 normal 78.00 0.00 34.00
4 - 1 01MCUA_VA TEMP normal 80.00 0.00 39.00
5 - 1 01MCUA_VA TEMP normal 80.00 0.00 39.00

-------------------------------------------------------------------------------
System Fan Information:

System fan information at 2009-02-10 19:39:30 838 ms
-------------------------------------------------------------------------------
FanId FanNum present register Speed MODE
-------------------------------------------------------------------------------
FAN1 [1-0] NO NO 0% AUTO
-------------------------------------------------------------------------------
System Memory Usage Information:

System memory usage at 2009-02-10 19:39:31 166 ms
-------------------------------------------------------------------------------
Slot Total Memory(MB) Used Memory(MB) Used Percentage Upper Limit
-------------------------------------------------------------------------------
1 185 26 14% 85%
2 57 27 47% 80%
3 185 35 18% 85%
4 375 161 42% 90%
5 375 161 42% 90%
-------------------------------------------------------------------------------
System CPU Usage Information:

System cpu usage at 2009-02-10 19:39:31 643 ms
-------------------------------------------------------------------------------
Slot CPU Usage Upper Limit
-------------------------------------------------------------------------------
1 4% 90%
2 4% 90%
3 9% 90%
4 4% 90%
5 3% 90%
-------------------------------------------------------------------------------
----End

Operation Result
l If the system health meets the deployment requirements, that is, the indexes are between
the upper limits and lower limits, you can carry out the commissioning tasks.
l If the system health does not meet the deployment requirements, that is, the indexes are
higher than the upper limits or lower than the lower limits, you need to check the software
and hardware of the S9300 according to the displayed error messages to rectify the fault.
4.2.2 Checking the Software Versions

Check whether the running software versions and hardware information meet the on-site
deployment requirements.
Prerequisite
Context
Check the following items to determine whether the software versions are correct:
l Running software versions
l Model of the S9300
l Backplane (BKP) information
l SRU/MCU information
l LPU information
Precautions
When you run the display version command in any view to check the versions of the S9300,
you can enter [ | slot slot-id ] to display the output information filtered by the regular expression
or display the version information about the board in the specified slot.
Procedure
Step 1 Run the display version [ | slot slot-id ] command to view the version of the board.
<Quidway> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.50 (S9300 V100R002C00)
Copyright (C) 2003-2009 HUAWEI TECH CO., LTD
Quidway S9303 Terabit Routing Switch uptime is 0 week, 0 day, 17 hours, 56 minut
es
BKP 0 version information:
1. PCB Version : LE02BAKM VER.A
2. If Supporting PoE : No
3. Board Type : BAKM
4. MPU Slot Quantity : 2
5. LPU Slot Quantity : 3
MCU 4(Master) : uptime is 0 week, 0 day, 17 hours, 56 minutes

SDRAM Memory Size : 512 M bytes
Flash Memory Size : 128 M bytes
NVRAM Memory Size : 512 K bytes
CF Card1 Memory Size : 977 M bytes
MPU version information :
1. PCB Version : LE01MCUA VER.A
2. MAB Version : 0

3. Board Type : MCUA

4. CPLD1 Version : 100
5. BootROM Version : 2
6. BootLoad Version : 101
MCU 5(Slave) : uptime is 0 week, 0 day, 17 hours, 56 minutes

NVRAM Memory Size : 512 K bytes
CF Card1 Memory Size : 977 M bytes
MPU version information :
1. PCB Version : LE01MCUA VER.A
2. MAB Version : 0
3. Board Type : MCUA
LPU 2 : uptime is 0 week, 0 day, 17 hours, 55 minutes

LPU version information :
1. PCB Version : LE02G24C VER.A
2. MAB Version : 0
3. Board Type : G24CA
----End
Operation Result
l If the software versions meet the on-site deployment requirements, you can carry out the
commissioning tasks. For details about the software versions, see the release notes.
l If the software versions do not meet the on-site deployment requirements, you need to
upgrade the software. To obtain the release notes and upgrade guide of each version, access
Software > Version Software > Data Communication Product Line > Ethernet
Switch > Quidway S9300.
4.2.3 Checking the Status of Boards

Check whether all the boards are available and running normally.
Prerequisite
Context
Check the following items to determine whether the boards run normally:
l Basic information about the installed boards
l Details about the board in a specified slot, including the LPU, MCU, and power supply
Precautions
If an S9300 uses AC 110 V power supplies that work in 1+1 mode, but the S9300 is not installed
with a CMU, you cannot obtain the actual power of the S9300. To ensure the safety of the

equipment, the system provides power supply of up to 400 W. Some boards cannot be registered
because of insufficient power, and you can run the display device command to view the
unregistered boards. This problem can be solved by a CMU.
Procedure
Step 1 Run the display device command to view information about the available boards.
<S9300> display device
S9303's Device status:
Slot Sub Type Online Power Register Alarm Primary
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 - G24CA Present PowerOn Registered Normal NA
2 - G24CA Present PowerOn Registered Normal NA
3 - G48SD Present PowerOn Registered Normal NA
4 - MCUA Present PowerOn Registered Normal Master
5 - MCUA Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
----End
Operation Result
l If all the boards are available and running normally, the single-point commissioning tasks
can be carried out.
l If some boards cannot be registered or run abnormally, you need to install the CMU or
reinstall these boards.
4.2.4 Checking the Status of Interfaces

Check whether the interfaces are in the normal state.
Prerequisite
Context
Check the following items to determine whether the interfaces are in the normal state:
l Status of interfaces
l Statistics on interfaces
Precautions
You can run the display interface command in any view to check the running status and statistics
on the interfaces.
l You can enter interface-type interface-number to specify the type and number of the
interface. If the interface type is not specified, the system displays the running status and
statistics on all interfaces. If the interface type is specified but the interface number is not
specified, the system displays the running status and statistics on all the interfaces of the
specified type.
l You can enter slot slot-number to view the running status and statistics on all the interfaces
of the specified LPU.

Procedure
Step 1 Run the display interface [ interface-type [ interface-number ] | slot slot-number ] command to
view the running status and statistics on the specified interface.
<Quidway> display interface GigabitEthernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/0 Interface
Switch Port,PVID : 1,The Maximum Frame Length is 1536
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc33-0011
Port Mode: FORCE FIBER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : NORMAL
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes
Unicast: 0, NUnicast: 0
Discard: 0, Error : 0
Jumbo : 0
Output: 0 packets, 0 bytes
Jumbo : 0
----End
Operation Result
l If the interfaces are in the normal state, you can carry out the commissioning tasks.
l The following are the possible exceptions and solutions:
– If the physical status of an interface is Down, check whether the cable connected to the
interface is loosened or damaged.
– If the statistics on an interface show that there are a lot of error packets, check whether
the rate and duplex mode on the interface are set correctly and check the connectivity
between the interface of the S9300 and the connected device.
l The following are the possible exceptions and their solutions:
– The optical power is excessively high and the optical attenuator needs to be used.
– The optical power is low, packets are lost, or error packets occur. You need to check
the fiber and optical module. For the attributes of optical interfaces, see "List of Interface
Attributes."
NOTE
The output information varies with the interface type. For the interfaces of the same type, the output
information may also be different because the interfaces use different components.
To view the IP layer information about an interface, you can run the display ip interface command.
4.2.5 Checking the License

Check whether the license file is loaded and whether the usage of the license is normal.
Prerequisite
Context
The ESN of the S9300 is bound to the backplane. If an error occurs in the loading of the license
file, see the Guide of S9300 license application and operation. The path of the document is

Documentation > Data Communication > Product > Ethernet Lanswitch > Quidway
S9300 > Public Information.
Procedure
Step 1 Run the display license command to view the license information.
<Quidway> display license
Active License on master board: cfcard:/on1018399.dat
Huawei Technologies Co.,Ltd.

All rights reserved.
Product name : Quidway S9300

Product version : V100R001
License Serial No : LIC20081118003B00
Creator : Huawei Technologies Co.,Ltd.
Created Time : 2008-11-18 16:25:01
Feature name : ACCESS
Authorize type : COMM
Run time : 2009-02-16
Trial days : 90
Software maintain time : 0000-00-00
Hardware maintain time : 0000-00-00
Software update time : 0000-00-00
Configure items :
Item name : LLE0MPLS01 value : 1
Item name : LLE0NQAF01 value : 1
Slave is not ready
Step 2 View the usage of the license.

<Quidway> display license resource usage
Activated License:cfcard:/on1018399.dat
FeatureName | ConfigureItemName | ResourceUsage
VRP NETSTREAMENHANCE 0%
VRP TUNNELENHANCE 0%
VRP MVPNENHANCE 0%
VRP LPUKBENHANCE 0%
VRP VPLSRESOURCE 0%
----End
Operation Result
l If the license file is loaded, the single-point commissioning tasks can be carried out.
l If the license file failed to pass check, do as follows:
– Run the display esn command in the system view to check whether the backplane ESN
is the same as the license ESN.
– Run the license active filename command in the user view to activate the license and
obtain the corresponding authority.
4.3 Setting the System Name

Set the system name according to the network planning. The system name identifies a device
and facilitates maintenance.

Prerequisite
The task of 4.2 Checking the System Information is complete and the S9300 is running
normally.
Data Plan
Table 4-2 Data plan
Item Data Remarks
System name S9300-1 The default system name is

Quidway.
Procedure
Step 1 Run the system-view command to enter the system view.
<Quidway> system-view
Step 2 Run the sysname S9300-1 command to set the system name.
[Quidway] sysname S9300-1
[S9300-1]
----End
Operation Result
After the system name is set, the prompt of the command line is changed to the system name
[S9300-1].
4.4 Setting the System Time

If the system time is set correctly, the S9300 can work with other devices normally.
Prerequisite
normally.
Data Plan
Table 4-3 Data plan
Item Data Remarks
UTC 0:0:0 2009-01-01 The S9300 supports the

settings of time zone and
daylight saving time.
Time zone z5 add 05:00:00 UTC + 5:00:00

Item Data Remarks
Daylight saving time first Sun Jan 0 first Sun Apr Starting from 2009, the UTC
4 2009 2009 time is put forward by
04:00:00 at 00:00:00 on the
first Sunday of January, and
is restored at 00:00:00 on the
first Sunday of April.
Procedure
Step 1 Set the Universal Time Coordinated (UTC).
<Quidway> clock datetime 0:0:0 2009-01-01
Step 2 Set the time zone.

<Quidway> clock timezone z5 add 05:00:00
Step 3 Set the daylight saving time.

<Quidway> clock daylight-saving-time test repeating 0 first Sun Jan 0 first Sun Apr
4 2009 2009
Step 4 To obtain clock signal from other devices on the network, you need to specify the NTP server.
[Quidway] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
----End
Operation Result
Run the display clock command to display the following information:
<Quidway> display clock
2009-01-01 05:12:07
Wednesday
Time Zone : z5 add 05:00:00
Daylight saving time :
Name : test
Repeat mode : repeat
Start year : 2009
End year : 2009
Start time : first Sunday January 00:00:00
End time : first Sunday April 00:00:00
Saving time : 04:00:00
Run the display ntp-service status command to view the NTP status of the S9300.
[Quidway] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 2.2.2.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2006(C7B15BCC.D5604189)
The clock of the S9300 is in synchronized state, the clock stratums is 3, and the clock is one
level lower than the upper NTP server.

4.5 Switching User Level

If a user logs in to the S9300 with a low user level, to obtain more operation permissions, the
user needs to switch to a high user level.
Prerequisite
Before switching to another user level, the user must enter correct switch password, which is
preset.
CAUTION
If simple is selected, the password is saved into the configuration file in plain text. A user at a
lower level then can easily obtain the switch password by viewing the configuration file. In such
a case, the network security cannot be guaranteed. Therefore, it is recommended that you select
cipher to save the password in cipher text.
If the password is in cipher text, the password cannot be retrieved from the system. Remember
well the password to avoid oblivion or miss.
Procedure
Step 2 Run the super password [ level user-level ] { simple | cipher } password command to set the
password for switching the user level.
The value of level ranges from 1 to 15, indicating the user level. The default user level is 3.
Step 3 Run the super [ level ] command to switch to another user level.
Step 4 Enter the password according to the prompt.
If the password is correct, the user level is changed.If the number of unsuccessful password
attempts reaches three, the system returns to the user view and the user level is not changed.
NOTE
If a user is switched to a higher user level through the super command, the system sends a trap and records
the event in the log. If a user is switched to a lower user level, the system only records the event in the log.
----End
4.6 Configuring the Remote Login Function

This section describes how to configure the remote login function to enable users to log in to
the S9300 and deploy services in the center equipment room.
4.6.1 Setting the Management IP Address

This section describes how to set the management IP address. To enable the S9300 to
communicate with other devices at Layer 3, you need to assign an IP address to the related
interface.

4.6.2 Configuring the Telnet Service

This section describes how to configure the Telnet service. Through the Telnet service, users
can log in to and manage the S9300 remotely.
4.6.3 Configuring the FTP Service
This section describes how to configure the S9300 as an FTP server. After an FTP server is
configured, you can upload software or configuration scripts to the FTP server.
4.6.4 Configuring the SSH Service
This section describes how to configure the SSH service. SSH is a secure remote login protocol
developed based on the Telnet protocol. Compared with Telnet, SSH is securer in terms of the
authentication methods and data transmission.
4.6.5 Configuring the ACL to Filter Access Users
This section describes how to configure the ACL to filter access users. The ACL can filter the
users logging in to the S9300.
4.6.1 Setting the Management IP Address

This section describes how to set the management IP address. To enable the S9300 to
communicate with other devices at Layer 3, you need to assign an IP address to the related
interface.
Prerequisite
normally.
Background
Figure 4-5 Typical networking of commissioning

NMS
IP Network
RouterA S9300
The S9300 connects to the Metro Ethernet through Router A. To enable the network management
station (NMS) to discover and manage the S9300, you need to assign an IP address to the Eth
interface of the S9300 and ensure that the link layer and protocol layer are in Up state.

Data Preparation
Table 4-4 Data preparation

Item Data Remarks
Interface name Ethernet0/0/0 Ethernet 0/0/0 is the Eth

interface of the S9300, so it
does not perform route
calculation.
IP address and subnet mask Depends on the network Ensure that the IP addresses
planning of the carrier. of the interfaces between the
S9300 and the connected
device are in the same
network segment.
Procedure
Step 1 Enter the interface view and set the IP address of the interface.
[Quidway] interface Ethernet0/0/0
[Quidway-Ethernet0/0/0] ip address 192.168.1.2 24
----End
Commissioning Results
Run the following command to check whether the settings are correct:
<Quidway> display interface Ethernet0/0/0
Ethernet0/0/0 current state : UP
Line protocol current state : UP
Last up time: 2009-05-31, 22:34:51
Description:HUAWEI, Quidway Series, Ethernet0/0/0 Interface
Route Port,
Internet Address is 192.168.1.2/24
Media type: twisted pair, link type: auto negotiation
loopback:none, maximal BW:100M, current BW:100M, full-duplex mode
Statistics last cleared:2009-05-31 22:34:28
Last 5 minutes input rate 552 bits/sec, 1 packets/sec
Last 5 minutes output rate 584 bits/sec, 1 packets/sec
Input: 106570 bytes, 1699 packets
Output: 85691 bytes, 1332 packets
Input:
Unicast: 1244, Multicast: 0
Broadcast: 455
CRC: 0, Overrun: 0
LongPacket: 0, Jabber: 0
Undersized Frame: 0
Output:
Unicast: 1332, Multicast: 0
Broadcast: 0
Total output error: 0, Underrun: 0
Ping the device connected to the S9300, for example, a network management server.
<Quidway> ping 192.168.1.3
PING 192.168.1.3: 56 data bytes, press CTRL_C to break

Reply from 192.168.1.3: bytes=56 Sequence=1 ttl=255 time=2 ms

--- 192.168.1.3 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/23/113 ms
4.6.2 Configuring the Telnet Service

This section describes how to configure the Telnet service. Through the Telnet service, users
can log in to and manage the S9300 remotely.
Prerequisite
The following tasks are complete and the S9300 is running normally:
l 4.2 Checking the System Information
l 4.6.1 Setting the Management IP Address
Context
This section describes only the local authentication for Telnet users.
l For the method of configuring RADIUS authentication, see the Quidway S9300 Terabit
Routing Switch Configuration Guide - Basic Configuration.
l For the method of configuring HWTACACS authentication, see the Quidway S9300
Terabit Routing Switch Configuration Guide - Security Configuration.
Data Preparation
Item Data Remarks
Maximum number of 5 -
concurrent users
Default user level 1 For details about user levels,

see "Command Levels."
User name huawei -
Password s9300 -
Specified user level 3 If the level of the user is not

specified, the login user
adopts the default user level.
(Optional) User type telnet The user types include FTP,

PPP, SSH, Telnet, and
terminal. By default, a local
user can be of any type.

Item Data Remarks
Idle-cut traffic 10 This is the criteria that

determines whether a user is
in idle state. The unit is byte.
In this example, when the
traffic volume of a user is
smaller than 10 bytes, the
user is considered to be in idle
state.
Idle-cut period 30 A user is allowed to be in idle

state within the idle-cut
period. The unit is minute. In
this example, when a user
retains the idle state for 30
minutes, the user is
disconnected.
Command Levels
The commands on the S9300 are classified into different protection levels. By default, the
command levels range from 0 to 3.
l Level 0: This is the visiting level. The level-0 commands include the network diagnosis
tools such as ping and tracert and the commands for connecting the S9300 to another device,
such as Telnet client and SSH. The level-0 commands cannot save configuration files.
l Level 1: This is the monitoring level. The level-1 commands include the system
maintenance commands, such as the display commands. The level-1 commands cannot
save configuration files.
l Level 2: This is the configuration level. The level-2 commands include the service
configuration commands, such as the routing commands and commands on each network
layer that are used to directly provide network service to users.
l Level 3: This is the management level. The level-3 commands include the system basic
running commands that support services, for example:
– Commands for the switchover of file system, FTP, TFTP, and configuration files
– Commands for controlling the slave boards
– Commands for user management
– Commands for setting command levels
– Commands for setting the system parameters
– Debugging commands
Procedure
Step 1 Set the maximum number of concurrent users.
[Quidway] user-interface maximum-vty 5
Step 2 Create a user, set the user name and password, and specify the user level.

[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher s9300
[Quidway-aaa] local-user huawei level 3
[Quidway-aaa] local-user huawei service-type telnet
[Quidway-aaa] quit
NOTE
To configure multiple users, repeat Step 2.
Step 3 Set the authentication mode, default user level, and idle-cut period.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] user privilege level 1
[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4] idle-timeout 30 10
[Quidway-ui-vty0-4] quit
----End
Run the following command to check whether the settings are correct:
<Quidway> telnet 127.0.0.1
Trying 127.0.0.1 ...
Press CTRL+K to abort
Connected to 127.0.0.1 ...
***********************************************************
* All rights reserved (2003-2009) *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
* Notice: *
* This is a private communication system. *
* Unauthorized access or use may lead to prosecution. *
***********************************************************
Login authentication
Username:huawei
Password:
Info: huawei logs in through VTY4 from 127.0.0.1.
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 1.
<Quidway>
4.6.3 Configuring the FTP Service

This section describes how to configure the S9300 as an FTP server. After an FTP server is
configured, you can upload software or configuration scripts to the FTP server.
Prerequisite

Data Preparation
Item Data Remarks
User name ftp -
Password ftp -
User path cfcard:/ Users can access this path

after logging in to the FTP
server through the FTP
protocol.
(Optional) User type ftp The user types include FTP,

PPP, SSH, Telnet, and
terminal. By default, a local
user can be of any type.
ACL number 2001 Only the basic ACL can filter

access users.
IP addresses allowed to 100.100.1.3 -

access the S9300
Procedure
Step 1 Enable the FTP function on the S9300.
[Quidway] ftp server enable
Info: Succeeded in starting the FTP server
Step 2 Create a user, set the user name and password, and specify the user path.
[Quidway] aaa
[Quidway-aaa] local-user ftp password cipher ftp
[Quidway-aaa] local-user ftp ftp-directory cfcard:/
[Quidway-aaa] local-user ftp service-type ftp
[Quidway-aaa] quit
NOTE
To configure multiple users, repeat step 2.
Step 3 Create a basic ACL.

[Quidway] acl 2001
[Quidway-acl-basic-2001] rule permit source 100.100.1.3 0
[Quidway-acl-basic-2001] rule deny source any
[Quidway-acl-basic-2001] quit
Step 4 Apply the ACL to the S9300 to filter FTP users.

[Quidway] ftp acl 2001
----End

Log in to the S9300 from a terminal through FTP. In this example, the terminal is a personal
computer.
1. Log in to the S9300 through FTP.

C:\> ftp 100.1.1.200
Trying 100.1.1.200 ...
Connected to 100.1.1.200.
220 FTP service ready.
User(100.1.1.200:(none)):ftp
331 Password required for ftp.
Enter password:
230 User logged in.
2. View the files in the user path.

ftp> dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
drwxrwxrwx 1 noone nogroup 0 May 22 11:04 log
-rwxrwxrwx 1 noone nogroup 4 May 22 09:48 snmpnotilog.txt
-rwxrwxrwx 1 noone nogroup 12579 Oct 31 2008 license-b201.txt
-rwxrwxrwx 1 noone nogroup 163730936 Jan 16 08:38 v300r003c02b670smk1.cc
-rwxrwxrwx 1 noone nogroup 66846 Jan 16 08:45 670paf.txt
226 Transfer complete.
FTP: 351 byte(s) received in 0.053 second(s) 6.62Kbyte(s)/sec.
3. Uploade a file to the S9300.

ftp> put d:\test.txt
150 Opening ASCII mode data connection for test.txt.
ftp> dir
150 Opening ASCII mode data connection for *.
drwxrwxrwx 1 noone nogroup 0 May 22 11:04 log
-rwxrwxrwx 1 noone nogroup 4 May 22 09:48 snmpnotilog.txt
-rwxrwxrwx 1 noone nogroup 12579 Oct 31 2008 license-b201.txt
-rwxrwxrwx 1 noone nogroup 163730936 Jan 16 08:38 v300r003c02b670smk1.cc
-rwxrwxrwx 1 noone nogroup 66846 Jan 16 08:45 670paf.txt
-rwxrwxrwx 1 noone nogroup 0 May 22 14:30 test.txt
FTP: 416 byte(s) received in 0.042 second(s) 9.90Kbyte(s)/sec.
4. Delete the file.

ftp> delete test.txt
250 DELE command successful.
5. Close the FTP connection.

ftp> quit
221 Server closing.
4.6.4 Configuring the SSH Service

This section describes how to configure the SSH service. SSH is a secure remote login protocol
developed based on the Telnet protocol. Compared with Telnet, SSH is securer in terms of the
authentication methods and data transmission.
Prerequisite


Data Preparation

Item Data Remarks
SSH user name client001 -
SSH user password client001 -
SSH user level 3 If the level of an SSH user is

not specified, the default user
level set in the user interface
view is assigned to the user
after login.
SSH user authentication password SSH provides two

mode authentication modes: RSA
authentication and password
authentication. This section
describes only the password
authentication.
Procedure
Step 1 Generate the local key pair.
[Quidway] rsa local-key-pair create
The key name will be: S9300-1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
....++++++++++++
..........++++++++++++
....++++++++
......................................++++++++
Step 2 Configure the VTY user interface.

[Quidway-ui-vty0-4] protocol inbound ssh
NOTE
If the login protocol is SSH, the S9300 automatically disables the Telnet function.
Step 3 Create an SSH user and set the authentication mode to password authentication.
[Quidway] ssh user client001 authentication-type password
Step 4 Set the SSH user name and password.

[Quidway] aaa
[Quidway-aaa] local-user client001 password cipher client001

[Quidway-aaa] local-user client001 level 3

[Quidway-aaa] local-user client001 service-type ssh
Step 5 Enable the STelnet function and set the service type to STelnet.
[Quidway] stelnet server enable
[Quidway] ssh user client001 service-type stelnet
----End
Log in to the S9300 through SSH. In this example, the putty program is used to log in to the
S9300.
1. As shown in the following figure, the IP address of the S9300 is 192.168.1.1 and the login
protocol is SSH.
2. Set the user name to client001 and the password to client001.

4.6.5 Configuring the ACL to Filter Access Users

This section describes how to configure the ACL to filter access users. The ACL can filter the
users logging in to the S9300.
Prerequisite
l 4.6.2 Configuring the Telnet Service
Background
The S9300 provides various methods to filter the access users, including QoS and anti-attack
functions. This section describes only the method of configuring the ACL in the user interface
view to filter access users.
The ACL configured in the user interface view can filter only the packets of access users, but
cannot filter the attack packets.

Data Preparation

Item Data Remarks
ACL number 3001 For the classification of

ACLs, see "ACL
Classification." Generally,
the access users are filtered
by the advanced ACL.
IP addresses allowed to 100.100.1.1 Generally, such IP addresses

access the S9300 100.100.1.2 are the source IP addresses of
the NMS and log host.
ACL Classification
Table 4-9 ACL classification

ACL Type Number Range Remarks
Basic ACL 2000 - 2999 A basic ACL defines rules

according to source
addresses of packets.
Advanced ACL 3000 - 3999 An advanced ACL defines

rules according to the packet
information, such as the
source IP address,
destination IP address, type
of the protocol over IP, and
protocol features (for
example, the source port and
destination port of TCP and
the type and code of ICMP).
MAC address-based ACL 4000 - 4999 A MAC address-based ACL

defines rules according to the
MAC addresses in the
received packets. It is a
special ACL.
NOTE
Only ACLs 2000-3999 or the IPv6 ACL can control the access users.
Procedure
Step 1 Create ACL rules.
[Quidway] acl 3001

[Quidway-acl-adv-3001] rule permit ip source 100.100.1.1 0

[Quidway-acl-adv-3001] rule permit ip source 100.100.1.2 0
[Quidway-acl-adv-3001] quit
Step 2 Apply the ACL rules to the user interface.

[Quidway-ui-vty0-4] acl 3001 inbound
----End
Only the device assigned an IP address can access and manage the S9300.
4.7 Configuring IP Routing

This section describes how to configure IP routing, including OSPF routing and IS-IS routing,
to implement the connectivity at Layer 3.
4.7.1 Configuring the Default Route

A default route is a type of static route. If the destination IP address of a packet does not match
any entry in the routing table, the default route is chosen.
4.7.2 Configuring OSPF
This section describes how to configure OSPF. You should deploy OSPF or IS-IS according to
the network planning.
4.7.1 Configuring the Default Route

A default route is a type of static route. If the destination IP address of a packet does not match
any entry in the routing table, the default route is chosen.
Context
In a routing table, the default route is represented by a static route destined for the network 0.0.0.0
(with the subnet mask being 0.0.0.0).
Procedure
Step 2 Run the ip route-static 0.0.0.0 0.0.0.0 10.7.46.1 command to configure the default route from
the S9300 to the next hop.
Here, 10.7.46.1 indicates the gateway address of the next hop. The default preference of the
default route is 60.
Step 3 Run the display ip routing-table command to view the configuration of the default route.
<Quidway>display ip routing-
table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 10.7.46.1 Vlanif8

10.7.46.0/24 Direct 0 0 D 10.7.46.30 Vlanif8
10.7.46.30/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif20
Step 4 Run the ping 10.7.46.1 command to check the connectivity between the S9300 and the next hop.
[Quidway]ping 10.7.46.1

0.00% packet loss
----End
4.7.2 Configuring OSPF

This section describes how to configure OSPF. You should deploy OSPF or IS-IS according to
the network planning.
Prerequisite
l 4.6 Configuring the Remote Login Function
Data Preparation
Figure 4-6 shows the networking.
On Router A, the IP address of the interface connected to the S9300 is 192.168.1.2/24.
On the S9300, the IP address of the interface connected to Router A is 192.168.1.1/24, which
resides on the same network segment with the IP address of the interface on Router A.
Figure 4-6 Networking diagram for configuring OSPF

NMS
IP Network
RouterA S9300

Item Data Remarks
Router ID The router ID of the S9300 is The router IDs should be set
0.0.0.1 and the router ID of according to the network
Router A is 0.0.0.2. planning.
OSPF process ID 1 The default process ID is 1.
Area that each interface 0 A network segment can

belongs to belong to only one OSPF
area.
Procedure
Step 1 Enable OSPF and enter the OSPF view.
# Configure Router A.
[Quidway]interface LoopBack 0
[Quidway-LoopBack0]ip address 0.0.0.2 32
[Quidway] router id 0.0.0.2
[Quidway] ospf
# Configure the S9300.

[Quidway]interface LoopBack 0
[Quidway-LoopBack0]ip address 0.0.0.1 32
[Quidway] router id 0.0.0.1
[Quidway] ospf
Step 2 Enter the view of the OSPF area that the interface belongs to and add a network segment to the
OSPF area.
NOTE
OSPF can run on an interface if the following conditions are met:
l The mask length of the IP address on the interface is equal to or longer than the length of the mask specified
in the network command.
l The primary IP address of the interface is on the network segment specified by the network command.
# Do as follows on Router A and the S9300:

[Quidway-ospf-1] area 0
[Quidway-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.0] quit
----End
Postrequisite
After the configuration, you can run the display ospf routing command to view the OSPF
routing information on the S9300.

4.8 Saving the Configuration

After the commissioning, it is recommended that you save the current configuration.
Prerequisite
The basic commissioning tasks are complete.
Data Preparation
Item Data Remarks
Name of the saved comm.cfg None

configuration file
Procedure
Step 1 Run the save [ configuration-file ] command in the user view to save the configuration.
<Quidway> save comm.cfg
Step 2 Configure the S9300 to start with this configuration file next time.
<Quidway> startup saved-configuration comm.cfg
----End

Commission Guide 5 Typical Service Commissioning
5 Typical Service Commissioning
About This Chapter
This chapter describes the typical configuration examples of the services and features supported
by the S9300.
5.1 Configuration Guide - IP Service
This document describes the configurations of the IP services of the S9300, including the basic
knowledge and configurations of secondary IP addresses, DHCP, IP performance, IP unicast
policy-based routing, UDP Helper, basic IPv6 functions, IPv6 over IPv4 tunnels, IPv4 over IPv6
tunnels, and IP sessions. By reading this document, you can learn the concepts and configuration
procedures of IP services.
5.2 Configuration Guide - IP Routing
This document describes the IP routing features of the S9300, including static routes, routing
protocols (RIP, RIPng, OSPF, OSPFv3, IS-IS, BGP4+, MBGP and BGP), and routing policies.
The document provides the configuration procedures and configuration examples of the IP
routing features.
5.3 Configuration Guide - Network Management
This document describes the configuration procedures and configuration examples of the SNMP,
RMON,NTP, LLDP, NQA, NetStream and Ping and Tracert features on the S9300. The
document provides guides to configure the network management functions of the S9300.
5.4 Configuration Guide - Ethernet
This document describes the configuration of Ethernet services on the S9300, including the
configurations of Ethernet interfaces, link aggregation, VLAN, Voice VLAN, VLAN mapping,
QinQ, MAC address table, ARP, MSTP, BPDU tunnel, HVRP, and LDT.
5.5 Configuration Guide - Multicast
This document describes the multicast service supported by the S9300, including basic
knowledge, protocol implementation, configuration procedures, and configuration examples.
5.6 Configuration Guide - Reliability
This document describes the configuration of BFD, DLDP, smart link, RRPP, VRRP, VRRP6,
Ethernet OAM, hot backup, and active/standby switchover to ensure reliability of Ethernet
services on the S9300.
5.7 Configuration Guide - QoS
This document describes QoS features of the S9300 including class-based QoS, traffic policing,
traffic shaping, congestion avoidance, and congestion management from function introduction,

5 Typical Service Commissioning Commission Guide
configuration methods, maintenance and configuration examples. This document guides you
through the configuration and the applicable environment of QoS.
5.8 Configuration Guide - Security
This document describes security features of the S9300 including AAA and user management,
Network Access Control (NAC), DHCP snooping, ARP security, IP source guard, IP source
trail, Unicast Reverse Path Forwarding (URPF), local attack defense, PPPoE+, MAC-forced
forwarding (MFF), interface security, traffic suppression, and ACL from aspects of function
introduction, configuration methods, maintenance, and configuration examples.
5.9 Configuration Guide - MPLS
This document describes MPLS configurations supported by theS9300, including the principle
and configuration procedures of static LSPs, MPLS LDP, MPLS TE, and MPLS common
features, and provides configuration examples. In the appendix, terms and abbreviations of
MPLS are listed.
5.10 Configuration Guide - VPN
This document describes the principles, configuration procedures, and configuration examples
of VPN tunnel management, GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3,
VPLS, VPLS Convergence.

5.1 Configuration Guide - IP Service

This document describes the configurations of the IP services of the S9300, including the basic
knowledge and configurations of secondary IP addresses, DHCP, IP performance, IP unicast
policy-based routing, UDP Helper, basic IPv6 functions, IPv6 over IPv4 tunnels, IPv4 over IPv6
tunnels, and IP sessions. By reading this document, you can learn the concepts and configuration
procedures of IP services.
5.1.1 ARP Configuration
This chapter describes the principle of the Address Resolution Protocol (ARP), and provides
configuration procedures and examples of ARP.
5.1.2 DHCP Configuration
This chapter describes the principle of the Dynamic Host Configuration Protocol (DHCP), and
provides configuration procedures and examples of DHCP.
5.1.3 IP Performance Configuration
This chapter describes the basic concepts of IP performance, and provides configuration
procedures and examples of IP performance.
5.1.4 IP Unicast PBR Configuration
This chapter describes the principle of IP unicast policy-based routing (PBR), and provides
configuration procedures and examples of IP unicast PBR.
5.1.5 UDP Helper Configuration
This chapter describes the principle of UDP helper, and provides configuration procedures and
examples of UDP helper.
5.1.1 ARP Configuration

This chapter describes the principle of the Address Resolution Protocol (ARP), and provides
configuration procedures and examples of ARP.
Example for Configuring ARP
Networking Requirements
As shown in Figure 5-1, GE 1/0/1 of the S9300 is connected to the host through the LAN switch
(LSW); GE 1/0/2 is connected to the server through the router. It is required that:
l GE 1/0/1 should be added to VLAN 2, and GE 1/0/2 should be added to VLAN 3.
l To adapt to fast changes of the network and ensure correct forwarding of packets, dynamic
ARP parameters should be set on VLANIF 2 of the S9300.
l To ensure the security of the server and prevent invalid ARP packets, a static ARP entry
should be created on GE 1/0/2 of the S9300, with the IP address of the router being 10.2.2.3
and the MAC address being 00e0-fc01-0000.

Figure 5-1 Networking diagram for configuring ARP
Internet Server
Router
GE1/0/2
S9300
GE1/0/1
PC LSW
PC
PC
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN and add an interface to the VLAN.
2. Set dynamic ARP parameters on a VLANIF interface at the user side.
3. Create a static ARP entry.
Data Preparation
To complete the configuration, you need the following data:
l GE 1/0/1 added to VLAN 2 and GE 1/0/2 added to VLAN 3
l VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging
time of ARP entries being 60s, and number of detection times being 2
l LSW with the IP address being 2.2.2.1 and subnet mask being 255.255.255.0
l Interface connecting the router and the S9300, with the IP address being 10.2.2.3, subnet
mask being 255.255.255.0, and MAC address being 00e0-fc01-0000
Procedure
Step 1 Create a VLAN and add an interface to the VLAN.
# Create VLAN 2 and VLAN 3.
[Quidway] vlan batch 2 3
# Add GE 1/0/0 to VLAN 2 and add GE 1/0/2 to VLAN 3.

[Quidway] interface gigabitethernet 1/0/1

[Quidway-GigabitEthernet1/0/1] port hybrid tagged vlan 2
[Quidway-GigabitEthernet1/0/1] quit
[Quidway-GigabitEthernet1/0/2] port hybrid tagged vlan 3
Step 2 Set dynamic ARP parameters on a VLANIF interface.

# Create VLANIF2.
[Quidway] interface vlanif 2
# Assign an IP address to VLANIF 2.

[Quidway-Vlanif2] ip address 2.2.2.2 255.255.255.0
# Set the aging time of ARP entries to 60s.

[Quidway-Vlanif2] arp expire-time 60
# Set the number of detection times before deleting ARP entries to 2.

[Quidway-Vlanif2] arp detect-times 2
[Quidway-Vlanif2] quit
Step 3 Create a static ARP entry.

# Create VLANIF 3.

# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN ID
3, and outgoing interface GE 1/0/2.
[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 1/0/2
[Quidway] quit
Step 4 Verify the configuration.

# Run the display current-configuration command. You can view the aging time of ARP
entries, the number of detection times before deleting ARP entries, and the ARP mapping table.
<Quidway> display current-configuration | include arp
arp expire-time 60
arp detect-times 2
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2
----End
Configuration Files
The following is the configuration file of the S9300.
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 2.2.2.2 255.255.255.0
arp expire-time 60
arp detect-times 2

#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet 1/0/1
port hybrid tagged vlan 2
#
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2
#
return
Example for Configuring Routed Proxy ARP
As shown in Figure 5-2, GE 1/0/0 and GE 1/0/1 of the S9300 are connected to a LAN
respectively, and the network IDs of the two LANs are 172.16.0.0/16. Host A and Host B are
not configured with the default gateway. It is required that routed proxy ARP should be enabled
on the S9300 so that hosts in the two LANs can communicate.
Figure 5-2 Networking diagram for configuring routed proxy ARP

Host A Host B
172.16.1.2/16 172.16.2.2/16
0000-5e33-ee20 0000-5e33-ee10
GE1/0/0 GE1/0/1
172.16.1.1/24 172.16.2.1/24
00e0-fc39-80aa 00e0-fc39-80bb
VLAN 2 VLAN 3
S9300 A
Ethernet A Ethernet B
1. Assign an IP Address to an interface.

2. Enable routed proxy ARP on the interface.
3. Configure the default route.
Data Preparation
l IP addresses of the interfaces

l Default route

l IP addresses of the hosts
Procedure
Step 1 Create VLAN 2 and add GE 1/0/0 to VLAN 2.
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway-GigabitEthernet1/0/0] port link-type access
[Quidway-GigabitEthernet1/0/0] port default vlan 2
Step 2 Create and configure VLANIF 2.

Step 3 Enable routed proxy ARP on VLANIF 2.

[Quidway-Vlanif2] arp-proxy enable
Step 4 Create VLAN 3 and add GE 1/0/1 to VLAN 3.

[Quidway] vlan 3

Step 6 Enable routed proxy ARP on VLANIF 3.

Step 7 Configure the hosts.

# Assign IP address 172.16.1.2/16 to Host A.
# Assign IP address 172.16.2.2/16 to Host B.
# Ping Host B from Host A. The ping operation is successful.
# Check the ARP table of Host A, and you can view that the MAC address corresponding to
Host B is the MAC address of GE 1/0/0 on S9300-A.
C:\Documents and Settings\Administrator>arp -a
Interface: 172.16.1.2 --- 0x2
Internet Address Physical Address Type
172.16.1.1 00e0-fc39-80aa dynamic
----End
Configuration Files
Configuration file of the S9300
#
sysname Quidway

#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface GigabitEthernet1/0/0
port link-type access
port default vlan 2
#
port default vlan 3
#
return
Example for Configuring Intra-VLAN Proxy ARP
As shown in Figure 5-3, GE 1/0/1 and GE 1/0/0 of the S9300 belong to sub-VLAN 2. Sub-
VLAN 2 belong to super-VLAN 3. It is required that:
l Host A and host B in VLAN 2 should be isolated at Layer 2.
l Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.
The IP address and subnet mask of the VLANIF interface in super-VLAN 3 should be 10.10.10.1
and 255.255.255.0.
Figure 5-3 Networking diagram for configuring intra-VLAN proxy ARP
Internet
S9300
GE1/0/1 GE1/0/0
hostB hostA
10.10.10.3/24 10.10.10.2/24
00-e0-fc-00-00-03 00-e0-fc-00-00-02
sub-VLAN2

1. Create and configure a super-VLAN and a sub-VLAN.

2. Add an interface to the sub-VLAN.
3. Create a VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.
4. Enable intra-VLAN proxy ARP on the VLANIF interface of the super-VLAN.
Data Preparation
l VLAN IDs of the super-VLAN and sub-VLAN

l GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2
l IP address and subnet mask of VLANIF 3 of super-VLAN 3 being 10.10.10.1 and
255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN.
# Configure sub-VLAN 2.
[Quidway] vlan 2
# Enable port isolation on GE 1/0/0 and GE 1/0/1.

[Quidway-GigabitEthernet1/0/0] port-isolate enable
[Quidway-GigabitEthernet1/0/1] port-isolate enable
# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.

# Configure super-VLAN 3 and add sub-VLAN 2 to super-VLAN 3.

[Quidway] vlan 3
[Quidway-vlan3] aggregate-vlan
[Quidway-vlan3] access-vlan 2
# Create VLANIF 3.

[Quidway-Vlanif3] ip address 10.10.10.1 24
Step 3 Enable intra-VLAN proxy ARP on VLANIF 3.

[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable

# Run the display current-configuration command. You can view the configurations of the
super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following
configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
------------------------------------------------------------------------------
10.10.10.1 0018-2000-0083 I - Vlanif3
10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0
2/-
10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1
2/-
------------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1
----End
Configuration Files
The following lists the configuration file of the S9300.
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
port default vlan 2
port-isolate enable
#
port default vlan 2
port-isolate enable
#
return
Example for Configuring Inter-VLAN Proxy ARP
As shown in Figure 5-4, VLAN 2 and VLAN 3 constitute super-VLAN 4. It is required that:
l Hosts in the sub-VLANs 2 and 3 should not be pinged mutually.

l Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP
is enabled.
Figure 5-4 Networking diagram for configuring inter-VLAN proxy ARP

S9300
VLAN2 VLAN3
VLAN4
VLAN2 VLAN3
1. Configure a super-VLAN and a sub-VLAN.
2. Add an interface to the sub-VLAN.
3. Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.
4. Enable inter-VLAN proxy ARP.
Data Preparation
l VLAN IDs of the super-VLAN and sub-VLAN
l IP address and subnet mask of VLANIF 4 in super-VLAN 4 being 10.10.10.1 and
255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN.
[Quidway] vlan 2

# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.

[Quidway] vlan 3
# Add GE2/0/0 and GE2/0/1 to sub-VLAN 3.

# Configure super-VLAN 4 and add sub-VLAN 2 to super-VLAN 4.

[Quidway] vlan 4

# Create VLANIF 4.

Step 3 Enable inter-VLAN proxy ARP on VLANIF 4.

[Quidway-Vlanif4] arp-proxy inter-sub-vlan-proxy enable

# Run the display current-configuration command. You can view the configurations of the
super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following
configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
VLAN/CEVLAN
------------------------------------------------------------------------------
10.10.10.1 0018-2000-0083 I - Vlanif4
10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0
2/-
10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1
2/-
10.10.10.4 00e0-fc00-0004 19 D-0 GE2/0/0
3/-
10.10.10.5 00e0-fc00-0005 19 D-0 GE2/0/1
3/-

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
port default vlan 2
#
port default vlan 2
#
port default vlan 3
#
port default vlan 3
#
return
Example for Configuring Layer 2 Topology Detection
As shown in Figure 5-5, two GE interfaces are added to VLAN 100 in default mode and the IP
addresses of the two GE interfaces are shown in the figure.
Figure 5-5 Networking diagram for configuring Layer 2 topology detection
S9300
VLANIF100
10.1.1.2/24
PC A PC B
10.1.1.1/24 VLAN100 10.1.1.3/24

1. Add two GE interfaces to VLAN 100 in default mode.
2. Enable Layer 2 topology detection and view changes of ARP entries.
Data Preparation
l Types and numbers of the interfaces to be added to a VLAN
l IP addresses of the VLANIF interface and the PCs
Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the S9300 to VLAN 100 in default mode.
# Create VLANIF 100 and assign an IP addresses to VLANIF 100.
[Quidway] vlan 100
[Quidway-vlanif100] ip address 10.1.1.2 24
[Quidway-vlanif100] quit
# Add the two GE interfaces to VLAN 100 in default mode.

Step 2 # Enable Layer 2 topology detection.

[Quidway] l2-topology detect enable
Step 3 Restart GE 1/0/1 and view changes of the ARP entries and aging time.
# View ARP entries on the S9300. You can find that the S9300 has learnt the MAC address of
the PC.
[Quidway] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I - Vlanif100
10.1.1.1 00e0-c01a-4901 20 DF6 GE1/0/1
100/-
10.1.1.3 00e0-de24-bf04 20 DF6 GE1/0/2
100/-
-----------------------------------------------------------------------------
# Run the shutdown command and then the undoshutdown command on GE 1/0/1 to view the
aging time of ARP entries.


[Quidway-GigabitEthernet1/0/1] shutdown
[Quidway-GigabitEthernet1/0/1] undo shutdown
[Quidway-GigabitEthernet1/0/1] display arp all
VLAN/CEVLAN PVC
----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I -
Vlanif100
10.1.1.3 00e0-de24-bf04 0 DF6 GE1/0/2
100/-
------------------------------------------------------------------------------
NOTE
According to the displayed information, the ARP entry learned from GE 1/0/1 is deleted after GE 1/0/1 is
shut down. The aging time of ARP entries learned from GE 1/0/2 becomes 0 after GE1/0/1 is restored and
becomes Up again. When the aging time is 0, the S9300 sends an ARP probe packet for updating ARP
entries.
[Quidway-GigabitEthernet1/0/1] display arp all
VLAN/CEVLAN PVC
----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I -
Vlanif100
10.1.1.3 00e0-de24-bf04 20 DF6 GE1/0/2
100/-
----------------------------------------------------------------------------
NOTE
After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.
----End
Configuration Files
Configuration file of the Quidway
#
sysname Quidway
#
L2-topolgy detect enable
#
vlan 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
port default vlan 100
#
#
return
5.1.2 DHCP Configuration

This chapter describes the principle of the Dynamic Host Configuration Protocol (DHCP), and
provides configuration procedures and examples of DHCP.

Example for Configuring the DHCP Relay Agent
As shown in Figure 5-6, the DHCP client is on the network segment 20.20.20.0/24, whereas
the DHCP server is on the network segment of 10.10.10.0/24. DHCP messages need to be sent
by the S9300 enabled with DHCP relay so that the DHCP client can apply for the configuration
including an IP address from the DHCP server.
The DHCP server needs to be configured with an IP address pool of the network segment
20.20.20.0/24 and the route from the DHCP server to the network segment 20.20.20.0/24 is
reachable.
Figure 5-6 Networking diagram for configuring the DHCP relay agent
DHCP Server A
Internet 100.10.10.1/24
DHCP Server B
100.10.10.2/24
DHCP Relay S9300

VLANIF100
GE1/0/0
20.20.20.1/24
DHCP DHCP DHCP

Client Client Client
VLAN100
1. Create a DHCP server group and add DHCP servers to the DHCP server group.
2. Enable DHCP relay on the VLANIF interface.
3. Bind a VLANIF interface to a specified DHCP server group.
Data Preparation
l Name of the DHCP server group
l IP address of the DHCP server in the DHCP server group

l Number and IP address of the interface enabled with DHCP relay
Procedure
Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group.
# Create a DHCP server group.

[Quidway] dhcp server group dhcpgroup1
# Add DHCP servers to the DHCP server group.

[Quidway-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1
[Quidway-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.2
[Quidway-dhcp-server-group-dhcpgroup1] quit
Step 2 Enable DHCP relay on the VLANIF interface.
# Create a VLAN and add GE 1/0/0 to the VLAN.

[Quidway] vlan 100
[Quidway-Vlan100] quit
# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.
[Quidway] dhcp enable
[Quidway-Vlanif100] dhcp select relay
Step 3 Bind a VLANIF interface to a specified DHCP server group.
# Assign an IP address to the VLANIF interface.

# Bind the VLANIF interface to a specified DHCP server group.

[Quidway-Vlanif100] dhcp relay server-select dhcpgroup1
Step 4 Configure the DHCP server.
Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route
from the DHCP server to the S9300. Ensure that the route between the DHCP server and network
segment 20.20.20.0/24 is reachable.
NOTE
For the configuration of the DHCP server, see the configuration guide of the server.
Run the display dhcp relay command on the S9300. You can view the configuration of DHCP
relay enabled on the interface.
[Quidway] display dhcp relay interface vlanif 100
** Vlanif100 DHCP Relay Configuration **
DHCP server group name : dhcpgroup1

DHCP server IP [0 ] : 100.10.10.1

DHCP server IP [1 ] : 100.10.10.2
----End
Configuration Files
#
sysname Quidway
#
vlan 100
#
dhcp enable
#
dhcp server group dhcpgroup1
dhcp-server 100.10.10.1
dhcp-server 100.10.10.2
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
#
return
5.1.3 IP Performance Configuration

This chapter describes the basic concepts of IP performance, and provides configuration
procedures and examples of IP performance.
Example for Disabling the Sending of ICMP Redirection Packets
As shown in Figure 5-7, to limit the sending of ICMP redirection packets, S9300-A, S9300-B,
and S9300-C are required and these devices are connected through their GE interfaces.

Figure 5-7 Networking diagram for disabling the sending of ICMP redirection packets
S9300-A
VLANIF10
GE1/0/0
1.1.1.1/24
Internet
VLANIF10 VLANIF10
2.2.2.2/24 1.1.1.2/24
GE1/0/0 GE1/0/0
S9300-C S9300-B
1. Assign IP addresses to interfaces on routing devices.

2. Configure static routes to indirectly connected devices.
3. Disable the sending of ICMP redirection packets on an interface.
Data Preparation
l Static routes to indirectly connected devices

l IP address of the interface
Procedure
Step 1 Assign IP addresses to VLANIF interfaces.
# Configure S9300-A.
[Quidway] sysname S9300-A
[S9300-A] vlan 10
[S9300-A-Vlan10] quit
[S9300-A] interface gigabitethernet 1/0/0
[S9300-A-GigabitEthernet1/0/0] port hybrid tagged vlan 10
[S9300-A-GigabitEthernet1/0/0] quit
[S9300-A] interface vlanif 10
[S9300-A-Vlanif10] ip address 1.1.1.1 24
[S9300-A-Vlanif10] quit
# Configure S9300-B.

[Quidway] sysname S9300-B
[S9300-B] vlan 10
[S9300-B-Vlan10] quit
[S9300-B] interface gigabitethernet 1/0/0
[S9300-B-GigabitEthernet1/0/0] port hybrid tagged vlan 10
[S9300-B-GigabitEthernet1/0/0] quit
[S9300-B] interface vlanif 10
[S9300-B-Vlanif10] ip address 1.1.1.2 24
[S9300-B-Vlanif10] quit
# Configure S9300-C.
[Quidway] sysname S9300-C
[S9300-C] vlan 10
[S9300-C-Vlan10] quit
[S9300-C] interface gigabitethernet 1/0/0
[S9300-C-GigabitEthernet1/0/0] port hybrid tagged vlan 10
[S9300-C-GigabitEthernet1/0/0] quit
[S9300-C] interface vlanif 10
[S9300-C-Vlanif10] ip address 2.2.2.2 24
[S9300-C-Vlanif10] quit
Step 2 Configure static routes.
[S9300-A] ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
[S9300-B] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
Step 3 Disable the sending of ICMP redirection packets on VLANIF 10 of S9300-B.

[S9300-B-Vlanif10] undo icmp redirect send
# Debug ICMP packets on S9300-B.

<S9300-B> debugging ip icmp
# Run the ping command on S9300-A. You can view that S9300-B does not send host redirection
packets. No ICMP redirection packet is displayed in the output of the debugging command.
[S9300-A] ping 2.2.2.2

0.00% packet loss
----End
Configuration Files
l Configuration file of S9300-A

#
sysname S9300-A
#
vlan batch 10
#
interface vlanif 10
ip address 1.1.1.1 255.255.255.0
#
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
l Configuration file of S9300-B

#
sysname S9300-B
#
vlan batch 10
#
interface vlanif 10
ip address 1.1.1.2 255.255.255.0
undo icmp redirect send
#
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
#
return
l Configuration file of S9300-C

#
sysname S9300-C
#
interface vlanif 10
ip address 2.2.2.2 255.255.255.0
#
#
return
Example for Disabling the Sending of ICMP Host Unreachable Packets
As shown in Figure 5-8, to limit the sending of ICMP redirection packets, S9300-A, S9300-B,
and S9300-C are required and these devices are connected through their GE interfaces.

Figure 5-8 Networking diagram for disabling the sending of ICMP host unreachable packets
VLANIF11 VLANIF11
2.2.2.2/24 2.2.2.1/24
S9300-B
GE1/0/1 GE1/0/1
S9300-C GE1/0/0 VLANIF10
1.1.1.2/24
VLANIF10
GE1/0/0 1.1.1.1/24
S9300-A
1. Assign IP addresses to interfaces on S9300s.
2. Configure static routes to indirectly connected devices.
3. Enable the sending of ICMP host unreachable packets in the system view.
4. Enable the sending of ICMP host unreachable packets in the interface view.
NOTE
By default, the sending of ICMP host unreachable packets is enabled on the system view and on the
interface view. If the configuration is not changed, you can skip this configuration.
Data Preparation
l Static routes to indirectly connected devices
l IP address of the interface
Procedure
Step 1 Configure S9300-A.
[S9300-A] vlan 10
[S9300-A-GigabitEthernet1/0/0] port hybrid tagged vlan 10
# Configure a static route on S9300-A.

[S9300-A] ip route-static 2.2.2.0 24 1.1.1.2
Step 2 Configure S9300-B.

# Disable the sending of ICMP host unreachable packets on S9300-B and assign an IP address
to VLANIF 10.
[S9300-B] icmp host-unreachable send
[S9300-B] vlan 10
[S9300-B] vlan 11
[S9300-B-Vlanif11] icmp host-unreachable send
Step 3 Configure S9300-C.

# Assign an IP address to VLANIF 11 on S9300-C.
[S9300-C] vlan 11
[S9300-C-Vlan11] quit
[S9300-C-GigabitEthernet1/0/1] port hybrid tagged vlan 11

# Debug ICMP packets on S9300-A.
<S9300-A> debugging ip icmp
<S9300-A> terminal monitor
<S9300-A> terminal debugging
# Run the ping 2.2.2.3 command on S9300-A. According to the received packet captured by the
tester on S9300-A, S9300-B sends host unreachable packets.
[S9300-A] ping 2.2.2.3
----End
Configuration Files
#
sysname S9300-A
#
vlan 10
#
interface vlanif 10

ip address 1.1.1.1 255.255.255.0

#
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return

#
sysname S9300-B
#
vlan batch 10 to 11
#
interface vlanif 10
ip address 1.1.1.2 255.255.255.0
#
interface vlanif 11
ip address 2.2.2.1 255.255.255.0
#
#
#
return

#
sysname S9300-C
#
vlan 11
#
interface vlanif 11
ip address 2.2.2.2 255.255.255.0
#
#
return
5.1.4 IP Unicast PBR Configuration

This chapter describes the principle of IP unicast policy-based routing (PBR), and provides
configuration procedures and examples of IP unicast PBR.
Example for Configuring PBR Based on the Protocol Type
As shown in Figure 5-9, a policy-based route named aaa is defined. All TCP packets sent from
S9300A are sent through VLANIF 11, whereas other packets are still forwarded according to
the routing table. S9300A is directly connected to S9300B and S9300C. The route between
S9300B and S9300C is unreachable.

Figure 5-9 Networking diagram for configuring PBR based on the protocol type
GE1/0/0 GE1/0/0 S9300 B
VLANIF11 VLANIF11
1.1.2.1/24 1.1.2.2/24
Internet
GE2/0/0 GE2/0/0
VLANIF12 VLANIF12
1.1.3.1/24 1.1.3.2/24
S9300 A S9300 C
1. Define an ACL.
2. Define matching rules and actions for PBR.
3. Enable local PBR.
Data Preparation
l ACL rules and numbers
l Name of the policy-based route
l outgoing interface or next hop address used when actions defined in the policy-based route
are performed
Procedure
Step 1 Configure S9300A.
# Create a VLAN and add interfaces to the VLAN.
[Quidway] sysname S9300A
[S9300A] vlan batch 11 12
[S9300A] interface vlanif 11
[S9300A-Vlanif11] ip address 1.1.2.1 255.255.255.0
[S9300A-Vlanif11] quit
[S9300A] interface gigabitethernet 1/0/0
[S9300A-GigabitEthernet1/0/0] port hybrid tagged vlan 11
[S9300A-GigabitEthernet1/0/0] quit
# Define an ACL, and use ACL 3001 to match TCP packets and ACL 3002 to match IP packets.
[S9300A] acl number 3001

[S9300A-acl-adv-3001] rule permit tcp
[S9300A-acl-adv-3001] quit

[S9300A] acl number 3002

[S9300A-acl-adv-3002] rule permit ip
[S9300A-acl-adv-3002] quit
# Define node 5 so that TCP packets are sent to the next hop 1.1.2.2.
[S9300A] policy-based-route aaa permit node 5
[S9300A-policy-based-route-aaa-5] if-match acl 3001
[S9300A-policy-based-route-aaa-5] apply ip-address next-hop 1.1.2.2
[S9300A-policy-based-route-aaa-5] quit
# Define node 10 so that other IP packets are not forwarded through the policy-based route.
[S9300A] policy-based-route aaa deny node 10
[S9300A-policy-based-route-aaa-10] if-match acl 3002
[S9300A-policy-based-route-aaa-10] quit
# Apply policy aaa on S9300A.

[S9300A] ip local policy-based-route aaa
Step 2 Configure S9300B.

[Quidway] sysname S9300B
[S9300B] vlan 11
[S9300B-Vlan11] quit
[S9300B] interface vlanif 11
[S9300B-Vlanif11] ip address 1.1.2.2 255.255.255.0
[S9300B-Vlanif11] quit
[S9300B] interface gigabitethernet 1/0/0
[S9300B-GigabitEthernet1/0/0] port hybrid tagged vlan 11
[S9300B-GigabitEthernet1/0/0] quit
Step 3 Configure S9300C.

[Quidway] sysname S9300C
[S9300C] vlan 12
[S9300C-Vlan12] quit
[S9300C] interface vlanif 12
[S9300C-Vlanif12] ip address 1.1.3.2 255.255.255.0
[S9300C-Vlanif12] quit
[S9300C] interface gigabitethernet 2/0/0
[S9300C-GigabitEthernet2/0/0] port hybrid tagged vlan 12
[S9300C-GigabitEthernet2/0/0] quit

# Establish a Telnet connection with S9300B (1.1.2.2/24) on S9300A, and the connection
succeeds.
<S9300A> telnet 1.1.2.2
Trying 1.1.2.2 ...
***********************************************************
* All rights reserved (2000-2010) *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
* Notice: *
* This is a private communication system. *
* Unauthorized access or use may lead to prosecution. *
***********************************************************
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 1.
<S9300B>

# Establish a Telnet connection with S9300C (1.1.3.2/24) on S9300A, and the connection fails.
<S9300A> telnet 1.1.3.2
Trying 1.1.3.2 ...
Error: Failed to connect to the remote host.
TCP is used for establishing a Telnet connection. The preceding results indicate that all the TCP
packets are forwarded to the next hop 1.1.2.2, and PBR is set successfully.
----End
Configuration Files
l Configuration file of S9300A
#
sysname S9300A
#
vlan batch 11 to 12
#
acl number 3001
rule 5 permit tcp
#
acl number 3002
rule 5 permit ip
#
interface Vlanif11
ip address 1.1.2.1 255.255.255.0
#
interface Vlanif12
ip address 1.1.3.1 255.255.255.0
#
#
#
ip local policy-based-route aaa
#
policy-based-route aaa permit node 5
if-match acl 3001
apply ip-address next-hop 1.1.2.2
policy-based-route aaa deny node 10
if-match acl 3002
#
return
l Configuration file of S9300B

#
sysname S9300B
#
interface vlanif 11
ip address 1.1.2.2 255.255.255.0
#
#
return
l Configuration file of S9300C

#
sysname S9300C
#
interface vlanif 12
ip address 1.1.3.2 255.255.255.0
#


#
return
Example for Configuring PBR Based on the Packet Length
As shown in Figure 5-10, PBR is used on S9300A.
l Set the next hop address 150.1.1.2 for packets of 64 to 1400 bytes.
l Set the next hop address 151.1.1.2 for packets of 1401 to 1500 bytes.
l Other packets are forwarded according to the destination address.
Figure 5-10 Networking diagram for configuring PBR based on the packet length
64-1400bytes
S9300A VLANIF10 VLANIF10 S9300B

150.1.1.1/24 150.1.1.2/24
VLANIF11 VLANIF11
151.1.1.1/24 151.1.1.2/24
1401-1500bytes LoopBack0
10.1.1.1/24
1. Assign an IP address to each interface.
2. Configure the dynamic routing protocol. Here, the Routing Information Protocol (RIP) is
used.
3. Configure PBR, including matching rules and actions.
Data Preparation
l IP address and subnet mask of the interface
l Network segment used by the dynamic routing protocol
l Packet length in matching rules of PBR, and next hop or outgoing interface when actions
are performed
Procedure

# Assign an IP address to each interface.

[S9300A] vlan batch 10 to 11
# Configure RIP.
[S9300A] rip
[S9300A-rip-1] network 150.1.0.0
[S9300A-rip-1] network 151.1.0.0
[S9300A-rip-1] quit
# Configure a policy-based route named policy1.

[S9300A] policy-based-route policy1 permit node 10
[S9300A-policy-based-route-policy1-10] if-match packet-length 64 1400
[S9300A-policy-based-route-policy1-10] apply ip-address next-hop 150.1.1.2
[S9300A-policy-based-route-policy1-10] quit
[S9300A] policy-based-route lab1 permit node 20
[S9300A-policy-based-route-policy1-20] if-match packet-length 1401 1500
[S9300A-policy-based-route-policy1-20] apply ip-address next-hop 151.1.1.2
[S9300A-policy-based-route-policy1-20] quit
# Enable PBR.
[S9300A] ip local policy-based-route policy1

[S9300B] vlan batch 10 11
[S9300B] rip
[S9300B-rip-1] network 10.0.0.0
[S9300B-rip-1] network 150.1.0.0
[S9300B-rip-1] network 151.1.0.0
[S9300B-rip-1] quit

# Run the debugging ip policy-based-route command on S9300A to monitor the policy-based
route.
<S9300A> debugging ip policy-based-route
<S9300A> terminal debugging
<S9300A> terminal monitor

# Ping Loopback 0 of S9300B from S9300A and set the data length of packets to 80 bytes.
C:\> ping -l 80 10.1.1.1
Pinging 10.1.1.1 with 80 bytes of data:
Reply from 10.1.1.1: bytes=80 time<6ms TTL=255

Ping statistics for 10.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 18ms, Average = 8ms
# The following information about PBR is displayed on S9300A:

*0.3417920 S9300A PBR/7/POLICY-ROUTING:IP Policy routing success : next-hop :
150.1.1.2
150.1.1.2
150.1.1.2
150.1.1.2
# According to the preceding information about PBR, S9300A sends the received packets
through VLANIF 10 according to the next hop 150.1.1.2 determined by the policy-based route.
# Ping Loopback 0 of S9300B from S9300A and set the data length of packets to 1450 bytes.
C:\> ping -l 1450 10.1.1.1
Pinging 10.1.1.1 with 1450 bytes of data:

Ping statistics for 10.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 1408ms, Average = 44ms
# The following information about PBR is displayed on S9300A:

151.1.1.2
151.1.1.2
151.1.1.2
151.1.1.2
# According to the preceding information about PBR, S9300A sends the received packets
through VLANIF 11 according to the next hop 151.1.1.2 determined by the policy-based route.
----End
Configuration Files
#
sysname S9300A
#
ip local policy-based-route policy1

#
vlan batch 10 to 11
#
interface Vlanif10
ip address 150.1.1.1 255.255.255.0
#
interface Vlanif11
ip address 151.1.1.1 255.255.255.0
#
#
#
rip 1
network 150.1.0.0
network 151.1.0.0
#
policy-based-route policy1 permit node 10
if-match packet-length 64 1400
policy-based-route lab1 permit node 20
if-match packet-length 1401 1500
#
return

#
sysname S9300B
#
vlan batch 10 to 11
#
interface Vlanif10
ip address 150.1.1.2 255.255.255.0
#
interface Vlanif11
ip address 151.1.1.2 255.255.255.0
#
#
#
rip 1
network 10.0.0.0
network 150.1.0.0
network 151.1.0.0
#
return
5.1.5 UDP Helper Configuration

This chapter describes the principle of UDP helper, and provides configuration procedures and
examples of UDP helper.
Example for Configuring UDP Helper
As shown in Figure 5-11, the IP address of VLANIF 100 on the S9300 is 10.110.1.1/16; the IP
address of the NetBIOS-NS name server is 10.2.1.1/16. The S9300 and the NetBIOS-NS name

server are on different network segments, but the route between the S9300 and the NetBIOS-
NS name server is reachable.
The S9300 is configured to forward broadcast packets with the destination UDP port number as
137 and the destination IP address as 255.255.255.255 and broadcast packets with the the
destination IP address as 10.110.255.255 to the NetBIOS-NS name server.
When receiving broadcast packets of NetBIOS-NS Register, the S9300 changes the packets
whose destination IP address is the IP address of the NetBIOS-NS name server. Then, the
S9300 forwards the packets to the specified NetBIOS-NS name server.
Figure 5-11 Networking diagram for configuring UDP helper
Internet
NETBIOS-NS
Name Server
S9300 10.2.1.1/16
VLANIF100
10.110.1.1/16
PC1 PC2
1. Enable the UDP helper function on the S9300.

2. After the UDP helper function is enabled on the S9300, the S9300 forwards broadcast
packets with the destination UDP port as 137 by default. The UDP port number, therefore,
does not need to be configured here.
3. Create a VLAN, assign the IP address and configure the destination server to which packets
of UDP ports are forwarded on the VLANIF interface..
Data Preparation
l VLANIF interface of the destination server to which packets of UDP ports are forwarded
l IP address of the destination server

Procedure
Step 1 Enable the UDP helper function.
[Quidway] udp-helper enable
Step 2 Configure the destination server to which packets of UDP ports are forwarded.
[Quidway] vlan 100
[Quidway-Vlanif100] udp-helper server 10.2.1.1
[Quidway] quit

The destination server to which packets of UDP ports are forwarded on VLANIF 100 is the
NetBIOS-NS name server.
<Quidway> display udp-helper server interface Vlanif 100
vlan-interface Server-Ip packet-num
Vlanif100 10.2.1.1 0
----End
Configuration Files
#
sysname Quidway
#
vlan batch 100
#
udp-helper enable
#
interface Vlanif100
ip address 10.110.1.1 255.255.0.0
udp-helper server 10.2.1.1
#
return
5.2 Configuration Guide - IP Routing

This document describes the IP routing features of the S9300, including static routes, routing
protocols (RIP, RIPng, OSPF, OSPFv3, IS-IS, BGP4+, MBGP and BGP), and routing policies.
The document provides the configuration procedures and configuration examples of the IP
routing features.
5.2.1 Static Route Configuration

This chapter describes the concepts of static routes and the procedure for configuring static
routes, and provides configuration examples of static routes.
5.2.2 RIP Configuration
This chapter describes the principle and configuration procedures of the Routing Information
Protocol (RIP) and, provides configuration examples of RIP.
5.2.3 OSPF Configuration
This chapter describes the concepts of OSPF and the procedure for configuring OSPF, and
provides configuration examples of OSPF.

5.2.4 IS-IS Configuration

This chapter describes the concepts of IS-IS and the procedure for configuring IS-IS, and
provides configuration examples of IS-IS.
5.2.5 BGP Configuration
This chapter describes the basic concepts of the Border Gateway Protocol (BGP) and the
procedure for configuring BGP, and provides several configuration examples of BGP.
5.2.6 Routing Policy Configuration
This chapter describes the concepts of the routing policy and the procedure for configuring the
routing policy, and provides examples for configuring the routing policy.
5.2.1 Static Route Configuration

This chapter describes the concepts of static routes and the procedure for configuring static
routes, and provides configuration examples of static routes.
Example for Configuring IPv4 Static Routes
Hosts in different network segments are connected through several S9300s. You are required to
configure static routes enable each two hosts in different network segments to communicate with
each other.
Figure 5-12 Networking diagram for configuring static routes

PC2
1.1.2.2/24
GE1/0/3
GE1/0/1 GE1/0/2
S9300-B
S9300-A S9300-C
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
PC1 PC3
1.1.1.2/24 1.1.3.2/24
S9300 Interface VLANIF interface IP address
S9300-A GigabitEthernet1/0/1 VLANIF 10 1.1.4.1/30
S9300-B GigabitEthernet1/0/1 VLANIF 10 1.1.4.2/30
S9300-C GigabitEthernet1/0/1 VLANIF 20 1.1.4.6/30

1. Create VLANs and add corresponding interfaces to the VLANs.

2. Assign an IP address to each VLANIF interface.
3. Configure a default IP gateway on each host.
4. Configure static routes and default routes on the S9300s.
Data Preparation
l IDs of the VLANs that the interfaces belong to, as shown in Figure 5-12
l VLANIF interfaces and the IP addresses of the hosts, as shown in Figure 5-12
l Default route of S9300-A, whose next hop address is 1.1.4.2
l Static route of S9300-B, whose destination address is 1.1.1.0, and the next hop address is
1.1.4.1
l Static route of S9300-B, whose destination address is 1.1.3.0, and the next hop address is
1.1.4.6
l Default route of S9300-C, whose next hop address is 1.1.4.5
Procedure
Step 1 Configure VLANs that interfaces belong to.
<Quidway>system-view
[Quidway]sysname S9300-A
[S9300-A]vlan 10
[S9300-A-vlan10]quit
[S9300-A]vlan 30
[S9300-A-vlan30]quit
[S9300-A]interface GigabitEthernet 1/0/1
[S9300-A-GigabitEthernet1/0/1]port hybrid pvid vlan 10
[S9300-A-GigabitEthernet1/0/1]port hybrid untagged vlan 10
[S9300-A-GigabitEthernet1/0/1]quit
[S9300-A-GigabitEthernet1/0/1]port link-type access
[S9300-A-GigabitEthernet1/0/1]port default vlan 30
[S9300-A-GigabitEthernet1/0/1]quit
The configurations of S9300-B and S9300-C are similar to the configuration of S9300-A, and
are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.

[S9300-A]interface vlanif 10
[S9300-A-Vlanif10]ip address 1.1.4.1 30
[S9300-A-Vlanif10]quit
[S9300-A]interface vlanif 30
[S9300-A-Vlanif30]ip address 1.1.1.1 24
[S9300-A-Vlanif30]quit

Step 3 Configure the hosts.
Configure the default gateway addresses of PC1, PC2, and PC3 to 1.1.1.1, 1.1.2.1, and 1.1.3.1
respectively.
# Configure a default route on S9300-A.

<S9300-A>system-view
[S9300-A] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two static routes on S9300-B.

<S9300-B> system-view
# Configure a default route on S9300-C.

<S9300-C> system-view
[S9300-C] ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
# Check the routing table of S9300-A.

[S9300-A] display ip routing-table
------------------------------------------------------------------------------
0.0.0.0/0 Static 60 0 RD 1.1.4.2 Vlanif10

1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif30
1.1.4.0/30 Direct 0 0 D 1.1.4.1 Vlanif10
1.1.4.2/32 Direct 0 0 D 1.1.4.2 Vlanif10
# Run the ping command to verify the connectivity.

[S9300-A] ping 1.1.3.1

0.00% packet loss
# Run the tracert command to verify the connectivity.

[S9300-A] tracert 1.1.3.1
traceroute to 1.1.3.1(1.1.3.1) 30 hops max,40 bytes packet

1 1.1.4.2 31 ms 32 ms 31 ms
2 1.1.4.6 62 ms 63 ms 62 ms
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30
#
interface Vlanif10
ip address 1.1.4.1 255.255.255.252
#
interface Vlanif30
ip address 1.1.1.1 255.255.255.0
#
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
#
return

#
sysname S9300-B
#
vlan batch 10 20 40
#
interface Vlanif10
ip address 1.1.4.2 255.255.255.252
#
interface Vlanif20
ip address 1.1.4.5 255.255.255.252
#
interface Vlanif40
ip address 1.1.2.1 255.255.255.0
#
#
#
#
ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
#
return

#
sysname S9300-C
#
vlan batch 20 50

#
interface Vlanif20
ip address 1.1.4.6 255.255.255.252
#
interface Vlanif40
ip address 1.1.3.1 255.255.255.0
#
#
port link-type acess
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
#
return
Example for Configuring BFD for IPv4 Static Routes
As shown in Figure 5-13, S9300-A is connected to the network management system (NMS)
through S9300-B. You need to configure static routes on S9300-A so that S9300-A can
communicate with the NMS. In addition, configure a BFD session between S9300-A and
S9300-B to detect link failure.
Figure 5-13 Networking diagram for configuring BFD for static routes
GE1/0/1 GE1/0/2
GE1/0/1 2.2.2.1/24
S9300-A S9300-B NMS
1. Create a BFD session on S9300-A and S9300-B to detect the link between S9300-A and
S9300-B.
2. Configure a static route from S9300-A to the NMS and bind the static route to the BFD
session.
Data Preparation

l VLANIF interfaces and the IP address of the NMS, as shown in Figure 5-13
l Peer IP address of the BFD session
l Local discriminator and remote discriminator of the BFD session
l Static route from S9300-A to the NMS
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
[S9300-A] vlan 10
[S9300-A-vlan10] quit
[S9300-A] interface GigabitEthernet 1/0/1
[S9300-A-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[S9300-A-GigabitEthernet1/0/1] port hybrid untagged vlan 10
The configuration on S9300-B is similar to the configuration of S9300-A, and is not mentioned
here.
The configuration on S9300-B is similar to the configuration on S9300-A and is not mentioned
here.
Step 3 Create a BFD session between S9300-A and S9300-B.
# On S9300-A, create a BFD session with S9300-B.
<S9300-A> system-view
[S9300-A] bfd
[S9300-A-bfd] quit
[S9300-A] bfd aa bind peer-ip 1.1.1.2
[S9300-A-bfd-session-aa] discriminator local 10
[S9300-A-bfd-session-aa] discriminator remote 20
[S9300-A-bfd-session-aa] commit
[S9300-A-bfd-session-aa] quit
# On S9300-B, create a BFD session with S9300-A.

[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B] bfd bb bind peer-ip 1.1.1.1
[S9300-B-bfd-session-bb] discriminator local 20
[S9300-B-bfd-session-bb] discriminator remote 10
[S9300-B-bfd-session-bb] commit
[S9300-B-bfd-session-bb] quit
Step 4 Configure a static route and bind the route to the BFD session.
# On S9300-A, configure a default static route to the external network and bind the default static
route to the BFD session named aa.
[S9300-A]ip route-static 2.2.2.1 24 1.1.1.2 track bfd-session aa
[S9300-A]quit

# After the configuration is complete, run the display bfd session all command on S9300-A and
S9300-B, and you can find that the BFD session is set up and its status is Up.
Take S9300-A for example. The display is as follows:
<S9300-A> display bfd session all
--------------------------------------------------------------------------------
LocalRemote PeerIPAddressInterface NameStateType
--------------------------------------------------------------------------------
10201.1.1.2--UpS_IP
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
# Check the IP routing table on S9300-A, and you can find that the static route exists in the
routing table.
<S9300-A> display ip routing-table
------------------------------------------------------------------------------
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10

1.1.1.2/32 Direct 0 0 D 1.1.1.2 Vlanif10
2.2.2.0/24 Static 60 0 RD 1.1.1.2 Vlanif10
# On S9300-A, enable debugging of the terminal.

<S9300-A> terminal monitor
<S9300-A> terminal debugging
# Run the shutdown command on VLANIF 10 of S9300-B to simulate a link fault.

[S9300-B-Vlanif10] shutdown
# The following debugging information is displayed on S9300-A, indicating that BFD detects
a link fault.
<S9300-A>
*0.27708400 S9300-A RM/3/RMDEBUG:
RM_USR_BFDRefreshRT_H:
BfdSessionID = 10
BfdEvent = 0X0
USR : UsrDbID = 0X6, DestAdd = 0X0, Mask = 0X0, NextHop = 0X1010102
URT : TableID = 0X1, EntryID = 0XB, ProcID = 0X2, FLAG = 0X8114000
# Check the routing table on S9300-A, and you can find that default route 2.2.2.0/24 does not
exist. The reason is that the default static route is bound to a BFD session, and BFD immediately
notifies that the bound static route is unavailable when a fault is detected.
------------------------------------------------------------------------------
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10

1.1.1.2/32 Direct 0 0 D 1.1.1.2 Vlanif10

# Run the undo shutdown command on VLANIF 10 of S9300-B to simulate link recovery.
[S9300-B-Vlanif10]undo shutdown
# Check the routing table on S9300-A, and you can find default route 2.2.2.0/24 in the routing
table. After BFD detects link recovery, it immediately notifies that the bound static route is
reachable.
------------------------------------------------------------------------------
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10

1.1.1.2/32 Direct 0 0 D 1.1.1.2 Vlanif10
2.2.2.0/24 Static 60 0 RD 1.1.1.2 Vlanif10
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
#
bfd aa bind peer-ip 1.1.1.2
discriminator local 10
discriminator remote 20
commit
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 track bfd-session aa
#
return

#
sysname S9300-B
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 2.2.2.2 255.255.255.0
#

#
#
bfd bb bind peer-ip 1.1.1.1
commit
#
return
5.2.2 RIP Configuration

This chapter describes the principle and configuration procedures of the Routing Information
Protocol (RIP) and, provides configuration examples of RIP.
Example for Configuring the RIP Version
As shown in Figure 5-14, RIP needs to be enabled on all the interfaces of S9300-A, S9300-B,
S9300-C, and S9300-D. The S9300s are interconnected through RIPv2.
Figure 5-14 Networking diagram for configuring the RIP version
S9300-C
GE1/0/1
GE1/0/1
GE1/0/0 GE1/0/2
GE1/0/0 GE1/0/2
S9300-A S9300-B S9300-D
S9300-D GigabitEthernet1/0/2 VLANIF 30 10.1.1.2/24

1. Assign IP addresses to all the interfaces to ensure network reachability.

2. Enable RIP on each S9300 and configure the basic RIP functions.
3. Configure RIPv2 on each S9300 and check the accurate subnet masks.
Data Preparation
l IP addresses of VLANIF interfaces, as shown in Figure 5-14
l RIP version on the S9300s, namely, RIPv2
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
[S9300-A] vlan 10
S9300-A-vlan10] quit
The configurations of S9300-B, S9300-C, and S9300-D are similar to the configuration of
S9300-A, and are not mentioned here.
Step 3 Configure the basic RIP functions.
Configure S9300-A.
[S9300-A] rip
[S9300-A-rip-1] network 192.168.1.0
[S9300-A-rip-1] quit
Configure S9300-B.
[S9300-B] rip
[S9300-B-rip-1] network 192.168.1.0
[S9300-B-rip-1] network 172.16.0.0
[S9300-B-rip-1] network 10.0.0.0
[S9300-B-rip-1] quit
Configure S9300-C.
[S9300-C] rip
[S9300-C-rip-1] network 172.16.0.0
[S9300-C-rip-1] quit
Configure S9300-D.
[S9300-D] rip
[S9300-D-rip-1] network 10.0.0.0
[S9300-D-rip-1] quit

# Check the RIP routing table of S9300-A.

[S9300-A] display rip 1 route
Route Flags: R - RIP
A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
Peer 192.168.1.2 on Vlanif10
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 14
172.16.0.0/16 192.168.1.2 1 0 RA 14
192.168.1.0/24 192.168.1.2 1 0 RA 14
From the routing table, you can find that the routes advertised by RIPv1 use natural masks.
Step 4 Configure the RIP version.
# Configure RIPv2 on S9300-A.
[S9300-A] rip
[S9300-A-rip-1] version 2
# Configure RIPv2 on S9300-B.

[S9300-B] rip
[S9300-B-rip-1] version 2
# Configure RIPv2 on S9300-C.

[S9300-C] rip
[S9300-C-rip-1] version 2
# Configure RIPv2 on S9300-D.

[S9300-D] rip
[S9300-D-rip-1] version 2
[S9300-D-rip-1] quit

# Check the RIP routing table of S9300-A.
[S9300-A] display rip 1 route
Route Flags: R - RIP
A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
Peer 192.168.1.2 on Vlanif10
Destination/Mask Nexthop Cost Tag Flags Sec
10.1.1.0/24 192.168.1.2 1 0 RA 32
172.16.1.0/24 192.168.1.2 1 0 RA 32
192.168.1.0/24 192.168.1.2 1 0 RA 14
From the routing table, you can find that the routes advertised by RIPv2 contain more accurate
subnet masks.
----End
Configuration Files
#
sysname S9300-A
#
vlan 10
#

interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
#
rip 1
version 2
network 192.168.1.0
#
return
#
sysname S9300-B
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.0
#
#
#
#
rip 1
version 2
network 192.168.1.0
network 172.16.0.0
network 10.0.0.0
#
return
#
sysname S9300-C
#
vlan batch 20
#
interface Vlanif20
ip address 172.16.1.2 255.255.255.0
#
#
rip 1
version 2
network 172.16.0.0
#
return
l Configuration file of S9300-D
#
sysname S9300-D

#
vlan batch 30
#
interface Vlanif30
ip address 10.1.1.2 255.255.255.0
#
#
rip 1
version 2
network 10.0.0.0
#
return
Example for Configuring RIP to Import Routes
As shown in Figure 5-15, two RIP processes, RIP100 and RIP200, run on S9300-B. S9300-B
exchanges routing information with S9300-A through RIP100 and exchanges routing
information with S9300-C through RIP200.
You must configure route import on S9300-B so that the two RIP processes can import RIP
routes of each other. By default, the metric of the imported routes of RIP200 is set to 3. In
addition, you must configure a filtering policy on S9300-B. Thus, S9300-B can filter out a route
imported from RIP200 (route to 192.168.4.0/24) and does not advertise the route to S9300-A.
Figure 5-15 Network diagram of configuring RIP to import external route
GE2/0/0 GE1/0/2
GE1/0/0 GE1/0/1
GE1/0/0 GE1 /0/1
GE1/0/3
S9300-A S9300-B S9300-C
RIP 100 RIP 200

1. Enable RIP100 and RIP200 on S9300 and specify the network segment.
2. Configure S9300-B to import routes of a RIP process into the routing table of the other RIP
process, and set the default metric of the routes imported from RIP200 to 3.
3. Configure an ACL on S9300-B to filter the routes imported from RIP200.
Data Preparation
l IP addresses of VLANIF interfaces, as shown in Figure 5-15
l RIP100 enabled network segments on S9300-A: 192.168.1.0 and 192.168.1.0
l Network segments with RIP100 and RIP200 enabled on S9300-B: 192.168.1.0 and
192.168.2.0.
l RIP200 enabled network segments on S9300-C: 192.168.2.0, 192.168.3.0, and 192.168.4.0
l Default metric of routes that are imported to RIP100 from RIP200: 3
l ACL 2000 for the routes that are imported to RIP100 from RIP200, which denies the routes
of network segment 192.168.4.0
Procedure
[S9300-A] vlan 10
[S9300-A] vlan 50
[S9300-A-Vlans0] quit
[S9300-A-GigabitEthernet2/0/0] port hybrid untaged vlan 50

[S9300] interface vlanif 10
[S9300-Vlanif10] ip address 192.168.1.1 24
[S9300-Vlanif10] quit
[S9300-vlanif50] ip address 192.168.0.1 24
[S9300-vlanif50] quit
Step 3 Configure the basic RIP functions.

# Enable RIP process 100 on S9300-A.

[S9300-A] rip 100
[S9300-A-rip-100] network 192.168.0.0
[S9300-A-rip-100] network 192.168.1.0
# Enable RIP processes 100 and 200 on S9300-B.

[S9300-B] rip 100
[S9300-B-rip-100] network 192.168.1.0
[S9300-B] rip 200
[S9300-B-rip-200] network 192.168.2.0
# Enable RIP process 200 on S9300-C.

[S9300-C] rip 200
[S9300-C-rip-200] network 192.168.2.0
[S9300-C-rip-200] network 192.168.3.0
[S9300-C-rip-200] network 192.168.4.0

------------------------------------------------------------------------------
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50

192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif10
Step 4 Configure the RIP processes to import external routes.

# On S9300-B, set the default metric of imported routes to 3 and configure the RIP processes to
import routes into each other's routing table.
[S9300-B] rip 100
[S9300-B-rip-100] default-cost 3
[S9300-B-rip-100] import-route rip 200
[S9300-B] rip 200
[S9300-B-rip-200] import-route rip 100
# View the routing table of S9300-A after the routes are imported.
------------------------------------------------------------------------------
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50


192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.4.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
Step 5 Configure S9300-B to filter imported routes.

# Configure an ACL on S9300-B and add a rule to the ACL. The rule denies the packets sent
from 192.168.4.0/24.
[S9300-B] acl 2000
[S9300-B-acl-basic-2000] rule deny souce 192.168.4.0 0.0.0.255
[S9300-B-acl-basic-2000] rule permit
[S9300-B-acl-basic-2000] quit
# Configure S9300-B to filter the route to 192.168.4.0/24 that is imported from RIP200 according
to the ACL rule.
[S9300-B] rip 100
[S9300-B-rip-100] filter-policy 2000 export

# View the RIP routing table of S9300-A after the routes are filtered.
------------------------------------------------------------------------------
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50

192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 50
#
interface Vlanif50
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0

#
#
#
rip 100
network 192.168.0.0
network 192.168.1.0
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
acl number 2000
rule 5 deny source 192.168.4.0 0.0.0.255
rule 10 permit
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
#
#
rip 100
default-cost 3
network 192.168.1.0
filter-policy 2000 export
import-route rip 200
#
rip 200
network 192.168.2.0
#
return
#
sysname S9300-C
#
vlan batch 20 30 40
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
interface Vlanif40
ip address 192.168.4.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
#

#
#
rip 200
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
#
return
5.2.3 OSPF Configuration

This chapter describes the concepts of OSPF and the procedure for configuring OSPF, and
provides configuration examples of OSPF.
Configuring Basic OSPF Functions
As shown in Figure 5-16, all S9300s run OSPF, and the entire AS is partitioned into three areas.
S9300-A and S9300-B function as ABRs to forward routes between areas.
You must ensure that every S9300 can learn the routes to all network segments in the AS.
Figure 5-16 Networking diagram for configuring the basic OSPF functions
S9300-A S9300-B
Area 0
GE1/0/1
GE1/0/2 GE1/0/1 GE1/0/2
S9300-D
S9300-C
GE1/0/1 GE1/0/1
Area 1 Area 2
GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
S9300-E S9300-F

S9300-E GigabitEthernet1/0/1 VLANIF 40 172.16.1.2/24
S9300-F GigabitEthernet1/0/1 VLANIF 50 172.17.1.2/24
1. Create VLANs and add corresponding interfaces to the VLANs.

3. Enable OSPF on each S9300 and specify network segments in different areas.
4. View the routing table and database information.
Data Preparation
l ID of the VLAN that each interface belongs to, as shown in Figure 5-16
l IP address of each VLANIF interface, as shown in Figure 5-16
l Router ID and OSPF process ID of each S9300 and the area that each interface belongs to:
– On S9300-A, the router ID is 1.1.1.1; the OSPF process ID is 1; the network segment
of Area 0 is 192.168.0.0/24; the network segment of Area 1 is 192.168.1.0/24.
– On S9300-B, the router ID is 2.2.2.2; the OSPF process ID is 1; the network segment
– On S9300-C, the router ID is 3.3.3.3; the OSPF process ID is 1; the network segments
of Area 1 are 192.168.1.0/24 and 172.16.1.0/24.
– On S9300-D, the router ID is 4.4.4.4; the OSPF process ID is 1; the network segments
of Area 2 are 192.168.2.0/24 and 172.17.1.0/24.
– On S9300-E, the router ID is 5.5.5.5; the OSPF process ID is 1; the network segment
of Area 1 is 172.16.1.0/24.
– On S9300-F, the router ID is 6.6.6.6; the OSPF process ID is 1; the network segment
of Area 2 is 172.17.1.0/24.
Procedure
[S9300-A] vlan batch 10 20
[S9300-A] interface gigabitEthernet 1/0/1

The configurations of S9300-B, S9300-C, S9300-E, and S9300-F are similar to the configuration
of S9300-A, and are not mentioned here.
The configurations on S9300-B, S9300-C, S9300-E, and S9300-F are similar to the configuration
of S9300-A, and are not mentioned here.
Step 3 Configure the basic OSPF functions.
[S9300-A] router id 1.1.1.1
[S9300-A] ospf
[S9300-A-ospf-1] area 0
[S9300-A-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[S9300-A-ospf-1-area-0.0.0.0] quit
[S9300-A-ospf-1] quit
[S9300-B] router id 2.2.2.2
[S9300-B] ospf
[S9300-B-ospf-1] area 0
[S9300-B-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[S9300-B-ospf-1-area-0.0.0.0] quit
[S9300-B-ospf-1] quit
[S9300-C] router id 3.3.3.3
[S9300-C] ospf
[S9300-C-ospf-1] area 1
[S9300-C-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[S9300-C-ospf-1-area-0.0.0.1] quit
[S9300-C-ospf-1] quit
# Configure S9300-D.
[S9300-D] router id 4.4.4.4
[S9300-D] ospf
[S9300-D-ospf-1] area 2
[S9300-D-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[S9300-D-ospf-1-area-0.0.0.2] quit
[S9300-D-ospf-1] quit
# Configure S9300-E.
[S9300-E] router id 5.5.5.5
[S9300-E] ospf
[S9300-E-ospf-1] area 1
[S9300-E-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[S9300-E-ospf-1-area-0.0.0.1] quit
[S9300-E-ospf-1] quit

# Configure S9300-F.
[S9300-F] router id 6.6.6.6
[S9300-F] ospf
[S9300-F-ospf-1] area 2
[S9300-F-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[S9300-F-ospf-1-area-0.0.0.2] quit
[S9300-F-ospf-1] quit

# View information about OSPF neighbors of S9300-A.
[S9300-A] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1

Neighbors
Area 0.0.0.0 interface 192.168.0.1(Vlanif10)'s neighbors

Router ID: 2.2.2.2 Address: 192.168.0.2 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.1 BDR: 192.168.0.2 MTU: 0
Dead timer due in 36 sec
Neighbor is up for 00:15:04
Authentication Sequence: [ 0 ]
Neighbors

DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
# Check the OSPF routing table of S9300-A.

[S9300-A] display ospf routing

Routing Tables
Routing for Network

Destination Cost Type NextHop AdvRouter Area
172.16.1.0/24 2 Transit 192.168.1.2 3.3.3.3 0.0.0.1
172.17.1.0/24 3 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0
192.168.0.0/24 1 Transit 192.168.0.1 1.1.1.1 0.0.0.0
192.168.1.0/24 1 Transit 192.168.1.1 1.1.1.1 0.0.0.1
192.168.2.0/24 2 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0
Total Nets: 5
Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0
# View the LSDB of S9300-A.

[S9300-A] display ospf lsdb

Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 2.2.2.2 2.2.2.2 317 48 80000003 1
Router 1.1.1.1 1.1.1.1 316 48 80000002 1
Network 192.168.0.1 1.1.1.1 316 32 80000001 0
Sum-Net 172.16.1.0 1.1.1.1 250 28 80000001 2
Sum-Net 172.17.1.0 2.2.2.2 203 28 80000001 2
Sum-Net 192.168.2.0 2.2.2.2 237 28 80000002 1
Sum-Net 192.168.1.0 1.1.1.1 295 28 80000002 1

Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 192.168.1.2 192.168.1.2 188 48 80000002 1
Router 5.5.5.5 5.5.5.5 214 36 80000004 1
Router 3.3.3.3 3.3.3.3 217 60 80000008 1
Router 1.1.1.1 1.1.1.1 289 48 80000002 1
Network 172.16.1.1 3.3.3.3 670 32 80000001 0
Sum-Net 172.17.1.0 1.1.1.1 202 28 80000001 3
Sum-Net 192.168.2.0 1.1.1.1 242 28 80000001 2
Sum-Net 192.168.0.0 1.1.1.1 300 28 80000001 1
# View the routing table of S9300-D and run the ping command to check the network
connectivity.
[S9300-D] display ospf routing

Routing Tables
Routing for Network

172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
172.17.1.0/24 1 Transit 172.17.1.1 4.4.4.4 0.0.0.2
192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.2.0/24 1 Transit 192.168.2.2 4.4.4.4 0.0.0.2
Total Nets: 5
[S9300-D] ping 172.16.1.1


0.00% packet loss
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
#


#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
router id 2.2.2.2
#
vlan batch 10 30
#
interface Vlanif10
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.2.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return

#
sysname S9300-C
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return


#
sysname S9300-D
#
router id 4.4.4.4
#
vlan batch 30 50
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
l Configuration file of S9300-E

#
sysname S9300-E
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of S9300-F

#
sysname S9300-F
#
router id 6.6.6.6
#
vlan batch 50
#
interface Vlanif50
ip address 172.17.1.2 255.255.255.0
#
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255

#
return
Example for Configuring an OSPF Stub Area
As shown in Figure 5-17, OSPF is enabled on all S9300s and the AS is divided into three areas.
S9300-A and S9300-B function as ABRs to forward routes between areas; S9300-D functions
as the ASBR to import external routes, that is, static routes.
You need to configure Area 1 as a stub area. The LSAs advertised to this area can thus be reduced,
without affecting the route reachability.
Figure 5-17 Networking diagram for configuring a stub area

S9300-A S9300-B
Area 0
GE1/0/1
GE1/0/2 GE1/0/1 GE1/0/2
S9300-D
S9300-C
GE1/0/1 GE1/0/1
Area 1 Area 2
GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
S9300-E S9300-F

1. Enable OSPF on each S9300 and configure the basic OSPF functions.
2. Configure static routes on S9300-D and import them into OSPF.
3. Configure Area 1 as a stub area by running the stub command on all S9300s in Area 1.
4. Configure S9300-A not to advertise Type 3 LSAs to the stub area.
Data Preparation
l Router ID and OSPF process ID of each S9300 and area that each interface belongs to:
of Area 0 is 192.168.0.0/24, the network segment of Area 1 is 192.168.1.0/24.
of Area 1 are 192.168.1.0/24 and 172.16.1.0/24.
of Area 2 are 192.168.2.0/24 and 172.17.1.0/24.
of Area 1 is 172.16.1.0/24.
of Area 2 is 172.17.1.0/24.
Procedure
Step 1 Configure the basic OSPF functions. See Configuring Basic OSPF Functions.
Step 2 Configure S9300-D to import static routes.
# Import static routes on S9300-D.
[S9300-D] ip route-static 200.0.0.0 8 null 0
[S9300-D] ospf
[S9300-D-ospf-1] import-route static type 1
# View information about the ABR or ASBR on S9300-C.

[S9300-C] display ospf abr-asbr

Routing Table to ABR and ASBR
Type Destination Area Cost Nexthop RtType

Intra-area 1.1.1.1 0.0.0.1 1 192.168.1.1 ABR
Inter-area 4.4.4.4 0.0.0.1 3 192.168.1.1 ASBR
# View the OSPF routing table of S9300-C.

[S9300-C] display ospf routing

Routing Tables
Routing for Network


172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1
172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1
192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter
200.0.0.0/8 4 Type1 1 192.168.1.1 4.4.4.4
Total Nets: 6
If S9300-C resides in a common area, you can find AS external routes in the routing table.
Step 3 Configure Area 1 as a stub area.
[S9300-A] ospf
[S9300-A-ospf-1-area-0.0.0.1] stub
[S9300-C] ospf
[S9300-C-ospf-1-area-0.0.0.1] stub
[S9300-E] ospf
[S9300-E-ospf-1-area-0.0.0.1] stub
# View the routing table of S9300-C.


Routing Tables
Routing for Network

0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1
172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1
192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
Total Nets: 6
When the area where S9300-C resides is configured as a stub area, you cannot find the AS
external route but a default route out of the AS.
# Disable S9300-A from advertising Type 3 LSAs to the stub area.
[S9300-A] ospf
[S9300-A-ospf-1-area-0.0.0.1] stub no-summary



Routing Tables
Routing for Network

0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1
192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1
Total Nets: 3
After the advertisement of summary LSA to the stub area is disabled, the route entries are further
reduced. External routes are not found in the routing table. Instead, there is a default route out
of the AS.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
NOTE
Configuration files of S9300-B and S9300-F are similar to the configuration file of S9300-A, and
#
sysname S9300-C

#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
stub
#
return
#
sysname S9300-D
#
vlan batch 30 50
#
router id 4.4.4.4
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
#
#
ospf 1
import-route static type 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ip route-static 200.0.0.0 255.0.0.0 NULL0
#
return
#
sysname S9300-E
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#

#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
stub
#
return
Example for Configuring an NSSA Area
As shown in Figure 5-18, OSPF is enabled on all S9300s and the AS is divided into three areas.
S9300-A and S9300-B function as ABRs to forward routes between areas; S9300-D functions
as the ASBR to import external routes, that is, static routes.
You need to configure Area 1 as an NSSA area and configure Figure 5-18-C as an ASBR to
import external routes (static routes). The routing information can be transmitted correctly in
the AS.
Figure 5-18 Networking diagram for configuring an NSSA area

S9300-A S9300-B
Area 0
GE1/0/1
GE1/0/2 GE1/0/1 GE1/0/2
S9300-D
S9300-C
GE1/0/1 GE1/0/1
Area 1 Area 2
GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
S9300-E S9300-F

2. Configure static routes on S9300-D and import them into OSPF.
3. Configure Area 1 as an NSSA area and check the OSPF routing information of S9300-C.
You must run the nssa command on all the devices in Area 1.
4. Configure static routes on S9300-C, import them into OSPF, and check the OSPF routing
information of S9300-D.
Data Preparation
l Router ID and OSPF process ID of each S9300 and the area that each interface belongs to:
of Area 0 is 192.168.0.0/24, and the network segment of Area 1 is 192.168.1.0/24.
of Area 1 are 192.168.1.0/24 and 172.16.1.0/24.
of Area 2 are 192.168.2.0/24 and 172.17.1.0/24.
of Area 1 is 172.16.1.0/24.
of Area 2 is 172.17.1.0/24.
Procedure
Step 2 Configure S9300-D to import static routes. See Example for Configuring an OSPF Stub
Area.
Step 3 Configure Area 1 as an NSSA area.
[S9300-A] ospf
[S9300-A-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary

[S9300-C] ospf
[S9300-C-ospf-1-area-0.0.0.1] nssa
[S9300-E] ospf
[S9300-E-ospf-1-area-0.0.0.1] nssa
NOTE
The default-route-advertise and no-summary keywords are recommend on the ABR (S9300-A). In this
manner, the size of the routing table of devices in an NSSA area can be reduced. For the other devices in
the NSSA area, you need to run only the nssa command.


Routing Tables
Routing for Network

0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1
192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1
Total Nets: 3
Step 4 Configure S9300-C to import static routes.
# Import static routes on S9300-C.

[S9300-C] ip route-static 100.0.0.0 8 null 0
[S9300-C] ospf
[S9300-C-ospf-1] import-route static
# View the OSPF routing table of S9300-D.

[S9300-D] display ospf routing

Routing Tables
Routing for Network

172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
172.17.1.0/24 1 Transit 172.17.1.1 4.4.4.4 0.0.0.2
192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.2.0/24 1 Transit 192.168.2.2 4.4.4.4 0.0.0.2
Routing for ASEs
100.0.0.0/8 1 Type2 1 192.168.2.1 1.1.1.1
Total Nets: 6

From the routing table of S9300-D, you can find that an AS external route is imported to the
NSSA area.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
nssa default-route-advertise no-summary
#
return
NOTE
Configuration files of S9300-B, S9300-D, and S9300-F are similar to the configuration file of
#
sysname S9300-C
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
#
#
ospf 1
import-route static
area 0.0.0.1

network 192.168.1.0 0.0.0.255

network 172.16.1.0 0.0.0.255
nssa
#
#
return

#
sysname S9300-E
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
nssa
#
return
Example for Configuring DR Election of OSPF
As shown in Figure 5-19, S9300-A has the highest priority of 100 on the network and is elected
as the DR; S9300-C has the second highest priority and is elected as the BDR; The priority of
S9300-B is 0 and therefore cannot be elected as a DR or a BDR; the priority of S9300-D is not
set, so S9300-D uses the default value 1.
Figure 5-19 Networking diagram for configuring DR election of an OSPF process

S9300-A S9300-B
GE1/0/1 GE1/0/1
GE1/0/1 GE1/0/1
S9300-C S9300-D

1. Configure the ID of the VLAN that each interface belongs to.
3. Configure the router ID, enable OSPF, and specify network segments on each S9300.
4. Check whether an S9300 is the DR or BDR with its default DR priority.
5. Set the DR priority of the interface on each S9300 and check whether the S9300 becomes
the DR or BDR.
Data Preparation
l Router ID, OSPF process ID, and DR priority of each S9300, and area that each interface
belongs to:
of Area 0 is 192.168.1.0/24; the DR priority is 100.
– On S9300-C, the router ID is 3.3.3.3; the OSPF process ID is 1; the network segment
– On S9300-D, the router ID is 4.4.4.4; the OSPF process ID is 1; the network segment
Procedure
Step 1 Configure the VLAN that the each interface belongs to.
[S9300-A] vlan 10

[S9300-A] router id 1.1.1.1

[S9300-A] ospf
[S9300-B] router id 2.2.2.2
[S9300-B] ospf
[S9300-C] router id 3.3.3.3
[S9300-C] ospf
[S9300-D] router id 4.4.4.4
[S9300-D] ospf
# Check information about neighbors of S9300-A to find the DR and BDR.

[S9300-A] display ospf peer

Neighbors

State: 2-Way Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Check the neighbors of S9300-A. You can view the DR priority and the neighbor status. By
default, the DR priority is 1. Now S9300-D functions as the DR and S9300-C functions as the
BDR.

NOTE
When two routers have the save priority, the router with a greater router ID is elected as the DR. If an
Ethernet interface of an S9300 becomes the DR, the other broadcast interfaces of the S9300 have a high
priority in the future DR election. That is, the S9300 is still elected as the DR in later election and the DR
cannot be preempted.
Step 4 Set the DR priority on each VLAN IF interface.

[S9300-A-Vlanif10] ospf dr-priority 100
Configure S9300-B.
[S9300-B-Vlanif10] ospf dr-priority 0
[S9300-C-Vlanif10] ospf dr-priority 2
# Check the status of the DR or BDR.

[S9300-D] display ospf peer

Neighbors

State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
NOTE
The DR priorities configured on the interfaces do not take effect immediately.
Step 5 Restart the OSPF process.

In the user view of each S9300, run the reset ospf 1 process command to restart the OSPF
process.
# Check the status of OSPF neighbors.
[S9300-D] display ospf peer


Neighbors

DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0

State: 2-Way Mode:Nbr is Master Priority: 0
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0

DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
# Check the status of OSPF interfaces.

[S9300-A] display ospf interface

Interfaces
Area: 0.0.0.0 (MPLS TE not enabled)

IP Address Type State Cost Pri DR BDR
192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3
[S9300-B] display ospf interface

Interfaces
Area: 0.0.0.0 (MPLS TE not enabled)

IP Address Type State Cost Pri DR BDR
192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3
If all neighbors are in Full state, it indicates that the local device establishes adjacencies with all
its neighbors. If a neighbor stays in 2-Way state, it indicates the local S9300 and the neighbor
are not the DR or BDR. Therefore, they do not need to exchange LSAs.
If the status of an OSPF interface is DROther, it indicates that the router is neither the DR nor
the BDR.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0

ospf dr-priority 100

#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
#
sysname S9300-B
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
ospf dr-priority 0
#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
#
sysname S9300-C
#
router id 3.3.3.3
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.3 255.255.255.0
ospf dr-priority 2
#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
#
sysname S9300-D
#
router id 4.4.4.4
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.4 255.255.255.0
#

#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
Example for Configuring an OSPF virtual link
As shown in Figure 5-20, Area 2 is not directly connected to the backbone area. Area 1 functions
as a transit area to connect Area 2 to Area 0. A virtual link is set up between S9300-A and S9300-
B.
Figure 5-20 Networking for configuring an OSPF virtual link
Area 1
S9300-A S9300-B
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
S9300-C Virtual Link S9300-D
GE1/0/1 GE1/0/1
Area 0 Area 2
2. Configure a virtual link between S9300-A and S9300-B to connect the non-backbone areas
and the backbone area.
Data Preparation

– On S9300-A, the router ID is 1.1.1.1; OSPF process ID is 1; the network segment of
Area 1 is 192.168.1.0/24; the network segment of Area 0 is 10.0.0.0/8.
– On S9300-B, the router ID is 2.2.2.2; OSPF process ID is 1; the network segment of
Area 1 is 192.168.1.0/24; the network segment of Area 2 is 172.16.0.0/16.
– On S9300-C, the router ID is 3.3.3.3; OSPF process ID is 1; the network segment of
Area 0 is 10.0.0.0/8.
– On S9300-D, the router ID4.4.4.4; OSPF process ID is 1; the network segment of Area
2 is 172.16.0.0/16.
Procedure
S9300-A] interface GigabitEthernet 1/0/2
[S9300-A] ospf 1 router-id 1.1.1.1
Configure S9300-B.
[S9300-B] ospf 1 router-id 2.2.2.2

[S9300-C] ospf 1 router-id 3.3.3.3
[S9300-D] ospf 1 router-id 4.4.4.4


Routing Tables
Routing for Network

10.0.0.0/8 1 Transit 10.1.1.1 3.3.3.3 0.0.0.0
192.168.1.0/24 1 Transit 192.168.1.1 2.2.2.2 0.0.0.1
Total Nets: 2
Area 2 is not directly connected to Area 0. Therefore, the routing table of S9300-A does not
contain any route to Area 2.
Step 4 Configure a virtual link.
[S9300-A] ospf
[S9300-A-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2
[S9300-B] ospf 1
[S9300-B-ospf-1-area-0.0.0.1] vlink-peer 1.1.1.1


Routing Tables
Routing for Network

172.16.0.0/16 2 Inter-area 192.168.1.2 2.2.2.2 0.0.0.0
10.0.0.0/8 1 Transit 10.1.1.1 1.1.1.1 0.0.0.0
192.168.1.0/24 1 Transit 192.168.1.1 2.2.2.2 0.0.0.1

Total Nets: 3
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.1.1 255.0.0.0
#
#
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
vlink-peer 2.2.2.2
#
return

#
sysname S9300-B
#
vlan batch 10 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.16.1.1 255.255.0.0
#
#
#
area 0.0.0.1
network 192.168.1.0 0.0.0.255
vlink-peer 1.1.1.1
area 0.0.0.2
network 172.16.0.0 0.0.255.255
#
return

#
sysname S9300-C

#
vlan 20
#
interface Vlanif20
ip address 10.1.1.2 255.0.0.0
#
#
area 0.0.0.0
network 10.0.0.0 0.255.255.255
#
return

#
sysname S9300-D
#
vlan 30
#
interface Vlanif30
ip address 172.16.1.2 255.255.0.0
#
#
area 0.0.0.2
network 172.16.0.0 0.0.255.255
#
return
Example for Configuring Load Balancing Among OSPF Routes
As shown in Figure 5-21, the networking requirements are as follows:
l S9300-A, S9300-B, S9300-C, and S9300-D connect to each other through OSPF.
l S9300-A, S9300-B, S9300-C, and S9300-D belong to Area 0.
l Load balancing needs is configured so that the traffic of S9300-A can be sent to S9300-D
through S9300-B and S9300-C.

Figure 5-21 Networking diagram for configuring load balancing among OSPF routes
GE1/0/1 GE1/0/2
S9300-B
GE1/0/1 GE1/0/1
GE1/0/3 GE1/0/3
Area0
S9300-A GE1/0/2 GE1/0/2
S9300-D
GE1/0/1 GE1/0/2
S9300-C
S9300-C GigabitEthernet1/0/1 VLANIF 20 10.1.2.2./24
1. Configure the basic OSPF functions on each S9300 to implement interconnection.

2. Disable load balancing on S9300-A and check the routing table of S9300-A.
3. (Optional) Set the weight of equal-cost routes on S9300-A.
Data Preparation
– On S9300-A, the router ID is 1.1.1.1; the OSPF process ID is 1; the network segments
of Area 1 are 10.1.1.0/24, 10.1.2.0/24, and 172.16.1.0/24.

– On S9300-B, the router ID is 2.2.2.2; the OSPF process ID is 1; the network segments
of Area 0 are 10.1.1.0/24 and 192.168.0.0/24.
– The router ID of S9300-C is 3.3.3.3; the OSPF process ID is 1; the network segments
of Area 0 are 10.1.2.0/24 and 192.168.1.0/24.
of Area 0 are 172.17.1.0/24, 192.168.0.0/24, and 192.168.1.0/24.
l Number of routes for load balancing on S9300-A: 1
l Weight of the equal-cost route whose next hop is S9300-C: 1
Procedure
[S9300-A] vlan batch 10 20 50
Step 4 Disable load balancing on S9300-A.
[S9300-A] ospf
[S9300-A-ospf-1] maximum load-balancing 1
# View the routing table of S9300-A.

------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10

10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20


172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
As shown in the routing table, when the maximum number of equal-cost routes for load balancing
is set to 1, OSPF selects 10.1.1.2 as the next hop to the destination network 172.17.1.0.
NOTE
In the preceding example, 10.1.1.2 is selected as the optimal next hop. This is because OSPF selects the
next hop randomly among equal-cost routes.
Step 5 Restore the default number of equal-cost routes for load balancing on S9300-A.
[S9300-A] ospf
[S9300-A-ospf-1] undo maximum load-balancing

----------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10

10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10
OSPF 10 3 D 10.1.2.2 Vlanif20
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
As shown in the routing table, when the default setting of load balancing is restored, the next
hops of S9300-A, that is, 10.1.1.2 (S9300-B) and 10.1.2.2 (S9300-C), become valid routes. This
is because the default number of equal-cost routes is 6.
Step 6 (Optional) Set the weight of equal-cost routes on S9300-A.
If you do not want to implement load balancing between S9300-B and S9300-C, set the weight
of equal-cost routes to specify the next hop.
[S9300-A] ospf
[S9300-A-ospf-1] nexthop 10.1.2.2 weight 1

------------------------------------------------------------------------------

10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10


10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.2.2 Vlanif20
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
As shown in the routing table, the priority of the next hop 10.1.2.2 (S9300-C) with the weight
as 1 is higher than that of 10.1.1.2 (S9300-B), after the weight is set for equal-cost routes. Thus,
OSPF selects the route with the next hop 10.1.2.2 as the optimal route.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
#
#
#
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return

sysname S9300-B
#
vlan batch 10 30
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
#


#
#
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
return
#
sysname S9300-C
#
vlan batch 20 40
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.1 255.255.255.0
#
#
#
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
#
sysname S9300-D
#
vlan batch 30 40 60
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
#
#
#
#
area 0.0.0.0
network 192.168.0.0 0.0.0.255

network 192.168.1.0 0.0.0.255

network 172.17.1.0 0.0.0.255
#
return
Example for Configuring OSPF GR
As shown in Figure 5-22, S9300-A and S9300-B have two main control boards, which work in
active/standby mode. S9300-A and S9300-B belong to Area 0 and are connected through OSPF.
They also provide the GR feature.
Figure 5-22 Networking diagram for configuring OSPF GR
S9300-A S9300-B
GE1/0/1
GE1/0/1
Area 0
1. Configure the basic OSPF functions on each S9300 to implement interconnection.
2. Enable the Opaque LSA function.
3. Configure GR on each S9300.
Data Preparation
– On S9300-A, the router ID is 1.1.1.1; the OSPF process ID is 1;the network segment
of Area 0 is 1.1.1.0/24.
– On S9300-B, the router ID is 2.2.2.2; OSPF process ID is 1; the network segment of
Area 0 is 1.1.1.0/24.

Procedure
Step 2 Configure the Opaque LSA function.
[S9300-A] ospf
[S9300-A-ospf-1] opaque-capability enable
[S9300-B] ospf
[S9300-B-ospf-1] opaque-capability enable
Step 3 Configure the OSPF GR feature.

[S9300-A] ospf
[S9300-A-ospf-1] graceful-restart
[S9300-B] ospf
[S9300-B-ospf-1] graceful-restart

# View the GR status of S9300-A.
[S9300-A] display ospf graceful-restart

Graceful-restart capability : enabled
Graceful-restart support : planned and un-planned, totally
Helper-policy support : planned and un-planned, strict lsa check
Current GR state : normal
Graceful-restart period : 120 seconds
Number of neighbors under helper:

Normal neighbors : 0
Virtual neighbors : 0
Sham-link neighbors : 0
Total neighbors : 0
Number of restarting neighbors : 0
Last exit reason:

On graceful restart : none
On Helper : none
# Verify the GR feature of S9300-A.

[S9300-A] quit
<S9300-A> reset ospf process graceful-restart
# View the neighbor status on S9300-B.

[S9300-B] display ospf peer

Neighbors

Router ID: 1.1.1.1 Address: 1.1.1.1 GR State: Doing GR
DR: 1.1.1.2 BDR: 1.1.1.1 MTU: 0

The status of the neighbor is Full.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
#
ospf 1
opaque-capability enable
graceful-restart
area 0.0.0.0
network 1.1.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
#
ospf 1
graceful-restart
area 0.0.0.0
network 1.1.1.0 0.0.0.255
#
return
Example for Configuring BFD for OSPF
As shown in Figure 5-23, the networking requirement are as follows:
l S9300-A, S9300-B, and S9300-C run OSPF.

l BFD for OSPF is enabled on S9300-A, S9300-B, and S9300-C.
l Service traffic is transmitted on the main link S9300-A→S9300-B. Link S9300-A→
S9300-C→S9300-B is a backup link.

l BFD is configured on the interfaces between S9300-A and S9300-B. When a fault occurs
on the link between the S9300s, BFD can quickly detect the fault and notify OSPF of the
fault. Then, the service flow is transmitted on the backup link.
Figure 5-23 Networking diagram for configuring BFD for OSPF
S9300-A S9300-B
GE2/0/0 GE3/0/0
GE2/0/0
GE1/0/0 GE1/0/0
GE1/0/0 GE2/0/0
S9300-C
1. Configure the basic OSPF functions on the S9300s.

2. Enable the BFD feature globally.
3. Enable BFD for OSPF on S9300-A and S9300-B.
Data Preparation
l Router ID and OSPF process ID of each S9300 and network segments that OSPF interfaces
belong to:

– On S9300-A, the router ID is 1.1.1.1; OSPF process ID is 1; the network segments of

Area 0 are 3.1.1.0/24 and 1.1.1.0/24.
– On S9300-B, the router ID is 2.2.2.2; OSPF process ID is 1; the network segments of
Area 0 are 3.1.1.0/24, 2.2.2.0/24, and 172.16.1.0/24.
of Area 0 are 192.168.1.0/24 and 172.16.1.0/24.
l Minimum interval for sending the BFD packets, minimum interval for receiving the BFD
packets, and local detection time multiplier on S9300-A and S9300-B
Procedure
[S9300-A] vlan 10
[S9300-A] vlan 20
Step 4 Configure BFD for OSPF.
# Enable BFD globally on S9300-A.
[S9300-A] bfd
[S9300-A-bfd] quit
[S9300-A] ospf
[S9300-A-ospf-1] bfd all-interfaces enable
# Enable BFD globally on S9300-B.

[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B] ospf
[S9300-B-ospf-1] bfd all-interfaces enable
# Run the display ospf bfd session all command on S9300-A or S9300-B. You can see that the
BFD state is Up.


[S9300-A] display ospf bfd session all
Area 0.0.0.0 interface 3.3.3.1(Vlanif20)'s BFD Sessions
NeighborId:2.2.2.2 AreaId:0.0.0.0 Interface:Vlanif20

BFDState:up rx :1000 tx :1000
Multiplier:3 BFD Local Dis:8195 LocalIpAdd:3.3.3.1
RemoteIpAdd:3.3.3.2 Diagnostic Info:No diagnostic information
NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface:Vlanif10

Multiplier:3 BFD Local Dis:8194 LocalIpAdd1:1.1.1.1
Step 5 Configure the BFD feature of interfaces.
# Configure BFD on VLANIF 20 of S9300-A, set the minimum interval for sending the packets
and the minimum interval for receiving the packets to 100 ms, and set the local detection time
multiplier to 4.
[S9300-A-Vlanif20] ospf bfd enable
[S9300-A-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
# Configure BFD on VLANIF20 of S9300-B and set the minimum interval for sending the
packets and the minimum interval for receiving the packets to 100 ms and the local detection
time multiplier to 4.
[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B-Vlanif20] ospf bfd enable
[S9300-B-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
BFD state is Up.
Take S9300-B for example. The display is as follows:

[S9300-B] display ospf bfd session all

NeighborId:1.1.1.1 AreaId:0.0.0.0 Interface: Vlanif20

NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface: Vlanif30




<S9300-A> display ospf routing
OSPF Process 1 with Router ID 1.1.1.1 Routing Tables
Routing for Network

172.16.1.1/24 3 Stub 1.1.1.2 2.2.2.2 0.0.0.0
3.3.3.0/24 1 Stub 3.3.3.1 1.1.1.1 0.0.0.0
2.2.2.0/24 2 Transit 1.1.1.2 3.3.3.3 0.0.0.0
1.1.1.0/24 1 Transit 1.1.1.1 1.1.1.1 0.0.0.0
Total Nets: 4 Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
As shown in the OSPF routing table, the backup link S9300-A→S9300-C→S9300-B takes effect
after the main link fails. The next hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
ospf bfd enable
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
#
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 1.1.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
router id 2.2.2.2
#
vlan batch 20 30 40
#
bfd

#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
ospf bfd enable
#
interface Vlanif30
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
#
#
#
ospf 1
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of S9300 C

#
sysname S9300-C
#
router id 3.3.3.3
#
vlan batch 10 30
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 2.2.2.1 255.255.255.0
ospf bfd enable
#
#
#
ospf 1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
#
return

5.2.4 IS-IS Configuration

This chapter describes the concepts of IS-IS and the procedure for configuring IS-IS, and
provides configuration examples of IS-IS.
Example for Configuring Basic IS-IS Functions
l S9300-A, S9300-B, S9300-C, and S9300-D belong to the same AS. The IS-IS protocol
runs on them to ensure connectivity on an IP network.
l The area IDs of S9300-A, S9300-B, and S9300-C are all 10, and the area ID of S9300-D
is 20.
l S9300-A and S9300X-B are Level-1 devices. S9300-C is a Level-1-2 device. S9300-D is
the Level-2 device.
Figure 5-24 Networking diagram for configuring basic functions of IS-IS
S9300-A
L1
GE1/0/1
S9300-C
L1/2 GE1/0/2
GE1/0/1
GE1/0/3 GE1/0/1
IS-IS
Area 10 GE1/0/2
S9300-D
L2
IS-IS
GE1/0/1 Area 20
S9300-B
L1

1. Configure the VLANs that the physical interfaces belong to.
3. Run the IS-IS progress on each S9300, specify the network entity title, and configure the
level.
4. Check the IS-IS database and routing table of each S9300.
Data Preparation
l System ID, level, and area ID of each S9300:
– S9300-A: The system ID is 0000.0000.0001; the area ID is 10; the level is Level-1.
– S9300-B: The system ID is 0000.0000.0002; the area ID is 10; the level is Level-1.
– S9300-C: The system ID is 0000.0000.0003; the area ID is 10; the level is Level-1-2.
– S9300-D: The system ID is 0000.0000.0004; the area ID is 20; the level is Level-2.
Procedure
[S9300-A] vlan 10
Step 3 Run the IS-IS progress on each S9300, specify the network entity title, and configure the level.
[S9300-A] isis 1
[S9300-A-isis-1] is-level level-1
[S9300-A-isis-1] network-entity 10.0000.0000.0001.00
[S9300-A-isis-1] quit

[S9300-B] isis 1
[S9300-B-isis-1] is-level level-1
[S9300-B-isis-1] network-entity 10.0000.0000.0002.00
[S9300-B-isis-1] quit
[S9300-C] isis 1
[S9300-C-isis-1] network-entity 10.0000.0000.0003.00
[S9300-C-isis-1] quit
[S9300-D] isis 1
[S9300-D-isis-1] is-level level-2
[S9300-D-isis-1] network-entity 20.0000.0000.0004.00
[S9300-D-isis-1] quit
Step 4 Enable the IS-IS progress on each interface.

[S9300-A-Vlanif10] isis enable 1
[S9300-B-Vlanif20] isis enable 1
[S9300-C-Vlanif10] isis enable 1
[S9300-D] interface vlanif 30
[S9300-D-Vlanif30] isis enable 1
[S9300-D-Vlanif30] quit

# View the IS-IS LSDB of each S9300.
[S9300-A] display isis lsdb
Database information for ISIS(1)

--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL

-------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000006 0xbf7d 649 68 0/0/0
0000.0000.0002.00-00 0x00000003 0xef4d 545 68 0/0/0
0000.0000.0003.00-00 0x00000008 0x3340 582 111 1/0/0
0000.0000.0003.01-00 0x00000004 0xa7dd 582 55 0/0/0
0000.0000.0003.02-00 0x00000002 0xc0c4 524 55 0/0/0
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),

ATT-Attached, P-Partition, OL-Overload
[S9300-B] display isis lsdb


--------------------------------

-------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xbf7d 642 68 0/0/0
0000.0000.0002.00-00* 0x00000003 0xef4d 538 68 0/0/0
0000.0000.0003.00-00 0x00000008 0x3340 574 111 1/0/0

[S9300-C] display isis lsdb

--------------------------------

-------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xbf7d 638 68 0/0/0
0000.0000.0002.00-00 0x00000003 0xef4d 533 68 0/0/0
0000.0000.0003.00-00* 0x00000008 0x3340 569 111 1/0/0
0000.0000.0003.01-00* 0x00000005 0xa5de 569 55 0/0/0
0000.0000.0003.02-00* 0x00000003 0xbec5 569 55 0/0/0


-------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000008 0x55bb 650 100 0/0/0
0000.0000.0003.03-00* 0x00000003 0xef91 650 55 0/0/0
0000.0000.0004.00-00 0x00000005 0x651 629 84 0/0/0

[S9300-D] display isis lsdb

--------------------------------

-------------------------------------------------------------------------
0000.0000.0003.00-00 0x00000008 0x55bb 644 100 0/0/0
0000.0000.0003.03-00 0x00000003 0xef91 644 55 0/0/0
0000.0000.0004.00-00* 0x00000005 0x651 624 84 0/0/0

# View the IS-IS routing table of each S9300. A default route is available in the routing table of
the Level-1 S9300s and the next hop is a Level-1-2 S9300. The routing table of the Level-2
S9300 contains all Level-1 and Level-2 routes.
[S9300-A] display isis route
Route information for ISIS(1)

-----------------------------
ISIS(1) Level-1 Forwarding Table

--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------
0.0.0.0/0 10 NULL Vlanif10 10.1.1.1 A/-/-/-
10.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-
10.1.2.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-
192.168.0.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,

U-Up/Down Bit Set
[S9300-C] display isis route

-----------------------------

--------------------------------

-------------------------------------------------------------------------

U-Up/Down Bit Set

--------------------------------

-------------------------------------------------------------------------
172.16.0.0/16 20 NULL Vlanif40 192.168.0.2 A/-/-/-

U-Up/Down Bit Set
[S9300-D] display isis route

-----------------------------

--------------------------------
-------------------------------------------------------------------------
10.1.1.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-
10.1.2.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-
172.16.0.0/16 10 NULL Vlanif40 Direct A/-/-/-

U-Up/Down Bit Set
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00

#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
#
return
#
sysname S9300-B
#
vlan batch 20
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
isis enable 1
#
#
return
#
sysname S9300-C
#
vlan batch 10 20 30
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
isis enable 1
#
#
#
#
return
#
sysname S9300-D
#
vlan batch 30 40

#
isis 1
is-level level-2
network-entity 20.0000.0000.0004.00
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.16.1.1 255.255.0.0
isis enable 1
#
#
#
Return
Example for Configuring IS-IS Route Aggregation
l S9300-A, S9300-B, and S9300-C run the IS-IS protocol to communicate with each other.
l S9300-A belongs to Area 20. S9300-B and S9300-C belong to Area 10.
l S9300-A is a Level-2 device. S9300-B is a Level-1-2 device. S9300-C is a Level-1 device.
l The addresses in Area 10 can be summarized as 172.1.0.0/16.
Figure 5-25 Networking diagram for configuring IS-IS route aggregation
network 1
172.1.1.0/24
S9300-A Area 10
L2 GE1/0/2
GE1/0/1 GE1/0/1 GE1/0/3 network 2
GE1/0/2 GE1/0/1 172.1.2.0/24
GE1/0/4
Area 20 S9300-B S9300-C
L1/L2 L1
network 3
172.1.3.0/24

1. Enable IS-IS on each S9300 so that the S9300s can be interconnected.
2. Check the IS-IS routing table of S9300-A.
3. Configure route aggregation on S9300-B.
Data Preparation
l S9300-A: The system ID is 0000.0000.0001; the area ID is 10; the level is Level-2.
l S9300-B: The system ID is 0000.0000.0002; the area ID is 10; the level is Level-1.
l S9300-C: The system ID is 0000.0000.0003; the area ID is 10; the level is Level-1.
Procedure
[S9300-A-GigabitEthernet1/0/1] port link-type access
[S9300-A] vlan 50
[S9300-A-vlan50] port GigabitEthernet 1/0/1
Step 3 Configure the basic IS-IS functions.

[S9300-A] isis 1
[S9300-B] isis 1
[S9300-C] isis 1
[S9300-C-isis-1] is-level level-1
The configurations of the VLANIF 20, VLANIF 30, and VLANIF 40 interfaces are similar to
the configuration of VLANIF 10, and are not mentioned here.
Step 4 Check the IS-IS routing table of S9300-A.
[S9300-A]display isis route

-----------------------------

--------------------------------

-------------------------------------------------------------------------
172.1.1.0/24 20 NULL Vlanif50 172.2.1.2 A/-/-/-
172.1.2.0/24 20 NULL Vlanif50 172.2.1.2 A/-/-/-
172.1.3.0/24 20 NULL Vlanif50 172.2.1.2 A/-/-/-
172.1.4.0/24 20 NULL Vlanif50 172.2.1.2 A/-/-/-

U-Up/Down Bit Set
Step 5 Configure route aggregation on S9300-B.

# Aggregate 172.1.1.0/24, 172.1.2.0/24, 172.1.3.0./24, and 172.1.4.0/24 as 172.1.0.0/16 on
S9300-B.
[S9300-B] isis 1
[S9300-B-isis-1] summary 172.1.0.0 255.255.0.0 level-1-2

# Check the routing table of S9300-A, and you can find that 172.1.1.0/24, 172.1.2.0/24,
172.1.3.0./24 and 172.1.4.0/24 are aggregated as 172.1.0.0/16.


-----------------------------

--------------------------------

-------------------------------------------------------------------------
172.1.0.0/16 20 NULL Vlanif50 172.2.1.2 A/-/-/-

U-Up/Down Bit Set
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 50
#
isis 1
is-level level-2
network-entity 20.0000.0000.0001.00
#
interface Vlanif50
ip address 172.2.1.1 255.255.255.0
isis enable 1
#
#
return

#
sysname S9300-B
#
vlan batch 10 50
#
isis 1
network-entity 10.0000.0000.0002.00
summary 172.1.0.0 255.255.0.0 level-1-2
#
interface Vlanif10
ip address 172.1.4.2 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.2.1.2 255.255.255.0
isis enable 1
#
#
#
return

#
sysname S9300-C

#
vlan batch 10 20 30 40
#
isis 1
is-level level-1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 172.1.4.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 172.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 172.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.1.3.1 255.255.255.0
isis enable 1
#
#
#
#
#
return
Example for Configuring the DIS Election
l S9300-A, S9300-B, S9300-C, and S9300-D run the IS-IS protocol to communicate with
each other.
l S9300-A, S9300-B, S9300-C, and S9300-D belong to Area 10.
l S9300-A and S9300-B are Level-1-2 devices. S9300-C is a Level-1 device. S9300-D is a
Level-2 device.
l You need to change the DIS priority of the related interface to configure S9300-A to a
Level-1-2 DIS.

Figure 5-26 Networking diagram for configuring the DIS election
S9300-A S9300-B
L1/L2 L1/L2
GE1/0/1 GE1/0/1
GE1/0/1 GE1/0/1
S9300-C S9300-D
L1 L2
2. Check information about the IS-IS interface on each S9300 with the default priority.
3. Configure the DIS priority on S9300-A.
Data Preparation
– S9300-A: The system ID is 0000.0000.0001; the area ID is 10; the DIS priority is 100;
the level is Level-1-2.
– S9300-C: The system ID is 0000.0000.0003; the area ID is 10; the level is Level-1.
Procedure
[S9300-A] vlan 10

Step 3 View the MAC address of the VLANIF 10 interface on each S9300.
# View the MAC address of the VLANIF 10 interface on S9300-A.
[S9300-A] display arp interface vlanif 10
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.1 00e0-fc10-afec I - Vlanif10
------------------------------------------------------------------------------
# View the MAC address of the VLANIF 10 interface on S9300-B.

[S9300-B] display arp interface vlanif 10
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.2 00e0-fccd-acdf I - Vlanif10
------------------------------------------------------------------------------
# View the MAC address of the VLANIF 10 interface on S9300-C.

[S9300-C] display arp interface vlanif 10
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.3 00e0-fc50-25fe I - Vlanif10
------------------------------------------------------------------------------
# View the MAC address of the VLANIF 10 interface on S9300-D.

[S9300-D] display arp interface vlanif 10
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.4 00e0-fcfd-305c I - Vlanif10
------------------------------------------------------------------------------

[S9300-A] isis 1
[S9300-B] isis 1

[S9300-C] isis 1
[S9300-D] isis 1
[S9300-D-isis-1] network-entity 10.0000.0000.0004.00
# View information about the IS-IS neighbors of S9300-A.

[S9300-A] display isis peer
Peer information for ISIS(1)
----------------------------
System Id Interface Circuit Id State HoldTime Type
PRI
0000.0000.0002 Vlanif10 0000.0000.0002.01 Up 9s L1(L1L2) 64
0000.0000.0003 Vlanif10 0000.0000.0002.01 Up 27s L1 64
0000.0000.0002 Vlanif10 0000.0000.0004.01 Up 28s L2(L1L2) 64
0000.0000.0004 Vlanif10 0000.0000.0004.01 Up 8s L2 64
# View information about the IS-IS interface of S9300-A.

[S9300-A] display isis interface
Interface information for ISIS(1)

---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DR
Vlanif10 001 Up Down 1497 L1/L2 No/No
# View information about the IS-IS interface of S9300-B.

[S9300-B] display isis interface

---------------------------------
Vlanif10 001 Up Down 1497 L1/L2 Yes/No
# View information about the IS-IS interface of S9300-D.

[S9300-D] display isis interface

---------------------------------
Vlanif10 001 Up Down 1497 L1/L2 No/Yes
NOTE
When the default DIS priority is used, the interface on S9300-B has the greatest MAC address among all
the interfaces on the Level-1 S9300s. Therefore, S9300-B is elected as the Level-1 DIS. The interface on
S9300-D has the greatest MAC address among all the interfaces on the Level-2 S9300s. Therefore, S9300-
D is elected as the Level-2 DIS. The Level-1 pseudonode is 0000.0000.0002.01. The Level-2 pseudonode
is 0000.0000.0004.01.
Step 5 Set the DIS priority of S9300-A.


[S9300-A-Vlanif10] isis dis-priority 100
# View information about the IS-IS neighbors of S9300-A.


----------------------------
PRI
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 21s L1(L1L2) 64
0000.0000.0003 Vlanif10 0000.0000.0001.01 Up 27s L1 64
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2(L1L2) 64
0000.0000.0004 Vlanif10 0000.0000.0001.01 Up 30s L2 64

# View information about the IS-IS interface of S9300-A.
[S9300-A] display isis interface

---------------------------------
Vlanif10 001 Up Down 1497 L1/L2 Yes/Yes
As shown in the output information, after the DIS priority of the IS-IS interface is changed,
S9300-A immediately becomes a Level-1 and Level-2 DIS and its pseudonode is
0000.0000.0001.01.
# View information about the IS-IS neighbors and IS-IS interfaces on S9300-B.
[S9300-B] display isis peer

----------------------------
PRI
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L1(L1L2)
100
0000.0000.0003 Vlanif10 0000.0000.0001.01 Up 25s L1
64
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L2(L1L2)
100
0000.0000.0004 Vlanif10 0000.0000.0001.01 Up 25s L2
64
[S9300-B] display isis interface

---------------------------------
# View information about the IS-IS neighbors and IS-IS interfaces on S9300-D.
[S9300-D] display isis peer

----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 9s L2 100
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2 64
[S9300-D] display isis interface

---------------------------------
----End

Configuration Files
#
#
sysname S9300-A
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis dis-priority 100
#
#
return

#
#
sysname S9300-B
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
#
return

#
sysname S9300-C
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.1.1.3 255.255.255.0
isis enable 1
#
#
return

#
sysname S9300-D
#
vlan batch 10
#

isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface Vlanif10
ip address 10.1.1.4 255.255.255.0
isis enable 1
#
#
return
Example for Configuring IS-IS Load Balancing
l S9300-A, S9300-B, S9300-C, and S9300-D run IS-IS to communicate with each other.
l S9300-A, S9300-B, S9300-C, and S9300-D are Level-2 devices in Area 10.
l Load balancing needs to be configured so that the traffic of S9300-A is sent to S9300-D
through S9300-B and S9300-C.
Figure 5-27 Networking diagram for configuring IS-IS load balancing
GE1/0/1 GE1/0/2
S9300-B
L2
GE1/0/1 GE1/0/1
GE1/0/3 S9300-A S9300-D GE1/0/3
L2 L2
GE1/0/2 Area 10 GE1/0/2
GE1/0/1 GE1/0/2
S9300-C
L2
S9300-C GigabitEthernet1/0/1 VLANIF 20 10.1.2.2./24

2. Set the number of equal-cost routes to 1 and check the routing table.
3. Configure load balancing on S9300-A and check the routing table.
4. (Optional) Set the weight of equal-cost routes on S9300-A.
Data Preparation
– S9300-C: The system ID is 0000.0000.0003; the area ID is 10; the level is Level-2.
l Number of routes for load balancing on S9300-A: 1
l Load balancing mode on S9300-A
l Weight of the equal-cost route with S9300-C as the next hop: 1
Procedure
[Quidway] vlan batch 10 20 50

Step 3 Configure the basic function of IS-IS. The configuration procedure is not mentioned here.
Step 4 Set the number of equal-cost routes for load balancing to 1 on S9300-A.
[S9300-A] isis 1
[S9300-A-isis-1] maximum load-balancing 1


-----------------------------

--------------------------------

-------------------------------------------------------------------------
192.168.1.0/24 20 NULL Vlanif20 10.1.2.2 A/-/-/-
172.17.1.0/24 30 NULL Vlanif10 10.1.1.2 A/-/-/-
192.168.0.0/24 20 NULL Vlanif10 10.1.1.2 A/-/-/-
Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set
As shown in the routing table, when the maximum number of equal-cost routes for load balancing
is set to 1, IS-IS selects 10.1.1.2 as the next hop to the destination network 172.17.1.0. This is
because S9300-B has a smaller system ID.
Step 5 Restore the default number of equal-cost routes for load balancing on S9300-A.
[S9300-A] isis 1
[S9300-A-isis-1] undo maximum load-balancing


-----------------------------

--------------------------------

-------------------------------------------------------------------------
192.168.1.0/24 20 NULL Vlanif20 10.1.2.2 A/-/-/-
172.17.1.0/24 30 NULL Vlanif10 10.1.1.2 A/-/-/-
Vlanif20 10.1.2.2
192.168.0.0/24 20 NULL Vlanif10 10.1.1.2 A/-/-/-

As shown in the routing table, the number of equal-cost routes for load balancing is restored to
the default value 6. Both the next hops of S9300-A, 10.1.1.2 (S9300-B) and 10.1.2.2 (S9300-C)
now become valid.
Step 6 (Optional) Set the preference for equal-cost routes on S9300-A.

[S9300-A] isis
[S9300-A-isis-1] nexthop 10.1.2.2 weight 1

-----------------------------

--------------------------------

--------------------------------------------------------------------------------
192.168.1.0/24 20 NULL Vlanif20 10.1.2.2 A/-/-/-
172.17.1.0/24 30 NULL Vlanif20 10.1.2.2 A/-/-/-
192.168.0.0/24 20 NULL Vlanif10 10.1.1.2 A/-/-/-
As shown in the routing table, the preference of the next hop 10.1.2.2 (S9300-C) with the weight
as 1, is higher than that of 10.1.1.2 (S9300-B), after the weight is set for equal-cost routes.
Therefore, IS-IS selects route with the next hop 10.1.2.2 as the optimal route.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20 50
#
isis 1
is-level level-2
network-entity 10.0000.0000.0001.00
nexthop 10.1.2.2 weight 1
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
#


#
#
return
#
sysname S9300-B
#
vlan batch 10 30
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
isis enable 1
#
#
#
return
#
sysname S9300-C
#
vlan batch 20 40
#
isis 1
is-level level-2
network-entity 10.0000.0000.0003.00
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 192.168.1.1 255.255.255.0
isis enable 1
#
#
#
return
#
sysname S9300-D
#
vlan batch 30 40 60
#

isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 192.168.1.2 255.255.255.0
isis enable 1
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
isis enable 1
#
#
#
#
return
Example for Configuring IS-IS GR
As shown in Figure 5-28, the networking requirement are as follows: S9300-A, S9300-A and
S9300-C belong to the same autonomous system . They run the IS-IS protocol to implement
interworking and provide the GR mechanism.
After S9300-A, S9300-B, and S9300-C set up IS-IS adjacencies with each other, they start to
exchange routing information. When IS-IS is restarted on S9300-A, S9300-A resends connection
requests to neighbors to synchronize the LSDB.
Figure 5-28 Networking diagram of IS-IS GR configuration

S9300-A S9300-C S9300-B
L1 L1/L2 L2
GE1/0/1 GE1/0/2
GE1/0/1 GE1/0/1

2. Configure GR in the IS-IS view on each S9300 and configure the same interval for the
restart.
Data Preparation
– S9300-C: The system ID is 0000.0000.0003; the area ID is 10; the level is Level-1-2.
l Restart interval
Procedure
[S9300-A] vlan 10
The configurations of S9300-B and S9300 are similar to the configuration of S9300-A, and are
not mentioned here.
[S9300-A] interface vlanif10
The configurations of S9300-B and S9300 are similar to the configuration of S9300-A, and are
not mentioned here.
Step 3 Configure the basic function of IS-IS. The configuration procedure is not mentioned here.
Step 4 Configure IS-IS GR.
# Enable IS-IS GR on S9300-A and set the restart interval. The configurations on S9300-B and
S9300-C are the same as the configurations on S9300-A. S9300-A is taken as an example here.
[S9300-A] isis 1
[S9300-A-isis-1] graceful-restart
[S9300-A-isis-1] graceful-restart interval 150

# Run the display fib command on S9300-A to view the Forwarding Information Base (FIB)
table.

<S9300-A> display fib

FIB Table:
Total number of Routes : 5
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID

127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
100.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
100.1.1.0/24 100.1.1.1 U t[20678] Vlanif10 0x0
100.2.1.0/24 100.1.1.2 DGU t[79388] Vlanif10 0x0
# Reset the IS-IS process by using the GR method on S9300-A.

<S9300-A> reset isis all
NOTE
The S9300 restarts an IS-IS process in GR mode only when GR is enabled for the IS-IS process.
# Run the display fib command on S9300-A and view the FIB table to check whether GR works
normally. If GR works normally, the FIB table does not change and the forwarding service is
not affected when S9300-A restarts the IS-IS process in GR mode.
FIB Table:

127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
100.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
100.1.1.0/24 100.1.1.1 U t[20678] Vlanif10 0x0
100.2.1.0/24 100.1.1.2 DGU t[79388] Vlanif10 0x0
As shown in the display, the FIB table on S9300-A does not change and the forwarding service
is not affected.
# Disable IS-IS GR on S9300-A.
[S9300-A] isis 1
[S9300-A-isis-1] undo graceful-restart
# Reset the IS-IS process on S9300-A.

<S9300-A> reset isis all
# Run the display fib command on S9300-A to view the FIB table.
FIB Table:

127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
100.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
100.1.1.0/24 100.1.1.1 U t[20678] Vlanif10 0x0
As shown in the display, the FIB table on S9300-A changes and the forwarding service is
affected.
----End
Configuration Files
#
sysname S9300-A

#
vlan batch 10
#
isis 1
graceful-restart
graceful-restart interval 150
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
isis enable 1
#
#
return

#
sysname S9300-B
#
vlan batch 20
#
isis 1
graceful-restart
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.2.1.2 255.255.255.0
isis enable 1
#
#
return

#
sysname S9300-C
#
vlan batch 10 20
#
isis 1
graceful-restart
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 100.2.1.1 255.255.255.0
isis enable 1
#
#
#
return

Example for Configuring BFD for IS-IS
As shown in Figure 5-29, the networking requirement are as follows:
l S9300-A, S9300-B, S9300-C run IS-IS to communicate with each other.
l BFD for IS-IS is enabled on S9300-A, S9300-B, and S9300-C.
l Service traffic is transmitted on the main link S9300-A→S9300-B. Link S9300-A→
S9300-C→S9300-B is a backup link.
l BFD is configured on the interfaces between S9300-A and S9300-B. When a fault occurs
on the link between the S9300-A and S9300-B, BFD can quickly detect the fault and notify
IS-IS of the fault. Then, the service flow is transmitted through the backup link.
Figure 5-29 Networking diagram for configuring BFD for IS-IS
S9300-A S9300-B
GE2/0/0 GE3/0/0
GE2/0/0
GE1/0/0 GE1/0/0
GE1/0/0 GE2/0/0
S9300-C
1. Enable IS-IS on each S9300 to ensure the reachability of the routes.
2. Set the cost of IS-IS interfaces to control the route selection.

3. Enable global BFD.

4. Enable the BFD for the IS-IS process on S9300-A, S9300-A, and S9300-C.
5. Enable BFD on interfaces of S9300-A and S9300-B.
Data Preparation
l Process ID of the IS-IS protocol
l Area IDs of S9300-A, S9300-B, and S9300-C
l Interface cost of S9300-A and S9300-A
l Number and type of the BFD-enabled interfaces on S9300-A, S9300-B, and S9300-C
l Minimum interval for sending the BFD packets, the minimum interval for receiving the
BFD packets, and the local detection time multiplier on S9300-A and S9300-B
Procedure
Step 1 Configure IP addresses of all interfaces. The configuration procedure is not mentioned here.
[S9300-A] isis
[S9300-B] isis
[S9300-C] isis

# After the preceding configurations are complete, run the display isis peer command. You can
view the neighbor relationship set up between S9300-A and S9300-B, and the neighbor
relationship between S9300-A and S9300-C. Take S9300-A for example. The display is as
follows:
----------------------------
System Id interface circuit Id State HoldTime Type PRI
0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 9s L2 64
0000.0000.0003 Vlanif10 0000.0000.0001.02 Up 21s L2 64
Total Peer(s): 2
# S9300s learn routes from each other. Take S9300-A for example. The routing table is as
follows:
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Destin-Ations : 8 Routes : 9
Destin-Ation/Mask Proto Pre Cost FlAgs NextHop interface

1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopback0
2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10
ISIS 15 20 D 3.3.3.2 Vlanif20
3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif20
172.16.1.0/24 ISIS 15 20 D 3.3.3.2 Vlanif20
As shown in the routing table, the next hop address of the route to 172.16.1.0/24 is 3.3.3.2 and
service flows are transferred on the main link S9300-A→S9300-B.
Step 3 Set the interface cost.
[S9300-A-Vlanif20] isis cost 5
[S9300-B-Vlanif20] isis cost 5
Step 4 Configure BFD for the IS-IS process.
# Enable BFD for the IS-IS process on S9300-A.

[S9300-A] bfd
[S9300-A-bfd] quit
[S9300-A] isis
[S9300-A-isis-1] bfd all-interfaces enable
# Enable BFD for the IS-IS process on S9300-B.

[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B] isis
[S9300-B-isis-1] bfd all-interfaces enable

# Enable BFD for the IS-IS process on S9300-C.

[S9300-C] bfd
[S9300-C-bfd] quit
[S9300-C] isis
[S9300-C-isis-1] bfd all-interfaces enable
# Run the display isis bfd session all command on S9300-A, S9300-B, or S9300-C. You can
see that the BFD state is Up.

[S9300-A] display isis bfd session all
BFD session information for ISIS(1)

-----------------------------------
Peer System ID : 0000.0000.0003 interface : Vlanif10

TX : 100 bfd State : up Peer IP address : 1.1.1.2
RX : 100 LocDis : 8193 Local IP address: 1.1.1.1
Multiplier : 3 RemDis : 8192 Type : L2
Diag : No diagnostic information
From the preceding display, you can find that the status of the BFD session between S9300-A
and S9300-B and the BFD session between S9300-A and S9300-C are Up.
Step 5 Configure the BFD feature on interfaces.
# Configure BFD on VLANIF 20 of S9300-A and set the minimum interval for sending the
packets and the minimum interval for receiving the packets to 10 ms and the local detection time
multiplier to 4.
[S9300-A-Vlanif20] isis bfd enable
[S9300-A-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
# Configure BFD on VLANIF 20 of S9300-B and set the minimum interval for sending the
packets and the minimum interval for receiving the packets to 100 ms and the local detection
time multiplier to 4.
[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B-Vlanif20] isis bfd enable
[S9300-B-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
BFD parameters take effect. Take S9300-B for example. The display is as follows:
[S9300-B] display isis bfd session all
bfd session information for ISIS(1)

-----------------------------------

RX : 100 LocDis : 8192 Local IP address: 3.3.3.2
Diag : No diagnostic information



------------------------------------------------------------------------------
Destination/Mask Proto Pre -Cost Flags NextHop interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10

2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10
3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif10
172.16.1.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10
As shown in the routing table, the backup link S9300-A→S9300-C→S9300-B takes effect after
the main link fails. The next hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.
# Run the display isis bfd session all command on S9300-A. You can see that only the BFD
session between S9300-A and S9300-C is Up.
[S9300-A] display isis bfd session all
bfd session information for ISIS(1)

-----------------------------------

RX : 100 Lo-CDis : 8193 Lo-C-Al IP address: 1.1.1.1
diag : No diagnostic information
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
isis enable 1

isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
#
#
return
#
sysname S9300-B
#
bfd
#
vlan batch 20 30 40
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface Vlanif30
ip address 2.2.2.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
#
#
#
return
#
sysname S9300-C
#
vlan batch 10 30
#
bfd
#
isis 1
is-level level-2
network-entity 10.0000.0000.0003.00

#
interface vlanif10
ip address 1.1.1.2 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 2.2.2.1 255.255.255.0
isis enable 1
#
#
#
return
5.2.5 BGP Configuration

This chapter describes the basic concepts of the Border Gateway Protocol (BGP) and the
procedure for configuring BGP, and provides several configuration examples of BGP.
Example for Configuring Basic BGP Functions
As shown in Figure 5-30, all S9300s run BGP; an EBGP connection is established between
S9300-A and S9300-B; IBGP connections are set up between S9300-B, S9300-C, and S9300-
D.
Figure 5-30 Networking diagram for configuring basic BGP functions
S9300-C
GE1/0/1
GE1/0/2 GE1/0/2
GE1/0/2
GE1/0/1
AS65009
GE1/0/1
S9300-B GE1/0/3
S9300-A GE1/0/2
AS65008 GE1/0/1
S9300-D

1. Configure IBGP connections between S9300-B, S9300-C and S9300-D.
2. Configure an EBGP connection between S9300-A and S9300-B.
3. Advertise routes through the network command on Figure 5-30-A and check the routing
tables of S9300-A, S9300-B, and S9300-C.
4. Configure BGP on S9300-B to import direct routes, and check the routing tables of
S9300-A and S9300-C.
Data Preparation
l Router ID of S9300-A being 1.1.1.1 and number of the AS where S9300-A resides being
65008
l Router IDs of S9300-B, S9300-C, and S9300-D being 2.2.2.2, 3.3.3.3. and 4.4.4.4, and
number of the AS where they reside being 65009
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLANs.
[Quidway] vlan batch 10 50
The configurations of S9300-B, S9300-C, and S9300-D are the same as the configuration of

Step 3 Configure IBGP connections.
[S9300-B] bgp 65009
[S9300-B-bgp] router-id 2.2.2.2
[S9300-B-bgp] peer 9.1.1.2 as-number 65009
[S9300-C] bgp 65009
[S9300-C-bgp] router-id 3.3.3.3
[S9300-C-bgp] peer 9.1.3.1 as-number 65009
[S9300-C-bgp] quit
[S9300-D] bgp 65009
[S9300-D-bgp] router-id 4.4.4.4
[S9300-D-bgp] peer 9.1.1.1 as-number 65009
[S9300-D-bgp] quit
Step 4 Configure EBGP connections.

[S9300-A] bgp 65008
[S9300-A-bgp] router-id 1.1.1.1
[S9300-A-bgp] peer 200.1.1.1 as-number 65009
[S9300-B-bgp] quit
# Check the status of BGP connections.

[S9300-B] display bgp peer
BGP local router ID : 2.2.2.2

Local AS number : 65009
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
9.1.1.2 4 65009 49 62 0 00:44:58 Established 0

9.1.3.2 4 65009 56 56 0 00:40:54 Established 0
200.1.1.2 4 65008 49 65 0 00:44:03 Established 1
You can view that the BGP connections between S9300-B and all the other S9300s are set up.
Step 5 Configure S9300-A to advertise route 8.0.0.0/8.
# Configure S9300-A to advertise routes.
[S9300-A-bgp] ipv4-family unicast
[S9300-A-bgp-af-ipv4] network 8.0.0.0 255.0.0.0
[S9300-A-bgp-af-ipv4] quit
[S9300-A-bgp] quit

[S9300-A] display bgp routing-table

Total Number of Routes: 1
BGP Local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 8.0.0.0/8 0.0.0.0 0 0 i
# Check the routing table of S9300-B.

[S9300-B] display bgp routing-table

*> 8.0.0.0/8 200.1.1.2 0 0 65008i
# Check the routing table of S9300-C.

[S9300-C] display bgp routing-table

i 8.0.0.0/8 200.1.1.2 0 100 0 65008i
According to the routing table, you can view that S9300-C has learned the route to the destination
8.0.0.0 in AS 65008, but the next hop 200.1.1.2 is unreachable. Therefore, this route is invalid.
Step 6 Configure BGP to import direct routes.
[S9300-B] bgp 65009
[S9300-B-bgp] ipv4-family unicast
[S9300-B-bgp-af-ipv4] import-route direct
[S9300-B-bgp-af-ipv4] quit
[S9300-B-bgp] quit
# Check the BGP routing table of S9300-A.


*> 8.0.0.0/8 0.0.0.0 0 0 i

*> 9.1.1.0/24 200.1.1.1 0 0 65009?
*> 9.1.3.0/24 200.1.1.1 0 0 65009?
* 200.1.1.0/24 200.1.1.1 0 0 65009?

[S9300-C] display bgp routing-table

* i 8.0.0.0/8 200.1.1.2 0 100 0 65008i

*>i 9.1.1.0/24 9.1.3.1 0 100 0 ?
i 9.1.3.0/24 9.1.3.1 0 100 0 ?
*>i 200.1.1.0/24 9.1.3.1 0 100 0 ?
You can view that the route destined for 8.0.0.0 becomes valid, and the next hop is the address
of S9300-A.
# Perform the ping operation to verify the configuration.
[S9300-C] ping 8.1.1.1

0.00% packet loss
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 50
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif50
ip address 8.1.1.1 255.0.0.0
#
#
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.0.0.0
peer 200.1.1.1 enable
#
return

#
sysname S9300-B
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 9.1.3.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
#
#
#
bgp 65009
router-id 2.2.2.2
#
ipv4-family unicast
import-route direct
peer 9.1.1.2 enable
peer 9.1.3.2 enable
#
return

#
sysname S9300-C
#
vlan batch 20 40
#
interface Vlanif20
ip address 9.1.3.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.1 255.255.255.0
#
#
port hybrid untagged vlan 40#
bgp 65009
router-id 3.3.3.3
#
ipv4-family unicast
peer 9.1.2.2 enable
peer 9.1.3.1 enable

#
return

#
sysname S9300-D
#
vlan batch 30 40
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.2 255.255.255.0
#
#
#
bgp 65009
router-id 4.4.4.4
#
ipv4-family unicast
peer 9.1.1.1 enable
peer 9.1.2.1 enable
#
return
Example for Configuring BGP to Interact With an IGP
As shown in Figure 5-31, OSPF is used inside AS 65009. An EBGP connection is set up between
S9300-A and S9300-B. S9300-C runs OSPF instead of BGP.
Figure 5-31 Networking diagram for configuring BGP to interact with an IGP
AS 65008 AS 65009
GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
GE1/0/1 GE1/0/2
S9300-A S9300-B S9300-C

1. Configure OSPF on S9300-B and S9300-C.
2. Configure an EBGP connection on S9300-A and S9300-B.
3. Configure BGP to interact with OSPF on S9300-B and check the routes.
4. Configure BGP route aggregation on S9300-B to simplify the BGP routing table.
Data Preparation
l Router ID of S9300-A being 1.1.1.1 and number of the AS where it resides being 65008
l Router IDs of S9300-B and S9300-C being 2.2.2.2 and 3.3.3.3, and number of the AS where
they reside being 65009
Procedure
[S9300-A] vlan 10
[S9300-A] vlan 30
The configurations of S9300-B and S9300-C are the same as the configuration of S9300-A, and

Step 3 Configure OSPF.
[S9300-B] ospf 1
[S9300-C] ospf 1
Step 4 Configure an EBGP connection.

[S9300-A] bgp 65008
[S9300-A-bgp-af-ipv4] network 8.1.1.0 255.255.255.0
[S9300-A-bgp] quit
[S9300-B] bgp 65009
Step 5 Configure BGP to interact with an IGP.

# On S9300-B, configure BGP to import OSPF routes.
[S9300-B-bgp-af-ipv4] import-route ospf 1
[S9300-B-bgp] quit


*> 8.1.1.0/24 0.0.0.0 0 0 i
*> 9.1.1.0/24 3.1.1.1 0 0 65009?
*> 9.1.2.0/24 3.1.1.1 2 0 65009?
# On S9300-B, configure OSPF to import BGP routes.

[S9300-B] ospf
[S9300-B-ospf-1] import-route bgp


[S9300-C] display ip routing-table
------------------------------------------------------------------------------
8.1.1.0/24 O_ASE 150 1 D 9.1.1.1 Vlanif20

9.1.1.0/24 Direct 0 0 D 9.1.1.2 Vlanif20
9.1.2.0/24 Direct 0 0 D 9.1.2.1 Vlanif40
Step 6 Configure automatic aggregation.

[S9300-B] bgp 65009
[S9300-B-bgp-af-ipv4] summary automatic
[S9300-B-bgp] quit
# Check the BGP routing table of S9300-A.


*> 8.1.1.0/24 0.0.0.0 0 0 i

*> 9.0.0.0 3.1.1.1 0 65009?
# Perform the ping operation to verify the configuration.

[S9300-A] ping -a 8.1.1.1 9.1.2.1
0.00% packet loss
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30
#

interface Vlanif10
ip address 3.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 8.1.1.1 255.255.255.0
#
#
#
bgp 65008
router-id 1.1.1.1
#
ipv4-family unicast
network 8.1.1.0 255.255.255.0
peer 3.1.1.1 enable
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 9.1.1.1 255.255.255.0
#
#
#
bgp 65009
router-id 2.2.2.2
#
ipv4-family unicast
summary automatic
import-route ospf 1
peer 3.1.1.2 enable
#
ospf 1
import-route bgp
area 0.0.0.0
network 9.1.1.0 0.0.0.255
return
#
sysname S9300-C
#
vlan batch 20 40
#
interface Vlanif20
ip address 9.1.1.2 255.255.255.0
#

interface Vlanif40
ip address 9.1.2.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 9.1.1.0 0.0.0.255
network 9.1.2.0 0.0.0.255
#
return
Example for Configuring BFD for BGP
As shown in Figure 5-32, S9300-A belongs to AS 100, and S9300-B and S9300-C belong to
AS 200. EBGP connections are established between S9300-A and S9300-B and between
S9300-A and S9300-C.
Service flow is transmitted on the active link S9300-A → S9300-B. The link S9300-A →
S9300-C → S9300-B acts as the standby link.
Use BFD to detect the BGP peer relationship between S9300-A and S9300-B. When the link
between S9300-A and S9300-B fails, BFD can rapidly detect the fault and notify BGP. Service
flows are transmitted on the standby link.
Figure 5-32 Networking diagram for configuring BFD for BGP
S9300-B
GE3/0/0
GE2/0/0 GE1/0/0
GE2/0/0 EBGP
IBGP
GE1/0/0 AS 200
S9300-A
GE1/0/0 GE2/0/0
AS 100
EBGP
S9300-C

1. Configure basic BGP functions on each S9300.
2. Configure MED attributes to control the route selection.
3. Enable BFD on S9300-A and S9300-B.
Data Preparation
l Router IDs and AS numbers of S9300-A S9300-B, and S9300-C
l Peer IP address detected by BFD
l Minimum interval for sending BFD control packets, minimum interval for receiving BFD
control packets, and local detection multiplier
Procedure
Step 1 Assign IP addresses to the interfaces of S9300s. The configuration details are not mentioned
here.
Step 2 Configure basic BGP functions, establish EBGP connections between S9300-A and S9300-B
and between S9300-A and S9300-C, and establish an IBGP connection S9300-B and S9300-C.
[S9300-A] bgp 100
[S9300-A-bgp] quit
[S9300-B] bgp 200
[S9300-B-bgp] network 9.1.1.0 255.255.255.0
[S9300-B-bgp] quit
[S9300-C] bgp 200
[S9300-C-bgp] network 9.1.1.0 255.255.255.0

[S9300-C-bgp] network 172.16.1.0 255.255.255.0

[S9300-C-bgp] quit
# On S9300-A, you can view that the BGP peer is established.

<S9300-A> display bgp peer

Peer V AS MsgRcvd MsgSent OutQ Up/Down State

PrefRcv
200.1.1.2 4 200 2 5 0 00:01:25 Established 0

200.1.2.2 4 200 2 4 0 00:00:55 Established 0
Step 3 Set the MED.
Set the MED sent from S9300-B to S9300-C through the policy.
[S9300-B] route-policy 10 permit node 10
[S9300-B-route-policy] apply cost 100
[S9300-B-route-policy] quit
[S9300-B] bgp 200
[S9300-B-bgp] peer 200.1.1.2 route-policy 10 export
[S9300-C] route-policy 10 permit node 10
[S9300-C-route-policy] apply cost 150
[S9300-C-route-policy] quit
[S9300-C] bgp 200
[S9300-C-bgp] peer 200.1.2.2 route-policy 10 export
# View all BGP routing information on S9300-A.

<S9300-A> display bgp routing-table

*> 172.16.1.0/24 200.1.1.2 100 0 200i

* 200.1.2.2 150 0 200i
According to the BGP routing table, the next hop address of the route destined for 172.16.1.0/24
is 200.1.1.2 and service flow is transmitted on the active link S9300-A → S9300-B.
Step 4 Enable BFD, and set the interval for sending packets, the interval for receiving packets, and the
local detection multiplier.
# Enable BFD on S9300-A and set the minimum interval for sending packets and the minimum
interval for receiving packets to 100 ms and the local detection multiplier to 4.
[S9300-A] bfd
[S9300-A-bfd] quit
[S9300-A] bgp 100
[S9300-A-bgp] peer 200.1.1.2 bfd enable
[S9300-A-bgp] peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4

# Enable BFD on S9300-B and set the minimum interval for sending packets and the minimum
interval for receiving packets to 100 ms and the local detection multiplier to 4.
[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B] bgp 200
[S9300-B-bgp] peer 200.1.1.1 bfd enable
[S9300-B-bgp] peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
# Display all BFD sessions set up by BGP on S9300-A.

<S9300-A> display bgp bfd session all
--------------------------------------------------------------------------------
Local_Address Peer_Address LD/RD Interface
200.1.1.1 200.1.1.2 8201/8201 Vlanif20
Tx-interval(ms) Rx-interval(ms) Multiplier Session-State
100 100 4 Up
--------------------------------------------------------------------------------

# Run the shutdown command on VLANIF20 of S9300-B to simulate faults on the active link.
# Check the BGP routing table on S9300-A.

<S9300-A> display bgp routing-table

*> 172.16.1.0/24 200.1.2.2 150 0 200i
According to the BGP routing table, the standby link S9300-A → S9300-C → S9300-B takes
effect after the active link fails. The next hop address of the route destined for 172.16.1.0/24
becomes 200.1.2.2.
----End
Configuration Files
#
sysname S9300-A
#
router id 1.1.1.1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif20
ip address 200.1.1.1 255.255.255.0
#


#
#
bgp 100
router-id 1.1.1.1
peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier
4
peer 200.1.1.2 bfd enable
#
ipv4-family unicast
#
return

#
sysname S9300-B
#
router id 2.2.2.2
#
vlan batch 20 30 40
#
bfd
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
#
#
#
bgp 200
router-id 2.2.2.2
peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier
4
peer 200.1.1.1 bfd enable
#
ipv4-family unicast
network 172.16.1.0 255.255.255.0
peer 9.1.1.2 enable
peer 200.1.1.1 route-policy toa export
#
route-policy toa permit node 10
apply cost 100

#
return

#
sysname S9300-C
#
router id 3.3.3.3
#
vlan batch 10 30
#
bfd
#
interface Vlanif10
ip address 200.1.2.2 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
#
#
bgp 200
router-id 3.3.3.3
#
ipv4-family unicast
peer 9.1.1.1 enable
peer 200.1.2.1 route-policy c2a export
#
route-policy c2a permit node 10
apply cost 150
#
return
Example for Configuring BGP Load Balancing and Setting the MED
As shown in Figure 5-33, all S9300s run BGP. S9300-A resides in AS 65008. Both S9300-B
and S9300-C reside in AS 65009. EBGP runs among S9300-A, S9300-B, and S9300-C. IBGP
runs between S9300-B and S9300-C.

Figure 5-33 Networking diagram of BGP route selection
S9300-B
GE1/0/1
EBGP
GE1/0/2
S9300-A GE1/0/1
AS 65009 IBGP
GE1/0/2
AS 65008 GE1/0/2
EBGP
GE1/0/1
S9300-C
1. Establish EBGP connections between S9300-A and S9300-B, and between S9300-A and
S9300-C; establish an IBGP connection between S9300-B and S9300-C.
2. Configure load balancing and set the MED on S9300-A and check the routing table.
Context
l Router IDs of S9300-A being 1.1.1.1, number of the AS where it resides being 65008, and
number of routes for load balancing being 2
l Router IDs of S9300-B and S9300-C being 2.2.2.2 and 3.3.3.3, number of the AS where
they reside being 65008, and default MED of S9300-B being 100

Procedure
Step 3 Establish an EBGP connection.
[S9300-A] bgp 65008
[S9300-A-bgp] quit
[S9300-B] bgp 65009
[S9300-B-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[S9300-B-bgp] quit
[S9300-C] bgp 65009
[S9300-C-bgp] ipv4-family unicast
[S9300-C-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[S9300-C-bgp-af-ipv4] quit
[S9300-C-bgp] quit



*> 9.1.1.0/24 200.1.1.1 0 0 65009i

* 200.1.2.1 0 0 65009i
According to the routing table, you can view that there are two valid routes destined for
9.1.1.0/24. The route whose next hop is 200.1.1.1 is the optimal route because the router ID of
S9300-B is smaller.
Step 4 Configure load balancing.
[S9300-A] bgp 65008
[S9300-A-bgp-af-ipv4] maximum load-balancing 2
[S9300-A-bgp] quit


*> 9.1.1.0/24 200.1.1.1 0 0 65009i

*> 200.1.2.1 0 0 65009i
According to the routing table, you can view that the BGP route 9.1.1.0/24 has two next hops
that are 200.1.1.1 and 200.1.2.1. Both of them are optimal routes.
Step 5 Set the MED.
# Set the MED sent from S9300-B to S9300-A through the policy.
[S9300-B] route-policy 10 permit node 10
[S9300-B] bgp 65009
[S9300-B-bgp] peer 200.1.1.2 route-policy 10 export


*> 9.1.1.0/24 200.1.2.1 0 0 65009i

* 200.1.1.1 100 0 65009i

According to the routing table, you can view that the MED of the next hop 200.1.1.1 (S9300-
B) is 100, and that of the next hop 200.1.2.1 is 0. Therefore, the route with the smaller MED is
selected.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 200.1.2.2 255.255.255.0
#
#
#
bgp 65008
router-id 1.1.1.1
#
ipv4-famlily unicast
maximum load-balancing 2
#
return

#
sysname S9300-B
#
vlan batch 10 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
#
#
bgp 65009
router-id 2.2.2.2
#
ipv4-family unicast

default med 100
network 9.1.1.0 255.255.255.0
peer 9.1.1.2 enable
peer 200.1.1.2 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 100
#
return

#
sysname S9300-C
#
vlan batch 20 30
#
interface Vlanif10
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
#
#
bgp 65009
router-id 3.3.3.3
#
ipv4-family unicast
network 9.1.1.0 255.255.255.0
peer 9.1.1.1 enable
#
return
Example for Configuring a BGP RR
As shown in Figure 5-34, S9300-A is a non-client. S9300-B is the RR of cluster 1. S9300-D
and S9300-E are two clients of cluster 1. Because the IBGP connection is created between
S9300-D and S9300-E, they do not need an RR. S9300-C is the RR of cluster 2. S9300-F,
S9300-G, and S9300-H are the clients of cluster 2.
It is required that the peer groups be used to simplify configuration and management.

Figure 5-34 Networking diagram for configuring a BGP RR
GE1/0/3 S9300-A
GE1/0/1 GE1/0/2
AS 65010
GE1/0/1 GE1/0/1 S9300-C S9300-H

GE2/0/1
S9300-B
GE1/0/2 GE1/0/2 GE1/0/1
GE1/0/3 GE1/0/4 GE1/0/3 GE1/0/4
Cluster1 Cluster2
GE1/0/1 GE1/0/1 GE1/0/1
GE1/0/1
GE1/0/2
GE1/0/2
S9300-D S9300-E S9300-F S9300-G
S9300-G GigabitEthernet1/0/1 VLANIF 80 10.1.8.2/24
S9300-H GigabitEthernet1/0/1 VLANIF 90 10.1.9.2/24

1. Establish IBGP connections between the client and the RR, and between the non-client and
the RR.
2. Configure route reflection on S9300-B and S9300-C, specify the client, and check the
routes.
Data Preparation
l Number of the AS where all S9300s reside being 65010
l Router IDs of S9300-A, S9300-B, S9300-C, S9300-D, S9300-E, S9300-F, S9300-G, and
S9300-H being 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6, 7.7.7.7, and 8.8.8.8
l ID of the cluster where S9300-B resides being 1 and ID of the cluster where S9300-C resides
being 2
Procedure
The configurations of S9300-B, S9300-C, S9300-D, S9300-E, S9300-F, S9300-G, and S9300-
H are the same as the configuration of S9300-A, and are not mentioned here.

Step 3 Establish IBGP connections between the clients and the RR, and between the non-clients and
the RR. The configuration details are not mentioned here.

Step 4 Configure S9300-A to advertise the local network route 9.1.1.0/24. The configuration details
Step 5 Configure the RR.
[S9300-B] bgp 65010
[S9300-B-bgp] group in_rr internal
[S9300-B-bgp] peer 10.1.4.2 group in_rr
[S9300-B-bgp] peer 10.1.5.2 group in_rr
[S9300-B-bgp-af-ipv4] peer in_rr reflect-client
[S9300-B-bgp-af-ipv4] undo reflect between-clients
[S9300-B-bgp-af-ipv4] reflector cluster-id 1
[S9300-B-bgp] quit
[S9300-C] bgp 65010
[S9300-C-bgp] group in_rr internal
[S9300-C-bgp] peer 10.1.7.2 group in_rr
[S9300-C-bgp] ipv4-family unicast
[S9300-C-bgp-af-ipv4] peer in_rr reflect-client
[S9300-C-bgp-af-ipv4] reflector cluster-id 2
[S9300-C-bgp-af-ipv4] quit
[S9300-C-bgp] quit
# Check the routing table of S9300-D.

[S9300-D] display bgp routing-table 9.1.1.0

Paths: 1 available, 0 best
BGP routing table entry information of 9.1.1.0/24:

From: 10.1.4.1 (2.2.2.2)
Original nexthop: 10.1.1.2
Convergence Priority:
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, internal, pre 255
Originator: 1.1.1.1
Cluster list: 0.0.0.1
Not advertised to any peers yet
According to the routing table, you can view that S9300-D has learned the route advertised by
S9300-A from S9300-B. You can also view the Originator and Cluster_ID of the route.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30 100
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#

interface Vlanif30
ip address 10.1.3.2 255.255.255.0
#
interface Vlanif100
ip address 9.1.1.1 255.255.255.0
#
#
#
#
bgp 65010
router-id 1.1.1.1
#
ipv4-family unicast
network 9.1.1.0 255.255.255.0
#
return
#
sysname S9300-B
#
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
#
interface Vlanif50
ip address 10.1.5.1 255.255.255.0
#
#
#
#
#
bgp 65010
router-id 2.2.2.2
group in_rr internal


peer 10.1.4.2 group in_rr
#
ipv4-family unicast
undo reflect between-clients
reflector cluster-id 1
peer in_rr enable
peer in_rr reflect-client
#
return
#
sysname S9300-C
#
vlan batch 20 30 70 80 90
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
#
interface Vlanif70
ip address 10.1.7.1 255.255.255.0
#
interface Vlanif80
ip address 10.1.8.1 255.255.255.0
#
interface Vlanif90
ip address 10.1.9.1 255.255.255.0
#
#
#
#
#
#
bgp 65010
router-id 3.3.3.3
group in_rr internal


#
ipv4-family unicast
peer in_rr enable
peer in_rr reflect-client
#
return

#
sysname S9300-D
#
vlan batch 40 60
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0
#
interface Vlanif60
ip address 10.1.6.1 255.255.255.0
#
#
#
bgp 65010
router-id 4.4.4.4
#
ipv4-family unicast
#
return
NOTE
The configuration files of other S9300s are similar to the configuration file of S9300-D, and are not
mentioned here.
Example for Configuring a BGP Confederation
As shown in Figure 5-35, several S9300s run BGP in AS 200. To reduce the number of IBGP
connections, divide AS 200 into three sub-ASs, namely AS 65001, AS 65002, and AS 65003.
In addition, IBGP connections are set up between the three S9300s in AS 65001.

Figure 5-35 Networking diagram for configuring a BGP confederation
AS 200
S9300-B S9300-C
AS 65002
GE1/0/1
GE1/0/1
AS 65003
AS 100 GE1/0/2
AS 65001
GE1/0/2 GE1/0/1
GE1/0/1 GE2/0/1 GE1/0/1
GE1/0/3 S9300-D
S9300-F S9300-A GE1/0/4 GE1/0/2
GE1/0/1 GE1/0/2
S9300-E
1. Configure the BGP confederation on each S9300 in AS 200.

2. Establish IBGP connections in AS 65001.
3. Establish EBGP connections between AS 100 and AS 200, and check the routes.

Data Preparation
l Router IDs of S9300-A, S9300-B, S9300-C, S9300-D, S9300-E, and S9300-F being
1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, and 6.6.6.6
l AS 100, AS 200, and three sub-AS numbers of AS 200 are 65001, 65002, and 65003
Procedure
[S9300-A] vlan batch 10 20 30 40 60
The configurations of S9300-B, S9300-C, S9300-D, S9300-E, and S9300-F are the same as the
configuration of S9300-A, and are not mentioned here.
The configurations of S9300-B, S9300-C, S9300-D, S9300-E, and S9300-F are the same as the
Step 3 Configure the BGP confederation.

[S9300-A] bgp 65001

[S9300-A-bgp] confederation id 200
[S9300-A-bgp] confederation peer-as 65002 65003
[S9300-A-bgp-af-ipv4] peer 10.1.1.2 next-hop-local
[S9300-A-bgp] quit
[S9300-B] bgp 65002
[S9300-B-bgp] confederation id 200
[S9300-B-bgp] confederation peer-as 65001 65003
[S9300-B-bgp] quit
[S9300-C] bgp 65003
[S9300-C-bgp] confederation id 200
[S9300-C-bgp] confederation peer-as 65001 65002
[S9300-C-bgp] quit
Step 4 Establish IBGP connection in AS 65001.

[S9300-A] bgp 65001
[S9300-D] bgp 65001
[S9300-D-bgp] router-id 4.4.4.4
[S9300-D-bgp] quit
[S9300-E] bgp 65001
[S9300-E-bgp] router-id 5.5.5.5
[S9300-E-bgp] peer 10.1.4.1 as-number 65001
[S9300-E-bgp] peer 10.1.5.1 as-number 65001
[S9300-E-bgp] quit
Step 5 Establish an EBGP connection between AS 100 and AS 200.

[S9300-A] bgp 65001
[S9300-A-bgp] quit
# Configure S9300-F.
[S9300-F] bgp 100
[S9300-F-bgp] router-id 6.6.6.6

[S9300-F-bgp] peer 200.1.1.1 as-number 200

[S9300-F-bgp] ipv4-family unicast
[S9300-F-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[S9300-F-bgp-af-ipv4] quit
[S9300-F-bgp] quit

# Check the BGP routing table of S9300-B.
[S9300-B] display bgp routing-table

*>i 9.1.1.0/24 10.1.1.1 0 100 0 (65001) 100i

[S9300-B] display bgp routing-table 9.1.1.0


From: 10.1.1.1 (1.1.1.1)
Relay Nexthop: 0.0.0.0
Convergence Priority: 0
AS-path (65001) 100, origin igp, MED 0, localpref 100, pref-val 0, valid, exter
nal-confed, best, pre 255
# Check the BGP routing table of S9300-D.

[S9300-D] display bgp routing-table

*>i 9.1.1.0/24 10.1.3.1 0 100 0 100i

[S9300-D] display bgp routing-table 9.1.1.0


From: 10.1.3.1 (1.1.1.1)
Relay Nexthop: 0.0.0.0
Convergence Priority: 0
AS-path 100, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best,
pre 255
----End

Configuration Files
#
sysname S9300-A
#
vlan batch 10 20 30 40 60
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
#
interface Vlanif60
ip address 200.1.1.1 255.255.255.0
#
#
#
#
#
#
bgp 65001
router-id 1.1.1.1
confederation id 200
confederation peer-as 65002 65003
#
ipv4-family unicast
peer 10.1.1.2 next-hop-local
#
return

#
sysname S9300-B
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
bgp 65002
router-id 2.2.2.2
confederation id 200
confederation peer-as 65001 65003
#
ipv4-family unicast
#
return
5.2.6 Routing Policy Configuration

This chapter describes the concepts of the routing policy and the procedure for configuring the
routing policy, and provides examples for configuring the routing policy.
Example for Filtering the Received and Advertised Routes
As shown in Figure 5-36, S9300-A receives routes from the Internet, and provides some of the
routes for S9300-B on the network where OSPF runs. It is required that:
l S9300-A should provide 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24 for S9300-B.
l S9300-C should receive only 172.1.18.0/24. S9300-D should receive all routes provided
by S9300-B.
Figure 5-36 Networking diagram for filtering the received and advertised routes
S9300-C
GE1/0/1
S9300-B 172.1.16.0/24
172.1.17.0/24
GE1/0/2 GE1/0/1 172.1.18.0/24
GE1/0/3 GE1/0/1 172.1.19.0/24
172.1.20.0/24
S9300-A
OSPF
GE1/0/1
S9300-D

1. Specify the ID of the VLAN that each interface belongs to.

3. Configure basic OSPF functions on S9300-A, S9300-B, S9300-C, and S9300-D.
4. Configure static routes on S9300-A and import these routes into OSPF.
5. Configure a routing policy for advertising routes on S9300-A and check the filtering result
on S9300-B.
6. Configure a routing policy for receiving routes on S9300-C and check the filtering result
on S9300-C.
Data Preparation
l Five static routes imported by S9300-A

l S9300-A, S9300-B, S9300-C, and S9300-D located in Area 0, that is, the backbone area
l Name of the IP prefix list and routes to be filtered
Procedure
[S9300-A] vlan 10


Step 3 Configure basic OSPF functions.
[S9300-A] ospf
[S9300-B] ospf
[S9300-C] ospf
[S9300-D] ospf
Step 4 Configure five static routes on S9300-A, and import these routes into OSPF.
[S9300-A] ip route-static 172.1.16.0 24 NULL0
[S9300-A] ospf
[S9300-A-ospf-1] import-route static
# Check the routing table on S9300-B. You can view that the five static routes are imported into
OSPF.
[S9300-B] display ip routing-table
------------------------------------------------------------------------------

192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif30
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif20
172.1.16.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10

172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10

172.1.20.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
Step 5 Configure a routing policy for advertising routes.
# Configure an IP prefix list named a2b on S9300-A.

[S9300-A] ip ip-prefix a2b index 10 permit 172.1.17.0 24
# Configure a routing policy for advertising routes on S9300-A and use IP prefix list a2b to filter
routes.
[S9300-A] ospf
[S9300-A-ospf-1] filter-policy ip-prefix a2b export static
# Check the routing table on S9300-B, and you can find that S9300-B receives only three routes
defined in IP prefix list a2b.
------------------------------------------------------------------------------

192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif30
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif20
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
Step 6 Configure a routing policy for receiving routes.
# Configure an IP prefix list named in on S9300-C.

[S9300-C] ip ip-prefix in index 10 permit 172.1.18.0 24
# Configure a routing policy for receiving routes on S9300-C, and use IP prefix list in to filter
routes.
[S9300-C] ospf
[S9300-C-ospf-1] filter-policy ip-prefix in import
# Check the routing table on S9300-C, and you can find that S9300-C in the local core routing
table receives only one route defined in IP prefix list in.
[S9300-C] display ip routing-table
------------------------------------------------------------------------------

192.168.2.0/24 Direct 0 0 D 192.168.2.2 Vlanif20


172.1.18.0/24 O_ASE 150 1 D 192.168.2.1 Vlanif20
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
#
ospf 1
filter-policy ip-prefix a2b export static
import-route static
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
ip ip-prefix a2b index 10 permit 172.1.17.0 24
#
#
return

#
sysname S9300-B
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
#
#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255

network 192.168.3.0 0.0.0.255

#
return

#
sysname S9300-C
#
vlan batch 20
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
#
ospf 1
filter-policy ip-prefix in import
area 0.0.0.0
network 192.168.2.0 0.0.0.255
#
ip ip-prefix in index 10 permit 172.1.18.0 24
#
return

#
sysname S9300-D
#
vlan batch 30
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
#
return
Example for Applying a Routing Policy to the Imported Routes
As shown in Figure 5-37, S9300-B and S9300-A exchange the routing information through
OSPF; S9300-B and S9300-C exchange the routing information through IS-IS.
S9300-B is required to import IS-IS routes into OSPF and to use the routing policy to set the
route attributes. The cost of the route 172.17.1.0/24 is set to 100, and the tag of the route
172.17.2.0/24 is set to 20.

Figure 5-37 Networking diagram for applying a routing policy to the imported routes
S9300-B
S9300-A S9300-C GE1/0/1
GE1/0/1 GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
GE1/0/3
OSPF IS-IS
1. Specify the ID of the VLAN that each interface belongs to.
3. Configure basic IS-IS functions on S9300-B and S9300-C.
4. Configure OSPF on S9300-A and S9300-B and import IS-IS routes.
5. Configure a routing policy on S9300-B and apply the routing policy when OSPF imports
IS-IS routes, and check the routes.
Data Preparation
To complete the configuration, you need the following data.
l IS-IS level of S9300-C being Level-2 and system ID being 0000.0000.0001, IS-IS level of
S9300-B being Level-2, system ID being 0000.0000.0002, and number of the area where
S9300-B and S9300-C reside being 10
l S9300-A and S9300-B located in Area 0, that is, the backbone area
l Names of the filtering list and IP prefix list, cost of the route 172.17.1.0/24 being 100, and
tag of the route 172.17.2.0/24 being 20
Procedure
Step 1 Create a VLAN and add the corresponding interface to the VLAN.


[S9300-A] vlan 10
[S9300-A-vlan10] port GigabitEthernet 1/0/1
Step 3 Configure IS-IS.
[S9300-C] isis
[S9300-C-Vlanif20] isis enable
[S9300-B] isis
[S9300-B-Vlanif20] isis enable
Step 4 Configure OSPF and import routes.

# Configure S9300-A and enable OSPF.
[S9300-A] ospf
# Configure S9300-B, enable OSPF, and import IS-IS routes.

[S9300-B] ospf
[S9300-B-ospf-1] import-route isis 1
# Check the OSPF routing table of S9300-A, and you can view the imported routes.


Routing Tables
Routing for Network

192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0
Routing for ASEs

192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2
172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.1.2
172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2
Routing for NSSAs

Total Nets: 5
Step 5 Set the filtering list.

# Set ACL 2002 to match 172.17.2.0/24.
[S9300-B] acl number 2002
[S9300-B-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255
[S9300-B-acl-basic-2002] quit
# Set an IP prefix list named prefix-a to match 172.17.1.0/24.

[S9300-B] ip ip-prefix prefix-a index 10 permit 172.17.1.0 24
Step 6 Configure a Route-Policy.

[S9300-B] route-policy isis2ospf permit node 10
[S9300-B-route-policy] if-match ip-prefix prefix-a
[S9300-B-route-policy] if-match acl 2002
[S9300-B-route-policy] apply tag 20
Step 7 Apply the Route-Policy when routes are imported.

# Configure S9300-B and apply the Route-Policy when routes are imported.
[S9300-B] ospf
[S9300-B-ospf-1] import-route isis 1 route-policy isis2ospf
# Check the OSPF routing table of S9300-A, and you can view that the cost of the route with
the destination address as 172.17.1.0/24 is 100, and that the tag of the route destined for
172.17.2.0/24 is 20. Other routing attributes, however, do not change.

Routing Tables
Routing for Network
192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0
Routing for ASEs

192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2

172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.1.2

172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.1.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2
Routing for NSSAs

Total Nets: 5
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
vlan batch 10 20
#
acl number 2002
rule 5 permit source 172.17.2.0 0.0.0.255
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
isis enable 1
#
#
#
ospf 1
import-route isis 1 route-policy isis2ospf
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
route-policy isis2ospf permit node 10
if-match ip-prefix prefix-a
apply cost 100

#
if-match acl 2002
apply tag 20
#
#
ip ip-prefix prefix-a index 10 permit 172.17.1.0 24
#
return

#
sysname S9300-C
#
#
isis 1
is-level level-2
network-entity 10.0000.0000.0001.00
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 172.17.1.1 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.17.2.1 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.17.3.1 255.255.255.0
isis enable 1
#
#
#
#
#
return
Example for Configuring IP FRR on a Public Network
As shown in Figure 5-38, the backup outbound interface and the IP address of the backup next
hop need to be configured on S9300-T so that link B is configured as the backup of link A. When
link A fails, the traffic is quickly switched to link B.

Figure 5-38 Networking diagram for configuring IP FRR on a public network
Internet
192.168.1.1/24 100.55.1.1/24
Router-C Router-B
GE1/0/1 GE1/0/1
GE1/0/0 VLANIF 40 VLANIF 20 GE1/0/0
VLANIF30 VLANIF 10
S9300-C S9300-B
GE1/0/2 GE1/0/2
GE1/0/3 VALNIF70 VLANIF70 GE1/0/3
VLANIF50 VLANIF60
GE1/0/0 GE1/0/1
VLANIF50 VLANIF60
S9300-A
S9300-T GigabitEthernet1/0/0 VLANIF 50 172.16.1.1/24
1. Configure basic OSPF functions on each S9300.

2. Set greater costs on VLANIF 30 of S9300-T and VLANIF 40 of S9300-C so that OSPF
preferentially selects link A.
3. Configure a routing policy on S9300-T, configure the nexthop and backup outbound
interface, enable the IP FRR function on a public network, and check the information about
the backup outbound interface and the backup nexthop.
4. Check the information about the backup outbound interface and the backup next hop after
IP FRR is disabled.
Data Preparation
l Cost of the OSPF interface being 100
l Name of the routing policy, IP address of the backup next hop 192.168.20.2, and backup
outbound interface VLANIF 30
Procedure
Step 1 Assign an IP address to each interface.
The configuration details are not mentioned here.
Step 2 Configure OSPF on S9300-T, S9300-A, S9300-B, and S9300-C.
Step 3 Set the costs of OSPF interfaces.
# Set the cost on VLANIF 30 of S9300-T so that OSPF preferentially selects link A.
<S9300-T> system-view
[S9300-T] interface vlanif 30
[S9300-T-Vlanif30] ospf cost 100
# Set the cost on VLANIF 40 of S9300-C so that OSPF preferentially selects link A.
[S9300-C-Vlanif40] ospf cost 100
Step 4 Configure a routing policy and enable the IP FRR function.

# Configure a Route-Policy, an IP address of the backup next hop, and a backup outbound
interface on S9300-T.
[S9300-T] route-policy ip_frr_rp permit node 10
[S9300-T-route-policy] apply backup-nexthop 192.168.20.2
[S9300-T-route-policy] apply backup-interface vlanif 30
# Enable IP FRR on a public network.

[S9300-T] ip frr route-policy ip_frr_rp
Step 5 Check the information about a backup outbound interface and the IP address of the backup next
hop.
# Check the information about the backup outbound interface and the IP address of the backup
next hop on S9300-T.
<S9300-T> display ip routing-table verbose
Destination: 172.17.1.0/24

Protocol: OSPF Process ID: 1

Preference: 10 Cost: 3
NextHop: 192.168.10.2 Interface: Vlanif10
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Label: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
BkNextHop: 192.168.20.2 BkInterface: Vlanif30
BkLabel: 0 Tunnel ID: 0x0
SecTunnel ID: 0x0
State: Active Adv Age: 01h16m46s
Tag: 0
Step 6 When the IP FRR function is not required, run the undo ip frr command to disable the function.
[S9300-T] undo ip frr
Step 7 Check information about the backup outbound interface and the IP address of the backup next
hop after the IP FRR function is disabled.
<S9300-T> display ip routing-table verbose
SecTunnel ID: 0x0
BkNextHop: 0.0.0.0 BkInterface:
SecTunnel ID: 0x0
Tag: 0
----End
Configuration Files
l Configuration file of S9300-T
#
sysname S9300-T
#
vlan batch 10 30 50
#
ip frr route-policy ip_frr_rp
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.20.1 255.255.255.0
ospf cost 100
#
port defult vlan 50
#
port defult vlan 10
#
port defult vlan 30
#
ospf 1
area 0.0.0.0

network 192.168.10.0 0.0.0.255

network 192.168.20.0 0.0.0.255
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
route-policy ip_frr_rp permit node 10
apply backup-nexthop 192.168.20.2
apply backup-interface GigabitEthernet3/0/0
#
return
#
sysname S9300-A
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.11.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
#
return
#
sysname- S9300-B
#
vlan batch 30 40
#
interface Vlanif30
ip address 192.168.20.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.21.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
network 192.168.21.0 0.0.0.255
#
return
#
sysname S9300-C
#

vlan batch 20 40 60
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.11.1 255.255.255.0
#
interface Vlanif40
ip address 192.168.21.1 255.255.255.0
ospf cost 100
#
#
#
#
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
network 192.168.21.0 0.0.0.255
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
Example for Configuring IP FRR on a Private Network
As shown in Figure 5-39, the backup outbound interface and the IP address of the backup next
hop need to be configured on S9300-T so that link B is configured as the backup of link A. When
link A fails, the traffic is quickly switched to link B.
Figure 5-39 Networking diagram for configuring IP FRR on a private network

S9300-A
GE1/0/0 GE2/0/0
GE2/0/0 GE2/0/0
LinkA
GE1/0/0 GE1/0/0
S9300-T S9300-C
GE3/0/0 LinkB GE3/0/0
GE1/0/0 GE2/0/0
S9300-B

1. Configure basic OSPF functions on each S9300.
2. Create VPN 1 on S9300-T and bind VLANIF 10 and VLANIF 30 to VPN1; configure
OSPF multi-instance.
3. Set greater costs on VLANIF 30 of S9300-T and VLANIF 40 of S9300-C so that OSPF
preferentially selects link A.
4. Enable the IP FRR function for S9300-T on a private network.
Data Preparation
l VPN instance name being VPN 1 on S9300-T, route-distinguisher being 100:1, VPN-target
being 111:1, and area 0 and area 1 where OSPF is enabled
l OSPF costs of VLANIF 30 on S9300-T and VLANIF 40 on S9300-C being 100
Procedure
Step 2 Configure OSPF on S9300-A, S9300-B, and S9300-C.
Step 3 Create VPN 1 and OSPF multi-instance on S9300-T.
# Create VPN 1 on S9300-T and bind VLANIF 10 and VLANIF 30 to VPN 1.
[S9300-T] ip vpn-instance vpn1
[S9300-T-vpn-instance-vpn1] route-distinguisher 100:1
[S9300-T-vpn-instance-vpn1] vpn-target 111:1
[S9300-T-vpn-instance-vpn1] quit
[S9300-T-Vlanif10] ip binding vpn-instance vpn1
[S9300-T-Vlanif10] ip address 192.168.10.1 24

[S9300-T-Vlanif10] quit
[S9300-T-Vlanif30] ip binding vpn-instance vpn1
[S9300-T-Vlanif30] ip address 192.168.20.1 24
# Configure OSPF on S9300-T.

[S9300-T] ospf vpn-instance vpn1
[S9300-T-ospf-1] area 0
[S9300-T-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[S9300-T-ospf-1] area 1
Step 4 Set the costs of OSPF interfaces.

# Set the cost on VLANIF 30 of S9300-T so that OSPF preferentially selects link A.
[S9300-T-Vlanif30] ospf cost 100
# Set the cost on VLANIF 40 of S9300-C so that OSPF preferentially selects link A.
[S9300-C-Vlanif40] ospf cost 100
# Configure a Route-Policy, an IP address of the backup next hop, and a backup outbound
interface on S9300-T.
[S9300-T] route-policy ip_frr_rp permit node 10
[S9300-T-route-policy] apply backup-nexthop 192.168.20.2
[S9300-T-route-policy] apply backup-interface vlanif 30
Step 5 Enable IP FRR on a private network.

[S9300-T] ip vpn-instance vpn1
[S9300-T-vpn-instance-vpn1] ip frr route-policy ip_frr_rp
# Check information about the backup outbound interface and the IP address of the backup next
hop.
<S9300-T> display ip routing-table vpn-instance vpn1 verbose
SecTunnel ID: 0x0
BkNextHop: 192.168.20.2 BkInterface: Vlanif30
SecTunnel ID: 0x0
Tag: 0
Step 6 When the IP FRR function is not required, run the undo ip frr command to disable it.
[S9300-T-vpn-instance-vpn1] undo ip frr
Step 7 Check information about the backup outbound interface and the IP address of the backup next
hop after the IP FRR function is disabled.
<S9300-T> display ip routing-table vpn-instance vpn1 verbose
SecTunnel ID: 0x0


SecTunnel ID: 0x0
Tag: 0
----End
Configuration Files
l Configuration file of S9300-T
#
sysname S9300-T
#
vlan batch 10 30 50
#
ip vpn-instance vpn1
route-distinguisher 100:1
ip frr route-policy ip_frr_rp
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif10
ip binding vpn-instance vpn1
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.20.1 255.255.255.0
ospf cost 100
#
port defult vlan 50
#
port defult vlan 10
#
port defult vlan 30
#
ospf 1 vpn-instance vpn1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
#
route-policy ip_frr_rp permit node 10
apply backup-interface GigabitEthernet 3/0/0

#
sysname S9300-A
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.11.2 255.255.255.0
#


#
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
#
return
#
sysname S9300-B
#
vlan batch 30 40
#
interface Vlanif30
ip address 192.168.20.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.21.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
network 192.168.21.0 0.0.0.255
#
return
#
sysname S9300-C
#
vlan batch 20 60 40
#
interface vlanif60
ip address 172.17.1.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.11.1 255.255.255.0
#
interface vlanif40
ip address 192.168.21.1 255.255.255.0
ospf cost 100
#
#
#

#
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
network 192.168.21.0 0.0.0.255
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
5.3 Configuration Guide - Network Management

This document describes the configuration procedures and configuration examples of the SNMP,
RMON,NTP, LLDP, NQA, NetStream and Ping and Tracert features on the S9300. The
document provides guides to configure the network management functions of the S9300.
5.3.1 SNMP Configuration
This section describes the principle, basic functions, and advanced functions of the Simple
Network Management (SNMP) protocol
5.3.2 RMON and RMON2 Configuration
This chapter describes the principle and configuration examples of RMON and RMON2.
5.3.3 NTP Configuration
This chapter describes the fundamentals and application of the Network Time Protocol (NTP),
the configurations of NTP basic functions, and NTP verification function.
5.3.4 LLDP Configuration
This chapter describes the concepts, configuration procedures, and configuration examples of
the Link Layer Discovery Protocol (LLDP).
5.3.5 NQA Configuration
This chapter describes the principle of NQA and comparison between NQA and ping. It also
describes multiple types of NQA test and universal NQA parameters and provides typical
configuration examples.
5.3.1 SNMP Configuration

This section describes the principle, basic functions, and advanced functions of the Simple
Network Management (SNMP) protocol
Example for Configuring Basic SNMPv1 Functions
As shown in Figure 5-40, the NMS accesses the S9300 through SNMP and manages the
S9300.
Figure 5-40 Networking diagram for configuring basic SNMP functions

GE 1/0/0
VLANIF 100
1.1.1.2/24
NM Station
S9300 1.1.1.1/24

1. Assign IP addresses to interfaces.
2. Set the version of SNMP.
3. Set the SNMP community name.
Data Preparation
l IP addresses of interfaces
l SNMP version
l Community name
Procedure
Step 1 Configure IP addresses of the interfaces. The configuration procedure is not mentioned here.
Step 2 Set the version of SNMP.
NOTE
By default, the SNMP version is SNMPv3.
# Enter the system view, cancel the version number of SNMP used by the system.
[Quidway] sysname S9300
[S9300] undo snmp-agent sys-info version all
# Set the version of SNMP to v1.

[S9300] snmp-agent sys-info version v1
Step 3 Set the SNMP community name.

# Set the name of SNMP read community.
[S9300] snmp-agent community read public
# Set the name of SNMP write community.

[S9300] snmp-agent community write private

# Display the configured community names.
[S9300] display snmp-agent community
Community name:public
Group name:public
Storage-type: nonVolatile
Community name:private
Group name:private
----End

Configuration Files
The configuration file on the S9300 is as follows:
#
sysname S9300
#
vlan batch 100
#
interface Vlanif100
ip address 1.1.1.2 255.255.255.0
#
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100003598
snmp-agent community write write
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version v1
#
return
Example for Specifying an NMS to Manage the S9300
As shown in Figure 5-41, a reachable route exists between the NMS and the S9300. The IP
address of the NMS is 1.1.1.1/24; the interface connecting the S9300 to the network resides on
2.2.2.2/24. The S9300 can be remotely managed by the specified NMS.
To rectify faults quickly, you need to configure the contact method of the administrator and the
location information on the S9300.
The S9300 needs to monitor the status of batch statistics collection. If the statistics collection
fails, the S9300 should send a trap message to the NMS.
Figure 5-41 Networking diagram for specifying an NMS to manage the S9300
GE 1/0/0
VLANIF 100
2.2.2.2/24
IP Network
NM Station
S9300
1.1.1.1/24
1. Start the SNMP agent on the S9300.

2. Set the SNMP version.
3. Set the SNMP community name and access authority.

4. Set the contact information about the administrator and the physical location of the
S9300.
5. Configure the trap function.
6. Configure the NMS.
Data Preparation
l SNMP version
l Community name and access authority
l Administrator information and location of the S9300
l Number of an ACL
Procedure
Step 1 Configure the access control function of SNMP.
<S9300> system-view
# Enter the system view, cancel the version number of SNMP used by the system.
[S9300] undo snmp-agent sys-info version all
# Start the SNMP agent, and set the SNMP version to SNMPv2c.
[S9300] snmp-agent sys-info version v2c
# Set the community name and the access authority.

[S9300] snmp-agent community read public acl 2000
[S9300] snmp-agent community write private acl 2000
Step 2 Configure the SNMP maintenance information.

# Set the contact information about the administrator and the physical location of the S9300.
[S9300] snmp-agent sys-info contact Mr.Wang-Tel:21657
[S9300] snmp-agent sys-info location telephone-closet,2rd-floor
Step 3 Configure the ACL.

[S9300] acl 2000
[S9300-acl-basic-2000] rule permit source 1.1.1.1 0
Step 4 Configure the trap function.

[S9300] snmp trap enable
[S9300] snmp-agent target-host trap address udp-domain 1.1.1.1 params securityname
public v2c
Step 5 Configure the NMS.

Install the Huawei iManager N2000 DMS on the NMS, configure the SNMP function of the
iManager N2000 DMS, and then you can manage the S9300.
For the configuration and usage of the iManager N2000 DMS, refer to the HUAWEI iManager
N2000 DMS-Compound Package User Manual Volume II.
# Check the version information about SNMP and the maintenance information.

[S9300] display snmp-agent sys-info

The contact person for this managed node:
Mr.Wang-Tel:21657
The physical location of this node:
telephone-closet,2rd-floor
SNMP version running in the system:
SNMPv2c
# Check the community name.

[S9300] display snmp-agent community
Community name:public
Group name:public
Acl:2000
Community name:private
Group name:private
Acl:2000
# When a trap is generated, you can run the display trapbuffer command to view details about
the trap.
[S9300] display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwritten messages : 0
current messages : 1
#Feb 1 08:49:55 2009 S9300 ENTMIB/4/TRAP:1.3.6.1.2.1.47.2.0.1 Entity MIB change.
----End
Configuration Files
#
sysname S9300
#
vlan batch 100
#
acl number 2000
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000031E7
snmp-agent community read public acl 2000
snmp-agent community write private acl 2000
snmp-agent sys-info contact Mr.Wang-Tel:21657
snmp-agent sys-info location telephone-closet,2rd-floor
snmp-agent sys-info version v2c
snmp-agent target-host Trap address udp-domain 1.1.1.1 params securityname public
v2c
#
return

Example for Configuring Different NMSs to Access the S9300
As shown in Figure 5-42, reachable routes exist between NMS1 and the S9300, and between
NMS2 and the S9300. The IP address of the interface connecting NMS1 to the network is on
1.1.1.1/24; the IP address of the interface connecting NMS2 to the network is on 1.1.1.2/24. The
IP address of the Ethernet interface connecting the S9300 to the network is on 1.1.2.1/24.
By using the security feature of SNMPv3, configure NMS1 to completely control the network
and configure NMS2 to manage only the interfaces on the S9300.
Figure 5-42 Networking diagram for configuring different NMSs to access the S9300
GE 1/0/0
NMS 1
1.1.1.1/24 VLANIF 100
1.1.2.1/24
IP
Nework
S9300
NMS 2
1.1.1.2/24
1. Configure basic SNMP functions on the S9300, including enabling the SNMP agent and
setting the SNMP version.
2. Configure the access rights.
3. Configure the trap function.
4. Configure the NMS.
Data Preparation
l SNMP version
l User group name and user name
l Information about the MIB objects
l Passwords for authentication and encryption

Procedure
Step 1 Configure reachable routes between the S9300 and the NMSs. The configuration procedure is
not mentioned.
Step 2 Enable SNMPv3.
# Start the SNMP agent and set the SNMP version to SNMPv3.
<S9300> system-view
# View the version of SNMP.

[S9300] display snmp-agent sys-info version
SNMPv3
Step 3 Configure the access rights.
# Configure user group information.

[S9300] snmp-agent group v3 NMS1
[S9300] snmp-agent group v3 NMS2
# Configure the access view of the user group.

[S9300] snmp-agent group v3 NMS1 read-view c write-view c notify-view c
[S9300] snmp-agent group v3 NMS2 read-view b write-view b notify-view b
# Configure encryption and authentication for the user group.

[S9300] snmp-agent group v3 NMS1 privacy
[S9300] snmp-agent group v3 NMS2 privacy
# Configure user information.

[S9300] snmp-agent usm-user v3 test1 NMS1 authentication-mode md5 123 privacy-mode
des56 456
[S9300] snmp-agent usm-user v3 test2 NMS2 authentication-mode md5 123 privacy-mode
des56 456
# Configure the MIB view.

[S9300] snmp-agent mib-view include b interfaces
[S9300] snmp-agent mib-view include c iso
NOTE
The default view is internet, excluding snmpUsmMIB, snmpVacmMIB, and snmpModules.18. Modifying
the attributes of snmpUsmMIB, snmpVacmMIB, or snmpModules.18 will lead to security problem.
Step 4 Configure the trap function.

[S9300] snmp-agent trap enable
NMS1 v3
NMS2 v3


<S9300> display snmp-agent group
Group name: NMS1
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Group name: NMS1
Security model: v3 AuthPriv
Group name: NMS2
Readview: b
Writeview: b
Notifyview :b
Group name: NMS2
Security model: v3 AuthPriv
Storage-type: nonvolatile
# View information about the user.

<S9300> display snmp-agent usm-user
User name: test1
Engine ID: 000007DB7F000001000041BB active
User name: test2
Engine ID: 000007DB7F000001000041BB active
# Display the MIB view.

<S9300> display snmp-agent mib-view
View name:b
MIB Subtree:interfaces
Subtree mask:
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
View Type:included
View status:active
MIB Subtree:snmpUsmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpVacmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpModules.18
Subtree mask:
View Type:excluded
View status:active

# When a trap is generated, you can run the display trapbuffer command to view details about
the trap.
<S9300> display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwritten messages : 0
current messages : 1
#Feb 1 08:49:55 2009 S9300 ENTMIB/4/TRAP:1.3.6.1.2.1.47.2.0.1 Entity MIB change
----End
Configuration Files
#
sysname S9300
#
vlan batch 100
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent sys-info contact R&D Nanjing, Huawei Technologies co.,Ltd.
snmp-agent sys-info location Nanjing China
snmp-agent group v3 NMS1 read-view c write-view c notify-view c
snmp-agent group v3 NMS2 read-view b write-view b notify-view b
snmp-agent group v3 NMS1 privacy
snmp-agent group v3 NMS2 privacy
snmp-agent target-host trap address udp-domain 1.1.1.1 params securityname NMS1
v3
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname NMS2
v3
snmp-agent mib-view included b interfaces
snmp-agent mib-view included c iso
snmp-agent usm-user v3 test1 NMS1 authentication-mode md5 TV"8'@O_6I!PN<^R;_><IA!!
privacy-mode des56 a>;@2Y`MQRZS<EPZ].X-!!!! acl 2000
snmp-agent usm-user v3 test2 NMS2 authentication-mode md5 TV"8'@O_6I!PN<^R;_><IA!!
privacy-mode des56 a>;@2Y`MQRZS<EPZ].X-!!!! acl 2000
snmp-agent trap enable eth-trunk
snmp-agent trap enable l2service
snmp-agent trap enable bfd
snmp-agent trap enable bgp
snmp-agent trap enable static-lsp
snmp-agent trap enable te tunnel-reop
snmp-agent trap enable te te-frr
snmp-agent trap enable te te-frr private
snmp-agent trap enable te hot-standby
snmp-agent trap enable te ordinary
snmp-agent trap enable te state-change-private
snmp-agent trap enable te bandwidth-change
snmp-agent trap enable mpls-oam

snmp-agent trap enable l3vpn

snmp-agent trap enable l2-multicast
snmp-agent trap enable efm
snmp-agent trap enable dldp
snmp-agent trap enable loop-detection
snmp-agent trap enable license
snmp-agent trap enable lldp
snmp-agent trap enable ldp
snmp-agent trap enable svc
snmp-agent trap enable ccc
snmp-agent trap enable vpls
snmp-agent trap enable pw
snmp-agent trap enable kompella
snmp-agent trap enable eoam-1ag
snmp-agent trap enable tunnel-ps
snmp-agent trap enable configuration
snmp-agent trap enable system
snmp-agent trap enable standard
snmp-agent trap enable mstp
snmp-agent trap enable vrrp-group
snmp-agent trap enable port input-rate
snmp-agent trap enable port output-rate
snmp-agent trap enable ssh
snmp-agent trap enable flash
snmp-agent trap enable basetrap
#
return
Example for Configuring Different NMSs to Access the S9300 (Inform Mode)
As shown in Figure 5-43, reachable routes exist between NMS1 and the S9300, and between
NMS2 and the S9300. The IP address of the interface connecting NMS1 to the network is on
1.1.1.1/24; the IP address of the interface connecting NMS2 to the network is on 1.1.1.2/24. The
IP address of the Ethernet interface connecting the S9300 to the network is on 1.1.2.1/24.
By using the security feature of SNMPv3, configure NMS1 to completely control the network
and configure NMS2 to manage only the interfaces on the S9300.
The NMSs manage the S9300 remotely. The S9300 sends trap messages to the NMSs in Inform
mode.
Figure 5-43 Networking diagram for configuring different NMSs to access the S9300 (inform
mode)
GE 1/0/0
NMS 1 VLANIF 100
1.1.1.1/24
1.1.2.1/24
IP
Nework
S9300
NMS 2
1.1.1.2/24

1. Configure basic SNMP functions on the S9300, including enabling the SNMP agent and
setting the SNMP version.
2. Configure access rights.
3. Configure the Inform function.
4. Configure the NMSs.
Data Preparation
l SNMP version
l Information about the user group and users
l Information about the MIB objects
l Passwords for authentication and encryption
Procedure
Step 1 Configuring basic SNMP functions
# Enter the system view, start the SNMP agent, and set the SNMP version to SNMPv3.
[Quidway] S9300
Step 2 Configure the access rights.

# Configure user group information.
[S9300] snmp-agent group v3 test1 read-view a write-view a notify-view a
[S9300] snmp-agent group v3 test2 read-view b write-view b notify-view b
# Configure user information.

[S9300] snmp-agent usm-user v3 NMS1 test1 authentication-mode md5 123 privacy-mode
des56 456
[S9300] snmp-agent usm-user v3 NMS2 test2 authentication-mode md5 123 privacy-mode
des56 456
# Configure the MIB view.

[S9300] snmp-agent mib-view include a iso
[S9300] snmp-agent mib-view include b interfaces
NOTE
The default MIB view is internet, excluding snmpUsmMIB, snmpVacmMIB, or snmpModules.18.

Modifying the attributes of snmpUsmMIB, snmpVacmMIB, or snmpModules.18 may pose a threat to
network security.
Step 3 Configure the Inform function.

# Enable the trap function.
[S9300]snmp-agent trap enable

# Configure the S9300 to send trap messages to the NMSs in inform mode.
[S9300] snmp-agent target-host inform address udp-domain 1.1.1.1 params
securityname NMS1 v3
[S9300] snmp-agent target-host inform address udp-domain 1.1.1.2 params
securityname NMS2 v3
# View the version of SNMP.

<S9300> display snmp-agent sys-info
The contact person for this managed node:
R&D Nanjing, Huawei Technologies co.,Ltd.
The physical location of this node:

Nanjing China

SNMPv3
# View information about the user group.

<S9300> display snmp-agent group
Group name: test1
Readview: a
Writeview: a
Notifyview :a
Group name: test2

Readview: b
Writeview: b
Notifyview :b
Storage-type: nonvolatile
# View information about the user.

[S9300] display snmp-agent usm-user
User name: NMS1
Engine ID: 000007DB7FFFFFFF00005BD0 active
User name: NMS2

Engine ID: 000007DB7FFFFFFF00005BD0 active
# View information about the Inform mode.

<S9300> display snmp-agent inform
Global config: resend-times 3, timeout 15s, pending 39
Global status: current notification count 3
Target-host ID: VPN instance/IP-Address/Security name
-/1.1.1.1/NMS1:
Config: resend-times 3, timeout 15s
Status: retries 0, pending 0, sent 0, dropped 0, failed 0, confirmed 0
-/1.1.1.2/NMS2:

Config: resend-times 3, timeout 15s

Status: retries 0, pending 0, sent 0, dropped 0, failed 0, confirmed 0
----End
Configuration Files
#
sysname S9300
#
vlan batch 100
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
#
snmp-agent
snmp-agent sys-info contact R&D Nanjing, Huawei Technologies co.,Ltd.
snmp-agent sys-info location Nanjing China
snmp-agent group v3 test1 read-view a write-view a notify-view a
snmp-agent group v3 test2 read-view b write-view b notify-view b
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname NMS2
v3
snmp-agent target-host inform address udp-domain 1.1.1.1 params securityname NMS1
v3
snmp-agent mib-view included a iso
snmp-agent mib-view included b interfaces
snmp-agent usm-user v3 NMS1 test1 authentication-mode md5 TV"8'@O_6I!
PN<^R;_><IA!! privacy-mode des56 a>;@2Y`MQRZS<EPZ].X-!!!!
snmp-agent usm-user v3 NMS2 test2 authentication-mode md5 TV"8'@O_6I!
PN<^R;_><IA!! privacy-mode des56 a>;@2Y`MQRZS<EPZ].X-!!!!
snmp-agent trap enable eth-trunk
snmp-agent trap enable l2service
snmp-agent trap enable bfd
snmp-agent trap enable bgp
snmp-agent trap enable static-lsp
snmp-agent trap enable te tunnel-reop
snmp-agent trap enable te te-frr private
snmp-agent trap enable te hot-standby
snmp-agent trap enable te ordinary
snmp-agent trap enable te state-change-private
snmp-agent trap enable te bandwidth-change
snmp-agent trap enable mpls-oam
snmp-agent trap enable l3vpn
snmp-agent trap enable l2-multicast
snmp-agent trap enable efm
snmp-agent trap enable dldp
snmp-agent trap enable loop-detection
snmp-agent trap enable license
snmp-agent trap enable ldp
snmp-agent trap enable svc
snmp-agent trap enable ccc
snmp-agent trap enable vpls
snmp-agent trap enable pw
snmp-agent trap enable kompella
snmp-agent trap enable eoam-1ag

snmp-agent trap enable tunnel-ps

snmp-agent trap enable configuration
snmp-agent trap enable system
snmp-agent trap enable standard
snmp-agent trap enable mstp
snmp-agent trap enable vrrp-group
snmp-agent trap enable port input-rate
snmp-agent trap enable port output-rate
snmp-agent trap enable ssh
snmp-agent trap enable flash
#
return
Example for Configuring Batch Statistics Collection
As shown in Figure 5-44, if you configure the batch statistics collection on the S9300, the
S9300 is capable of uploading the statistics files in batches to the specified FTP server after
statistics collection completes.
Figure 5-44 Networking diagram for configuring the batch statistics collection
GE 1/0/1
VLANIF 100
2.2.2.1/24
IP Network
FTP Server S9300
1. Enable the function of batch statistics collection on the S9300.

2. Configure a statistics file, including statistics collection interval, statistics uploading
interval, period for reserving the statistics file, and the primary URL to which the statistics
file is uploaded.
3. Configure the statistics objects.
4. Enable the statistics file.
Data Preparation
l Connection between the remote FTP server and the S9300

l User name, password, and host name (or IP address) of the FTP server required by the
S9300

Procedure
Step 1 Enable the function of batch statistics collection on the S9300.
[S9300] bulk-stat enable
Info:Succeeded in enabling the bulk stat function.
Step 2 Configure a statistics file, including statistics collection interval, statistics uploading interval,
period for reserving the statistics file, and the primary URL to which the statistics file is uploaded.
# Set the statistics collection interval, the statistics uploading interval, and the period for
reserving the file named file1 to 10 minutes. Set the primary URL of the statistics file to FTP
mode.
[S9300] bulk-file file1
[S9300-bulk-file-file1] collect interval 10
[S9300-bulk-file-file1] transfer interval 10
[S9300-bulk-file-file1] transfer remain-time 10
[S9300-bulk-file-file1] transfer primary url ftp://user:pwd@server
Step 3 Configure the statistics objects.

# Collect statistics about a single object.
[S9300-bulk-file-file1] object 1.3.6.1.2.1.2.1.0 class single
# Collect statistics about a column of objects.

[S9300-bulk-file-file1] object 1.3.6.1.2.1.2.2.1.4 class column
Step 4 Enable the statistics file.

[S9300-bulk-file-file1] collect enable

Run the display bulk-stat command to view information about the module enabled with the
batch statistics collection function and the display bulk-stat filename command to view details
about the statistics file.
# View details about the file named file1.
[S9300] display bulk-stat file1
bulk file file1:
----------------------------------
storage: ephemeral
format: bulkASCII
collect interval: 10 min
transfer interval: 10 min
primary transfer URL: ftp://user:pwd@server
secondary transfer URL: NULL
transfer retry times: 5
file remain time: 10 min
status: ready
last transfer success time: NULL
last transfer fail time: NULL
total object number: 2
----------------------------------
index: 1
class: single
OID: 1.3.6.1.2.1.2.1.0
start index: NULL
instance number: NULL
----------------------------------
index: 2
class: column

OID: 1.3.6.1.2.1.2.2.1.4
start index: 0
instance number: 0
----------------------------------
----End
Configuration Files
#
sysname S9300
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
bulk-stat enable
#
bulk-file file1
collect interval 10
transfer interval 10
transfer remain-time 10
transfer primary url ftp://user:pwd@server
collect enable
object 1.3.6.1.2.1.2.1.0 class single
object 1.3.6.1.2.1.2.2.1.4 class column
#
return
5.3.2 RMON and RMON2 Configuration

This chapter describes the principle and configuration examples of RMON and RMON2.
Examples for Configuring RMON
As shown in Figure 5-45, the S9300 monitors the subnet connected to GE 3/0/0, including:
l Collecting real-time statistics and history statistics about traffic and various packets
l Monitoring traffic (in bytes) passing through the interface and records logs when the traffic
sent in one minute exceeds the set value
l Monitoring the broadcast and multicast packets on the subnet and generates traps for these
packets
The S9300 then automatically reports the traps to the NMS when the broadcast and
multicast streams on the subnet exceed the set value.

Figure 5-45 Networking diagram for configuring RMON

GE 1/0/0 GE 3/0/0
VLANIF 100 VLANIF 110
2.2.2.1/24 3.3.3.1/24
IP
Network
NMS
1.1.1.1/24
1. Configure the function of sending trap messages and set the group names by using SNMP
commands.
2. Enable the statistics function and configure the statistics table.
3. Configure the historyControlTable.
4. Configure the eventTable.
5. Configure the alarmTable and prialarmTable.
Data Preparation
l Interval for sampling data
l Threshold for triggering alarms
Procedure
Step 1 Configure a reachable route between the S9300 and the NMS. The configuration procedure is
not mentioned.
Step 2 Configure the S9300 to send trap messages to the NMS.
# Enable the function of sending trap messages through SNMP.
[S9300] snmp-agent trap enable
# Configure the function of sending trap messages to the specified NMS.

public
Step 3 Enable the statistics function.

# Enable the RMON statistics function on the interface.
[S9300] interface gigabitethernet 3/0/0
[S9300-GigabitEthernet3/0/0] rmon-statistics enable
# Configure the ethernetStatsTable.

NOTE
The interface enabled with the statistics function cannot be added to an Eth-trunk.
[S9300-GigabitEthernet3/0/0] rmon statistics 1 owner Test300
Step 4 Configure the historyControlTable.

# Sample the traffic on the subnet every 30 seconds and save the latest 10 history entries.
[S9300-GigabitEthernet3/0/0] rmon history 1 buckets 10 interval 30 owner Test300
[S9300-GigabitEthernet3/0/0] quit
Step 5 Configure the eventTable.

# Configure the S9300 to record logs for RMON event 1, and send trap messages to the NMS
for event 2.
[S9300] rmon event 1 log owner Test300
[S9300] rmon event 2 description forUseofPrialarm trap public owner Test300
Step 6 Configure the alarmTable.

# Set the sampling interval and set the threshold that triggers event 1.
[S9300] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1
falling-threshold 100 1 owner Test300
Step 7 Configure the prialarmTable.

# Configure RMON to perform sampling every 30 seconds for the total number of broadcast
and multicast packets in the ethernetStatsTable. If the delta sampled value is larger than the
maximum threshold value 1000 or less than the minimum threshold value 0, event 2 is triggered,
and trap messages are sent to the NMS.
[S9300] rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
sumofbroadandmulti 30 delta rising-threshold
1000 2 falling-threshold 0 2 entrytype forever owner Test300

# Check the effect of configurations. You can check traffic statistics on the subnet in real time.
<S9300> display rmon statistics gigabitethernet 3/0/0
Statistics entry 1 owned by Test300 is VALID.
Interface : GigabitEthernet3/0/0<ifEntry.402653698>
Received :
octets :142915224 , packets :1749151
broadcast packets :11603 , multicast packets:756252
undersized packets :0 , oversized packets:0
fragments packets :0 , jabbers packets :0
CRC alignment errors:0 , collisions :0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64 :150183 , 65-127 :150183 , 128-255 :1383
256-511:3698 , 512-1023:0 , 1024-1518:0
# Check the effect of configurations. Only the last sampling record is displayed through the
command lines. To display all the history records, you need special NMS software.
<S9300> display rmon history gigabitethernet 3/0/0
History control entry 1 owned by Test300 is VALID,
Samples Interface :GigabitEthernet3/0/0<ifEntry.402653698>
Sampling interval :30(sec) with 10 buckets max.
Lastest Sampling time :0days 00h:19m:43s
Latest sampled values:
Dropevents :0 , octets :645
Packets :7 , broadcast packets :7
multicast packets:0 , CRC alignment errors :0

undersize packets:6 , oversize packets :0

fragments :0 , jabbers :0
collisions :0 , utilization :0
# Verify the configuration.

<S9300> display rmon event
Event table 1 owned by Test300 is VALID.
Description: null.
Will cause log when triggered, last triggered at 0days 00h:24m:10s.
Description: forUseofPrialarm.
Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.
# View alarm information.

<S9300> display rmon alarm 1
Alarm table 1 owned by Test300 is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.6.1 <etherStatsBroadcastPkts.1>
Sampling interval : 30(sec)
Rising threshold : 500(linked with event 1)
Falling threshold : 100(linked with event 1)
When startup enables : risingOrFallingAlarm
Latest value : 1975
# View prialarm information.

<S9300> display rmon prialarm 1
Prialarm table 1 owned by Test300 is VALID.
Samples delta value: .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
Sampling interval : 30(sec)
Rising threshold : 1000(linked with event 2)
Falling threshold : 0(linked with event 2)
When startup enables : risingOrFallingAlarm
This entry will exist : forever.
Latest value : 16
# View event logs.

<S9300> display rmon eventlog
Generates eventLog 1.1 at 0days 00h:39m:30s.
Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
The NMS receives trap messages when the set prialarm variable exceeds the preset threshold.
----End
Configuration Files
#
sysname S9300
#
vlan batch 100 110
#
interface Vlanif100
ip address 2.2.2.1 255.255.255.0
#
interface Vlanif110
ip address 3.3.3.1 255.255.255.0
#
#

rmon-statistics enable
rmon statistics 1 owner Test300
rmon history 1 buckets 10 interval 30 owner Test300
#
rmon event 1 description null log owner Test300
rmon event 2 description forUseofPrialarm trap public owner Test 300
rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1 falling-
threshold 100 1 owner Test300
rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
sumofbroadandmulti 30
delta rising-threshold 1000 2 falling-threshold 0 2 entrytype forever owner
Test300
#
ip route-static 1.1.1.0 255.255.255.0 2.2.2.2
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF0000017C
snmp-agent target-host trap address udp-domain 1.1.1.1 params securityname public
#
return
Examples for Configuring RMON2
As shown in Figure 5-46, RMON2 needs to be configured on the S9300 to collect statistics of
IP packets on VLANIF 10.
RMON2 can monitor remote hosts through the SNMP NMS, or through command lines. This
example describes only command-line-based monitoring.
Figure 5-46 Networking diagram for configuring RMON2
COM
Console
IP Lan
Network
GE 2/0/0
vlanif 10
NM Station 10.1.1.1/24
1. Configure the hlHostControlTable.

2. Configure the protocolDirTable.

Data Preparation
l Index of the hlHostControlTable and the maximum items in the hlHostControlTable
l Protocol ID
Procedure
Step 1 Configure a VLAN and add GE 2/0/0 to the VLAN.
[Quidway] vlan 10
[Quidway-GigabitEthernet2/0/0] port hybrid pvid vlan 10
[Quidway-GigabitEthernet2/0/0] port hybrid untagged vlan 10
Step 2 Configure the VLANIF interface and assign an IP address to the VLANIF interface.
Step 3 Configure RMON2.

# Configure the hlHostControlTable. Set the index to 123, and the maximum number of entries
in the nlHostTable to 100.
[Quidway] rmon2 hlhostcontroltable index 123 datasource interface vlanif 10
maxentry 100 owner china status active
# Configure the protocolDirTable. The protocol ID currently supported is 8.0.0.0.1.0.0.8.0; the

value of parameter currently supported is 2.0.0; the value of host is suppurtedon (that is,
collecting traffic statistics for this protocol).
[Quidway] rmon2 protocoldirtable protocoldirid 8.0.0.0.1.0.0.8.0 parameter 2.0.0
descr IP host supportedon owner china status active

# View information about the nlHostTable.
<Quidway> display rmon2 nlhosttable hostcontrolindex 123
Abbreviation:
HIdx - hlHostControlIndex
PIdx - ProtocolDirLocalIndex
Addr - nlHostAddress
InPkts - nlHostInPkts
OutPkts - nlHostOutPkts
InOctes - nlHostInOctets
OutOctes - nlHostOutOctets
OutMac - nlHostOutMacNonUnicastPkts
ChgTm - nlHostTimeMark
CrtTm - nlHostCreateTime
HIdx PIdx Addr InPkts OutPkts InOctes OutOctes OutMac ChgTm CrtTm
123 1 10.1.1.3 0 78 0 10046 78 81489 40859
123 1 10.1.1.4 78 0 10046 0 0 81489 40859
# View the traffic of a host with the specified IP address.

<Quidway> display rmon2 nlhosttable hostcontrolindex 123 hostaddress 10.110.99.2
Abbreviation:

123 1 10.110.99.2 0 78 0 10046 78 81489 40859
# Set the value of the time filter to display the entries that meet the filtering condition.
<Quidway> display rmon2 nlhosttable hostcontrolindex 123 timemark 1000 hostaddress
10.1.1.1
Abbreviation:
123 1 10.1.1.1 0 78 0 10046 78 81489 40859
# Display the hlHostControlTable. You can view the number of added or deleted host entries
on the interface and the maximum number of entries in the nlHostTable.
<Quidway> display rmon2 hlhostcontroltable
Abbreviation:
index - hlhostcontrolindex
datasource - hlhostcontroldatasource
droppedfrm - hlhostcontrolnldroppedframes
inserts - hlhostcontrolnlinserts
Deletes - hlHostControlNlDeletes
maxentries - hlhostcontrolnlmaxdesiredentries
owner - hlhostcontrolowner
status - hlhostcontrolstatus
index datasource droppedfrm inserts eletes maxentries owner status
123 Vlanif10 0 19 0 100 China active
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
rmon2 protocoldirtable protocoldirid 8.0.0.0.1.0.0.8.0 parameter 2.0.0 descr ip
host supportedon owner china status active
rmon2 hlhostcontroltable index 123 datasource interface vlanif10 maxentry 100 owner
china status active
#
return

5.3.3 NTP Configuration

This chapter describes the fundamentals and application of the Network Time Protocol (NTP),
the configurations of NTP basic functions, and NTP verification function.
Example for Configuring NTP Authentication in Unicast Client/Server Mode
Figure 5-47 shows the diagram of NTP.
l S9300A functions as a unicast NTP server. The clock of S9300A is the master clock with
the stratum being 2.
l S9300B functions as a unicast NTP client. Its clock needs to be synchronized with the clock
of S9300A.
l S9300C and S9300D function as NTP clients of S9300B
l NTP authentication needs to be enabled.
Figure 5-47 Networking diagram for configuring the unicast client/server mode
VLANIF 1
10.0.0.2/24
VLANIF 1
2.2.2.2/24 VLANIF 2 VLANIF 1 S9300-C
IP Network
1.0.1.11/24 VLANIF 1
10.0.0.1/24 10.0.0.3/24
S9300-A S9300-B S9300-D
1. Configure S9300A as an NTP server and configure the master clock on S9300A.
2. Configure S9300B as an NTP client. S9300B synchronizes its clock with the clock of
S9300A.
3. Configure S9300C and S9300D to synchronize their clocks with the clock of S9300B.
4. Configure NTP authentication on S9300A, S9300B, S9300C, and S9300D.

NOTE
When configuring NTP authentication in unicast client/server mode, pay attention to the following
points:
l You must enable NTP authentication on the client before specifying the IP address of the NTP
server and authentication key to be sent to the server; otherwise, NTP authentication is not
performed before clock synchronization.
l To implement authentication successfully, configure both the server and the client.
Data Preparation
l IP address of the reference clock
l Stratum count of the NTP master clock
l Key ID
l Password
Procedure
1. Configure the IP addresses of the S9300s and ensure that the routes between them are
reachable.
Configure the IP addresses according to Figure 5-47 so that S9300A, S9300B, S9300C
and S9300D are routable.
The configuration procedure is not mentioned.
2. Configure a master NTP clock on S9300A and enable NTP authentication.
# On S9300A, set the clock as a master NTP clock with stratum being 2.
<S9300A> system-view
[S9300A] ntp-service refclock-master 2
# Enable NTP authentication on S9300A, configure the authentication key, and declare the
key to be reliable.
[S9300A] ntp-service authentication enable
[S9300A] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[S9300A] ntp-service reliable authentication-keyid 42
The authentication keys configured on the server and the client must be the same.
3. Configure S9300B as the NTP server and enable the NTP authentication.
# Enable NTP authentication on S9300B, configure the authentication key, and declare the
key to be reliable.
<S9300B> system-view
[S9300B] ntp-service authentication enable
[S9300B] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[S9300B] ntp-service reliable authentication-keyid 42
# # Configure S9300A to be the NTP server of S9300B and use the authentication key.
[S9300B] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
4. Specify the NTP server for S9300C.

# Configure S9300B as the NTP server of S9300C.
<S9300C> system-view
[S9300C] ntp-service authentication enable
[S9300C] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[S9300C] ntp-service reliable authentication-keyid 42
[S9300C] ntp-service unicast-server 10.0.0.1 authentication-keyid 42

5. Specify the NTP server for S9300D.

# Configure S9300B as the NTP server of S9300D.
<S9300D> system-view
[S9300D] ntp-service authentication enable
[S9300D] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[S9300D] ntp-service reliable authentication-keyid 42
[S9300D] ntp-service unicast-server 10.0.0.1 authentication-keyid 42
6. Verify the configuration.

After the configurations, S9300B can synchronize its clock with the clock of S9300A.
Check the NTP status of S9300B, and you can view that the status of the clock is
synchronized. This means that the synchronization is complete. The stratum of the clock
of S9300B is 3, one stratum lower than the clock stratum of S9300A.
[S9300B] display ntp-service status
clock stratum: 3
After the configurations, S9300C can synchronize its clock with the clock of S9300B.
Check the NTP status of S9300C, and you can view that the status of the clock is
of S9300C is 4, one stratum lower than the clock stratum of S9300B.
[S9300C] display ntp-service status
clock stratum: 4
Check the NTP status of S9300D, and you can see that the status of the clock is
of S9300C is 4, one stratum lower than the clock stratum of S9300B.
[S9300D] display ntp-service status
clock stratum: 4
Check the NTP status of S9300A.

[S9300A] display ntp-service status
clock stratum: 2
reference clock ID: LOCAL(0)


root delay: 0.00 ms
reference time: 12:01:48.377 UTC Mar 2 2006(C7B15D2C.60A15981)
Configuration Files
l Configuration file of S9300 A
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 %@ENC;8HX
\#Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
ntp-service refclock-master 2
#
return
l Configuration file of S9300 B

#
sysname S9300B
#
vlan batch 110 111

#
interface Vlanif110
ip address 1.0.1.11 255.255.255.0
#
interface Vlanif111
ip address 10.0.0.1 255.255.255.0
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
ntp-service authenticationenable
\#Q=^Q`MAF4<1!!
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
return


#
sysname S9300C
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.2 255.255.255.0
#
#
\#Q=^Q`MAF4<1!!
ntp-service unicast-server 10.0.0.1
#
return
l Configuration file of S9300 D

#
sysname S9300D
#
vlan batch 111
#
interface Vlanif111
ip address 10.0.0.3 255.255.255.0
#
#
\#Q=^Q`MAF4<1!!
#
return
Example for Configuring the Common NTP Peer Mode
As shown in Figure 5-48, three S9300s reside on the LAN.
l The clock of S9300C is the master clock and the clock stratum is 2.
l S9300C is the NTP server of S9300D. That is, S9300D is the client.
l S9300D is the passive peer of S9300E. That is, S9300E is the active end.

Figure 5-48 Networking diagram for configuring the NTP peer mode
S9300 C
GE 1/0/0
3.0.1.31/24
GE 1/0/0 GE 1/0/0
3.0.1.33/24 3.0.1.32/24
S9300 E S9300 D
1. Configure the clock on S9300C as the master clock. The clock on S9300D should be
synchronized to the clock on S9300C.
2. Configure S9300E and S9300D as the NTP peers so that S9300E should send clock
synchronization requests to S9300D.
3. The clocks on S9300C, S9300D and S9300E can be synchronized.
Data Preparation
l IP address of S9300C
l IP address of S9300D
Procedure
1. Configure IP addresses for S9300C, S9300D, and S9300E.
Configure an IP address for each interface according to Figure 5-48. After configurations,
the three S9300s can ping each other.
2. Configure the unicast NTP client/server mode.
# On S9300C, set the clock as a master NTP clock with stratum being 2.
[S9300C] ntp-service refclock-master 2
# Configure S9300C as the NTP server of S9300D.

[S9300D] ntp-service unicast-server 3.0.1.31
After the configurations, the clock of S9300D is synchronized with the clock of S9300C.

of S9300D is 3, one stratum lower than the clock stratum of S9300C.
clock stratum: 3
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)
3. Configure the unicast NTP peer mode.
# Configure S9300D as the passive peer of S9300E.
<S9300E> system-view
[S9300E] ntp-service unicast-peer 3.0.1.32
No master clock is configured on S9300E, so the clock on S9300E should be synchronized
to the clock on S9300D.
View the status of S9300E after clock synchronization.
Check the NTP status of S9300E, and you can see that the status of the clock is
of S9300E is 4, one stratum lower than the clock stratum of S9300D.
[S9300E] display ntp-service status
clock stratum: 4
reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)
Configuration Files
#
sysname S9300C
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.31 255.255.255.0
#
#
#
return
#
sysname S9300D

#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.32 255.255.255.0
#
#
#
return
l Configuration file of S9300 E
#
sysname S9300E
#
vlan batch 100
#
interface Vlanif100
ip address 3.0.1.33 255.255.255.0
#
#
ntp-service unicast-peer 3.0.1.32
#
return
Example for Configuring NTP Authentication in Broadcast Mode
As shown in Figure 5-49,
l S9300C and S9300D are on the same network segment; S9300A is on another network
segment; S9300F connects the two network segments.
l As the NTP broadcast server, S9300C uses the local clock as the NTP master clock, which
is a stratum-3 clock. S9300C sends broadcast packets through VLANIF 10, namely,
GE1/0/0.
l S9300D uses VLANIF 10, namely, GE1/0/0, to listen to the broadcast packets.
l S9300A uses VLANIF 20, namely, GE1/0/0, to listen to the broadcast packets.
l NTP authentication needs to be enabled.
Figure 5-49 Networking diagram for configuring the NTP broadcast mode
GE 1/0/0
VLANIF 10
GE 1/0/0 GE 1/0/0 3.0.1.31/24
GE 2/0/0
VLANIF 20 VLANIF 20 VLANIF 10
1.0.1.11/24 1.0.1.2/24 3.0.1.2/24 S9300C
GE 1/0/0
S9300A S9300F
VLANIF 10
3.0.1.32/24
S9300D

1. Configure S9300 C as the NTP broadcast server.
2. Configure S9300A and S9300D as the NTP broadcast clients.
3. Configure NTP authentication on S9300A, S9300C, and S9300D.
Data Preparation
l IP address of each interface
l IDs of VLANs to which the interfaces belong
l Authentication key and key ID
Procedure
1. Configure the IP addresses of the S9300s.
Configure the IP address of each interface according to Figure 5-49.
# Configure the IP address of the VLANIF interface on S9300C.
[S9300C] system-view
[S9300C] vlan 10
[S9300C-vlan10] quit
[S9300C-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[S9300C-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[S9300C-vlanif10] ip address 3.0.1.31 24
[S9300C-vlanif10] quit
# Configure the IP address of the VLANIF interface on S9300D.

[S9300D] system-view
[S9300D] vlan 10
[S9300D-Vlan10] quit
[S9300D] interface gigabitethernet 1/0/0
[S9300D-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[S9300D-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[S9300D-GigabitEthernet1/0/0] quit
[S9300D] interface vlanif 10
[S9300D-Vlanif10] ip address 3.0.1.32 24
[S9300D-Vlanif10] quit
# Configure the IP address of the VLANIF interface on S9300F.

[S9300F] system-view
[S9300F] vlan 10
[S9300F-Vlan10] quit
[S9300F] interface gigabitethernet 2/0/0
[S9300F-GigabitEthernet2/0/0] port hybrid pvid vlan 10
[S9300F-GigabitEthernet2/0/0] port hybrid untagged vlan 10
[S9300F-GigabitEthernet2/0/0] quit
[S9300F] interface vlanif 10
[S9300F-Vlanif10] ip address 3.0.1.2 24
[S9300F-Vlanif10 ]quit
[S9300F] vlan 20


[S9300F-vlanif20] ip address 1.0.1.2 24
[S9300F-vlanif20] quit
# Configure the IP address of the VLANIF interface on S9300A.

[S9300A] system-view
[S9300A] vlan 20
[S9300A-Vlan20] quit
[S9300A-GigabitEthernet1/0/0] port hybrid pvid vlan 20
[S9300A-GigabitEthernet1/0/0] port hybrid untagged vlan 20
[S9300A-vlanif20] ip address 1.0.1.11 24
[S9300A-vlanif20] quit
2. Configure the NTP broadcast server and enable NTP authentication.

# Configure the clock of S9300C as the NTP master clock with the stratum being 3.
# Enable NTP authentication.

[S9300C] ntp-service authentication enable
[S9300C] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[S9300C] ntp-service reliable authentication-keyid 16
# Configure S9300C as an NTP broadcast server. Broadcast packets are encrypted by using
the authentication key ID 16 and then sent through VLANIF 10.
[S9300C-vlanif10] ntp-service broadcast-server authentication-keyid 16
3. Configure S9300D, which resides on the same network segment with the server.
[S9300D] ntp-service authentication enable
[S9300D] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[S9300D] ntp-service reliable authentication-keyid 16
# Configure S9300D as the NTP broadcast client and configure S9300D to listen to NTP
broadcast packets through VLANIF 10.
[S9300D]interface vlanif 10
[S9300D-vlanif10] ntp-service broadcast-client
[S9300D-vlanif10] quit
After the configurations, the clock of S9300D is synchronized with the clock of S9300C.
4. Configure S9300A, which resides on different network segment from the server.
[S9300A] ntp-service authentication enable
[S9300A] ntp-service authentication-keyid 16 authentication-mode md5 Hello
[S9300A] ntp-service reliable authentication-keyid 16
# Configure S9300A as the NTP broadcast client and configure S9300A to listen to NTP
broadcast packets through VLANIF 20.
[S9300A]interface vlanif 20
[S9300A-vlanif20] ntp-service broadcast-client

After the configurations, the clock on S9300D can be synchronized to the clock on
S9300C, but the clock on S9300A cannot be synchronized

because S9300A and S9300C are on different network segments and S9300A cannot
receive the broadcast packets sent from S9300C.
clock stratum: 4
root delay: 0.00 ms
reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)
Configuration Files
#
sysname S9300A
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service broadcast-client
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
\#Q=^Q`MAF4<1!!
#
return
Configuration file of S9300 C

#
sysname S9300C
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
ntp-service broadcast-server authentication-keyid 16
#
#
\#Q=^Q`MAF4<1!!
#
return


#
sysname S9300D
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service broadcast-client
#
#
\#Q=^Q`MAF4<1!!
#
return
l Configuration file of S9300 F

#
sysname S9300F
#
vlan batch 10 20
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
Example for Configuring the Common NTP Multicast Mode
l S9300C and S9300D are on the same network segment; S9300A is on another network
segment; S9300F connects the two network segments.
l As the NTP multicast server, S9300C uses the local clock as the NTP master clock, which
is a stratum-2 clock. S9300C sends multicast packets through VLANIF 10, namely,
GE1/0/0.
l S9300D uses VLANIF 10, namely, GE1/0/0, to listen to the multicast packets.
l S9300A uses VLANIF 20, namely, GE1/0/0, to listen to the multicast packets.

Figure 5-50 Networking diagram for configuring the NTP multicast mode
GE 1/0/0
VLANIF 10
GE 1/0/0 GE 1/0/0 3.0.1.31/24
GE 2/0/0
VLANIF 20 VLANIF 20 VLANIF 10
1.0.1.11/24 1.0.1.2/24 3.0.1.2/24 S9300C
GE 1/0/0
S9300A S9300F
VLANIF 10
3.0.1.32/24
S9300D
1. Configure S9300C as the NTP multicast server.
2. Configure S9300A and S9300D as the NTP multicast clients.
Data Preparation
Procedure
1. Configure the IP addresses of the S9300s.
Configure the IP address of each interface according to Figure 5-50.
# Configure the IP address of the VLANIF interface on S9300C.
[S9300C] vlan 10
[S9300C-Vlan10] quit
[S9300C-Vlanif10] ip address 3.0.1.31 24
[S9300C-Vlanif10] quit
# Configure the IP address of the VLANIF interface on S9300D.

[S9300D] system-view
[S9300D] vlan 10
[S9300D-Vlan10] quit
[S9300D-Vlanif10] ip address 3.0.1.32 24
[S9300D-Vlanif10] quit

# Configure the IP address of the VLANIF interface on S9300F.

[S9300F] system-view
[S9300F] vlan 10
[S9300F-Vlanif10] quit
[S9300F] vlan 20
[S9300F-vlan20] quit
[S9300F-Vlanif20] quit
# Configure the IP address of the VLANIF interface on S9300A.

[S9300A] system-view
[S9300A] vlan 20
[S9300A-Vlanif20]ip address 1.0.1.11 24
[S9300A-Vlanif20]quit
2. Configure the NTP multicast server.

# Configure the clock of S9300C as the NTP master clock with the stratum being 2.
# Configure S9300C as the NTP multicast client and configure S9300C to sense NTP
multicast packets through VLANIF 10.
[S9300C-vlanif10] ntp-service multicast-server
3. Configure S9300D, which resides on the same network segment with the server.
# Configure S9300D as the NTP multicast client and configure S9300D to sense NTP
[S9300D-vlanif10] ntp-service multicast-client
[S9300D-vlanif10] quit
4. Configure S9300A, which resides on different network segment from the server.
# Configure S9300A as the NTP multicast client and configure S9300A to sense NTP
[S9300A-vlanif20] ntp-service multicast-client

After the configurations, the clock on S9300D can be synchronized to the clock on
S9300C, but the clock on S9300A cannot be synchronized

because S9300A and S9300C are on different network segments and S9300A cannot
receive the multicast packets sent from S9300C.
clock stratum: 3
reference time: 17:03:32.022 UTC Apr 25 2005(C61734FD.800303C0)
Configuration Files
#
sysname S9300A
#
vlan batch 20
#
interface vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service multicast-client
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
#
return

#
sysname S9300C
#
vlan batch 10
#
interface vlanif10
ip address 3.0.1.31 255.255.255.0
ntp-service multicast-server
#
#
return

#
sysname S9300D
#
vlan batch 10
#
interface vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service multicast-client
#


#
Return
Configuration file of S9300 F

#
sysname S9300F
#
vlan batch 10 20
#
interface vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface vlanif20
ip address 1.0.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 1.0.1.0 0.0.0.255
network 3.0.1.0 0.0.0.255
#
return
5.3.4 LLDP Configuration

the Link Layer Discovery Protocol (LLDP).
Example for Configuring LLDP
As shown in Figure 5-51, S9300-A and S9300-B are connected through the Ethernet interfaces.
Reachable routes exist between S9300-A and the NMS and between S9300-B and the NMS.
S9300-A and S9300-B need to obtain the status of each other through the LLDP protocol and
the NMS should locate S9300-A and S9300-B based on the management addresses to discover
the network topology. When a management address changes, LLDP is disabled globally, or
neighbor information changes, S9300-A and S9300-B should send LLDP traps to the NMS.

Figure 5-51 Networking diagram for configuring LLDP

NMS
SN
MP
MP
SN
10.10.10.1 10.10.10.2
LLDPDU
S9300-A S9300-B
LLDPDU packet
LLDP interface
SNMP packet
NMS: Network Management System
1. Enable the LLDP trap function on S9300-A and S9300-B.
2. Enable LLDP globally on S9300-A and S9300-B.
3. Configure the management addresses of S9300-A and S9300-B.
4. Configure the LLDP attributes of S9300-A and S9300-B.
Data Preparation
l The management address of S9300-A is 10.10.10.1, and the management address of
S9300-B is 10.10.10.2.
l The interval for sending LLDP packets is 60 seconds. The delay for sending LLDP packets
is 9 seconds. The delay for sending traps when neighbor information changes is 10 seconds.
Procedure
1. Enable the LLDP trap function on S9300-A and S9300-B.
[S9300-A] snmp-agent trap enable lldp
[S9300-B] snmp-agent trap enable lldp


[S9300-A] lldp enable
[S9300-B] lldp enable
3. Configure the management addresses of S9300-A and S9300-B.

[S9300-A] lldp management-address 10.10.10.1
[S9300-B] lldp management-address 10.10.10.2
4. Configure the LLDP attributes of S9300-A and S9300-B.

[S9300-A] lldp message-transmission interval 60
[S9300-A] lldp message-transmission delay 9
[S9300-A] lldp trap-interval 10
See the configuration of S9300-A.
# Check whether LLDP is enabled, whether the management addresses are configured,
whether the LLDP trap function is enabled, and whether the LLDP attributes are properly
set.
l Check the configuration of S9300-A.
[S9300-A] display lldp local
System
information
Chassis
type :macAddress
Chassis ID :00e0-
fc33-0011
System
name :S9303-119
System description :Quidway
S9303
Huawei Versatile Routing Platform
Software
VRP (R) Software, Version 5.50 (S9300
V100R002C00B010)
Copyright (c) 2003-2010 Huawei Technologies Co.,
Ltd
System capabilities
supported :bridge
System capabilities
enabled :bridge
LLDP Up time :2009/2/13
18:31:37
MED system information

Device class :Network Connectivity
(MED inventory information of master board)
HardwareRev :LE02SRUA VER.A
FirmwareRev :NC
SoftwareRev :Version 5.50 V100R001C02B010
SerialNum :NA
Manufacturer name :NA
Model name :NA
Asset tracking identifier :NA
LLDP enable status :enabled (default is disabled)

LldpMsgTxInterval :60 (default is 30s)

LldpMsgTxHoldMultiplier :4 (default is 4)
LldpReinitDelay :2 (default is 2s)
LldpTxDelay :9 (default is 2s)
LldpNotificationInterval :10 (default is 5s)
LldpNotificationEnable :enabled (default is disabled)
Management address :IP: 10.10.10.1
RemTablesLastChangeTime:0 days, 0 hours, 0 minutes, 0 seconds
RemTableInserts :0
RemTableDeletes :0
RemTableDrops :0
RemTablesAgeouts :0
Neighbors Total :1
Port information:
Interface GigabitEthernet1/0/1:
LLDP Enable Status :enabled (default is disabled)
Neighbors Total :1
Port ID subtype :interfaceName

Port ID :GigabitEthernet1/0/1
Port description :HUAWEI, Quidway Series, GigabitEthernet1/0/1 Interface
Port And Protocol vlan ID(PPVID) don't supported

Port vlan ID(PVID) :0
Protocol identity :STP RSTP/MSTP LACP EthOAM CFM
Auto-negotiation supported :Yes

Auto-negotiation enabled :Yes
OperMau :speed(1000)/duplex(Full)
Power port class :PD

PSE power supported :No
PSE power enabled :No
PSE pairs control ability:No
Power pairs :Unknown
Port power classification:Unknown
Link aggregation supported:No

Link aggregation enabled :No
Aggregation port ID :0
Maximum frame Size :1526
MED port information
Media policy type :Unknown

Unknown Policy :Yes
VLAN tagged :No
Media policy VlanID :0
Media policy L2 priority :0
Media policy Dscp :0
Power Type :Unknown

PoE PSE power source :Unknown
Port PSE Priority :Unknown
Port Available power value:0
# View the neighbor information of S9300-A.
<S9300-A> display lldp neighbor interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 has 1 neighbors:
Neighbor index : 1
Chassis type :macAddress
Chassis ID :00e0-fc33-0011
Port ID type :interfaceName

System name :S9300-D

System description :Quidway S9303
VRP (R) Software, Version 5.50 (S9300 V100R002C00SPC001)
Copyright (c) 2003-2009 Huawei Technologies Co., Ltd
System capabilities supported :bridge

System capabilities enabled :bridge
Management address type :ipV4
Management address : 10.10.10.4
Expired time :118s
Port VLAN ID(PVID) :1

VLAN name of VLAN 1: vlan1


Link aggregation supported:Yes

MED Device information

HardwareRev :LE01MCUA VER.A

FirmwareRev :NC
SoftwareRev :Version 5.50 V100R002C00SPC001
SerialNum :NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name :NA

Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown

l Check the configuration of S9300-B.

See the procedure for checking the configuration of S9300-A.
Configuration Files
#
sysname S9300-A
#
interface Ethernet0/0/0
ip address 10.10.10.1 255.255.255.0
#

lldp enable
#
#
lldp message-transmission interval 60
#
lldp message-transmission delay 9
#
lldp trap-interval 10
#
lldp management-address 10.10.10.1
#
return

#
sysname S9300-B
#
ip address 10.10.10.2 255.255.255.0
#
lldp enable
#
#
lldp message-transmission interval 60
#
lldp message-transmission delay 9
#
lldp trap-interval 10
#
#
return
Example for Configuring LLDP When an Eth-Trunk Is Used on a Network
As shown in Figure 5-52, S9300-A and S9300-B are connected through the Eth-Trunk. On each
S9300, three interfaces are added to the Eth-Trunk. In addition, two Eth-Trunk interfaces on
each S9300 should be able to send and receive LLDP packets, and thus the two S9300s can
obtain status information about each other. The other Eth-Trunk interface on each S9300 is
disabled from sending or receiving LLDP packets.
Figure 5-52 Networking diagram for configuring LLDP when an Eth-Trunk is used on the
network
GE 1/0/3 GE 2/0/3
GE 1/0/2 GE 2/0/2
10.10.10.1 10.10.10.2
S9300-A GE 1/0/1 Eth-Trunk1 GE 2/0/1 S9300-B

2. Configure the management addresses of S9300-A and S9300-B so that the NMS can
identify the S9300s.
3. Add the Ethernet interfaces of S9300-A and S9300-B to the Eth-Trunk.
4. Disable LLDP on the Eth-Trunk member interfaces of S9300-A and S9300-B.
Data Preparation
l Management address of S9300-A (10.10.10.1), and the management address of S9300-B
(10.10.10.2)
l Number of the Eth-Trunk that connects S9300-A and S9300-B, and the number of the
interfaces that are added to the Eth-Trunk
Procedure
2. Configure the management addresses of S9300-A and S9300-B so that the NMS can
identify the S9300s.
3. Add interfaces of S9300-A and S9300-B to the Eth-Trunk.

[S9300-A] interface eth-trunk 1
[S9300-A-Eth-Trunk1] quit
[S9300-A-GigabitEthernet1/0/1] eth-trunk 1
[S9300-B] interface eth-trunk 1
[S9300-B-Eth-Trunk1] quit
[S9300-B-GigabitEthernet2/0/1] eth-trunk 1

4. Disable LLDP on an Eth-Trunk interface on each of S9300-A and S9300-B.

[S9300-A-GigabitEthernet1/0/3] undo lldp enable
[S9300-B-GigabitEthernet2/0/3] undo lldp enable

# Check whether LLDP is enabled, whether the management address of LLDP is set, and
whether the LLDP status on the member interfaces of Eth-Trunk 1 is correct.
[S9300-A] display lldp local
System
information
Chassis
type :macAddress
Chassis ID :00e0-
fc33-0011
System
name :S9303-119
S9303
Software
V100R002C00B010)
Ltd
System capabilities
supported :bridge
System capabilities
enabled :bridge
18:31:37

LLDP Up time :2008/11/18 8:41:4

FirmwareRev :NC
SerialNum :NA
Model name :NA
RemTableInserts :1
RemTableDeletes :0

RemTableDrops :0
RemTablesAgeouts :0
Neighbors Total :2
Port information:
Neighbors Total :1






Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown

Neighbors Total :1






Link aggregation enabled :Yes

Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown


[S9300-A] display lldp local interface gigabitethernet 1/0/2
Neighbors Total :1


vlan name of vlan 1: vlan1




Link aggregation enabled :Yes

Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown



# Check whether the member interfaces are added to Eth-Trunk 1.
[S9300-A] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SIP-XOR-DIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 3
---------------------------------------------------------------------------
-----
PortName Status Weight
GigabitEthernet1/0/1 Up 1

Configuration Files
#
sysname S9300-A
#
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
interface Eth-Trunk1
#
eth-trunk 1
#
eth-trunk 1
#
eth-trunk 1
undo lldp enable
#
#
return

#
sysname S9300-B
#
ip address 10.10.10.2 255.255.255.0
#
lldp enable
#
#
eth-trunk 1
#
eth-trunk 1
#
eth-trunk 1
undo lldp enable

#
#
return
Example for Configuring LLDP When an Interface Has Multiple Neighbors
As shown in Figure 5-53, links exist among S9300-A, S9300-B, and S9300-C. The reachable
routes exist between S9300-A and the NMS, and between S9300-C and the NMS. S9300-A,
S9300-B, and S9300-C need to exchange LLDP packets through the links to obtain the status
of each other. In addition, the NMS can locate S9300-A and S9300-C based on the management
addresses to discover the network topology.
Figure 5-53 Networking diagram for configuring LLDP when an interface has multiple
neighbors
NMS
SNMP
SNMP
LLDPDU
S9300-D LL S9300-F
D
PD
U
LL
U
D
PD
LLDPDU
PD
D
S9300-E U
LL
10.10.10.1 10.10.10.2
10.10.10.3
S9300-A S9300-B S9300-C
LLDP interface SNMP packet
NMS: Network Management System LLDPDU packet
1. Enable LLDP globally on S9300-A, S9300-B, and S9300-C.

2. Configure the management addresses of S9300-A, S9300-B, and S9300-C so that the NMS
can identify the devices.

Data Preparation
l Management addresses of S9300-A, S9300-B, and S9300-C
Procedure
1. Enable LLDP globally on S9300-A, S9300-B, and S9300-C.
2. Configure the management addresses of S9300-A, S9300-B, and S9300-C.
[S9300-C] lldp management-address 10.10.10.3

# Check whether LLDP is enabled and whether the management address is configured on
each S9300.
<S9300-A> display lldp local
System
information
Chassis
type :macAddress
Chassis ID :00e0-
fc33-0011
System name :S9300-
A
S9303
Software
V100R002C00B010)
Ltd
System capabilities
supported :bridge
System capabilities
enabled :bridge
18:31:37


FirmwareRev :NC
SerialNum :NA
Model name :NA

RemTableInserts :0
RemTableDeletes :0
RemTableDrops :0
RemTablesAgeouts :0
Neighbors Total :1
Port information:
Neighbors Total :1






Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown


<S9300-A> display lldp neighbor interface gigabitethernet 1/0/1

GigabitEthernet1/0/1 has 1 neighbors:
Neighbor index : 1
Chassis type :macAddress
Chassis ID :00e0-fc33-0011
Port ID type :interfaceName
System name :S9300-D
System description :Quidway S9303
VRP (R) Software, Version 5.50 (S9300 V100R002C00SPC001)
Copyright (c) 2003-2009 Huawei Technologies Co., Ltd

Management address type :ipV4
Management address : 10.10.10.4
Expired time :118s
Port VLAN ID(PVID) :1

VLAN name of VLAN 1: vlan1



MED Device information

HardwareRev :LE01MCUA VER.A

FirmwareRev :NC
SoftwareRev :Version 5.50 V100R002C00SPC001
SerialNum :NA
Manufacturer name :HUAWEI TECH CO., LTD
Model name :NA

Unknown Policy :Yes
VLAN tagged :No
Power Type :Unknown



l Check the configuration of S9300-C.

Configuration Files
#
sysname S9300-A
#
ip address 10.10.10.1 255.255.255.0
#
lldp enable
#
#
return

#
sysname S9300-B
#
ip address 10.10.10.2 255.255.255.0
#
lldp enable
#
#
return

#
sysname S9300-C
#
ip address 10.10.10.3 255.255.255.0
#
lldp enable
#
#
return
5.3.5 NQA Configuration

This chapter describes the principle of NQA and comparison between NQA and ping. It also
describes multiple types of NQA test and universal NQA parameters and provides typical
configuration examples.
Context
NOTE
The NQA function of the S9300 is controlled by the license.

Generally, the NQA commands can be run on a new S9300, but the NQA function cannot take effect. To make
the NQA function of an S9300 effective, contact the Huawei regional office to buy the license.

Example for Configuring the ICMP Test
As shown in Figure 5-54, S9300 A and S9300 B must be connected at Layer 3 through the
VLANIF interface.
S9300 A functions as the NQA client to check whether S9300 B is reachable.
Figure 5-54 Networking diagram for configuring the ICMP test
S9300A S9300B
GE1/0/0 GE1/0/0
vlanif10 vlanif10
10.1.1.1/24 10.1.1.2/24
NQA agent
1. Perform the NQA ICMP test to check whether the route between the local end (S9300 A)
and the specified destination end (S9300 B) is reachable and check the RTT of a test packet.
Data Preparation
l Host address of S9300 B
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Configure S9300 A.
[S9300A] vlan 10
[S9300A] interface gigabitethernet1/0/0
# Configure S9300 B.
[S9300B] vlan 10
[S9300B-Vlan10] quit
[S9300B-GigabitEthernet1/0/0] port hybrid pvid vlan 10

[S9300B-GigabitEthernet1/0/0] port hybrid untagged vlan 10

Step 2 Configure the VLANIF interface and assign an IP address to the VLANIF interface.
[S9300A-Vlanif10] ip address 10.1.1.1 24
[S9300B-Vlanif10] ip address 10.1.1.2 24
Step 3 Enable the NQA client and create an NQA ICMP test.
[S9300A] nqa test-instance admin icmp
[S9300A-nqa-admin-icmp] test-type icmp
[S9300A-nqa-admin-icmp] destination-address ipv4 10.1.1.2
Step 4 Perform the test immediately.

[S9300A-nqa-admin-icmp] start now
Step 5 Verify the test result.

[S9300A-nqa-admin-icmp] display nqa results test-instance admin icmp
NQA entry(admin, icmp) :testFlag is inactive ,testtype is icmp
1 . Test 1 result The test is finished
Send operation times: 3 Receive response times: 3
Completion:success RTD OverThresholds number: 0
Attempts number:1 Drop operation number:0
Disconnect operation number:0 Operation timeout number:0
System busy operation number:0 Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Min Positive Jitter: 0 Min Negative Jitter: 0
Max Positive Jitter: 0 Max Negative Jitter: 0
Positive Jitter Num: 0 Negative Jitter Num: 0
Positive Jitter Sum: 0 Negative Jitter Sum: 0
Positive Jitter Square Sum: 0 Negative Jitter Square Sum: 0
Packet Loss: 0 Packet Loss Ratio: 0
Destination ip address:10.2.2.2
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 3/3
Average Single-Way Completion Time: 1
Last Good Probe Time: 2008-10-5 11:5:21.2
----End
Configuration Files
#
sysname S9300A
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 10.1.1.2

#
return

#
sysname S9300B
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
return
Example for Configuring the DHCP Test
As shown in Figure 5-55:
l S9300 functions as the DCHP client and Router functions as the DHCP server.
l The NQA DHCP test is used to check the time when the DHCP server assigns an IP address.
Figure 5-55 Networking diagram for configuring the DHCP test
S9300 Router
GE1/0/0 GE1/0/0
Vlanif10 Vlanif10
10.1.1.1/24 10.1.1.2/24
NQA agent DHCP Server
1. Enable DHCP snooping on the S9300.

2. Configure the S9300 as the NQA client.
3. Create and perform the DHCP test on the S9300 to check whether a connection can be set
up between the S9300 and the DHCP server and whether an IP address can be assigned.
Data Preparation
l Host address of the DHCP server

l Source interface
l Timeout interval

Procedure
Step 1 Configure the VLAN and VLANIF interface and assign an IP address to the interface.
Step 2 Enable DHCP snooping globally.
[Quidway] dhcp snooping enable
Step 3 Enable the NQA client and create an NQA DHCP test.
[Quidway] nqa test-instance admin dhcp
[Quidway-nqa-admin-dhcp] test-type dhcp
[Quidway-nqa-admin-dhcp] source-interface vlanif 10
[Quidway-nqa-admin-dhcp] timeout 20
Step 4 Perform the test.

[Quidway-nqa-admin-dhcp] start now

[Quidway-nqa-admin-dhcp] display nqa results test-instance admin dhcp
NQA entry(admin, dhcp) :testFlag is inactive ,testtype is dhcp
1 .Test 1 result The test is finished
----End
Configuration Files
l Configuration file of S9300
#
sysname quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin dhcp
test-type dhcp
timeout 20
source-interface vlanif10
#
return
Example for Configuring the FTP Download Test

l S9300 B functions as the FTP server.

l A user with the name user1 and the password hello intends to log in to the FTP server to
download the test.txt file.
Figure 5-56 Networking diagram for configuring the FTP download test
S9300A S9300B
GE1/0/0 GE1/0/0
Vlanif10 Vlanif10
10.1.1.1/24 10.1.1.2/24
FTP Client
1. Configure S9300 A as the NQA client.
2. Create and perform the FTP test on S9300 A to check whether a connection between
S9300 A and the FTP server can be set up and to check the time for downloading a file
from the FTP server.
Data Preparation
l IP address of the FTP server
l Source IP address for the test
l FTP user name and password
l Operation file of the FTP test
Procedure
Step 1 Configure the IP addresses of S9300 A and S9300 B. The configuration details are not mentioned
here.
Step 2 Configure S9300 B as the FTP server.
[S9300B] ftp server enable
[S9300B] aaa
[S9300B-aaa] local-user user1 password cipher hello
[S9300B-aaa] local-user user1 service-type ftp
[S9300B-aaa] local-user user1 ftp-directory cfcard:/
[S9300B-aaa] quit
Step 3 Configure an NQA FTP test on S9300 A.

[S9300A] nqa test-instance admin ftp
[S9300A-nqa-admin-ftp] test-type ftp
[S9300A-nqa-admin-ftp] destination-address ipv4 10.1.1.2
[S9300A-nqa-admin-ftp] source-address ipv4 10.1.1.1
[S9300A-nqa-admin-ftp] ftp-operation get
[S9300A-nqa-admin-ftp] ftp-username user1

[S9300A-nqa-admin-ftp] ftp-password hello

[S9300A-nqa-admin-ftp] ftp-filename test.txt

[S9300A-nqa-admin-ftp] start now

[S9300A-nqa-admin-ftp] display nqa results test-instance admin ftp
NQA entry(admin, ftp) :testFlag is inactive ,testtype is ftp
SendProbe:1 ResponseProb:1
Completion :success RTD OverThresholds number: 0
MessageBodyOctetsSum: 448 Stats errors number: 0
Operation timeout number: 0 System busy operation number:0
Drop operation number:0 Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 438/438/438
DataConnTime Min/Max/Average: 218/218/218
SumTime Min/Max/Average: 656/656/656
----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin ftp
test-type ftp
source-address ipv4 10.1.1.1
ftp-operation get
ftp-filename test.txt
ftp-username user1
ftp-password hello
#
return

#
sysname S9300B
#
vlan batch 100
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
FTP server enable
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory cfcard:/

#
return
Example for Configuring the FTP Upload Test
You are required to test the speed of uploading a file from S9300 C to the FTP server.
Figure 5-57 Networking diagram for configuring the FTP upload test
S9300A S9300B S9300C

GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
Vlanif10 Vlanif10 Vlanif20 Vlanif20

10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
FTP Client FTP Server
1. Configure S9300 A as the NQA client and the FTP client. Create and perform the FTP test
on S9300 A to check whether a connection between S9300 A and the FTP server can be
set up and to test the time for uploading a file to the FTP server.
2. A user with the name user1 and the password hello logs in to the FTP server to upload a
file whose size is 10k.
Data Preparation
l IP address of the FTP server

l Source IP address for the test
l FTP user name and password
l Size of the uploaded file
Procedure
Step 1 Configure reachable routes between S9300 A and S9300 B, between S9300 A and S9300 C, and
between S9300 B and S9300 C. The configuration details are not mentioned here.
Step 2 Configure S9300 C as the FTP server.

[S9300C] ftp-server enable
[S9300C] aaa
[S9300C-aaa] local-user user1 password cipher hello
[S9300C-aaa] local-user user1 service-type ftp

[S9300C-aaa] local-user user1 ftp-directory flash:

[S9300C-aaa] quit
Step 3 Configure an NQA FTP test on S9300 A and create a file of 10K bytes for uploading.
[S9300A] nqa test-instance admin ftp
[S9300A-nqa-admin-ftp] test-type ftp
[S9300A-nqa-admin-ftp] destination-address ipv4 10.2.1.2
[S9300A-nqa-admin-ftp] source-address ipv4 10.1.1.1
[S9300A-nqa-admin-ftp] ftp-operation put
[S9300A-nqa-admin-ftp] ftp-username user1
[S9300A-nqa-admin-ftp] ftp-password hello
[S9300A-nqa-admin-ftp] ftp-filesize 10

[S9300A-nqa-admin-ftp] start now

# Verify the NQA test result on S9300 A.
[S9300A-nqa-admin-ftp] display nqa results test-instance admin ftp
NQA entry(admin, ftp) :testFlag is inactive ,testtype is ftp
Completion :success RTD OverThresholds number: 0
MessageBodyOctetsSum: 10240 Stats errors number: 0
Operation timeout number: 0 System busy operation number:0
Drop operation number:0 Disconnect operation number: 0
CtrlConnTime Min/Max/Average: 657/657/657
DataConnTime Min/Max/Average: 500/500/500
SumTime Min/Max/Average: 1157/1157/1157
# On S9300 C, you can see that a file named nqa-ftp-test.txt is added.

<S9300C> dir
Directory of flash:/
0 -rw- 331 Feb 06 2009 18:34:34 private-data.txt

1 -rw- 10240 Feb 06 2009 18:37:06 nqa-ftp-test.txt
2540 KB total (1536 KB free)
----End
Configuration Files
#
sysname S9300A
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin ftp
test-type ftp
source-address ipv4 10.1.1.1
ftp-operation put
ftp-filesize 10
ftp-username user1

ftp-password hello
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
FTP server enable
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
#
#
aaa
local-user user1 password cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
local-user user1 service-type ftp
local-user user1 ftp-directory flash:
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
Example for Configuring the HTTP Test
As shown in Figure 5-58, S9300 is connected to the HTTP server through a WAN.

Figure 5-58 Networking diagram for configuring the HTTP test

HTTP Server
10.2.1.1/24
S9300
10.1.1.2/24
GE1/0/0 IP
Network
Vlanif10
10.1.1.1/24
2. Create and perform the HTTP test on the S9300 to check whether the a connection between
the S9300 and the HTTP server can be set up and to check the time for transferring a file
between them.
Data Preparation
l Host address of the HTTP server
l HTTP operation type
Procedure
Step 1 Configure a VLAN and add an interface to the VLAN. Create a VLANIF interface and assign
an IP address to the VLANIF interface.
Step 2 Enable the NQA client and create an NQA HTTP test.
[Quidway] nqa test-instance admin http
[Quidway-nqa-admin-http] test-type http
[Quidway-nqa-admin-http] destination-address ipv4 10.2.1.1
[Quidway-nqa-admin-http] http-operation get
[Quidway-nqa-admin-http] http-url www.huawei.com

[Quidway-nqa-admin-http] start now

[Quidway-nqa-admin-http] display nqa results test-instance admin http
NQA entry(admin, http) :testFlag is inactive ,testtype is http
Completions: success RTD OverThresholds number: 0
MessageBodyOctetsSum: 0 TargetAddress: 10.2.1.1
DNSQueryError number: 0 HTTPError number: 0

TcpConnError number : 3 System busy operation number:0

DNSRTT Sum/Min/Max:0/0/0 TCPConnectRTT Sum/Min/Max: 0/0/0
TransactionRTT Sum/Min/Max: 11/3/4 RTT Sum/Min/Max: 18/5/7
DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0
----End
Configuration Files
Configuration file of S9300
#
sysname quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin http
test-type http
http-operation get
http-url www.huawei.com
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
Example for Configuring the DNS Test
As shown in Figure 5-59, S9300 functions as the DNS client to access the host whose IP address
is 10.2.1.1/24 through a domain named server.com.
Figure 5-59 Networking diagram for configuring the DNS test

server.com
10.2.1.1/24
S9300
GE1/0/0 10.1.1.2/24 IP
Network
Vlanif100
10.1.1.1/24
DNS Server
10.3.1.1/24

2. Create and perform the DNS test on the S9300 to check whether a connection between the
S9300 and the DNS server can be set up and to check the speed of responding to an address
resolution request.
Data Preparation
l IP address of the DNS server
l Name of the host to be accessed
Procedure
Step 1 Configure reachable routes between S9300 A and the DNS server, between S9300 A and the
host to be accessed, and between the DNS server and the host to be accessed. The configuration
details are not mentioned here.
Step 2 Create an NQA DNS test.
[Quidway] dns server 10.3.1.1
[Quidway] nqa test-instanc admin dns
[Quidway-nqa-admin-dns] test-type dns
[Quidway-nqa-admin-dns] dns-server ipv4 10.3.1.1
[Quidway-nqa-admin-dns] destination-address url server.com

[Quidway-nqa-admin-dns] start now

[Quidway] display nqa results test-instance admin dns
NQA entry(admin, dns) :testFlag is inactive ,testtype is dns
Destination ip address: 10.3.1.1
----End
Configuration Files
Configuration file of S9300
#
sysname Quidway
#
dns server 10.3.1.1
#
vlan batch 100

#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
ip route-static 10.3.1.0 255.255.255.0 10.1.1.2
#
return
Example for Configuring the Traceroute Test
The traceroute test is used to check the IP address of the VLANIF 110 interface of S9300 C on
S9300 A.
Figure 5-60 Networking diagram for configuring the traceroute test

S9300A S9300B S9300C
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
2. Create and perform the traceroute test on S9300 A to check the statistics on each hop from
S9300 A to S9300 C.
Data Preparation
l Destination address for the traceroute test
Procedure
Step 2 Create an NQA traceroute test on S9300 A and set the destination IP address to 10.2.1.2.
[S9300A] nqa test-instance admin trace

[S9300A-nqa-admin-trace] test-type trace

[S9300A-nqa-admin-trace] destination-address ipv4 10.2.1.2

[S9300A-nqa-admin-trace] start now

# Verify the NQA test result on S9300 A.
[S9300A-nqa-admin-trace] display nqa results test-instance admin trace
NQA entry(admin, trace) :testFlag is inactive ,testtype is trace
Completion:success Attempts number:1
Drop operation number:0
Last good path Time:2006-8-5 14:38:58.5
1 . Hop 1
RTD OverThresholds number: 0
2 . Hop 2
----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin trace
test-type trace
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#

interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
Example for Configuring the SNMP Query Test
As shown in Figure 5-61, SNMP agent is enabled on S9300 C. The NQA SNMP query test is
used to measure the time from sending an SNMP query packet to receiving an Echo packet.
Figure 5-61 Networking diagram for configuring the SNMP query test
S9300A S9300B S9300C
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
SNMP Agent
2. Create and perform the SNMP query test on S9300 A.
3. Enable SNMP agent on S9300 C.
Data Preparation

l Host address of the SNMP agent
Procedure
Step 2 Enable SNMP agent on S9300 C.
[S9300C] snmp-agent
Step 3 Create an SNMP query test on S9300 A.

[S9300A] nqa test-instance admin snmp
[S9300A-nqa-admin-snmp] test-type snmp
[S9300A-nqa-admin-snmp] destination-address ipv4 10.2.1.2

[S9300A-nqa-admin-snmp] start now

[S9300A-nqa-admin-snmp] display nqa results test-instance admin snmp
NQA entry(admin, snmp) :testFlag is inactive ,testtype is snmp
----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin snmp
test-type snmp
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
#

vlan batch 100 110

#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
snmp-agent
#
return
Example for Configuring the TCP Test
As shown in Figure 5-62, the NQA TCP Private test is used to obtain the time for setting up a
TCP connection between S9300 A and S9300 B.
Figure 5-62 Networking diagram for configuring the TCP test
S9300A S9300B S9300C

GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
NQA Server
1. Configure S9300 A as the NQA client and configure S9300 C as the NQA server.

2. Configure the monitoring port number on the NQA server and create an NQA TCP test on
the NQA client.
Data Preparation
l Host address of the server
l Port number used to monitor the TCP service on the server
Procedure
Step 2 Configure the NQA server on S9300 C.
# Configure the IP address and port number used to monitor TCP connections on the NQA server.
[S9300C] nqa-server tcpconnect 10.2.1.2 9000
Step 3 # Configure S9300 A.

# Enable the NQA client and create a TCP Private test.
[S9300A] nqa test-instance admin tcp
[S9300A-nqa-admin-tcp] test-type tcp
[S9300A-nqa-admin-tcp] destination-address ipv4 10.2.1.2
[S9300A-nqa-admin-tcp] destination-port 9000

[S9300A-nqa-admin-tcp] start now

[S9300A-nqa-admin-tcp] display nqa results test-instance admin tcp
NQA entry(admin, tcp) :testFlag is inactive ,testtype is tcp
----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0

#
#
nqa test-instance admin tcp
test-type tcp
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
nqa-server tcpconnect 10.2.1.2 9000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
Example for Configuring the UDP Test
As shown in Figure 5-63, the NQA UDP Public test is used to obtain RTT of a UDP packet
transmitted between S9300 A and S9300 C.

Figure 5-63 Networking diagram for configuring the UDP test
S9300A S9300B S9300C

GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
Vlanif100 Vlanif100 Vlan110 Vlanif110
10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
NQA Server
2. Configure the monitoring port number on the NQA server and create an NQA UDP Public
test on the NQA client.
Data Preparation
l Port number used to monitor the UDP service on the server
Procedure
# Configure the IP address and UDP port number monitored by the NQA server.
[S9300C] nqa-server udpecho 10.2.1.2 6000

# Enable the NQA client and create a UDP Public test.
[S9300A] nqa test-instance admin udp
[S9300A-nqa-admin-udp] test-type udp
[S9300A-nqa-admin-udp] destination-address ipv4 10.2.1.2
[S9300A-nqa-admin-udp] destination-port 6000

[S9300A-nqa-admin-udp] start now

[S9300A-nqa-admin-udp] display nqa results test-instance admin udp
NQA entry(admin, udp) :testFlag is inactive ,testtype is udp


----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin udp
test-type udp
destination-address port 6000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
nqa-server udpecho 10.2.1.2 6000
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1

#
return
Example for Configuring the Jitter Test
As shown in Figure 5-64, the NQA Jitter test needs to be used to obtain the jitter time of
transmitting a packet from S9300 A to S9300 C. S9300 A and S9300 C synchronize the clock
from S9300 B so that the test precision is improved.
NOTE
For information about clock synchronization, see "NTP" in the Quidway S9300 Terabit Routing Switch
Feature Description - Network Management.
Figure 5-64 Networking diagram for configuring the Jitter test

S9300A S9300B S9300C
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
NQA Server
1. Configure S9300 C as the NTP client and configure S9300 B as the NTP server.
3. Configure the service type and port number monitored by the NQA server.
4. Create and perform the NQA Jitter test on the NQA client.
Data Preparation

l Port number used to monitor the UDP service on the server
Procedure
# Configure the IP address and UDP port number monitored by the NQA server.


# Enable the NQA client and create an NQA Jitter test.
[S9300A] nqa test-instance admin jitter
[S9300A-nqa-admin-jitter] test-type jitter
[S9300A-nqa-admin-jitter] destination-address ipv4 10.2.1.2
[S9300A-nqa-admin-jitter] destination-port 9000

[S9300A-nqa-admin-jitter] start now

[S9300A-nqa-admin-jitter] display nqa results test-instance admin jitter
NQA entry(admin, jitter) :testFlag is inactive ,testtype is jitter

SendProbe:60 ResponseProbe:60
Completion:success RTD OverThresholds number:0
OWD OverThresholds SD number:0 OWD OverThresholds DS number:0
Min/Max/Avg/Sum RTT:1/98/8/461 RTT Square Sum:23037
NumOfRTT:60 Drop operation number:0
System busy operation number:0 Operation timeout number:0
Min Positive SD:1 Min Positive DS:1
Max Positive SD:96 Max Positive DS:8
Positive SD Number:15 Positive DS Number:8
Positive SD Sum:172 Positive DS Sum:18
Positive SD Square Sum :9868 Positive DS Square Sum :86
Min Negative SD:1 Min Negative DS:1
Max Negative SD:20 Max Negative DS:10
Negative SD Number:18 Negative DS Number:8
Negative SD Sum:163 Negative DS Sum:28
Negative SD Square Sum :2519 Negative DS Square Sum :194
Max Delay SD:49 Max Delay DS:48
Min Delay SD:0 Min Delay DS:0
Avg Delay SD:3 Avg Delay DS:3
Packet Loss SD:0 Packet Loss DS:0
Packet Loss Unknown:0 Average of Jitter:7
Average of Jitter SD:10 Average of Jitter DS:2
jitter out value:5.1291060 jitter in value:0.6602845
NumberOfOWD:60 OWD SD Sum:206
OWD DS Sum:195 RTT average: 8
Packet Loss Ratio: 0 MOS-CQ value:0.00
ICPIF value:0
----End
Configuration Files
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance admin jitter
test-type jitter

#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
#
sysname S9300B
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
#
#
#
return
#
sysname S9300C
#
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
#
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
Example for Configuring the MAC Ping Test
l CFM is enabled on S9300 A and S9300 B.
l MAs and MDs are configured on S9300 A and S9300 B.
The NQA MAC Ping test is used to test the connectivity between S9300 A and S9300 B.
Figure 5-65 Networking diagram for configuring the MAC Ping test
NQA Client
GE2/0/1 GE2/0/1
S9300A S9300B

2. Configure S9300 B as the NQA server.
3. Create a MAC Ping test on S9300 A.
Data Preparation
l IP address and mask of the NQA server
Procedure
Step 1 Configure the MA and MD between S9300 A and S9300 B.
[S9300A]cfm enable
[S9300A]cfm md test
[S9300A-md-test]ma test
[S9300A-md-test-ma-test]map vlan 11
[S9300A-md-test-ma-test]mep mep-id 11 interface GigabitEthernet2/0/1 outward
[S9300A-md-test-ma-test]quit
[S9300A-md-test]quit
[S9300A]
[Quidway]system-view
[S9300B]cfm enable
[S9300B]cfm md test
[S9300B-md-test]ma test
[S9300B-md-test-ma-test]map vlan 12
[S9300B-md-test-ma-test]mep mep-id 12 interface GigabitEthernet2/0/1 outward
[S9300B-md-test-ma-test]quit
[S9300B-md-test]quit
[S9300B]
Step 2 # Enable the NQA client and create a MAC Ping test for a common tunnel on S9300 A.
[S9300A]nqa test-instance admin macping
[S9300A-nqa-admin-macping]test-type macping
[S9300A-nqa-admin-macping]md test ma test
[S9300A-nqa-admin-macping]destination-address mac 00e0-fc88-aaaa

[S9300A-nqa-admin-macping] start now

[S9300A-nqa-admin-macping] display nqa results test-instance admin macping
NQA entry(admin, macping) :testFlag is inactive ,testtype is macping
Completion:success RTD OverThresholds number:0


NumberOfOWD:0 OWD SD Sum:0
OWD DS Sum:0 RTT average: 0
Packet Loss Ratio: 0 MOS-CQ value:0.00
ICPIF value:0
----End
Configuration Files
#
sysname S9300A
#
vlan batch 11
#
#
cfm enable
#
cfm md test
ma test
map vlan 11
mep mep-id 11 interface GigabitEthernet2/0/1 outward
#
nqa test-instance admin macping
test-type macping
destination mac 00e0-fc01-aaaa
md test ma test
#
return
#
sysname S9300B
#
vlan batch 11
#
#
cfm enable
#
cfm md test
ma test
map vlan 11
mep mep-id 12 interface GigabitEthernet2/0/1 outward
#
return

Example for Configuring the LSP Ping Test for a Common Tunnel
l The OSPF protocol runs on S9300 A, S9300 B, and S9300 C. The three S9300s learn the
32-bit host routes on their loopback interfaces.
l MPLS and MPLS LDP are enabled on S9300 A, S9300 B, and S9300 C.
l MPLS and MPLS LDP are enabled on VLANIF interfaces connected to S9300 A, S9300
B, and S9300 C to trigger the establishment of an LDP LSP.
The NQA LSP Ping test needs to be performed to check the connectivity of the LSP between
S9300 A and S9300 C.
Figure 5-66 Networking diagram for configuring the LSP Ping test
area 0
Loopback1 Loopback1 Loopback1

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0

S9300A 10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
S9300C
S9300B

2. Configure S9300 C as the NQA server.
3. Create an LSP Ping test on S9300 A.
Data Preparation
l Host address and mask of the NQA server

Procedure
# Enable the NQA client and create an LSP Ping test for a common tunnel.
[S9300A] nqa test-instance admin lspping
[S9300A-nqa-admin-lspping] test-type lspping
[S9300A-nqa-admin-lspping] lsp-type ipv4
[S9300A-nqa-admin-lspping] destination-address ipv4 3.3.3.9 lsp-masklen 32

[S9300A-nqa-admin-lspping] start now

[S9300A-nqa-admin-lspping] display nqa results test-instance admin lspping
NQA entry(admin, lspping) :testFlag is inactive ,testtype is lspping
----End
Configuration Files
#
sysname S9300A
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#

ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
nqa test-instance admin lspping
test-type lspping
destination-address ipv4 3.3.3.9 lsp-masklen 32
#
return
#
sysname S9300B
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname S9300C
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#

interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
Return
Example for Configuring the LSP Jitter Test for a Common Tunnel
l MPLS and MPLS LDP are enabled on S9300 A, S9300 B, and S9300 C.
l MPLS and MPLS LDP are enabled on POS interfaces connected to S9300 A, S9300 B,
and S9300 C to trigger the establishment of an LDP LSP.
The NQA LSP Ping test is used to check the connectivity of the LSP between S9300 A and
S9300 C.
Figure 5-67 Networking diagram for configuring the LSP Jitter test
area 0
Loopback
Loopback1 Loopback1
2.2.2.9/32 1
3.3.3.9/32
1.1.1.9/32
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0

S9300A 10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24 S9300C
S9300B

Create an LSP Jitter test on S9300 A.

Data Preparation
l Host address and mask of the NQA server
Procedure
Step 2 Configure S9300 A as the NQA client.
# Enable the NQA client and configure the LDP LSP Ping test.
[S9300A] nqa test-instance admin lspjitter
[S9300A-nqa-admin-lspjitter] test-type lspjitter
[S9300A-nqa-admin-lspjitter] lsp-type ipv4
[S9300A-nqa-admin-lspjitter] destination-address ipv4 3.3.3.9 lsp-masklen 32 lsp-
loopback 127.0.0.1

[S9300A-nqa-admin-lspjitter] start now

[S9300A-nqa-admin-lspjitter] display nqa results test-instance admin lspjitter
Completion :success RTD OverThresholds number:0
Min Positive SD:0 Max Positive SD:0
Positive SD Number:0 Positive SD Sum:0
Positive SD Square Sum :0 Min Negative SD:0
Max Negative SD:1 Negative SD Number:1
Negative SD Sum:1 Negative SD Square Sum :1
Packet Loss Unknown:0 Average of Jitter SD:1
jitter out value:0.0162967
----End
Configuration Files
#
sysname S9300A
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#

interface LoopBack1
undo shutdown
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
nqa test-instance admin lspjitter
test-type lspjitter
destination-address ipv4 3.3.3.9 lsp-masklen 32 lsp-loopback 127.0.0.1
#
return
#
sysname S9300B
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
undo shutdown
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname S9300C
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp

#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
Return
Example for Configuring the LSP Traceroute Test for the TE Tunnel
l MPLS, MPLS TE, and MPLS RSVP-TE are enabled on S9300 A, S9300 B, and S9300 C.
l MPLS, MPLS TE, and MPLS RSVP-TE are enabled on the POS interfaces connected
toS9300 A, S9300 B, and S9300 C to set up a TE tunnel from S9300 A to S9300 C.
The NQA LSP traceroute test is used to test the TE tunnel.
Figure 5-68 Networking diagram for configuring the LSP traceroute test
area 0

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0

S9300A 10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24 S9300C
S9300B
1. Configure S9300 A as the NQA client. Create an LSP traceroute test on S9300 A.

Data Preparation
l LSP TE tunnel interface number
Procedure
Step 2 Enable MPLS RSVP-TE on S9300 A, S9300 B, and S9300 C. The configuration details are not
mentioned here.
Step 3 Configure a TE tunnel on S9300 A to connect S9300 C. The configuration details are not
mentioned here.
Step 4 Create an NQA test on S9300 A.
# Enable the NQA client and configure the LSP traceroute test for the TE tunnel.
[S9300A] nqa test-instance admin lsptracert
[S9300A-nqa-admin-lsptracert] test-type lsptracert
[S9300A-nqa-admin-lsptracert] lsp-type te
[S9300A-nqa-admin-lsptracert] lsp-tetunnel tunnel 1/0/0

[S9300A-nqa-admin-lspjitter] start now

[S9300A-nqa-admin-lspjitter] display nqa results test-instance admin lspjitter
NQA entry(admin, lsptrace) :testFlag is inactive ,testtype is lsptrace
1 . Hop 1
2 . Hop 2
----End
Configuration Files
#
sysname S9300A

#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 10000
mpls te max-reservable-bandwidth 5000
mpls rsvp-te
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
interface Tunnel1/0/0
undo shutdown
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 3.3.3.9
mpls te tunnel-id 100
mpls te bandwidth bc0 3000
mpls te commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
mpls-te enable
#
nqa test-instance admin lspjitter
test-type lspjitter
lsp-type te
lsp-tetunnel Tunnel1/0/0
#
return
#
sysname S9300B
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
#
vlan batch 100 110
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif110
ip address 10.2.1.1 255.255.255.0
mpls
mpls te


mpls rsvp-te
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
mpls-te enable
#
return

#
sysname S9300C
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
#
vlan batch 110
#
interface Vlanif110
ip address 10.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
mpls-te enable
#
Return

Example for Checking Reserved Multicast Group Members on a Network Segment

Through the MPing Test
As shown in Figure 5-69, S9300 A, S9300 B, and S9300 F are connected to a shared network
segment. OSPF runs on the interface connecting S9300 A to the network segment. This test is
performed to check the S9300s that run OSPF IGP on this network segment.
You need to reserve the multicast group 224.0.0.5 to present all the OSPF IGP S9300s on this
segment. Then the MPing function is used to check whether any network device on this segment
uses the IP address of the reserved multicast group.
Figure 5-69 Networking diagram of the MPing reserved group
S9300B S9300A
GE3/0/0 GE3/0/0
Vlanif100 Vlanif100
11.1.6.2/24 11.1.6.3/24
GE3/0/0
Vlanif100
11.1.6.1/24
S9300F
1. Configure S9300 A as the NQA client and create an NQA MPing test whose group IP
address is 224.0.0.5 and outgoing interface is VLANIF 100.
3. Perform the test and view the test result. If S9300 A receives responses from S9300 B and
S9300 F, it indicates that OSPF also runs on the interfaces of S9300 B and S9300 F.
Data Preparation
l Test instance name: admin mping
l IP address of the reserved group: 224.0.0.5
Procedure
Step 1 Configure an NQA MPing test on S9300 A.
[S9300A] nqa test-instance admin mping
[S9300A-nqa-admin-mping] test-type mping

[S9300A-nqa-admin-mping] destination-address ipv4 224.0.0.5

[S9300A-nqa-admin-mping] source-interface vlanif 100

[S9300A-nqa-admin-mping] display nqa-agent verbose
NQA Tests Max:2000 NQA Tests Num:1
NQA Concurrent Requests Max:1000 NQA Concurrent Requests Num:0
NQA Jitter Concurrent Max:5 NQA Jitter Concurrent Num:0
NQA icmp Concurrent Max:50 NQA icmp Concurrent Num:0
NQA Trace Concurrent Max:50 NQA Trace Concurrent Mum:0
1 NQA entry(admin, mping):
test type:mping current flag:inactive
current status:no start current completion:no result
start at: no start time end at: no end time
nqa status: normal
configuration:
test-type mping
source-interface vlanif 100

[S9300A-nqa-admin-mping] start now

From the displayed information, you can find that the multicast group 224.0.0.5 has two
members, 11.1.6.2 (S9300 B) and 11.1.6.1 (S9300 F). It indicates that OSPF also runs on
S9300 B and S9300 F.
[S9300A-nqa-admin-mping] display nqa results test-instance admin mping
NQA entry(admin, mping) :testFlag is inactive ,testtype is mping

Completions: success Timeouts number: 0
Drops number: 0 TargetAddress: 224.0.0.5
ProbeResponses number: 6 SentProbes number: 3
SequenceErrors: 0 Busies: 0
1 . Receiver 1
CompletionTime Min/Max/Sum: 10/80/100
Sum2CompletionTime: 6600
LastGoodProbe time: 2009-02-20 11:6:40.2
RecevierAddress: 11.1.6.2
2 . Receiver 2
CompletionTime Min/Max/Sum: 10/80/130
Sum2CompletionTime: 8100
LastGoodProbe time: 2009-02-20 11:6:40.2
RecevierAddress: 11.1.6.1
----End
Configuration Files
Configuration file of S9300 A
#
sysname S9300A
#
vlan batch 100
#
interface Vlanif100
ip address 11.1.6.3 255.255.255.0
#
#
ospf 1

area 0.0.0.0
network 11.1.6.0 0.0.0.255
#
nqa admin mping
test-type mping
source-interface vlanif100
#
return
Example for Checking Performance of Multicast Services on a Network Through

the MPing Test
As shown in Figure 5-70, OSPF runs between S9300s and unicast routes are normal. The PIM-
DM multicast function is deployed on the network. This test is performed to check whether every
S9300 can process the multicast data normally.
You need to enable the MPing function to create certain multicast traffic from the IP address of
a common group, and then to trigger a multicast spanning tree. Then each S9300 is checked to
ensure that correct multicast routing entries exist. The NQA MPing test is used to implement
MPing.
Figure 5-70 Networking diagram of the MPing for common group addresses
Loopback0
S9300E 2.2.2.2/32
GE3/0/0
Vlanif120 GE3/0/0
11.1.2.2/24 Vlanif120
GE2/0/0 11.1.2.1/24
Vlanif130 GE1/0/0
Vlanif110
GE2/0/0 11.1.4.2/24
Vlanif130 11.1.5.2/24 GE1/0/0
Vlanif110
11.1.4.1/24 S9300D 11.1.5.1/24
S9300B S9300A
GE3/0/0 GE3/0/0
Vlanif140 Vlanif140
11.1.6.2/24 11.1.6.3/24
GE3/0/0
Vlanif140 GE1/0/0
11.1.6.1/24 Vlanif150
11.1.7.2/24
S9300F

1. Add VLANIF 150 of S9300 F to the multicast group 225.0.0.1.

2. Configure S9300 E as the NQA client and create an MPing test on it. Set the group address
to 225.0.0.1.
4. Perform the test and view the test result.
5. Check whether multicast routing entries are correctly generated on each S9300 and whether
the multicast forwarding tree is correctly set up.
Data Preparation
l Test instance name: admin mping
l IP address of the common group: 225.0.0.1
Procedure
Step 1 Add VLANIF 150 of S9300 F to the multicast group 225.0.0.1.
<S9300F> system-view
[S9300F] interface Vlanif 150
[S9300F-Vlanif150] igmp enable
[S9300F-Vlanif150] igmp static-group 225.0.0.1
Step 2 Configure an NQA MPing test on S9300 E.

<S9300E> system-view
[S9300E] nqa test-instance admin mping
[S9300E-nqa-admin-mping] test-type mping
[S9300E-nqa-admin-mping] destination-address ipv4 225.0.0.1
Step 3 Check the configuration.

[S9300E-nqa-admin-mping] display nqa-agent verbose
NQA Trace Concurrent Max:50 NQA Trace Concurrent Num:0

1 NQA entry(admin, mping):

test type:mping current flag:inactive
start at: no start time end at: no end time
nqa status: normal
configuration :
test-type mping

[S9300E-nqa-admin-mping] start now

# View the members of the reserved group according to the information about probes in the
display.
[S9300E] display nqa results test-instance admin mping

NQA entry(admin, mping) :testFlag is inactive ,testtype is mping

Completions: finish Timeouts number: 0
Drops number: 0 TargetAddress: 225.0.0.1
ProbeResponses number: 3 SentProbes number: 3
SequenceErrors: 0 Busies: 0
Step 6 Verify the routing table entries on the S9300.

# # Check multicast forwarding entries on S9300 E. You can find that S9300 E generates an
entry (2.2.2.2, 225.0.0.1) and sends out multicast packets from the loopback interface.
<S9300E> display pim routing-table
Vpn-instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
(2.2.2.2, 225.0.0.1)
Protocol: pim-dm, Flag: LOC
UpTime: 00:05:41
Upstream interface: looback0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif120
Protocol: pim-dm, UpTime: 00:04:27, Expires: never
# # Check the multicast forwarding entries on S9300 D. You can find that S9300 D generates
an entry (2.2.2.2, 225.0.0.1) after receiving the multicast packets from the upstream interface
VLANIF 120.
<S9300D> display pim routing-table
(2.2.2.2, 225.0.0.1)
Protocol: pim-dm, Flag:
UpTime: 00:06:23
Upstream interface: Vlanif120
Upstream neighbor: 11.1.2.2
RPF prime neighbor: 11.1.2.2
1: GigabitEthernet2/0/0
# # Check the multicast forwarding entries on S9300 A. You can find that S9300 A generates
VLANIF 120.
<S9300A> display pim routing-table
(2.2.2.2, 225.0.0.1)
Protocol: pim-dm, Flag: ACT
UpTime: 00:01:23
Upstream interface: GigabitEthernet3/0/0
Downstream interface(s) information: None
# # Check the multicast forwarding entries on S9300 B. You can find that S9300 B generates
GE 2/0/0.
<S9300B> display pim routing-table

(2.2.2.2, 225.0.0.1)
UpTime: 00:02:44
# # Check the multicast forwarding entries on S9300 F. You can find that S9300 F generates an
entry (2.2.2.2, 225.0.0.1) after receiving the multicast packets from the upstream interface GE
3/0/0.
<S9300F> display pim routing-table
(*, 225.0.0.1)
Protocol: pim-dm, Flag: WC
UpTime: 00:06:36
Upstream interface: NULL
Protocol: igmp, UpTime: 00:06:36, Expires: never
(2.2.2.2, 225.0.0.1)
UpTime: 00:03:40
Protocol: pim-dm, UpTime: 00:03:40, Expires: -
----End
Configuration Files
#
sysname S9300A
#
multicast routing-enable
#
vlan batch 110 140
#
interface Vlanif110
ip address 11.1.5.1 255.255.255.0
pim dm
#
interface Vlanif140
ip address 11.1.6.3 255.255.255.0
pim dm
#
#


#
pim
#
ospf 1
area 0.0.0.0
network 11.1.5.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
return
#
sysname S9300B
#
vlan batch 130 140
#
interface Vlanif130
ip address 11.1.4.1 255.255.255.0
pim dm
#
interface Vlanif140
ip address 11.1.6.2 255.255.255.0
pim dm
#
#
#
pim
#
ospf 1
area 0.0.0.0
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
return
#
sysname S9300D
#
#
#
interface Vlanif110
ip address 11.1.5.2 255.255.255.0
pim dm
#
interface Vlanif120
ip address 11.1.2.1 255.255.255.0
pim dm
#
interface Vlanif130
ip address 11.1.4.2 255.255.255.0
pim dm
#
#


#
#
pim
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
return
#
sysname S9300E
#
#
vlan batch 120
#
interface Vlanif120
ip address 11.1.2.2 255.255.255.0
#
pim dm
#
interface LoopBack0
undo shutdown
ip address 2.2.2.2 255.255.255.255
pim dm
#
ospf 1
area 0.0.0.0
network 11.1.2.2 0.0.0.255
network 2.2.2.2 0.0.0.0
#
nqa admin mping
test-type mping
#
return
#
sysname S9300F
#
#
vlan batch 140 150
#
interface Vlanif140
ip address 11.1.6.1 255.255.255.0
pim dm
#
pim dm
#
interface Vlanif150
ip address 11.1.7.2 255.255.255.0
igmp static-group 225.0.0.1
igmp enable
#

pim dm
#
pim
#
ospf 1
area 0.0.0.0
network 11.1.6.0 0.0.0.255
network 11.1.7.0 0.0.0.255
#
return
Example for Checking the RPF Path from the Source to the S9300 Through the
MTrace Test
As shown in Figure 5-71, on the PIM-SM multicast network, implement the NTP protocal on
all S9300s to make S9300s work synchronously, receiver is added to the multicast group
225.1.1.1 and receives multicast data from Source normally. This test is performed to check how
the traffic is transmitted to the RTB from Source along the RPF route.
You need to enable MTrace on S9300 B to check the RPF path from the multicast source to the
current S9300.
The NQA MTrace test is used to implement the MTrace function.
Figure 5-71 Networking diagram of MTrace
Source
11.1.0.2/24
Vlanif150
11.1.0.1/24
Vlanif150
11.1.1.2/24 Vlanif130
Loopback0 11.1.2.2/24
S9300E Vlanif130
1.1.1.1/32
11.1.2.1/24
Vlanif150 Vlanif120 S9300D
11.1.1.1/2411.1.4.2/24 Vlanif110
S9300C
11.1.5.2/24
Vlanif160
11.1.3.2/24 S9300B Vlanif110
Vlanif160 11.1.5.1/24
11.1.3.1/24
Vlanif170
Vlanif170 S9300A
11.1.6.2/24
11.1.6.3/24
Receiver
11.1.6.4/24

1. Configure S9300 B as the NQA client and create an MTrace test on it.
Data Preparation
l Test instance name: admin mtrace
l IP address of the multicast source: 11.1.0.2/24
NOTE
This example covers only the configurations of the MTrace test.
Procedure
Step 1 Configure an NQA MTrace test on S9300 B.
[S9300B] nqa test-instance admin mtrace
[S9300B-nqa-admin-mtrace] test-type mtrace
[S9300B-nqa-admin-mtrace] mtrace-source-address ipv4 11.1.0.2

[S9300B-nqa-admin-mtrace] start now
Step 3 Verify the test result. You can find that the RPF path from the multicast source to S9300B is
S9300E-S9300D-S9300B.
[S9300B-nqa-admin-mtrace] display nqa results test-instance admin mtrace
NQA entry(admin, mtrace) :testFlag is inactive ,testtype is mtrace
Completions: success Query Mode: max-hop
Current Hop:3 Current Probe:1
Timeout Count:0 Busy Count:0
Drop Count:0 Max Path Ttl:4
Responser:127.0.0.1 Response Rtt: 10
mtrace start time: 2009-2-18 21:46:49.3
Last Good Path Time: 2009-2-18 21:46:49.3
1 . Hop 1
Outgoing Interface Address: 0.0.0.0
Incoming Interface Address: 11.1.4.1
Prehop Router Address: 11.1.4.2
Protocol : PIM(assert) Forward Code:NO_ERROR
Forward Ttl:1 Current Path Ttl:4
SG Packet Count:13316240 Hop Time Delay(ms): 0xffffffff
Input Packet Count:0 Output Packet Count:0
Input Rate(pps): 0xffffffff Output Rate(pps): 0xffffffff
Input Loss Rate: 0xffffffff SG Loss Rate: 0xffffffff
2 . Hop 2,Outgoing Interface Address:
11.1.4.2
Protocol : PIM(assert) Forward Code:NO_ERROR
SG Packet Count:26813234 Hop Time Delay(ms):39131
3 . Hop 3


Protocol : PIM Forward Code:NO_ERROR
Input Loss Rate: 0xffffffff SG Loss Rate: 0xffffffff ,
----End
Configuration Files
#
sysname S9300A
#
#
vlan batch 110 170
#
interface Vlanif110
ip address 11.1.5.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.3 255.255.255.0
igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.5.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
pim
#
return

#
sysname S9300B
#
#
interface Vlanif120
ip address 11.1.4.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.2 255.255.255.0
igmp enable
pim sm

#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
pim
#
nqa admin mtrace
test-type mtrace
mtrace-source-address ipv4 11.1.0.2
#
Return

#
sysname S9300C
#
#
vlan batch 150 160
#
interface Vlanif150
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.2 255.255.255.0
pim sm
#
#
#
interface Loopback0
ip address 1.1.1.1 255.255.255.255
igmp enable
pim sm
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
network 11.1.3.0 0.0.0.255
#
Return

#
sysname S9300D
#
#
#
interface Vlanif110
ip address 11.1.5.2 255.255.255.0
pim sm
#
interface Vlanif120
ip address 11.1.4.2 255.255.255.0
pim sm
#
interface Vlanif130
ip address 11.1.2.1 255.255.255.0
igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.5.0 0.0.0.255
#
pim
#
Return
#
sysname S9300E
#
#
#
interface Vlanif130
ip address 11.1.2.2 255.255.255.0
igmp enable
pim sm
#
interface Vlanif140
ip address 11.1.0.1 255.255.255.0
pim sm
#
interface Vlanif150
ip address 11.1.1.2 255.255.255.0
pim sm
#
#

#
#
ospf 1
area 0.0.0.0
network 11.1.0.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 11.1.26.0 0.0.0.255
#
pim
#
Return
Example for Checking the Multicast Path from the Source to the S9300 Through the
MTrace Test
all S9300s to make S9300s work synchronously, receiver is added to the multicast group
225.1.1.1 and receives multicast data from Source normally. The RTB can receive multicast
data. This test is performed to check how the multicast traffic is transmitted to RTB from Source.
You need to configure an NQA MTrace test on S9300 B to implement the MTrace function.
You can check the multicast path from the multicast source to the local S9300.
Figure 5-72 Networking diagram for checking the multicast path from the multicast source to
the local S9300
Source
11.1.0.2/24
Vlanif150
11.1.0.1/24
Vlanif150
Vlanif130
11.1.1.2/24
11.1.2.2/24
Loopback0
1.1.1.1/32 S9300E Vlanif130
11.1.2.1/24
S9300C 11.1.1.1/24 11.1.4.2/24
Vlanif110
Vlanif160 11.1.5.2/24
11.1.3.2/24 S9300B
Vlanif160 Vlanif120
11.1.3.1/24 11.1.4.1/24
Vlanif170 S9300A
Vlanif170
11.1.6.2/24
11.1.6.3/24
Receiver
11.1.6.4/24

1. Configure S9300 B as the NQA client and create an MTrace test on it.
Data Preparation
l IP address of the multicast source: 11.1.0.2
l IP address of the multicast group: 225.1.1.1
Procedure
Step 1 Configure an NQA MTrace test on S9300 B.
[S9300B] nqa test-instance admin mtrace
[S9300B-nqa-admin-mtrace] test-type mtrace
[S9300B-nqa-admin-mtrace] mtrace-source-address ipv4 11.1.0.2
[S9300B-nqa-admin-mtrace] mtrace-group-address ipv4 225.1.1.1

[S9300B-nqa-admin-mtrace] start now
Step 3 Verify the test result. You can find that the RPF path from the multicast source to S9300 B is
S9300 E-S9300 D-S9300 B.
[S9300B-nqa-admin-mtrace] display nqa results test-instance admin mtrace
1 . Hop 1
Input Packet Count:8845 Output Packet Count: 0xffffffff
2 . Hop 2


3 . Hop 3
----End
Configuration Files
#
sysname S9300A
#
#
vlan batch 110 170
#
interface Vlanif110
ip address 11.1.5.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.3 255.255.255.0
igmp enable
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 11.1.5.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
pim
#
return

#
sysname S9300B
#
#
#
interface Vlanif120
ip address 11.1.4.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.1 255.255.255.0
pim sm
#
interface Vlanif170

ip address 11.1.6.2 255.255.255.0

igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
nqa admin mtrace
test-type mtrace
mtrace-group-address ipv4 225.1.1.1
#
return

#
sysname S9300C
#
#
vlan batch 150 160
#
interface Vlanif150
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.2 255.255.255.0
pim sm
#
#
#
#
interface Loopback0
ip address 1.1.1.1 255.255.255.255
igmp enable
pim sm
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
network 11.1.3.0 0.0.0.255

#
Return
#
sysname S9300D
#
#
interface Vlanif110
ip address 11.1.5.2 255.255.255.0
pim sm
#
interface Vlanif120
ip address 11.1.4.2 255.255.255.0
pim sm
#
interface Vlanif130
ip address 11.1.2.1 255.255.255.0
igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.5.0 0.0.0.255
#
pim
#
Return
#
sysname S9300E
#
#
#
interface Vlanif130
ip address 11.1.2.2 255.255.255.0
igmp enable
pim sm
#
interface Vlanif140
ip address 11.1.0.1 255.255.255.0
pim sm
#
interface Vlanif150
ip address 11.1.1.2 255.255.255.0
pim sm
#
#

#
#
ospf 1
area 0.0.0.0
network 11.1.0.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 11.1.2.0 0.0.0.255
#
pim
#
Return
Example for Checking the RPF Path from the Source to Destination Host Through
the MTrace Test
all S9300s to make S9300s work synchronously, Receiver is added to the multicast group
225.1.1.1 and receives multicast data from Source normally. S9300 B is the S9300 at the last
hop. This test is performed to check how the traffic is transmitted to Receiver from Source along
the RPF route.
You need to configure an NQA MTrace test on S9300 C to implement the MTrace function.
You can check the RPF path from the multicast source to the destination host.

the local S9300
Source
11.1.0.2/24
Vlanif150
11.1.0.1/24
Vlanif150 Vlanif130
11.1.1.2/24 11.1.2.2/24
Loopback0
1.1.1.1/32 S9300E Vlanif130
11.1.2.1/24
11.1.1.1/24 11.1.4.2/24
S9300C Vlanif110
Vlanif160 11.1.5.2/24
11.1.3.2/24 S9300B Vlanif110
Vlanif160 Vlanif120 11.1.5.1/24
11.1.3.1/24 11.1.4.1/24
Vlanif170
Vlanif170 S9300A
11.1.6.2/24
11.1.6.3/24
Receiver
11.1.6.4/24
1. Configure S9300 C as the NQA client and create an MTrace test on it.
Data Preparation
l IP address of the multicast source: 11.1.0.2/24
l IP address of the destination host: 11.1.6.4
l IP address of the S9300 at the last hop: 11.1.6.2
Procedure
Step 1 Configure an NQA MTrace test on S9300 C.
[S9300C] nqa test-instance admin mtrace
[S9300C-nqa-admin-mtrace] test-type mtrace
[S9300C-nqa-admin-mtrace] mtrace-source-address ipv4 11.1.0.2

[S9300C-nqa-admin-mtrace] destination-address ipv4 11.1.6.4

[S9300C-nqa-admin-mtrace] mtrace-query-type last-hop
[S9300C-nqa-admin-mtrace] mtrace-last-hop-address ipv4 11.1.6.2

[S9300C-nqa-admin-mtrace] start now
Step 3 Verify the test result. You can find that the RPF path from the multicast source to S9300 C is
S9300 E-S9300 D-S9300 C.
[S9300C-nqa-admin-mtrace] display nqa results test-instance admin mtrace

1 . Hop 1
SG Packet Count:0xffffffff Hop Time Delay(ms):65
2 . Hop 2
SG Packet Count:0xffffffff Hop Time Delay(ms):1
3 . Hop 3
SG Packet Count:0xffffffff Hop Time Delay(ms): 0xffffffff
----End
Configuration Files
#
sysname S9300A
#
#
#
vlan batch 110 170
#
interface Vlanif110

ip address 11.1.5.1 255.255.255.0

pim sm
#
interface Vlanif170
ip address 11.1.6.3 255.255.255.0
igmp enable
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 11.1.5.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
pim
#
return
#
sysname S9300B
#
#
#
#
interface Vlanif120
ip address 11.1.4.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.2 255.255.255.0
igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
return
#
#
sysname S9300C

#
#
#
vlan batch 150 160
#
interface Vlanif150
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.2 255.255.255.0
pim sm
#
#
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
nqa admin mtrace
test-type mtrace
mtrace-query-type last-hop
mtrace-last-hop-address ipv4 11.1.6.2
#
return
#
#
sysname S9300D
#
#
#
interface Vlanif110
ip address 11.1.5.2 255.255.255.0
pim sm
#
interface Vlanif120
ip address 11.1.4.2 255.255.255.0
pim sm
#
interface Vlanif130
ip address 11.1.2.1 255.255.255.0
igmp enable
pim sm
#


#
#
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.5.0 0.0.0.255
#
pim
#
Return

#
sysname S9300E
#
#
#
interface Vlanif130
ip address 11.1.2.2 255.255.255.0
igmp enable
pim sm
#
interface Vlanif140
ip address 11.1.0.1 255.255.255.0
pim sm
#
interface Vlanif150
ip address 11.1.1.2 255.255.255.0
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.0.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 11.1.2.0 0.0.0.255
#
pim
#
Return

Example for Checking the Multicast Path from the Source to Destination Host
Through the MTrace Test
all S9300s to make S9300s work synchronously, Receiver is added to the multicast group
225.1.1.1 and receives multicast data from Source normally. This test is performed to check how
the multicast traffic is transmitted to Receiver from Source.
You can configure an NQA MTrace test on S9300 C to implement the MTrace function. You
can check the multicast path from the multicast source to the destination host.
the local S9300
Source
11.1.0.2/24
Vlanif150
11.1.0.1/24
Vlanif150
Vlanif130
11.1.1.2/24
11.1.2.2/24
Loopback0 Vlanif130
S9300E
1.1.1.1/32 11.1.2.1/24
S9300C 11.1.1.1/2411.1.4.2/24 Vlanif110
11.1.5.2/24
Vlanif160
S9300B Vlanif110
11.1.3.2/24
Vlanif160 Vlanif120 11.1.5.1/24
11.1.3.1/24 11.1.4.1/24
Vlanif170
Vlanif170 S9300A
11.1.6.2/24
11.1.6.3/24
Receiver
11.1.6.4/24
1. Configure S9300 C as the NQA client and create an MTrace test on it.
Data Preparation


l IP address of the multicast source: 11.1.0.2
l IP address of the multicast group: 225.1.1.1
l IP address of the destination host: 11.1.6.4
Procedure
Step 1 Configure an NQA MTrace test on S9300 C.
[S9300C] nqa test-instance admin mtrace
[S9300C-nqa-admin-mtrace] test-type mtrace
[S9300C-nqa-admin-mtrace] mtrace-source-address ipv4 11.1.0.2
[S9300C-nqa-admin-mtrace] mtrace-group-address ipv4 225.1.1.1
[S9300C-nqa-admin-mtrace] destination-address ipv4 11.1.6.4
[S9300C-nqa-admin-mtrace] mtrace-query-type destination

[S9300C-nqa-admin-mtrace] start now
Step 3 Verify the test result. You can find that the RPF path from the multicast source to S9300 C is
S9300 E-S9300 D-S9300 C.
[S9300C-nqa-admin-mtrace] display nqa results test-instance admin mtrace

1 . Hop 1
2 . Hop 2
3 . Hop 3


----End
Configuration Files
#
sysname S9300A
#
#
vlan batch 110 170
#
interface Vlanif110
ip address 11.1.5.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.3 255.255.255.0
igmp enable
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 11.1.5.0 0.0.0.255
network 11.1.6.0 0.0.0.255
#
pim
#
return

#
sysname S9300B
#
#
#
interface Vlanif120
ip address 11.1.4.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.1 255.255.255.0
pim sm
#
interface Vlanif170
ip address 11.1.6.2 255.255.255.0
igmp enable
pim sm
#
#


#
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.6.0 0.0.0.255
return
#
#
sysname RTC
#
#
vlan batch 150 160
#
interface Vlanif150
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface Vlanif160
ip address 11.1.3.2 255.255.255.0
pim sm
#
#
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 11.1.3.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
nqa admin mtrace
test-type mtrace
mtrace-query-type destination
mtrace-group-address ipv4 225.1.1.1
#
Return
#
sysname S9300D
#
#
#

interface Vlanif110
ip address 11.1.5.2 255.255.255.0
pim sm
#
interface Vlanif120
ip address 11.1.4.2 255.255.255.0
pim sm
#
interface Vlanif130
ip address 11.1.2.1 255.255.255.0
igmp enable
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 11.1.4.0 0.0.0.255
network 11.1.5.0 0.0.0.255
#
pim
#
Return
#
sysname S9300E
#
#
#
#
interface Vlanif130
ip address 11.1.2.2 255.255.255.0
igmp enable
pim sm
#
interface Vlanif140
ip address 11.1.0.1 255.255.255.0
pim sm
#
interface Vlanif150
ip address 11.1.1.2 255.255.255.0
pim sm
#
#
#
#
ospf 1

area 0.0.0.0
network 11.1.0.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 11.1.2.0 0.0.0.255
#
pim
#
Return
Example for Configuring the PWE3 Ping Test on a Single-Hop PW
As shown in Figure 5-75, CE-A and CE-B are connected to PE-A and PE-B respectively. PE-
A and PE-B are connected through the MPLS backbone network. A dynamic PW needs to be
set up between PE-A and PE-B through the LSP tunnel.
The PWE3 Ping function of the single-hop PW needs to be performed to test the connectivity
of the PW between PE-A and PE-B.
Figure 5-75 Networking diagram for configuring the PWE3 Ping test on the single-hop PW
MPLS Backbone

192.2.2.2/32 192.4.4.4/32 192.3.3.3/32
GE2/0/0 GE2/0/0
Vlanif120 Vlanif130
GE1/0/0 GE2/0/0
10.1.1.1/24 10.2.2.2/24
GE1/0/0 Vlanif120 Vlanif130 GE1/0/0
PE-A 10.1.1.2/24 P 10.2.2.1/24 Vlanif140
Vlanif110 PE-B
PW
GE1/0/0 GE1/0/0
Vlanif110 Vlanif140
100.1.1.1/24 100.1.1.2/24
CE-A CE-B
1. Run the IGP protocol on the backbone network to make the routes between S9300s on the
backbone network reachable.
2. Configure the basic MPLS functions on the backbone network and set up an LSP tunnel.
Set up the MPLS LDP peer relation between the two PE devices on the two ends of the
PW.
3. Create an MPLS L2VC connection between the two PE devices.
4. Configure a PWE3 Ping test on the single-hop PW on PE-A.

Data Preparation
l L2VC IDs of the two ends of the PW, which must be the same
l MPLS LSR-IDs of the PE and P devices
l IP address of the remote peer
Procedure
Step 1 Configure a dynamic single-hop PW.
Configure a dynamic single-hop PW on the MPLS backbone network.
For the detailed configuration procedure, see "PWE3 Configuration" in the Quidway S9300
Terabit Routing Switch Configuration Guide - VPN.
Step 2 Configure a PWE3 Ping test of the single-hop PW.
# Configure PE-A.
<PE-A> system-view
[PE-A] nqa test-instance test pwe3ping
[PE-A-nqa-test-pwe3ping] test-type pwe3ping
[PE-A-nqa-test-pwe3ping] local-pw-id 100
[PE-A-nqa-test-pwe3ping] local-pw-type vlan
[PE-A-nqa-test-pwe3ping] label-type control-word

[PE-A-nqa-test-pwe3ping] start now
After running the display nqa results command on the PE device, you can see that the test is
successful.
[PE-A-nqa-test-pwe3ping] display nqa results
NQA entry(test, pwe3ping) :testFlag is inactive ,testtype is pwe3ping
Completion:success OverThresholds number: 0
----End
Configuration Files
l Configuration file of CE-A

#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
#
return
l Configuration file of PE-A
#
sysname PE-A
#
mpls lsr-id 192.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.3.3.3
remote-ip 192.3.3.3
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 192.3.3.3 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack0
ip address 192.2.2.2 0.0.0.0
#
nqa test-instance test pwe3ping
test-type pwe3ping
local-pw-id 100
local-pw-type vlan
remote-pw-id 100
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls
#

mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l Configuration file of PE-B
#
sysname PE-B
#
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 192.2.2.2
#
vlan batch 130 140
#
interface Vlanif130
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
mpls l2vc 192.2.2.2 100
mpls
mpls ldp
#
#
#
#
interface LoopBack0
ip address 192.3.3.3 255.255.255.255

#
ospf 1
area 0.0.0.0
network 192.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l Configuration file of CE-B

#
sysname CE-B
#
vlan batch 140
#
interface Vlanif140
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring the PWE3 Ping Test on a Multi-Hop PW
As shown in Figure 5-76, CE-A and CE-B are connected to U-PE1 and U-PE2 respectively
through PPP. U-PE1 and U-PE2 are connected through the MPLS backbone network. The LSP
needs to be used and S-PE is set as the switching node to set up a dynamic multi-hop PW between
U-PE1 and U-PE2.
The PWE3 Ping function of the multi-hop PW needs to be performed to test the connectivity of
the PW between U-PE1 and U-PE2.
Figure 5-76 Networking diagram for configuring the PWE3 Ping test on a multi-hop PW
2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
GE1/0/0 GE1/0/0
P1 Vlanif130 S-PE Vlanif140 P2
20.1.1.2/24 30.1.1.2/24
GE2/0/0 GE2/0/0
GE1/0/0 Vlanif130 GE2/0/0
Vlanif120 Vlanif140 Vlanif150
20.1.1.1/24 30.1.1.1/24
10.1.1.2/24 40.1.1.1/24
Loopback0 Loopback0
100 PW
1.1.1.9/32 PW 200 5.5.5.9/32
GE2/0/0 GE1/0/0
Vlanif120 Vlanif150
10.1.1.1/24 40.1.1.2/24 U-PE2
GE1/0/0 GE2/0/0
U-PE1 Vlanif110 Vlanif160
GE1/0/0 GE1/0/0
Vlanif110 Vlanif160
100.1.1.1/24 100.1.1.2/24
CE-A CE-B

Set up MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and S-
PE.
3. Create an MPLS L2VC connection between the two U-PEs.
4. Create a switching PW on the switching node S-PE.
5. Configure a PWE3 Ping test on the multi-hop PW on U-PE1.
Data Preparation
l L2VC IDs on U-PE1 and U-PE2, which must be different
l MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l Encapsulation type of the switching PW
l Name and parameters of the PW template on U-PE devices
Procedure
Step 1 Configure a dynamic multi-hop PW.
Configure a dynamic multi-hop PW on the MPLS backbone network.
Step 2 Configure a PWE3 Ping test on a multi-hop PW.
# Configure U-PE1.
<U-PE1> system-view
[U-PE1] nqa test-instance test pwe3ping
[U-PE1-nqa-test-pwe3ping] test-type pwe3ping
[U-PE1-nqa-test-pwe3ping] local-pw-id 100
[U-PE1-nqa-test-pwe3ping] local-pw-type ppp
[U-PE1-nqa-test-pwe3ping] label-type control-word
[U-PE1-nqa-test-pwe3ping] remote-pw-id 200

[U-PE1-nqa-test-pwe3ping] start now

successful.
[U-PE1-nqa-test-pwe3ping] display nqa results
NQA entry(test, pwe3ping) :testFlag is inactive ,testtype is pwe3ping


Completion:success OverThresholds number: 0
----End
Configuration Files
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
#
return
l Configuration file of U-PE1

#
sysname U-PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 3.3.3.9 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#


#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
nqa test-instance test pwe3ping
test-type pwe3ping
local-pw-id 100
local-pw-type ppp
remote-pw-id 200
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of P1
#
sysname P1
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l Configuration file of S-PE
#
sysname S-PE
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100
#
mpls ldp

#
remote-ip 1.1.1.9
#
remote-ip 5.5.5.9
#
vlan batch 130 140
#
interface Vlanif130
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
#
sysname P2
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
vlan batch 140 150
#
interface Vlanif140
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif150
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#

ospf 1
area 0.0.0.0
network 4.4.2.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#

#
sysname U-PE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
vlan batch 150 160
#
interface Vlanif150
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif160
mpls l2vc 3.3.3.9 200
#
#
#
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return

#
sysname CE-B
#
vlan batch 160
#
interface Vlanif160
ip address 100.1.1.2 255.255.255.0
#
#
return

Example for Configuring the PWE3 Trace Test on a Single-Hop PW
As shown in Figure 5-77, CE-A and CE-B are respectively connected to PE-A and PE-B through
VLAN. PE-A and PE-B are connected through the MPLS backbone network. A dynamic PW
needs to be set up between PE-A and PE-B through the LSP tunnel.
The PWE3 Trace function of the single-hop PW needs to be performed to test the connectivity
of the PW between PE-A and PE-B.
Figure 5-77 Networking diagram for configuring the PWE3 Trace test on a single-hop PW
MPLS Backbone
192.2.2.2/32 192.4.4.4/32 192.3.3.3/32
GE2/0/0 GE2/0/0
GE1/0/0
Vlanif120 GE2/0/0 Vlanif130
10.1.1.1/24 Vlanif120
Vlanif13010.2.2.2/24
GE1/0/0 GE1/0/0
10.2.2.1/24
PE-A Vlanif110 10.1.1.2/24 P Vlanif140 PE-B
PW
GE1/0/0 GE1/0/0
Vlanif110 Vlanif140
100.1.1.1/24 100.1.1.2/24
CE-A CE-B
Set up the MPLS LDP peer relation between the two PE devices on the two ends of the
PW.
3. Create an MPLS L2VC connection between the two PE devices.
4. Configure a PWE3 Trace test on a single-hop PW on PE-A.
Data Preparation
l L2VC IDs of the two ends of the PW, which must be the same
l MPLS LSR-IDs of the PE and P devices

Procedure
Step 1 Configure a dynamic single-hop PW.
Configure a dynamic single-hop PW on the MPLS backbone network.
Step 2 Configure a PWE3 Trace test of the single-hop PW.
# Configure PE-A.
<PE-A> system-view
[PE-A] nqa test-instance test pwe3trace
[PE-A -nqa-test-pwe3trace] test-type pwe3trace
[PE-A -nqa-test-pwe3trace] local-pw-type vlan
[PE-A -nqa-test-pwe3trace] local-pw-id 100

[PE-A -nqa-test-pwe3trace] start now
Run the display nqa history command on the PE device, and you can see that the status is
successful.
[PE-A-nqa-test-pwe3trace] display nqa history
NQA entry(test, pwe3trace)
history:
Index T/H/P Response Status Address Time
1 1/1/1 4 success 10.1.1.2 2006-9-30 9:33:3.301
2 1/1/2 5 success 10.1.1.2 2006-9-30 9:33:3.307
3 1/1/3 3 success 10.1.1.2 2006-9-30 9:33:3.311
4 1/2/1 6 success 3.3.3.9 2006-9-30 9:33:3.318
5 1/2/2 6 success 3.3.3.9 2006-9-30 9:33:3.324
6 1/2/3 6 success 3.3.3.9 2006-9-30 9:33:3.331
successful.
[PE-A-nqa-test- pwe3trace] display nqa results
NQA entry(test, pwe3trace) :testFlag is inactive ,testtype is pwe3trace
1 . Hop 1
2 . Hop 2
----End

Configuration Files
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#
#
return
l Configuration file of PE-A

#
sysname PE-A
#
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 192.3.3.3
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 192.3.3.3 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 192.2.2.2 0.0.0.0
#
nqa test-instance test pwe3trace
test-type pwe3trace
local-pw-type vlan
local-pw-id 100
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#

mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l Configuration file of PE-B
#
sysname PE-B
#
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 192.2.2.2
#
vlan batch 130 140
#
interface Vlanif130
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
mpls l2vc 192.2.2.2 100
#
#
#
interface LoopBack0
ip address 192.3.3.3 255.255.255.255
#

ospf 1
area 0.0.0.0
network 192.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

#
sysname CE-B
#
vlan batch 140
#
interface Vlanif140
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring the PWE3 Trace Test on a Multi-Hop PW
As shown in Figure 5-78, CE-A and CE-B are respectively connected to U-PE1 and U-PE2
through PPP. U-PE1 and U-PE2 are connected through the MPLS backbone network. The LSP
needs to be used and S-PE is set as the switching node to set up a dynamic multi-hop PW between
U-PE1 and U-PE2.
The PWE3 Trace function of the multi-hop PW needs to be performed to test the connectivity
of the PW between U-PE1 and U-PE2.
Figure 5-78 Networking diagram for configuring the PWE3 Trace test on a multi-hop PW
2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
GE1/0/0 GE1/0/0
P1 Vlanif130 S-PE Vlanif140 P2
20.1.1.2/24 30.1.1.2/24
GE1/0/0 GE2/0/0 GE2/0/0
GE2/0/0
Vlanif120 Vlanif140
Vlanif130 Vlanif150
10.1.1.2/24 30.1.1.1/24
20.1.1.1/24 40.1.1.1/24
Loopback0 Loopback0
100 PW 5.5.5.9/32
1.1.1.9/32 PW 200
GE2/0/0 GE1/0/0
Vlanif120 Vlanif150 U-PE2
40.1.1.2/24
10.1.1.1/24
GE1/0/0 GE2/0/0
U-PE1 Vlanif110 Vlanif160
GE1/0/0 GE1/0/0
Vlanif110 Vlanif160
100.1.1.1/24 100.1.1.2/24
CE-A CE-B

Set up MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and S-
PE.
5. Configure a PWE3 Trace test on the multi-hop PW on U-PE1.
Data Preparation
l L2VC IDs on U-PE1 and U-PE2, which must be different
l Name and parameters of the PW template on U-PE devices
Procedure
Step 1 Configure a dynamic multi-hop PW.
Configure a dynamic multi-hop PW on the MPLS backbone network.
Step 2 Configure a PWE3 Trace test of the multi-hop PW.
# Configure U-PE1.
<U-PE1> system-view
[U-PE1] nqa test-instance test pwe3trace
[U-PE1-nqa-test-pwe3trace] test-type pwe3trace
[U-PE1-nqa-test-pwe3trace] local-pw-id 100
[U-PE1-nqa-test-pwe3trace] local-pw-type ppp
[U-PE1-nqa-test-pwe3trace] label-type control-word
[U-PE1-nqa-test-pwe3trace] remote-pw-id 200

[U-PE1-nqa-test-pwe3trace] start now

After running the display nqa history command on the PE device, you can see that the status
is successful.
[U-PE1-nqa-test-pwe3trace] display nqa history
NQA entry(test, pwe3trace)
history:
Index T/H/P Response Status Address Time
1 1/1/1 4 success 10.1.1.2 2006-9-30 9:33:3.301

2 1/1/2 5 success 10.1.1.2 2006-9-30 9:33:3.307

3 1/1/3 3 success 10.1.1.2 2006-9-30 9:33:3.311
4 1/2/1 6 success 20.1.1.2 2006-9-30 9:33:3.318
5 1/2/2 6 success 20.1.1.2 2006-9-30 9:33:3.324
6 1/2/3 6 success 20.1.1.2 2006-9-30 9:33:3.331
7 1/3/1 6 success 30.1.1.2 2006-9-30 9:33:3.318
8 1/3/2 6 success 30.1.1.2 2006-9-30 9:33:3.324
9 1/3/3 6 success 30.1.1.2 2006-9-30 9:33:3.331
10 1/4/1 6 success 5.5.5.9 2006-9-30 9:33:3.318
11 1/4/2 6 success 5.5.5.9 2006-9-30 9:33:3.324
12 1/4/3 6 success 5.5.5.9 2006-9-30 9:33:3.331
Running the display nqa results command on the PE device, you can see that the test is
successful.
[U-PE1-nqa-test-pwe3trace] display nqa results
NQA entry(test, pwe3trace) :testFlag is inactive ,testtype is pwe3trace
1 . Hop 1
2 . Hop 2
3 . Hop 3
4 . Hop 4
----End
Configuration Files
#
sysname CE-A
#
vlan batch 110
#
interface Vlanif110
ip address 100.1.1.1 255.255.255.0
#


#
return
#
sysname U-PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
vlan batch 110 120
#
interface Vlanif110
mpls l2vc 3.3.3.9 100
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
nqa test-instance test pwe3trace
test-type pwe3trace
local-pw-id 100
local-pw-type ppp
label-type control-word
remote-pw-id 200
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
#
sysname P1
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
vlan batch 120 130
#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif130

ip address 20.1.1.1 255.255.255.0

mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
#
sysname S-PE
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation ppp
#
mpls ldp
#
remote-ip 1.1.1.9
#
remote-ip 5.5.5.9
#
vlan batch 130 140
#
interface Vlanif130
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif140
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255

#
return
#
sysname P2
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
vlan batch 140 150
#
interface Vlanif140
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif150
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.2.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
#
sysname U-PE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
vlan batch 150 160
#
interface Vlanif150
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif160
mpls l2vc 3.3.3.9 200
#
#

#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return

#
sysname CE-B
#
vlan batch 160
#
interface Vlanif160
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring an NQA Test Group
S9300 A functions as the NQA client to check whether S9300 B and S9300 C are reachable.
Figure 5-79 Networking diagram for configuring an NQA test group

test1
S9300A S9300B S9300C
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0

10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24
test2


2. Create an NQA test group that consists of two tests to check whether the test packets from
S9300 A can reach S9300 B and S9300 C and to check the RTT of the packets.
Data Preparation
l Host addresses of S9300 B and S9300 C
l Time when the test group is enabled
Procedure
Step 2 Create an ICMP NQA test group on S9300 A.
[S9300A] nqa test-instance group icmp
[S9300A-nqa-group-icmp] test-type icmp
[S9300A-nqa-group-icmp] switch-to group
[S9300A-nqa-group-icmp] quit
Step 3 On S9300 A, create two tests named admin test1 and admin test2 respectively to check whether
S9300 B and S9300 C are reachable.
[S9300A] nqa test-instance admin test1
[S9300A-nqa-admin-test1] test-type icmp
[S9300A-nqa-admin-test1] join group nqa group icmp
[S9300A-nqa-admin-test1] destination-address ipv4 10.1.1.2
[S9300A-nqa-admin-test1] quit
[S9300A] nqa test-instance admin test2
[S9300A-nqa-admin-test2] test-type icmp
[S9300A-nqa-admin-test2] join group nqa group icmp
[S9300A-nqa-admin-test2] destination-address ipv4 10.2.1.2
[S9300A-nqa-admin-test2] quit
Step 4 Return to the test group view and set the test to be performed after 10 seconds.
[S9300A] nqa test-instance group icmp
[S9300A-nqa-group-icmp] start delay seconds 10
# After running the display nqa-agent command, you can view the status of the test group and
the test members on the client.
[S9300A-nqa-group-icmp] display nqa-agent
NQA Trace Concurrent Max:50 NQA Trace Concurrent Mum:0
1 NQA entry(admin, test1):

test type:icmp current flag:inactive
start at : no start time end at : no end time
nqa status : group member, belong to group : group icmp
2 NQA entry(admin, test2):

test type:icmp current flag:inactive
start at : no start time end at : no end time
nqa status : group member, belong to group : group icmp

3 NQA entry(group, icmp):

test type:icmp current flag:active
current status:no start current completion:NA
start at : 2008-8-24 14:35:34 end at : no end time
nqa status : group leader, group members number : 2
Step 5 Verify the test result 20 seconds later.

[S9300A-nqa-admin-icmp] display nqa results
NQA entry(admin, test1) :testFlag is inactive ,testtype is icmp

NQA entry(admin, test2) :testFlag is inactive ,testtype is icmp

----End
Configuration Files
#
sysname S9300A
#
vlan batch 110
#
interface Vlanif110
ip address 10.1.1.1 255.255.255.0
#
#
nqa test-instance group icmp
switch-to group

test-type icmp
nqa test-instance admin test1
test-type icmp
join group nqa group icmp
nqa test-instance admin test2

test-type icmp
join group nqa group icmp
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

#
sysname S9300B
#
vlan batch 110 120
#
interface Vlanif110
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif120
ip address 10.2.1.1 255.255.255.0
#
#
#
return

#
sysname S9300C
#
vlan batch 120
#
interface Vlanif120
ip address 10.2.1.2 255.255.255.0
#
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.1
#
return
Example for Configuring the Test of Sending NQA Threshold Traps to the NMS
As shown in Figure 5-80, the trap threshold are configured and the function of sending trap
messages is enabled when a Jitter test is configured. After the Jitter test is complete, S9300 A
sends a trap message to the NMS when the interval for transmitting the test packet from
S9300 A to S9300 C or from S9300 C to S9300 A exceeds the configured unidirectional
transmission threshold, or when the RTT of the test packet exceeds the configured bidirectional
transmission threshold. Network administrators can view the cause of a trap in the trap message
received by the NMS.

Figure 5-80 Network diagram for configuring the NQA threshold
NM Station
GE 2/0/0 20.1.1.2/24
Vlanif110 S9300 GE 1/0/0 S9300C
20.1.1.1/24 B Vlanif130
30.1.1.2/24
GE 1/0/0 GE 1/0/0 GE 2/0/0
S9300A Vlanif120 Vlanif120 Vlanif130
10.1.1.1/24 10.1.1.2/24 30.1.1.1/24 NQA Server
NOTE
For the information about clock synchronization, see "NTP" in the Quidway S9300 Terabit Routing
Switch Feature Description - Device Management.
1. Configure a Jitter test.
2. Configure the NQA thresholds.
3. Enable the function of sending trap messages.
4. Configure the function of sending trap messages to the NMS.
Data Preparation
l IP address and port number of the server-side host.
l Type of the monitored service and monitoring port number
l RTD threshold and OWD threshold
l IP address of the NMS
Procedure
Step 2 Configure a Jitter test.
# Configure the IP address and UDP port number monitored by the NQA server on S9300 C.
# # Enable the NQA client on S9300 A and create an NQA Jitter test on it.

[S9300A-nqa-admin-jitter] test-type jitter

[S9300A-nqa-admin-jitter] destination-address ipv4 30.1.1.2
[S9300A-nqa-admin-jitter] destination-port 9000
Step 3 Configure the NQA thresholds.
# Configure the RTD threshold on S9300 A.

[S9300A-nqa-admin-jitter] threshold rtd 20
# Configure the OWD-DS threshold on S9300 A.

[S9300A-nqa-admin-jitter] threshold owd-ds 100
# Configure the OWD-SD threshold on S9300 A.

[S9300A-nqa-admin-jitter] threshold owd-sd 100
Step 4 Enable the function of sending trap messages.

[S9300A-nqa-test-jitter] send-trap owd-ds owd-sd rtd
[S9300A-nqa-test-jitter] quit
Step 5 Configure the function of sending trap messages to the NMS.

[S9300A] snmp-agent trap enable
[S9300A] snmp-agent target-host trap address udp-domain 20.1.1.2 params
securityname public v2c

[S9300A-nqa-admin-jitter] start now
[S9300A-nqa-admin-jitter] quit
[S9300A] quit
# Verify the NQA test result of each S9300.

<S9300A> display nqa result
NQA entry(test, jitter) :testFlag is inactive ,testtype is jitter

Send operation times:3000 Receive response times:3000
Completion :success RTD RTD OverThresholds number:25
NumberOfOWD:3000
OWD SD Sum:81 OWD DS Sum:62
# Verify that a trap message is generated in the trap buffer.

<Quidway> display trapbuffer

#Jul 9 00:28:34 2009 Quidway NQA/4/RTDTHRESHOLD:OID
1.3.6.1.4.1.2011.5.25.111.6.16 NQA entry RTD over threshold. (OwnerIndex=admin,
TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/SDTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.17
NQA entry OWD-SD over threshold. (OwnerIndex=admin, TestName=jitter)
#Jul 9 00:28:34 2009 Quidway NQA/4/DSTHRESHOLD:OID 1.3.6.1.4.1.2011.5.25.111.6.
18 NQA entry OWD-DS over threshold. (OwnerIndex=admin, TestName=jitter)
# Verify that the NMS can receive the trap message successfully. The displayed information is
not provided here.
----End
Configuration Files
#
sysname S9300A
#
vlan batch 110 120
#
interface Vlanif110
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif120
ip address 10.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.0
#
nqa test-instance test jitter
test-type jitter
threshold rtd 20
threshold owd-sd 100
threshold owd-ds 100
send-trap rtd
send-trap owd-sd
send-trap owd-ds
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100007B29
snmp-agent sys-info version v2c
snmp-agent target-host trap address udp-domain 20.1.1.2 params securityname
public v2c
snmp-agent trap enable eth-
trunk
snmp-agent trap enable
l2service
bfd
bgp
snmp-agent trap enable static-
lsp
snmp-agent trap enable te tunnel-
reop

snmp-agent trap enable te te-

frr
private
snmp-agent trap enable te hot-
standby
snmp-agent trap enable te
ordinary
snmp-agent trap enable te state-change-
private
snmp-agent trap enable te bandwidth-
change
snmp-agent trap enable mpls-
oam
l3vpn
snmp-agent trap enable l2-
multicast
efm
dldp
snmp-agent trap enable loop-
detection
license
lldp
ldp
svc
ccc
vpls
pw
kompella
eoam-1ag
snmp-agent trap enable tunnel-
ps
configuration
system
standard
mstp
snmp-agent trap enable vrrp-
group
snmp-agent trap enable port input-
rate
snmp-agent trap enable port output-
rate
ssh
flash
#
return
#
sysname S9300B
#

vlan batch 120 130

#
interface Vlanif120
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif130
ip address 30.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return

#
sysname S9300C
#
vlan batch 130
#
interface Vlanif130
ip address 30.1.1.2 255.255.255.0
#
#
#
ospf 1
area 0.0.0.1
network 30.1.1.0 0.0.0.255
#
return
5.4 Configuration Guide - Ethernet

This document describes the configuration of Ethernet services on the S9300, including the
configurations of Ethernet interfaces, link aggregation, VLAN, Voice VLAN, VLAN mapping,
QinQ, MAC address table, ARP, MSTP, BPDU tunnel, HVRP, and LDT.
The document provides the configuration procedures and configuration examples to illustrate
the service configuration methods and application scenario.
5.4.1 Ethernet Interface Configuration
This chapter describes the basic knowledge, methods, and examples for configuring the Ethernet
interface.
5.4.2 Link Aggregation Configuration
link aggregation.
5.4.3 VLAN Configuration
This chapter describes the basic knowledge, methods, and examples for configuring VLAN.
5.4.4 VLAN Mapping Configuration

This chapter describes the basic knowledge, methods, and examples for configuring VLAN
mapping.
5.4.5 QinQ Configuration
This chapter describes the basic knowledge, methods, and examples for configuring QinQ.
5.4.6 MAC Address Table Configuration
This chapter describes the basic knowledge, methods, and examples for configuring the MAC
address table.
5.4.7 MSTP Configuration
This chapter describes the basic knowledge, methods, and examples for configuring the
Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning
Tree Protocol (MSTP).
5.4.8 BPDU Tunnel Configuration
This chapter describes the basic knowledge, methods, and examples for configuring BPDU
tunnel.
5.4.9 LDT Configuration
loop detection (LDT).
5.4.10 RRPP Configuration
This chapter describes the basic knowledge, methods, and examples for configuring the Rapid
Ring Protection Protocol (RRPP).
5.4.1 Ethernet Interface Configuration

This chapter describes the basic knowledge, methods, and examples for configuring the Ethernet
interface.
Example for Limiting Traffic Volume on the Interface
As shown in Figure 5-81, GE1/0/1 of S9300-A is connected to GE1/0/2 of S9300-B; S9300-B
connects to user network 2 through GE2/0/1; GE2/0/2 of S9300-C is connected to a LAN switch,
namely, LSW.
To ensure normal operation of the services on the network, perform the following operations on
the Ethernet interfaces of the S9300:
l Set the ratio of broadcast packets to 15%.
l Set the ratio of unknown multicast packets to 25%.
l Set the ratio of unknown unicast packets to 90%.

Figure 5-81 Networking diagram for configuring Ethernet interfaces
MAN
User GE1/0/1 GE1/0/2 GE
network 1 2 /0 /
2 User
/1
S9300-A S9300-B S9300-C
/0
network 3
E2
G
User LSW
network 2
1. Limit traffic volume on the interfaces of S9300-A, S9300-B, and S9300-C.
Data Preparation
l Numbers of the interfaces connecting S9300-A and S9300-B
l Number of the interface connecting S9300-B to user network 2
l Number of the interface connecting S9300-C to the LSW
Procedure
Step 1 Set the maximum traffic volume of packets.
# Set the maximum traffic volume of broadcast packets, unknown multicast packets, and
unknown unicast packets respectively on GE1/0/1 of S9300-A.
[S9300-A-GigabitEthernet1/0/1] broadcast-suppression percent 15
[S9300-A-GigabitEthernet1/0/1] multicast-suppression percent 25
[S9300-A-GigabitEthernet1/0/1] unknown-unicast-suppression percent 90
unknown unicast packets respectively on GE1/0/2 of S9300-B.
[S9300-B-GigabitEthernet1/0/2] broadcast-suppression percent 15
[S9300-B-GigabitEthernet1/0/2] multicast-suppression percent 25
[S9300-B-GigabitEthernet1/0/2] unknown-unicast-suppression percent 90
unknown unicast packets respectively on GE2/0/2 of S9300-C.

[S9300-C-GigabitEthernet2/0/2] broadcast-suppression percent 15
[S9300-C-GigabitEthernet2/0/2] multicast-suppression percent 25
[S9300-C-GigabitEthernet2/0/2] unknown-unicast-suppression percent 90
# Check the settings of traffic volume by running the display current-configuration

interface command. Take the display on S9300-A as an example.
<Quidway> display current-configuration interface gigabitethernet 1/0/1
#
broadcast-suppression percent 15
multicast-suppression percent 25
unknown-unicast-suppression percent 90
#
----End
Configuration Files
The following lists the configuration files of the S9300.

#
sysname S9300-A
#
#
return

#
sysname S9300-B
#
#
return

#
sysname S9300-C
#
#
return
5.4.2 Link Aggregation Configuration

link aggregation.

Example for Configuring Link Aggregation in Manual Load Balancing Mode
As shown in Figure 5-82, the S9300 is connected to the BRAS through an Eth-Trunk. The link
between the S9300 and BRAS must ensure high reliability, and data traffic needs to be load
balanced among the LPUs of the S9300. To meet this requirement, you need to configure an
inter-board Eth-Trunk on the S9300.
Figure 5-82 Networking diagram for configuring link aggregation in manual load balancing
mode
BRAS
Eth-Trunk 60
Eth-Trunk
Eth-Trunk 120
GE3/0/0 GE2/0/0
S9300
GE1/0/0 GE1/0/5
VLAN 100-150 VLAN 151-200
DSLAM DSLAM
Precautions
During the configuration, pay attention to the following:
l The Ethernet interfaces on the two ends that form an Eth-Trunk must be directly connected.
l The two ends of the Eth-Trunk must contain the same number of member interfaces.
l Before Ethernet interfaces are added to the Eth-Trunk, ensure that no configuration is made
on the Ethernet interfaces.
l The Eth-Trunk in manual load balancing mode can contain member interfaces with
different rates. For example, an FE interface and a GE interface can be added to the same
Eth-Trunk.
l Each Eth-Trunk contains up to eight member interfaces.

1. Create an Eth-Trunk.
2. Add member interfaces to the Eth-Trunk.
Data Preparation
l Number of the Eth-Trunk
l Types and numbers of the member interfaces in the Eth-Trunk
Procedure
Step 1 Create an Eth-Trunk.
# Create Eth-Trunk 120.
[S9300] interface eth-trunk 120
[S9300-Eth-Trunk120] quit
Step 2 Add member interfaces to the Eth-Trunk.

# Add GE 2/0/0 to Eth-Trunk 120.
[S9300-Gigabitethernet2/0/0] eth-trunk 120
[S9300-Gigabitethernet2/0/0] quit
# Add GE 3/0/0 to Eth-Trunk 120.

[S9300-Gigabitethernet3/0/0] eth-trunk 120
[S9300-Gigabitethernet3/0/0] quit
Step 3 Configure Eth-Trunk 120.

# Configure Eth-Trunk 120 to allow packets of VLANs 100 to 200 to pass through.
[S9300] interface eth-trunk 120
[S9300-Eth-Trunk120] port link-type trunk
[S9300-Eth-Trunk120] port trunk allow-pass vlan 100 to 200
[S9300-Eth-Trunk120] quit

Run the display trunkmembership command in any view to check whether Eth-Trunk 120 is
created and whether member interfaces are added.
[S9300] display trunkmembership eth-trunk 120
Trunk ID: 120
used status: VALID
TYPE: ethernet
Working Mode : Normal
Working State: Normal
Number Of Ports in Trunk = 2
Number Of UP Ports in Trunk = 2
operate status: up
Interface GigabitEthernet2/0/0, valid, selected, operate up, weight=1,
standby interface NULL

Interface GigabitEthernet3/0/0, valid, selected, operate up, weight=1,

standby interface NULL
# Display the configuration of Eth-Trunk 120.

[S9300] display eth-trunk 120
WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
PortName Status Weight
The preceding information indicates that Eth-Trunk 120 consists of member interfaces GE 2/0/0
and GE 3/0/0. The member interfaces are both in Up state.
----End
Configuration Files
#
sysname S9300
#
port link-type trunk
port trunk allow-pass vlan 100 to 200
#
eth-trunk 120
#
eth-trunk 120
#
return
Example for Configuring Link Aggregation in Static LACP Mode
To improve the bandwidth and the connection reliability, configure the link aggregation group
on two directly connected S9300s, as shown in Figure 5-83. The requirements are as follows:
l M active links can implement load balancing.

l N links between two S9300s can carry out redundancy backup. When a fault occurs on an
active link, the backup link replaces the faulty link to keep the reliability of data
transmission.
Figure 5-83 Networking diagram for configuring link aggregation in static LACP mode
Eth-Trunk 1 Eth-Trunk 1
S9300-A GE 1/0/1 S9300-B
GE 1/0/1
GE 1/0/2 GE 1/0/2 Active link
Eth-Trunk
GE 1/0/3 GE 1/0/3 Backup link

1. Create an Eth-Trunk on the S9300 and configure the Eth-Trunk to work in static LACP
mode.
2. Add member interfaces to the Eth-Trunk.
3. Set the system priority and determine the Actor.
4. Set the upper threshold of the active interfaces.
5. Set the priority of the interface and determine the active link.
Data Preparation
l Numbers of the link aggregation groups on the S9300s
l System priority of S9300-A
l Upper threshold of active interfaces
l LACP priority of the active interface
Procedure
Step 1 Create Eth-Trunk 1 and set the load balancing mode of the Eth-Trunk to static LACP mode.
[S9300-A-Eth-Trunk1] mode lacp-static
[S9300-B] interface eth-trunk 1
[S9300-B-Eth-Trunk1] mode lacp-static
[S9300-B-Eth-Trunk1] quit
Step 2 Add member interfaces to the Eth-Trunk.

[S9300-A-Gigabitethernet1/0/1] eth-trunk 1
[S9300-A-Gigabitethernet1/0/1] quit
[S9300-B-Gigabitethernet1/0/1] eth-trunk 1

[S9300-B-Gigabitethernet1/0/1] quit
Step 3 Set the system priority on S9300-A to 100 so that S9300-A becomes the Actor.
[S9300-A] lacp priority 100
Step 4 Set the upper threshold M of active interfaces on S9300-A to 2.

[S9300-A-Eth-Trunk1] max active-linknumber 2
Step 5 Set the priority of the interface and determine active links on S9300-A.
[S9300-A-Gigabitethernet1/0/1] lacp priority 100
[S9300-A-Gigabitethernet1/0/2] lacp priority 100
# Check information about the Eth-Trunk of the S9300s and check whether the negotiation is
successful on the link.
[S9300-A] display eth-trunk 1
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SA-XOR-DA
System Priority: 100 System ID: 00e0-fca8-0417
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: Up Number Of Up Port In Trunk: 2
------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState
Weight
GigabitEthernet1/0/1 Selected 1GE 100 6145 2865 11111100
1
1
GigabitEthernet1/0/3 Unselect 1GE 32768 6147 2865 11100000
1
Partner:
------------------------------------------------------------------------------
PartnerPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 32768 00e0-fca6-7f85 32768 6145 2609 11111100
[S9300-B] display eth-trunk 1

Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SA-XOR-DA
System Priority: 32768 System ID: 00e0-fca6-7f85
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: Up Number Of Up Port In Trunk: 2
------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState
Weight
1


1
GigabitEthernet1/0/3 Unselect 1GE 32768 6147 2609 11100000
1
Partner:
------------------------------------------------------------------------------
PartnerPortName SysPri SystemID PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1 100 00e0-fca8-0417 100 6145 2865 11111100
The preceding information shows that the system priority of S9300-A is 100 and it is higher than
the system priority of S9300-B. Member interfaces GE1/0/1 and GE1/0/2 become the active
interfaces and are in Selected state. Interface GE1/0/3 is in Unselect state. M active links work
in load balancing mode and N links are the backup links.
----End
Configuration Files
#
sysname S9300-A
#
lacp priority 100
#
mode lacp-static
max active-linknumber 2
#
eth-trunk 1
lacp priority 100
#
eth-trunk 1
lacp priority 100
#
eth-trunk 1
#
return

#
sysname S9300-B
#
mode lacp-static
#
eth-trunk 1
#
eth-trunk 1
#
eth-trunk 1
#
return
5.4.3 VLAN Configuration

This chapter describes the basic knowledge, methods, and examples for configuring VLAN.

Example for Configuring the Trunk
As shown in Figure 5-84, an enterprise has four departments. Department 1 is connected to an
S9300, which connects to GE 1/0/1 of another S9300. Department 2 is connected a Layer 2
switch (LSW) LSW-A, which connects to GE 1/0/2 of an S9300. Department 3 is connected to
LSW-B, which connects to GE 1/0/3 of an S9300. Department 4 is connected to an S9300, which
connects to GE 1/0/4 of another S9300. The networking requirements are as follows:
l Department 1 and Department 2 in VLAN 2 are isolated from Department 3 and Department
4 in VLAN 3.
l Department 1 and Department 2 in VLAN 2 can communicate with each other.
l Department 3 and Department 4 in VLAN 3 can communicate with each other.
Figure 5-84 Networking diagram for configuring trunk
MAN
S9300
VLAN2 VLAN3
GE1/0/1 GE1/0/4
S9300 GE1/0/2 GE1/0/3 S9300
LSW-A
LSW-B
…… …… …… ……
Department 1 Department 2 Department 3 Department 4
1. Create VLANs.
2. Add interfaces to the VLAN.
Data Preparation
l GE 1/0/1 and GE 1/0/2 belong to VLAN 2.


Procedure
Step 1 Configure the S9300.
# Create VLAN 2.
[Quidway] vlan 2
# Set the link type of GE 1/0/1 to trunk and add GE 1/0/1 to VLAN 2.
[Quidway-GigabitEthernet1/0/1] port link-type trunk
[Quidway-GigabitEthernet1/0/1] port trunk allow-pass vlan 2
[Quidway]interface gigabitethernet 1/0/2
# Create VLAN 3.
[Quidway] vlan 3

Ping any host in VLAN 3 from a host in VLAN 2. The ping operation fails. This indicates that
Department 1 and Department 2 are isolated from Department 3 and Department 4.
Ping any host in Department 2 from a host in Department 1. The ping operation is successful.
This indicates that Department 1 and Department 2 can communicate with each other.
Ping any host in Department 4 from a host in Department 3. The ping operation is successful.
This indicates that Department 3 and Department 4 can communicate with each other.
----End
Configuration Files
#
sysname Quidway
#
vlan batch 2 to 3
#


port trunk allow-pass vlan 2
#
#
#
#
return
Example for Configuring VLAN Aggregation
As shown in Figure 5-85, VLAN 2 and VLAN 3 compose a super-VLAN, namely, VLAN 4.
The sub-VLANs, namely, VLAN 2 and VLAN 3 cannot ping each other.
After proxy ARP is configured, VLAN 2 and VLAN 3 can ping each other.
Figure 5-85 Typical networking of VLAN configuration
S9300
GE1/0/0 GE3/0/0
GE2/0/0 GE4/0/0
VLAN2 VLAN3
VLAN4
VLANIF4：100.1.1.12/24
VLAN2 VLAN3
1. Add interfaces of the S9300 to sub-VLANs.
2. Add the sub-VLANs to a super-VLAN.
3. Configure routes for the super-VLAN.

4. Configure proxy ARP for the super-VLAN.
Data Preparation
l The VLAN ID of the super-VLAN is 4.
l The IP address of the super-VLAN is 100.1.1.12.
Procedure
Step 1 Set the interface type.
# Configure GE 1/0/0 as an access interface.



Step 2 Configure VLAN 2.

# Create VLAN 2.
[Quidway] vlan 2
# Add GE 1/0/0 and GE 2/0/0 to VLAN 2.

[Quidway-vlan2] port gigabitethernet 1/0/0 2/0/0

# Create VLAN 3.
[Quidway] vlan 3

[Quidway-vlan3] port gigabitethernet 3/0/0 4/0/0


# Configure the super-VLAN.
[Quidway] vlan 4
[Quidway-vlan4] access-vlan 2 to 3
# Configure the VLANIF interface.

Step 5 Configure the personal computers.

Configure the IP address for each personal computer and make them reside in the same network
segment with VLAN 4.
After the preceding configuration, the personal computers and the S9300 can ping each other,
but the computers in VLAN 2 and the computers in VLAN 3 cannot ping each other.
Step 6 Configure proxy ARP.
[Quidway-Vlanif4] arp-proxy inter-sub-vlan-proxy enable

After the preceding configuration, the computers in VLAN 2 and the computers in VLAN 3 can
ping each other.
----End
Configuration Files
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 100.1.1.12 255.255.255.0
arp-proxy enable
arp-proxy inter-sub-vlan-proxy enable
#
port default vlan 2
#
port default vlan 2
#
port default vlan 3
#

port default vlan 3

#
return
Example for Configuring the MUX VLAN
As shown in Figure 5-86, VLAN 2 is configured on GE 1/0/1 of the S9300 and VLAN 2 is set
as the MUX VLAN; GE 1/0/2 and GE 1/0/3 are added to VLAN 3, which is set as the group
VLAN; GE 1/0/4 and GE 1/0/5 are added to VLAN 4, which is set as the separate VLAN.
GE1/0/1 is connected to Host A; GE 1/0/2 is connected to Host B; GE 1/0/3 is connected to Host

C; GE 1/0/4 is connected to Host D; GE 1/0/5 is connected to Host E.
Host A can ping Host B and Host C. Host B and Host C can also ping Host A.
Host A can ping Host D and Host E. Host D and Host E can also ping Host A.
Host B and Host C can ping each other.
Host D and Host E cannot ping each other.
Host B and Host C cannot ping Host D or host E. Host D and Host E cannot ping Host B or Host
C.
Figure 5-86 Typical networking of MUX VLAN configuration
GE1/0/1
GE1/0/2
GE1/0/3 GE1/0/4 GE1/0/5
HostB HostC HostD HostE HostA

VLAN 3 VLAN 4 VLAN 2
1. Configure the MUX VLAN.

2. Configure the group VLAN.
3. Configure the separate VLAN.
4. Add interfaces to the VLAN and enable the MUX VLAN function.

Data Preparation
l GE 1/0/1 belongs to VLAN 2.
Procedure
Step 1 Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
[Quidway] quit
# Configure the MUX VLAN, subordinate VLAN, and interfaces.

[Quidway] vlan 2
[Quidway-vlan2] mux-vlan
[Quidway-vlan2] subordinate group 3
[Quidway-vlan2] subordinate separate 4
[Quidway-GigabitEthernet1/0/1] port mux-vlan enable

Host A can ping Hosts B to E. Hosts B to E can also ping Host A.
Host B and Host C can ping each other.
Host D and Host E cannot ping each other.
Host B and Host C cannot ping Host D or host E. Host D and Host E cannot ping Host B or Host
C.
----End

Configuration Files
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate group 3
subordinate separate 4
#
interface gigabitethernet 1/0/1
port default vlan 2
port mux-vlan enable
#
port default vlan 3
#
port default vlan 3
#
port default vlan 4
#
port default vlan 4
#
return
Example for Configuring VLAN Damping
As shown in Figure 5-87, the hosts in VLAN 10 communicate with the hosts outside VLAN 10
through VLANIF 10.
The VLAN damping feature is configured on VLANIF 10 to prevent route flapping caused by
the change of the VLANIF interface status.

Figure 5-87 Typical networking of VLAN damping configuration
S9300-A S9300-B
GE2/0/0 GE1/0/0
10.100.101.10/24 10.100.101.20/24
VLANIF10
10.100.100.100/24
10.100.100.111/24 10.100.100.110/24
VLAN 10
1. Create VLAN 10.

2. Create VLANIF 10 and configure the IP addresses.
3. Set the delay for VLAN damping on VLANIF 10.
Data Preparation
l Number of the VLANIF interface

l IP address of the VLANIF interface: 10.100.100.100/24
l Delay for VLAN damping: of 20 seconds
Procedure
Step 1 Create VLAN 10. The procedure is not given here.
# For details, see Creating VLANs.
Step 2 Create VLANIF 10.
# Create VLANIF 10 and configure the IP address.

[A] interface vlanif 10
[A-Vlanif10] ip address 10.100.100.100 24
Step 3 Set the delay for VLAN damping.
# Set the delay for VLAN damping to 20 seconds.

[A-Vlanif10] damping time 20


By running the display interface vlanif command on S9300-A, you can view the delay for
VLAN damping.
<A> display interface vlanif 10
Vlanif10 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500, The Holdoff Timer is 20(sec)
Internet Address is 10.100.100.100/24
----End
Configuration Files
#
sysname A
#
vlan batch 10
#
interface Vlanif10
ip address 10.100.100.100 255.255.255.0
damping time 20
#
#
#
return
5.4.4 VLAN Mapping Configuration

This chapter describes the basic knowledge, methods, and examples for configuring VLAN
mapping.
Example for Configuring Mapping of Single VLAN Tag
As shown in Figure 5-88, users in VLAN 6 need to communicate with user 5 through VLAN
10, that is, the ISP network.

Figure 5-88 Networking diagram for configuring VLAN mapping of single VLAN tag
ISP
VLAN10
S9300-C S9300-D
GE1/0/1 GE1/0/1
S9300-A S9300-B
GE1/0/1 GE2/0/2
VLAN6 VLAN5
GE3/0/1 GE3/0/2 GE3/0/1 GE3/0/2
172.16.0.1/16 172.16.0.2/16 172.16.0.3/16 172.16.0.5/16 172.16.0.6/16 172.16.0.7/16
1. Create VLANs on S9300-A, S9300-B, S9300-C, and S9300-D.
2. Add interfaces of 9300-A, S9300-B, S9300-C, and S9300-D to the corresponding VLANs.
3. Configure VLAN mapping of single tag on GE 1/0/1 of S9300-A.
4. Configure VLAN mapping of single tag on GE 2/0/2 of S9300-B.
Data Preparation
l VLAN to be created on S9300-A: VLAN 6
l VLAN to be created on S9300-B: VLAN 5
l VLAN to be created on S9300-C and S9300-D: VLAN 10
Procedure
Step 1 Create VLANs on the S9300s.
# Create VLAN 6 on S9300-A.
[S9300-A] vlan 6
# Create VLAN 5 on S9300-B.

[S9300-B] vlan 5
# Create VLAN 10 on S9300-C.

[S9300-C] vlan 10
# Create VLAN 10 on S9300-D.

[Quidway] sysname S9300-D
[S9300-D] vlan 10
Step 2 Add interfaces to VLANs.
# Add GE 3/0/1 and GE 3/0/2 of S9300-A to VLAN 6.

[S9300-A-Gigabitethernet3/0/1] port link-type trunk
[S9300-A-Gigabitethernet3/0/1] port trunk allow-pass vlan 6
[S9300-A-Gigabitethernet3/0/2] port link-type trunk
[S9300-A-Gigabitethernet3/0/2] port trunk allow-pass vlan 6
# Add GE 1/0/1 of S9300-A to VLAN 6.

[S9300-A-GigabitEthernet1/0/1] port link-type trunk
[S9300-A-GigabitEthernet1/0/1] port trunk allow-pass vlan 6
# Add GE 3/0/1 and GE 3/0/2 of S9300-B to VLAN 5.

[S9300-B-Gigabitethernet3/0/1] port link-type trunk
[S9300-B-Gigabitethernet3/0/1] port trunk allow-pass vlan 5
[S9300-B-Gigabitethernet3/0/2] port link-type trunk
[S9300-B-Gigabitethernet3/0/2] port trunk allow-pass vlan 5
# Add GE 2/0/2 of S9300-B to VLAN 5.

[S9300-B-GigabitEthernet2/0/2] port link-type trunk
[S9300-B-GigabitEthernet2/0/2] port trunk allow-pass vlan 5
# Add GE 1/0/1 of S9300-C to VLAN 10.

[S9300-C-Gigabitethernet1/0/1] port link-type trunk
[S9300-C-Gigabitethernet1/0/1] port trunk allow-pass vlan 10
[S9300-C-Gigabitethernet1/0/1] quit
# Add GE 1/0/1 of S9300-D to VLAN 10.

[S9300-D] interface gigabitethernet 1/0/1
[S9300-D-Gigabitethernet1/0/1] port link-type trunk
[S9300-D-Gigabitethernet1/0/1] port trunk allow-pass vlan 10
[S9300-D-Gigabitethernet1/0/1] quit
Step 3 Configure VLAN mapping of single tag on the S9300s.

# Configure VLAN mapping of single tag on GE 1/0/1 of S9300-A.

[S9300-A-GigabitEthernet1/0/1] port vlan-mapping vlan 10 map-vlan 6
# Configure VLAN mapping of single tag on GE 2/0/2 of S9300-B.

[S9300-B-GigabitEthernet2/0/2] port vlan-mapping vlan 10 map-vlan 5

Run the display vlan 6 command on S9300-A, and you can obtain the following information:
[S9300-A] display vlan 6
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
6 common enable enable forward forward forward default
----------------
Tagged Port: GigabitEthernet1/0/1 GigabitEthernet3/0/1

GigabitEthernet3/0/2
----------------
QinQ-map Port: GigabitEthernet1/0/1
----------------
Interface Physical
GigabitEthernet1/0/1 UP
The hosts in VLAN 6 and the hosts in VLAN 5 can ping each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 6
#
port vlan-mapping vlan 10 map-vlan 6
#
#
#
return

#
sysname S9300-B
#
vlan batch 5
#
#


#
#
return

#
sysname S9300-C
#
vlan batch 10
#
#
return

#
sysname S9300-D
#
vlan batch 10
#
#
return
Example for Configuring Mapping of Double VLAN Tags
As shown in Figure 5-89, outer VLAN ID 100 and inner VLAN ID 10 are assigned to Enterprise
A; outer VLAN ID 200 and inner VLAN ID 20 are assigned to Enterprise B. Hosts in Enterprise
A and Enterprise B communicate through the ISP network. Outer VLAN ID 300 and inner VLAN
30 assigned to the ISP network.
Figure 5-89 Networking diagram for configuring VLAN mapping of double VLAN tags
ISP
Outer: VLAN 300
Inner: VLAN 30
S9300-C S9300-D
GE1/0/1 GE1/0/2
S9300-A
GE1/0/1 GE1/0/2 S9300-B
Enterprise A
Enterprise B
Outer: VLAN 100
Outer: VLAN 200
Inner: VLAN 10
Inner: VLAN 20

3. Configure VLAN mapping of double tags on GE 1/0/1 of S9300-A.
4. Configure VLAN mapping of double tags on GE 1/0/2 of S9300-A.
Data Preparation
Procedure
[S9300-A] vlan 100

[S9300-B] vlan 200

[S9300-C] vlan 300

[S9300-D] vlan 300




# Add GE 1/0/2 on S9300-D to VLAN 300.

Step 3 Configure VLAN mapping of double tags on the S9300s.

# Configure VLAN mapping of double tags on GE 1/0/1 of S9300-A.
[S9300-A-GigabitEthernet1/0/1] port vlan-mapping vlan 300 inner-vlan 30 map-vlan
100 map-inner-vlan 10
# Configure VLAN mapping of double tags on GE 1/0/2 of S9300-B.

[S9300-B] interface GigabitEthernet 1/0/2
[S9300-B-GigabitEthernet1/0/2] port vlan-mapping vlan 300 inner-vlan 30 map-vlan
200 map-inner-vlan 20

The hosts in Enterprise A and the hosts in Enterprise B can communicate with each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 100
#
port vlan-mapping vlan 300 inner-vlan 30 map-vlan 100 map-inner-vlan 10
#
return

#
sysname S9300-B
#
vlan batch 200
#
port vlan-mapping vlan 300 inner-vlan 30 map-vlan 200 map-inner-vlan 20
#
return

#
sysname S9300-C
#
vlan batch 300
#


#
return

#
sysname S9300-D
#
vlan batch 300
#
#
return
Example for Configuring Flow-based VLAN Mapping
As shown in Figure 5-90, outer VLAN ID 100 and inner VLAN ID 10 are assigned Enterprise
A; outer VLAN ID 200 and inner VLAN ID 20 are assigned to Enterprise B. Hosts in Enterprise
A and Enterprise B communicates through the ISP network. Outer VLAN ID 300 and inner
VLAN 30 assigned to the ISP network.
Figure 5-90 Networking diagram for configuring flow-based VLAN mapping
ISP
Outer: VLAN 300
Inner: VLAN 30
S9300-C S9300-D
GE1/0/1 GE1/0/2
S9300-A
GE1/0/1 GE1/0/2 S9300-B
Enterprise A
Enterprise B
Outer: VLAN 100
Inner: VLAN 10 Outer: VLAN 200
Inner: VLAN 20
2. Create traffic classifiers, traffic behaviors, and traffic policies on S9300-A and S9300-B.
4. Configure flow-based VLAN mapping of double tags on GE 1/0/1 of S9300-A.

5. Configure flow-based VLAN mapping of double tags on GE 1/0/2 of S9300-B.
Data Preparation

Procedure

[S9300-A] vlan 100

[S9300-B] vlan 200

[S9300-C] vlan 300

[S9300-D] vlan 300



# Add GE 1/0/2 on S9300-D to VLAN 300.


Step 3 Configure traffic classifiers, traffic behaviors, and traffic policies.

# On S9300-A, configure the traffic classifier, traffic behavior, and traffic policy applied in the
inbound direction.
[S9300-A] traffic classifier name1 operator and
[S9300-A-classifier-name1] if-match vlan-id 300
[S9300-A-classifier-name1] if-match cvlan-id 30
[S9300-A-classifier-name1] quit
[S9300-A] traffic behavior name1
[S9300-A-behavior-name1] remark vlan-id 100
[S9300-A-behavior-name1] remark cvlan-id 10
[S9300-A-behavior-name1] quit
[S9300-A] traffic policy name1
[S9300-A-trafficpolicy-name1] classifier name1 behavior name1
# On S9300-A, configure the traffic classifier, traffic behavior, and traffic policy applied in the
outbound direction.
[S9300-A] traffic classifier name2 operator and
[S9300-A-classifier-name2] if-match vlan-id 100
[S9300-A-classifier-name2] if-match cvlan-id 10
[S9300-A-behavior-name2] remark vlan-id 300
[S9300-A-behavior-name2] remark cvlan-id 30
# On S9300-B, configure the traffic classifier, traffic behavior, and traffic policy applied in the
inbound direction.
[S9300-B] traffic classifier name1 operator and
[S9300-B-classifier-name1] if-match vlan-id 300
[S9300-B-classifier-name1] if-match cvlan-id 30
[S9300-B-classifier-name1] quit
[S9300-B] traffic behavior name1
[S9300-B-behavior-name1] remark vlan-id 200
[S9300-B-behavior-name1] remark cvlan-id 20
[S9300-B-behavior-name1] quit
[S9300-B] traffic policy name1
[S9300-B-trafficpolicy-name1] classifier name1 behavior name1
# On S9300-B, configure the traffic classifier, traffic behavior, and traffic policy applied in the
outbound direction.
[S9300-B] traffic classifier name2 operator and
[S9300-B-classifier-name2] if-match vlan-id 200
[S9300-B-classifier-name2] if-match cvlan-id 20
[S9300-B-behavior-name2] remark vlan-id 300
[S9300-B-behavior-name2] remark cvlan-id 30
Step 4 Configure flow-based VLAN mapping of double tags on the S9300s.

# Configure flow-based VLAN mapping of double tags on GE 1/0/1 of S9300-A.
[S9300-A-GigabitEthernet1/0/1] traffic-policy name1 inbound
[S9300-A-GigabitEthernet1/0/1] traffic-policy name2 outbound
# Configure flow-based VLAN mapping of double tags on GE 1/0/2 of S9300-B.

[S9300-B] interface GigabitEthernet 1/0/2
[S9300-B-GigabitEthernet1/0/2] traffic-policy name1 inbound
[S9300-B-GigabitEthernet1/0/2] traffic-policy name2 outbound

The hosts in Enterprise A and the hosts in Enterprise B can communicate with each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 100
#
traffic classifier name1 operator and precedence 5
if-match 1 vlan-id 300
if-match 2 cvlan-id 30
#
traffic behavior name1
remark vlan-id 100
remark cvlan-id 10
remark vlan-id 300
remark cvlan-id 30
#
traffic policy name1
classifier name1 behavior name1
#
traffic-policy name1 inbound
traffic-policy name2 outbound
#
return

#
sysname S9300-B
#
vlan batch 200
#
#
remark vlan-id 200
remark cvlan-id 20
remark vlan-id 300
remark cvlan-id 30
#


#
traffic-policy name2 outbound
#
return

#
sysname S9300-C
#
vlan batch 300
#
#
return

#
sysname S9300-D
#
vlan batch 300
#
#
return
5.4.5 QinQ Configuration

This chapter describes the basic knowledge, methods, and examples for configuring QinQ.
Example for Configuring QinQ on Interfaces
As shown in Figure 5-91, there are two Enterprises on the network, namely, Enterprise 1 and
Enterprise 2. Enterprise 1 has two office locations; Enterprise 2 has three office locations. The
office locations of the two enterprises access S9300-G or S9300-F of the ISP network. The
network of Enterprise 1 is divided into VLAN 2 to VLAN 1500; the network of Enterprise 2 is
divided into VLAN 500 to VLAN 4094. It is required that the office locations of each enterprise
communicate with each other but the two enterprises be isolated from each other.

Figure 5-91 Networking diagram for configuring QinQ on interfaces
Enterprise 2 Enterprise 2
GE1/0/1 GE2/0/1
S9300-G
…… GE3/0/1 ……
GE4/0/1
S9300-F
VLAN1000 VLAN4094 VLAN500 VLAN2500
GE1/0/1 GE3/0/1
GE2/0/1
…… …… ……
VLAN1000 VLAN2000 VLAN100 VLAN1500

VLAN2 VLAN500
Enterprise 1 Enterprise 2 Enterprise 1
1. Create VLAN 10 and VLAN 20 on S9300-F; create VLAN 20 on S9300-G.

2. Set GE 1/0/1, GE 2/0/1, and GE 3/0/1 of S9300-F as QinQ interfaces.
3. Set GE 1/0/1 and GE 2/0/1 of S9300-G as QinQ interfaces.
4. Add GE 4/0/1 of S9300-F and GE 3/0/1 of S9300-G to VLAN 20 in tagged mode.
Data Preparation
l VLAN 10 assigned to Enterprise 1 on the ISP network

l VLAN 20 assigned to Enterprise 2 on the ISP network.
Procedure
Step 1 Create VLANs.
# Create VLAN 10 and VLAN 20 on S9300-F.

[Quidway] sysname S9300-F
[S9300-F] vlan batch 10 20
# Create VLAN 20 on S9300-G.

[Quidway] sysname S9300-G
[S9300-G] vlan 20
Step 2 Set the interfaces as QinQ interfaces.
# Set GE 1/0/1, GE 2/0/1, and GE 3/0/1 of S9300-F as QinQ interfaces. Set the VLAN ID of the
outer VLAN tag added by GE 1/0/1 and GE 3/0/1/ to VLAN 10; set the VLAN ID of the outer
VLAN tag added by GE 2/0/1 to VLAN 20.
[S9300-F] interface gigabitethernet 1/0/1
[S9300-F-GigabitEthernet1/0/1] port link-type dot1q-tunnel
[S9300-F-GigabitEthernet1/0/1] port default vlan 10
[S9300-F-GigabitEthernet1/0/1] quit
# Set GE 1/0/1 and GE 2/0/1 of S9300-G as QinQ interfaces; set the VLAN ID of the outer
VLAN tags added by GE 1/0/1 and GE 2/0/1/ to VLAN 20.
[S9300-G] interface gigabitethernet 1/0/1
[S9300-G-GigabitEthernet1/0/1] port link-type dot1q-tunnel
[S9300-G-GigabitEthernet1/0/1] port default vlan 20
[S9300-G-GigabitEthernet1/0/1] quit
[S9300-G-GigabitEthernet2/0/1] port link-type dot1q-tunnel
[S9300-G-GigabitEthernet2/0/1] port default vlan 20
Step 3 Configure other interfaces.
# Add GE 4/0/1 of S9300-F to VLAN 20.

[S9300-F-GigabitEthernet4/0/1] port link-type trunk
[S9300-F-GigabitEthernet4/0/1] port trunk allow-pass vlan 20
# Add GE 3/0/1 of S9300-G to VLAN 20.

[S9300-G-GigabitEthernet3/0/1] port link-type trunk
[S9300-G-GigabitEthernet3/0/1] port trunk allow-pass vlan 20
Ping a remote host on the same VLAN in another office location of Enterprise 1 from a host of
Enterprise 1. If it can ping the remote host, it indicates that hosts in different locations of
Enterprise 1 can communicate with each other.
Ping a remote host on the same VLAN in another office location of Enterprise 2 from a host of
Enterprise 2. If it can ping the remote host, it indicates that hosts in different locations of
Enterprise 2 can communicate with each other.

Ping a host of Enterprise 2 from a host in any office location of Enterprise 1. If it fails to ping
the host of Enterprise 2, it indicates that the two enterprises are isolated from each other.
----End
Configuration Files
#
sysname S9300-F
#
vlan batch 10 20
#
port link-type dot1q-tunnel
#
#
#
#
return
l Configuration file of S9300-G

#
sysname S9300-G
#
vlan batch 20
#
#
#
#
return
Example for Configuring Selective QinQ (I)
As shown in Figure 5-92, User 1 and User 2 belong to different networks. They need to
communicate with each other through the ISP network. Two types of users exist on the network
of User 1, namely, common access users (PC1) and multicast users (TV1). Only one kind of
users exist on the network of User 2, namely, VIP user (PC2), for example, Internet cafe. It is
required that the common access users, the multicast users, and the VIP users be isolated from

each other but each type of users can communicate remotely. Each kind of users correspond to
a QoS level. The VIP users and multicast users must enjoy highest QoS level.
Figure 5-92 Typical networking of selective QinQ
PC1
User 1 User 2
PC2
TV1 GE1/0/1 GE2/0/1
GE1/0/3
S9300-A GE2/0/3 S9300-B

GE1/0/2 GE2/0/2
User 2
User 1
PC1
PC2
TV1
1. Create VLAN 2 and VLAN 3 on S9300-A; create VLAN 2 and VLAN 3 on S9300-B.
2. Set GE 1/0/1 and GE 1/0/2 of S9300-A as hybrid interfaces and enable selective QinQ.
3. Set GE 2/0/1 and GE 2/0/2 of S9300-B as hybrid interfaces and enable selective QinQ.
4. Add GE 1/0/3 of S9300-A and GE 2/0/3 of S9300-B to VLAN 2 and VLAN 3 in tagged
mode.
Data Preparation
l VLAN 10 to VLAN 30 that PC1 belongs to
l VLAN 31 to VLAN 50 that TV1 belongs to
l VLAN 51 to VLAN 60 that PC2 belongs to
l VLAN 2 assigned to User 1 on the public network
l VLAN 3 assigned to User 2 on the public network
Procedure
Step 1 Create VLANs.
# On S9300-A, create VLAN 2 and VLAN 3, that is, the VLAN IDs of the outer VLAN tag to
be added.

# On S9300-B, create VLAN 2 and VLAN 3, that is, the VLAN IDs of the outer VLAN tag to
be added.
[S9300-B] vlan batch 2 3
Step 2 Configure the selective QinQ on the interface.

# Configure GE 1/0/1 of S9300-A.
[S9300-A-GigabitEthernet1/0/1] port link-type hybrid
[S9300-A-GigabitEthernet1/0/1] port vlan-stacking vlan 10 to 30 stack-vlan 2

# Configure GE 2/0/1 of S9300-B.

[S9300-B-GigabitEthernet2/0/1] port link-type hybrid
[S9300-B-GigabitEthernet2/0/1] port hybrid untagged vlan 3
[S9300-B-GigabitEthernet2/0/1] port vlan-stacking vlan 51 to 60 stack-vlan 3


# Add GE 1/0/3 of S9300-A to VLAN 2 and VLAN 3.
[S9300-A-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 3
# Add GE 2/0/3 of S9300-B to VLAN 2 and VLAN 3.

[S9300-B-GigabitEthernet2/0/3] port trunk allow-pass vlan 2 3

# Display the configuration of the interfaces on S9300-A.
<S9300-A> display current-configuration interface gigabitethernet 1/0/1
#

port vlan-stacking vlan 10 to 50 stack-vlan 2
#
return
#
#
return
#
#
return
# Display the configuration of the interfaces on S9300-B.

<S9300-B> display current-configuration interface gigabitethernet 2/0/1
#
#
return
#
#
return
#
#
return
If the configurations on S9300-A and S9300-B are correct, you can obtain the following
information:
l PC1 users on the network of User 1 can communicate with each other.
l TV1 users on the network of User 1 can communicate with each other.
l PC1 users and TV1 users are separated from each other.
l The networks of User 1 and User 2 are isolated from each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 2 to 3

#
#
#
#
return

#
sysname S9300-B
#
vlan batch 2 to 3
#
#
#
#
return
Example for Configuring Flow-based Selective QinQ
As shown in Figure 5-93, User 1 and User 2 belong to different networks. They need to
communicate with each other through the ISP network. Two types of users exist on the network
of User 1, namely, common access users (PC1) and multicast users (TV1). Only one kind of
users exist on the network of User 2, namely, VIP user (PC2), for example, Internet cafe. It is
required that the common access users, the multicast users, and the VIP users be isolated from
each other but each type of users can communicate remotely. Each kind of users correspond to
a QoS level. The VIP users and multicast users must enjoy highest QoS level.

Figure 5-93 Typical networking of selective QinQ
PC1
User 1 User 2
PC2
TV1 GE1/0/1 GE2/0/1
GE1/0/3
S9300-A GE2/0/3 S9300-B

GE1/0/2 GE2/0/2
User 2
User 1
PC1
PC2
TV1
1. Create VLAN 2 and VLAN 3 on S9300-A; create VLAN 2 and VLAN 3 on S9300-B.
2. Set GE 1/0/1 and GE 1/0/2 of S9300-A as hybrid interfaces and configure flow-based
selective QinQ on the interfaces.
3. Set GE 2/0/1 and GE 2/0/2 of S9300-B as hybrid interfaces and configure flow-based
selective QinQ on the interfaces.
4. Add GE 1/0/3 of S9300-A and GE 2/0/3 of S9300-B to VLAN 2 and VLAN 3 in tagged
mode.
Data Preparation
l VLANs that PC1 users belong to: VLAN 10 to VLAN 30

l VLANs that users of TV1 belong to: VLAN 31 to VLAN 50
l VLANs that PC2 users belong to: VLAN 51 VLAN 60
l VLAN assigned to the network of User 1 on the ISP network: VLAN 2
l VLAN assigned to the network of User 2 on the ISP network: VLAN 3
Procedure
Step 1 Create VLAN 2 and VLAN 3.
# On S9300-A, create VLAN 2 and VLAN 3, that is, the VLAN IDs of the outer VLAN tag to
be added.

# On S9300-B, create VLAN 2 and VLAN 3, that is, the VLAN IDs of the outer VLAN tag to
be added.
[S9300-B] vlan batch 2 3
Step 2 Configure traffic policies on the S9300s.
# Configure traffic policies on S9300-A.

[S9300-A] traffic classifier name1
[S9300-A-classifier-name1] if-match vlan-id 10 to 30
[S9300-A-behavior-name1] nest top-most vlan-id 2
[S9300-A-trafficpolicy-name1] quit
[S9300-A] traffic classifier name2
[S9300-A-behavior-name2] nest top-most vlan-id 3
[S9300-A-trafficpolicy-name2] quit
# Configure traffic policies on S9300-B.

[S9300-B] traffic classifier name1
[S9300-B-classifier-name1] if-match vlan-id 10 to 30
[S9300-B-behavior-name1] nest top-most vlan-id 2
[S9300-B-trafficpolicy-name1] quit
[S9300-B] traffic classifier name2
[S9300-B-behavior-name2] nest top-most vlan-id 3
[S9300-B-trafficpolicy-name2] quit
Step 3 Configure selective QinQ on the interfaces.






# Add GE 1/0/3 of S9300-A to VLAN 2 and VLAN 3.
[S9300-A-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 3
# Add GE 2/0/3 of S9300-B to VLAN 2 and VLAN 3.

[S9300-B-GigabitEthernet2/0/3] port trunk allow-pass vlan 2 3

# Display the configuration of the interfaces on S9300-A.
#
#
return
#
#
return
#
#
return
# Display the configuration of the interfaces on S9300-B.

#


#
return
#
#
return
#
#
return
If the configurations on S9300-A and S9300-B are correct, you can obtain the following
information:
l TV1 users on the network of User 1 can communicate with each other.
l PC1 users and TV1 users are separated from each other.
l The networks of User 1 and User 2 are isolated from each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 2 to 3
#
traffic classifier name1 operator or precedence 5
if-match 1 vlan-id 10 to 30
#
nest top-most vlan-id 2
#
#
#
#


#
return

#
sysname S9300-B
#
vlan batch 2 to 3
#
#
#
#
#
#
#
return
5.4.6 MAC Address Table Configuration

This chapter describes the basic knowledge, methods, and examples for configuring the MAC
address table.
Example for Configuring the MAC Address Table
As shown in Figure 5-94, the MAC address of the user host PC1 is 0002-0002-0002 and the
MAC address of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the
S9300 through the LSW. The LSW is connected to GE 1/0/1 of the S9300. Interface GE 1/0/1
belongs to VLAN 2. The MAC address of the server is 0004-0004-0004. The server is connected
to GE 1/0/2 of the S9300. Interface GE 1/0/2 belongs to VLAN 2.
l To prevent hackers from attacking the network with MAC addresses, you need to add a
static entry to the MAC table of the S9300 for each user host. When sending packets through
GE 1/0/1, the S9300 changes the VLAN ID to VLAN 4 to which the LSW belongs. In
addition, you need to set the aging time of the dynamic entries in the MAC address table
to 500 seconds.

l To prevent hackers from forging the MAC address of the server and stealing user
information, you can configure the packet forwarding based on static MAC address entries
on the S9300.
Figure 5-94 Networking diagram for configuring the MAC address table
MAN Server
S9300 MAC address: 4-4-4

GE1/0/2
VLAN2
GE1/0/1
LSW VLAN4
PC1 PC2
MAC address: 2-2-2 MAC address: 3-3-3
1. Create a VLAN and add interfaces to the VLAN.

2. Add static MAC address entries.
3. Set the aging time of dynamic MAC address entries.
Data Preparation
l MAC address of PC1: 0002-0002-0002

l MAC address of PC2: 0003-0003-0003
l MAC address of the server: 0004-0004-0004
l VLAN to which the S9300 belongs: VLAN 2
l Interface connecting the S9300 to the LSW: GE 1/0/1
l Interface connecting the S9300 to the server: GE 1/0/2
l VLAN ID required to be changed to when the S9300 sends packets through the outgoing
interface: VLAN 4
l Aging time of dynamic entries in the MAC address table of the S9300: 500 seconds

Procedure
Step 1 Add static MAC address entries.
# Create VLAN 2; add GE 1/0/1 1/0/2 to VLAN 2; configure VLAN mapping on GE 1/0/1.
[Quidway] vlan 2
[Quidway-GigabitEthernet1/0/1] port vlan-mapping vlan 4 map-vlan 2
# Configure static MAC address entries.

[Quidway] mac-address static 2-2-2 gigabitethernet 1/0/1 vlan 2
Step 2 Set the aging time of dynamic MAC address entries.

[Quidway] mac-address aging-time 500

# Run the display mac-address command in any view. You can check whether the static MAC
address entries are successfully added.
[Quidway] display mac-address static vlan 2
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
0004-0004-0004 2 - - GE1/0/2 static -
0003-0003-0003 2 - - GE1/0/1 static -
0002-0002-0002 2 - - GE1/0/1 static -
-------------------------------------------------------------------------------
Total matching items displayed = 3
# Run the display mac-address aging-time command in any view. You can check whether the
aging time of dynamic entries is set successfully.
[Quidway] display mac-address aging-time
Aging time: 500 seconds
----End
Configuration Files
#
sysname Quidway
#
vlan batch 2
#
mac-address aging-time 500
#


mac-address static 0002-0002-0002 GigabitEthernet1/0/1 vlan 2
#
#
return
Example for Configuring the Limitation on MAC Address Learning Based on

VLAN
As shown in Figure 5-95, user network 1 is connected to GE 1/0/1 on the S9300 through an
LSW. User network 2 is connected to GE 2/0/1 on the S9300 through another LSW. GE 1/0/1
and GE 2/0/1 belong to VLAN 2. To prevent MAC address attacks and control the number of
access users, you need to limit the MAC address learning in VLAN 2.
Figure 5-95 Networking diagram for configuring the limitation on MAC address learning based
on VLAN
MAN
S9300
GE1/0/1 GE2/0/1
User User
network 1 VLAN 2 network 2

2. Configure the limitation on MAC address learning based on the VLAN.
Data Preparation
l VLAN to which the interfaces belong: VLAN 2
l User interfaces: GE 1/0/1 and GE 2/0/1
l Maximum number of learned MAC addresses: 100
Procedure
Step 1 Configure the limitation on MAC address learning.
[Quidway] vlan 2
[Quidway–vlan2] quit
# Configure the rule of limiting MAC address learning in VLAN 2: A maximum of 100 MAC
addresses can be learned; packets are still forwarded and an alarm is generated when the number
of learned MAC addresses reaches the limit, but new MAC addresses are not added to the MAC
address table.
[Quidway-vlan2] mac-limit maximum 100 action forward alarm enable

# Run the display mac-limit command in any view. You can check whether the rule of limiting
MAC address learning is successfully configured.
[Quidway] display mac-limit
MAC Limit is enabled
Total MAC Limit rule count : 2
PORT VLAN/VSI Maximum Rate(ms) Action Alarm

----------------------------------------------------------------------------
- 2 100 - forward enable
----End
Configuration Files
#
sysname Quidway
#
vlan batch 2
#
vlan 2
mac-limit maximum 100

#
#
#
return
Example for Configuring the Limitation on MAC Address Learning Based on VSI
To ensure the security for the users within the VSI, configure the limitation on MAC address
learning in the VSI named huawei.
Figure 5-96 Networking diagram for configuring the limitation on MAC address learning based
on VSI
VSI : huawei Simulated VSI : huawei

VLAN
User User
network 1 network 2
1. Create a VSI.
2. Configure the limitation on MAC address learning based on the VSI.
Data Preparation
l Name of the VSI: huawei
l Maximum number of learned MAC addresses: 300

Procedure
Step 1 Create a VSI.
# Create a VSI named huawei.

[Quidway] vsi huawei static
Step 2 Configure the limitation on MAC address learning in the VSI.
# Configure the rule of limiting MAC address learning for the VSI: A maximum of 300 MAC
addresses can be learned; extra packets are directly discarded and alarms are generated.
[Quidway-vsi-huawei] mac-limit maximum 300 action discard alarm enable
[Quidway-vsi-huawei] quit
# Run the display mac-limit command in any view. You can check whether the rule of limiting
MAC address learning is successfully configured.
[Quidway] display mac-limit
MAC Limit is enabled
Total MAC Limit rule count : 1
PORT VLAN/VSI Maximum Rate(ms) Action Alarm

----------------------------------------------------------------------------
- huawei 300 - discard enable
----End
Configuration Files
#
sysname Quidway
#
vsi huawei static
mac-limit maximum 300
#
return
5.4.7 MSTP Configuration

This chapter describes the basic knowledge, methods, and examples for configuring the
Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning
Tree Protocol (MSTP).
Example for Configuring Basic MSTP Functions
S9300A, S9300B, S9300C, and S9300D run MSTP. In this example, MSTP runs on Layer 2
interfaces of the S9300s.

Figure 5-97 Networking diagram for configuring basic MSTP functions
S9300A S9300B
GE6/0/2 GE6/0/2
GE6/0/1 GE6/0/1
GE2/0/1 GE2/0/1
S9300C GE1/0/2 S9300D

GE1/0/2
GE1/0/1 GE1/0/1
1. Add S9300A and S9300C to MST region RG1, and create MSTI1.
2. Add S9300B and S9300D to MST region RG2, and create MSTI1.
3. Configure S9300A as the CIST root.
4. In RG1, configure S9300A as the CIST regional root and regional root of MSTI1. Configure
the root protection function on GE 6/0/2 and the GE 6/0/1 on S9300A.
5. In RG2, configure S9300B as the CIST regional root and S9300D as the regional root of
MSTI1.
6. On S9300C and S9300D, connect GE 1/0/1 to a PC and configure GE 1/0/1 as an edge port.
Enable BPDU protection on S9300C and S9300D.
7. Configure the S9300s to calculate the path cost by using the algorithm of Huawei.
Data Preparation
l Region that S9300A and S9300C belong to: RG1

l Region that S9300B and S9300D belong to: RG2
l Numbers of the GE interfaces, as shown in Figure 5-97
l VLAN IDs: 1-20
Procedure
# Configure the MST region on S9300A.

[S9300A] stp region-configuration

[S9300A-mst-region] region-name RG1

[S9300A-mst-region] instance 1 vlan 1 to 10
# Activate the configuration of the MST region.

[S9300A-mst-region] check region-configuration
[S9300A-mst-region] active region-configuration
[S9300A-mst-region] quit
# Set the priority of S9300A in MSTI0 to 0 to ensure that S9300A functions as the CIST root.
[S9300A] stp instance 0 priority 0
# Set the priority of S9300A in MSTI1 to 1 to ensure that S9300A functions as the regional root
of MSTI1.
[S9300A] stp instance 1 priority 0
# Configure S9300A to use Huawei private algorithm to calculate the path cost.
[S9300A] stp pathcost-standard legacy
# Create VLANs 2 to 20.

[S9300A] vlan batch 2 to 20
# Add GE 6/0/2 to the VLANs.

[S9300A] interface GigabitEthernet 6/0/2
[S9300A-GigabitEthernet6/0/2] port link-type trunk
[S9300A-GigabitEthernet6/0/2] port trunk allow-pass vlan 1 to 20

[S9300A-GigabitEthernet6/0/1] port trunk allow-pass vlan 1 to 20
# Enable root protection on the GE 6/0/1.

[S9300A-GigabitEthernet6/0/1] stp root-protection
# Enable root protection on the GE 6/0/2.

[S9300A-GigabitEthernet6/0/2] stp root-protection
# Enable MSTP.
[S9300A] stp enable

# Configure the MST region on S9300B.
[S9300B] stp region-configuration
[S9300B-mst-region] region-name RG2
[S9300B-mst-region] instance 1 vlan 1 to 10

[S9300B-mst-region] check region-configuration
[S9300B-mst-region] active region-configuration
[S9300B-mst-region] quit

# Set the priority of S9300B in MSTI0 to 4096 to ensure that S9300B functions as the CIST
root.
[S9300B] stp instance 0 priority 4096
# Configure S9300B to use Huawei private algorithm to calculate the path cost.
[S9300B] stp pathcost-standard legacy

[S9300B] vlan batch 2 to 20

[S9300B] interface GigabitEthernet 6/0/1
[S9300B-GigabitEthernet6/0/1] port link-type trunk
[S9300B-GigabitEthernet6/0/1] port trunk allow-pass vlan 1 to 20

[S9300B] interface GigabitEthernet 6/0/2
[S9300B-GigabitEthernet6/0/2] port trunk allow-pass vlan 1 to 20
# Enable MSTP.
[S9300B] stp enable
Step 3 Configure S9300C.

# Configure the MST region on S9300C.
[S9300C] stp region-configuration
[S9300C-mst-region] region-name RG1
[S9300C-mst-region] instance 1 vlan 1 to 10

[S9300C-mst-region] check region-configuration
[S9300C-mst-region] active region-configuration
[S9300C-mst-region] quit
# Configure S9300C to use Huawei private algorithm to calculate the path cost.
[S9300C] stp pathcost-standard legacy
# Enable BPDU protection.

[S9300C] stp bpdu-protection

[S9300C] vlan batch 2 to 20

[S9300C] interface GigabitEthernet 1/0/2
[S9300C-GigabitEthernet1/0/2] port link-type trunk
[S9300C-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20

[S9300C-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20

# Configure GE 1/0/1 as an edge port.

[S9300C-GigabitEthernet1/0/1] stp edged-port enable
# Enable MSTP.
[S9300C] stp enable
Step 4 Configure S9300D.
# Configure the MST region on S9300D.

[S9300D] stp region-configuration
[S9300D-mst-region] region-name RG2
[S9300D-mst-region] instance 1 vlan 1 to 10

[S9300D-mst-region] check region-configuration
[S9300D-mst-region] active region-configuration
[S9300D-mst-region] quit
# Set the priority of S9300D in MSTI1 to 0 to ensure that S9300D functions as the regional root
of MSTI1.
[S9300D] stp instance 1 priority 0
# Configure S9300D to use Huawei private algorithm to calculate the path cost.
[S9300D] stp pathcost-standard legacy
# Enable BPDU protection.

[S9300D] stp bpdu-protection

[S9300D] vlan batch 2 to 20

[S9300D] interface gigabitEthernet 1/0/2
[S9300D-GigabitEthernet1/0/2] port link-type trunk
[S9300D-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 20

[S9300D] interface GigabitEthernet 2/0/1
[S9300D-GigabitEthernet2/0/1] port link-type trunk
[S9300D-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20
# Configure GE 1/0/1 as an edge port.

[S9300D] interface GigabitEthernet 1/0/1
[S9300D-GigabitEthernet1/0/1] stp edged-port enable
# Enable MSTP.
[S9300D] stp enable


After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration.
# Run the display stp brief command on S9300A to view the status and protection type on the
interfaces. The displayed information is as follows:
<S9300A> display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet6/0/2 DESI FORWARDING ROOT
The priority of S9300A is the highest in the CIST; therefore, S9300A is elected as the CIST root
and regional root of RG1. GE 6/0/2 and GE 6/0/1 of S9300A are designated ports in the CIST.
The priority of S9300A in MSTI1 is the highest in RG1; therefore, S9300A is elected as the
regional root of S9300A. GE 6/0/2 and GE 6/0/1 of S9300A are designated ports in MSTI1.
# Run the display stp interface brief commands on S9300C. The displayed information is as
follows:
<S9300C> display stp interface GigabitEthernet 2/0/1 brief
0 GigabitEthernet2/0/1 ROOT FORWARDING NONE
<S9300C> display stp interface GigabitEthernet 1/0/2 brief
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
GE 2/0/1 of S9300C is the root port in the CIST and MSTI1. GE 1/0/2 of S9300C is a designated
port in the CIST and MSTI1.
# Run the display stp brief command on S9300B. The displayed information is as follows:
<S9300B> display stp brief
1 GigabitEthernet6/0/2 MAST FORWARDING NONE
The priority of S9300B in the CIST is lower than that of S9300A; therefore, GE 6/0/2 of S9300B
functions as the root port in the CIST. S9300A and S9300B belong to different regions; therefore,
GE 6/0/2 of S9300B functions as the master port in MSTI1. In MSTI1, the priority of S9300B
is lower than that of S9300D; therefore, GE 6/0/1 of S9300B functions as the root port. The
priority of S9300B in the CIST is higher than that of S9300B; therefore, GE 6/0/1 of S9300B
functions as the designated port in the CIST.
# Run the display stp interface brief commands on S9300D. The displayed information is as
follows:
<S9300D> display stp interface GigabitEthernet 2/0/1 brief
<S9300D> display stp interface GigabitEthernet 1/0/2 brief
0 GigabitEthernet1/0/2 ALTE DISCARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
On S9300D, GE 1/0/2 functions as the alternate port in the CIST. S9300D and S9300C are in
different regions; therefore, GE 1/0/2 of S9300D also functions as the alternate port in MSTI1.

GE 2/0/1 of S9300D is the root port in the CIST. The priority of S9300D is higher than that of
S9300B in MSTI1; therefore, GE 2/0/1 also functions as the designated port in MSTI1.
----End
Configuration Files
#
sysname S9300A
#
vlan batch 2 to 20
#
stp instance 0 priority 0
stp pathcost-standard legacy
stp enable
stp region-configuration
region-name RG1
instance 1 vlan 1 to 10
active region-configuration
#
stp root-protection
#
stp root-protection
#
return

#
sysname S9300B
#
vlan batch 2 to 20
#
stp enable
region-name RG2
#
#
#
return

#
sysname S9300C
#
vlan batch 2 to 20
#
stp bpdu-protection
stp enable

region-name RG1
#
stp edged-port enable
#
#
#
return
l Configuration file of S9300D

#
sysname S9300D
#
vlan batch 2 to 20
#
stp bpdu-protection
stp enable
region-name RG2
#
stp edged-port enable
#
#
#
Return
5.4.8 BPDU Tunnel Configuration

This chapter describes the basic knowledge, methods, and examples for configuring BPDU
tunnel.
Example for Configuring Port-based BPDU Tunnels (Different Roles)
As shown in Figure 5-98, the CE devices communicate with each other through the PE devices.
BPDUs of the CE devices are transmitted through the ISP network. Each port of a PE device is
connected to only one CE device. Therefore, BPDUs sent from a CE device to a PE device do
not contain VLAN tags. In this case, you can configure port-based BPDU tunnels.

In this example, the CE and PE devices play different roles, and the PE devices can transparently
transmit BPDUs from the CE devices.
l The CE devices function as customer bridges. The default destination MAC address of
BPDUs sent from the CE devices is 0180-C200-0000.
l The PE devices function as the provider bridges. The default destination MAC address of
BPDUs sent from the PE devices is 0180-C200-0008.
Figure 5-98 Networking diagram for configuring port-based BPDU tunnels (different roles)
VLAN100 VLAN100
CE1 CE2
GE 1/0/0
GE 1/0/0
PE1 PE2
GE 1/0/0 GE 1/0/2 GE 1/0/0
GE 1/0/1 GE 1/0/2 GE 1/0/1
GE 1/0/0
GE 1/0/0
CE3 CE4
VLAN200 VLAN200
1. Enable STP on the CE and PE devices.

2. Add the PE interfaces at the CE side to the specified VLANs.
3. Disable STP on the PE interfaces at the CE side and configure the PE devices as providers
to transparently transmit BPDUs.
4. Configure the PE interfaces at the PSN side to allow BPDUs from VLAN 100 and VLAN
200 to pass through.
Data Preparation
l VLAN IDs of the PE interfaces at the CE side

l IDs of VLANs whose BPDUs are allowed to pass through the PE interfaces at the PSN
side

Procedure
Step 1 Enable spanning tree calculation on the CE and PE devices.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 2 Configure each PE device as a provider.

# Configure PE1.
[PE1] bpdu-tunnel stp bridge role provider
# Configure PE2.
Step 3 Add GE 1/0/0 to VLAN 100 and add GE 1/0/1 to VLAN 200 on PE1 and PE2.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface GigabitEthernet 1/0/0
[PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100
[PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100
[PE1-GigabitEthernet1/0/0] stp disable
[PE1-GigabitEthernet1/0/0] bpdu enable
[PE1-GigabitEthernet1/0/0] quit
[PE1] vlan 200
[PE1-vlan200] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit

[PE2] vlan 200

[PE2-vlan200] quit
Step 4 On the PE devices, configure GE 1/0/2 at the PSN side to allow BPDUs from VLAN 100 and
VLAN 200 to pass through.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port link-type trunk
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
# Configure PE2.

Run the display stp command on CE1 and CE2 to view the roots in the MST region. You can
find that a spanning tree is calculated between CE1 and CE2. GE 1/0/0 of CE1 is a root port and
GE 1/0/0 of CE2 is a designated port.
<CE1> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :6
STP Converge Mode :Fast
Time since last TC received :0 days 2h:24m:36s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----

Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/hello-time
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received :4351
<CE2> display stp

CIST Bridge :32768.00e0-fc9a-4315
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0


Port Role :CIST Designated Port
Port Priority :128
BPDU Sent :4534
BPDU Received :6
find that a spanning tree is calculated between CE3 and CE4. GE 1/0/0 of CE3 is a root port and
GE 1/0/0 of CE4 is a designated port.
<CE3> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-0967-58a0
CIST Root/ERPC :32768.000b-0952-f13e / 199999
CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0
----[Port1(GigabitEthernet1/0/0)][FORWARDING]----
Port Priority :128
Desg. Bridge/Port :32768.000b-0952-f13e / 128.82
BPDU Sent :114
BPDU Received :885
<CE4> display stp

CIST Bridge :32768.000b-0952-f13e
CIST RegRoot/IRPC :32768.000b-0952-f13e / 0
Port Priority :128


BPDU Sent :1834
BPDU Received :1
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
stp enable
#
return

#
sysname CE2
#
stp enable
#
return

#
sysname CE3
#
stp enable
#
return

#
sysname CE4
#
stp enable
#
return
l Configuration file of PE1

#
sysname PE1
#
vlan batch 100 200
#
bpdu-tunnel stp bridge role provider
#
stp enable
#
stp disable
bpdu enable
#
stp disable

bpdu enable
#
port trunk allow-pass vlan 100 200
bpdu enable
#
return

#
sysname PE2
#
vlan batch 100 200
#
#
stp enable
#
stp disable
bpdu enable
#
stp disable
bpdu enable
#
bpdu enable
#
return
Example for Configuring Port-based BPDU Tunnels (Same Role)
BPDUs of the CE devices are transmitted through the ISP network. Each port of a PE device is
connected to only one CE device. Therefore, BPDUs sent from a CE device to a PE device do
not contain VLAN tags. In this case, you can configure port-based BPDU tunnels.
In this example, the CE and PE devices are all configured as customer bridges. The default
destination MAC address of BPDUs is 0180-C200-0000. The PE devices cannot transparently
transmit BPDUs from the CE devices. Therefore, you need to enable the BPDU tunnel function.

Figure 5-99 Networking diagram for configuring port-based BPDU tunnels (same role)
VLAN100 VLAN100
CE1 CE2
GE 1/0/0 GE 1/0/0
PE1 PE2
GE 1/0/0 GE 1/0/2 GE 1/0/0
GE 1/0/1 GE 1/0/2 GE 1/0/1
GE 1/0/0
GE 1/0/0
CE3 CE4
VLAN200 VLAN200
2. Add the PE interfaces at the CE side to the specified VLANs.
3. Disable STP on the PE interfaces at the CE side and enable the BPDU tunnel function on
the PE devices.
Data Preparation
l VLAN IDs of the PE interfaces at the CE side
l IDs of VLANs whose BPDUs are allowed to pass through the PE interfaces at the PSN
side
Procedure
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.

[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 2 Configure the PE devices to change the destination MAC address of the BPDUs sent by the CE
devices.
# Configure PE1.
[PE1] bpdu-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
Step 3 Add GE 1/0/0 to VLAN 100 and add GE 1/0/1 to VLAN 200 on PE1 and PE2. Enable the BPDU
tunnel function on PE1 and PE2.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1-GigabitEthernet1/0/0] bpdu-tunnel stp enable
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] vlan 200
[PE2-vlan200] quit


Step 4 On the PE devices, configure GE 1/0/2 at the PSN side to allow BPDUs from VLAN 100 and
VLAN 200 to pass through.
# Configure PE1.
# Configure PE2.

find that a spanning tree is calculated between CE1 and CE2. GE 1/0/0 of CE1 is a root port,
and CE 1/0/0 of CE2 is a designated port.
<CE1> display stp

Port Priority :128
BPDU Sent :6
BPDU Received :4351
<CE2> display stp



Port Priority :128
BPDU Sent :4534
BPDU Received :6
<CE3> display stp
CIST Bridge :32768.000b-0967-58a0
CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0
Port Priority :128
BPDU Sent :114
BPDU Received :885
<CE4> display stp

CIST Bridge :32768.000b-0952-f13e
CIST RegRoot/IRPC :32768.000b-0952-f13e / 0
Port Priority :128

BPDU Sent :1834

BPDU Received :1
----End
Configuration Files
#
sysname CE1
#
stp enable
#
return

#
sysname CE2
#
stp enable
#
return

#
sysname CE3
#
stp enable
#
return

#
sysname CE4
#
stp enable
#
return

#
sysname PE1
#
vlan batch 100 200
#
bpdu-tunnel stp group-mac 0100-5e00-0011
#
stp enable
#
bpdu-tunnel stp enable
stp disable
#
stp disable
#

#
return
#
sysname PE2
#
vlan batch 100 200
#
#
stp enable
#
stp disable
#
stp disable
#
#
return
Example for Configuring VLAN-based BPDU Tunnels (Same Role)
BPDUs of the CE devices are transmitted through the ISP network. Each port of a PE is a
convergence port. Therefore, the PE devices need to distinguish BPDUs sent from different user
networks according to the VLAN tags of the BPDUs. In this case, you can configure VLAN-
based BPDU tunnels to ensure that:
l All the devices in VLAN 100 participate in calculation of a spanning tree.
In this example, the CE and PE devices are all configured as customer bridges. The default
destination MAC address of BPDUs is 0180-C200-0000. The PE devices cannot transparently
transmit BPDUs from the CE devices. Therefore, you need to enable the BPDU tunnel function.
Figure 5-100 Networking diagram for configuring VLAN-based BPDU tunnels

PE1 P PE2
GE1/0/0 GE1/0/0
GE1/0/0 GE1/0/1
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
GE1/0/0 GE1/0/0 GE1/0/0 GE1/0/0
CE1 CE3 CE2 CE4

VLAN VLAN VLAN VLAN
100 200 100 200

2. Configure BPDUs sent from a CE device to a PE device to contain the specified VLAN
tag.
3. Disable STP on the PE interfaces at the CE side and enable the PE devices to transparently
transmit BPDUs.
5. Configure the Layer 2 forwarding function on the P device to ensure that BPDUs of the PE
devices can be transmitted on the ISP network.
Data Preparation
l VLAN tags in the BPDUs that the CE devices sent to the PE devices
l IDs of the VLANs that the PE interfaces at the CE side belong to
Procedure
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 2 Configure the BPDUs sent from CE1 and CE2 to contain VLAN tag 100. Configure the BPDUs
sent from CE3 and CE4 to contain VLAN tag 200.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk

[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100

[CE1-GigabitEthernet1/0/0] stp bpdu vlan 100
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
Step 3 Configure the PE devices to change the destination MAC address of the BPDUs sent by the CE
devices.
# Configure PE1.
# Configure PE2.
Step 4 Enable the PE interfaces to transparently transmit BPDUs of the CE devices to the PE devices.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/1] bpdu-tunnel stp vlan 100
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit

[PE2] vlan 200

[PE2-vlan200] quit
Step 5 Configure the basic Layer 2 forwarding function and allow packets with VLAN tags 100 and
[P] vlan 100
[P-vlan100] quit
[P] vlan 200
[P-vlan200] quit
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port link-type trunk
[P-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 200
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] port link-type trunk
[P-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200
<CE1> display stp
CIST Bridge :32768.000b-09f0-1b91
CIST Root/ERPC :32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0
Port Priority :128
Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82
BPDU Sent :237
BPDU Received :9607
<CE2> display stp


CIST Bridge :32768.000b-09d4-b66c
CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0
Port Priority :128
BPDU Sent :7095
BPDU Received :2
<CE3> display stp
Port Priority :128
BPDU Sent :238
BPDU Received :9745
<CE4> display stp


Port Priority :128
BPDU Sent :7171
BPDU Received :2
----End
Configuration Files
#
sysname CE1
#
vlan batch 100
#
stp enable
#
stp bpdu vlan 100
#
return

#
sysname CE2
#
vlan batch 100
#
stp enable
#
stp bpdu vlan 100
#
return

#
sysname CE3
#
vlan batch 200
#
stp enable
#
stp bpdu vlan 200
#
return

#
sysname CE4
#
vlan batch 200
#
stp enable
#
stp bpdu vlan 200
#
Return
#
sysname PE1
#
vlan batch 100 200
#
#
stp enable
#
#
bpdu-tunnel stp vlan 100
stp disable
#
stp disable
#
return
#
sysname P
#
vlan batch 100 200
#
#
#
return
#
sysname PE2
#
vlan batch 100 200
#
#
stp enable
#


#
stp disable
#
stp disable
#
return
Example for Configuring QinQ-based BPDU Tunnels (Different Roles)
BPDUs sent from CE1 and CE2 to the PE devices contain VLAN tag 100. BPDUs sent from
CE3 and CE4 to the PE devices contain VLAN tag 200. You need to configure BPUD tunnels
on the PE devices to ensure that:

To save VLAN IDs on the public network, you need to configure the VLAN stacking function
on the PE devices. That is, configure the PE devices to add outer tag 10 to the BPDUs with
VLAN tags 100 and 200. Then the BPDUs transmitted on the ISP network contain two tags.
In this example, the CE and PE devices play different roles.
l The CE devices function as customer bridges. The default destination MAC address of
BPDUs sent from the CE devices is 0180-C200-0000.
l The PE devices function as the provider bridges. The default destination MAC address of
BPDUs sent from the PE devices is 0180-C200-0008.
Figure 5-101 Networking diagram for configuring QinQ-based BPDU tunnels
VLAN100 VLAN100
GE1/0/0
GE1/0/0
GE1/0/1 GE1/0/1
CE1 CE2
GE1/0/0
PE1 PE2
GE1/0/0
CE3 GE1/0/2 GE1/0/2 CE4
GE1/0/0
GE1/0/0
VLAN200
VLAN200

2. Configure BPDUs sent from a CE device to a PE device to contain the specified VLAN
tag.
3. Disable STP on the PE interfaces at the CE side and enable the PE devices to transparently
transmit BPDUs.
4. Enable the QinQ (VLAN stacking) function on Layer 2 interfaces of the PE devices.
Configure the PE devices to add outer tag 10 to the BPDUs with VLAN tags 100 and 200.
Data Preparation
l Inner VLAN tags in the BPDUs that the CE devices send to the PE devices
l Outer VLAN tag that the PE devices add to the received BPDUs
l IDs of the VLANs that the PE interfaces at the CE side belong to
Procedure
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 2 Configure the BPDUs sent from CE1 and CE2 to contain VLAN tag 100. Configure the BPDUs
sent from CE3 and CE4 to contain VLAN tag 200.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit


[CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
Step 3 Configure each PE device as a provider.

# Configure PE1.
# Configure PE2.
Step 4 Configure the QinQ function on the PE devices. Configure the PE devices to add outer VLAN
tag 10 to the BPDUs with VLAN tags 100 and 200.
# Configure PE1.
[PE1] vlan 10
[PE1-Vlan10] quit
[PE1-GigabitEthernet1/0/1] port vlan-stacking vlan 100 stack-vlan 10
# Configure PE2.

[PE2] vlan 10
[PE2-Vlan10] quit
<CE1> display stp
CIST Bridge :32768.000b-09f0-1b91
CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0
Port Priority :128
BPDU Sent :237
BPDU Received :9607
<CE2> display stp

CIST Bridge :32768.000b-09d4-b66c
CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0

Port Priority :128

BPDU Sent :7095
BPDU Received :2
<CE3> display stp
Port Priority :128
BPDU Sent :238
BPDU Received :9745
<CE4> display stp

Port Priority :128
BPDU Sent :7171


BPDU Received :2
Run the display vlan command on the PE devices to view information about QinQ.
The display on PE1 is as follows:

<PE1> display vlan 10 verbose
VLAN ID : 10
VLAN Type : Common
Description : VLAN 0010
Status : Enable
Broadcast : Enable
MAC learning : Enable
Statistics : Disable
----------------
Tagged Port: GigabitEthernet1/0/0
----------------
QinQ-stack Port: GigabitEthernet1/0/1 GigabitEthernet1/0/2
----End
Configuration Files
#
sysname CE1
#
vlan batch 100
#
stp enable
#
stp bpdu vlan 100
#
return

#
sysname CE2
#
vlan batch 100
#
stp enable
#
stp bpdu vlan 100
#
return

#
sysname CE3
#
vlan batch 200
#
stp enable
#
stp bpdu vlan 200

#
return

#
sysname CE4
#
vlan batch 200
#
stp enable
#
stp bpdu vlan 200
#
return

#
sysname PE1
#
#
stp enable
#
bpdu enable
#
port vlan-stacking vlan 100 stack-vlan 10
stp disable
bpdu enable
#
stp disable
bpdu enable
#
return

#
sysname PE2
#
#
stp enable
#
bpdu enable
#
stp disable
bpdu enable
#
stp disable
bpdu enable

#
return
5.4.9 LDT Configuration

loop detection (LDT).
Example for Configuring LDT
When packets sent from a port are sent back to the port, it indicates that a loop exists on the port.
Loops may cause broadcast storm. The LDT function is used to detect loops on the interfaces
of a device.
1. Enable LDT globally.
2. Enable LDT in a VLAN.
3. Enable LDT control on an interface.
4. Set the LDT interval on the interface.
5. Set the recovery time of a blocked interface.
Data Preparation
l ID of the VLAN where LDT is enabled
l Number of the interface where LDT control is enabled
Procedure
Step 1 Enable LDT globally.
[Quidway] loop-detection enable
Step 2 Enable LDT in a VLAN.

[Quidway] loop-detection enable vlan 200
Step 3 Enable LDT control on an interface.

[Quidway] interface GigabitEthernet 9/0/1
[Quidway-GigabitEthernet9/0/1] stp disable
[Quidway-GigabitEthernet9/0/1] loop-detection mode port-shutdown
Step 4 Set the LDT interval on the interface.

[Quidway] loop-detection interval-time 50
Step 5 Set the recovery time of a blocked interface.

[Quidway] interface GigabitEthernet 9/0/1

[Quidway-GigabitEthernet9/0/1] loop-detection recovery-time 20

GE 9/0/1 is automatically disabled when a loop is detected.
----End
Configuration Files
#
sysname Quidway
#
vlan batch 200
#
loop-detection enable
loop-detection interval-time 50
loop-detection enable vlan 200
#
stp disable
loop-detection mode port-shutdown
loop-detection recovery-time 20
#
return
5.4.10 RRPP Configuration

This chapter describes the basic knowledge, methods, and examples for configuring the Rapid
Ring Protection Protocol (RRPP).
Example for Configuring a Single RRPP Ring with Multiple Instances
As shown in Figure 5-102, UPE A, UPE B, UPE C, and PE-AGG form a multi-instance RRPP
ring.
Two rings are involved in the networking, ring 1 in domain 1 and ring 1 in domain 2.
VLANs 100 to 300 are configured on CE. Domain 1 and domain 2 share the traffic of packets
from VLANs 100 to 300. Packets from VLANs 100 to 200 are transmitted through domain 1,
and packets from VLANs 201 to 300 are transmitted through domain 2.
Table 5-1 shows the mapping between protected VLANs and instances in domain 1 and domain
2.

Table 5-1 Mapping between protected VLANs and instances
Ring Control VLAN Instance ID of Data VLAN ID Instance ID of

ID ID Control VLAN Data VLAN
Domain VLAN 5, VLAN 6 Instance 1 VLAN 100-200 Instance 1

1
Domain VLAN 10, VLAN Instance 2 VLAN 201-300 Instance 2

2 11
Table 5-2 shows the master node of each ring, and the primary port and secondary port on the
master node.
Table 5-2 Master nodes, and primary and secondary ports on the master nodes
Ring ID Master Node Primary Port Secondary Port
Ring 1 in domain 1 PE-AGG GE 1/0/0 GE 2/0/0
Ring 1 in domain 2 PE-AGG GE 2/0/0 GE 1/0/0
Figure 5-102 Networking diagram of single RRPP ring with multiple instances
UPE B
GE/1/0/0 GE2/0/0
CE 1
VLAN 100-300
PE-AGG
GE2/0/0 GE/1/0/0
Ring 1 Master 1 Backbone
UPE A network
Master 2
GE/1/0/0 GE2/0/0
CE 2
VLAN 100-300
Domain 1 ring 1
GE2/0/0 GE/1/0/0
Domain 2 ring 1
UPEC

1. Map instance 1 to VLANs 100 to 200. Map instance 2 to VLANs 201 to 300.
2. Add UPE A, UPE B, UPE C, and PE-AGG to ring 1 in domain 1.
3. Add UPE A, UPE B, UPE C, and PE-AGG to ring 1 in domain 2.
4. Configure protected VLANs in domain 1 and domain 2.
5. Configure control VLANs in domain 1 and domain 2.
6. Configure PE-AGG as the master node on ring 1 in domain 1 and configure UPE A, UPE
B, and UPE C as transit nodes.
7. Configure PE-AGG as the master node on ring 1 in domain 2 and configure UPE A, UPE
B, and UPE C as transit nodes.
Data Preparation
l Instance IDs
l Range of the protected VLANs
l IDs of the control VLANs
l Numbers of the RRPP interfaces
Procedure
Step 1 Create instances.
l Configure UPE A.
# Create data VLANs 100 to 300 on UPE A.

<UPEA> system-view
[UPEA] vlan batch 100 to 300
# Create instance 1 and map it to control VLANs VLAN 5 VLAN 6 and data VLANs 100 to
200 in domain 1.
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 200
# Create instance 2 and map it to control VLANs VLAN 10 and VLAN 11 and data VLANs 201
to 300 in domain 2.
# Activate the configuration.

[UPEA-mst-region] active region-configuration
l # Configure UPE B.
# Create data VLANs 100 to 300 on UPE B.

<UPEB> system-view
[UPEB] vlan batch 100 to 300
to 200 in domain 1.
[UPEB] stp region-configuration
[UPEB-mst-region] instance 1 vlan 5 6 100 to 200

to 300 in domain 2.

[UPEB-mst-region] active region-configuration
l Configure UPE C.
# Create data VLANs 100 to 300 on UPE C.

<UPEC> system-view
[UPEC] vlan batch 100 to 300
to 200 in domain 1.
[UPEC] stp region-configuration
[UPEC-mst-region] instance 1 vlan 5 6 100 to 200
to 300 in domain 2.

[UPEC-mst-region] active region-configuration
l Configure PE-AGG.
# Create data VLANs 100 to 300 on PE-AGG.

<PE-AGG> system-view
[PE-AGG] vlan batch 100 to 300
to 200 in domain 1.
[PE-AGG] stp region-configuration
[PE-AGG-mst-region] instance 1 vlan 5 6 100 to 200
to 300 in domain 2.

[PE-AGG-mst-region] active region-configuration
l Verify the configuration.
Run the display stp region-configuration command on the devices to view the mapping
between instances and VLANs. The displayed information on UPE A is as follows:
<UPEA> display stp region-configuration
Oper configuration
Format selector :0
Region name :00e0cd568d00
Revision level :0
Instance Vlans Mapped

0 1 to 4, 7 to 9, 12 to 99, 301 to 4094
1 5 to 6, 100 to 200
2 10 to 11, 201 to 300

Step 2 Configure RRPP interfaces.

l Configure UPE A.
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE A. Configure
the RRPP interfaces to allow packets of VLANs 100 to 300 to pass through.
<UPEA> system-view
[UPEA] interface GigabitEthernet 1/0/0
[UPEA-GigabitEthernet1/0/0] port link-type trunk
[UPEA-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEA-GigabitEthernet1/0/0] stp disable
[UPEA-GigabitEthernet1/0/0] quit
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE B. Configure
<UPEB> system-view
[UPEB] interface GigabitEthernet 1/0/0
[UPEB-GigabitEthernet1/0/0] port link-type trunk
[UPEB-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEB-GigabitEthernet1/0/0] stp disable
[UPEB-GigabitEthernet1/0/0] quit
l Configure UPE C.
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE C. Configure
<UPEC> system-view
[UPEC] interface GigabitEthernet 1/0/0
[UPEC-GigabitEthernet1/0/0] port link-type trunk
[UPEC-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEC-GigabitEthernet1/0/0] stp disable
[UPEC-GigabitEthernet1/0/0] quit
l Configure PE-AGG.
# Disable STP of the interfaces that need to be added to the RRPP ring on PE-AGG. Configure
[PE-AGG] interface GigabitEthernet 1/0/0
[PE-AGG-GigabitEthernet1/0/0] port link-type trunk
[PE-AGG-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[PE-AGG-GigabitEthernet1/0/0] stp disable
[PE-AGG-GigabitEthernet1/0/0] quit

Step 3 Create RRPP domains and configure the protected VLANs and control VLANs.
l Configure UPE A.
# Configure the VLANs mapping instance 1 as the protected VLANs in domain 1. Configure
VLAN 5 as the control VLAN.
<UPEA> system-view
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
<UPEA> system-view
<UPEB> system-view
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEB-rrpp-domain-region1] control-vlan 5
[UPEB-rrpp-domain-region1] quit
<UPEB> system-view
l Configure UPE C.
<UPEC> system-view
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEC-rrpp-domain-region1] control-vlan 5
[UPEC-rrpp-domain-region1] quit
<UPEC> system-view
l Configure PE-AGG.
[PE-AGG] rrpp domain 1

[PE-AGG-rrpp-domain-region1] protected-vlan reference-instance 1

[PE-AGG-rrpp-domain-region1] control-vlan 5
[PE-AGG-rrpp-domain-region1] quit
Step 4 Create RRPP rings.

l Configure UPE A.
# Configure UPE A as a transit node of ring 1 in domain 1 and specify primary and secondary
ports on UPE A.
<UPEA> system-view
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port GigabitEthernet
1/0/0 secondary-port GigabitEthernet 2/0/0 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
ports on UPE A.
<UPEA> system-view
# Configure UPE B as a transit node of ring 1 in domain 1 and specify primary and secondary
ports on UPE B.
<UPEB> system-view
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port GigabitEthernet
[UPEB-rrpp-domain-region1] ring 1 enable
ports on UPE B.
<UPEB> system-view
l Configure UPE C.
# Configure UPE C as a transit node of ring 1 in domain 1 and specify primary and secondary
ports on UPE C.
<UPEC> system-view
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port GigabitEthernet

[UPEC-rrpp-domain-region1] ring 1 enable

ports on UPE C.
<UPEC> system-view
l Configure PE-AGG.
# Configure PE-AGG as the master node of ring 1 in domain 1. Configure GE 1/0/0 as the
primary port and GE 2/0/0 as the secondary port.
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port GigabitEthernet
[PE-AGG-rrpp-domain-region1] ring 1 enable
Step 5 Enable the RRPP protocol.
After configuring an RRPP ring, you need to enable RRPP on each node on the ring to activate
the RRPP ring. The configuration procedure is as follows:
l Configure UPE A.
# Enable the RRPP protocol.

<UPEA> system-view
[UPEA] rrpp enable

<UPEB> system-view
[UPEB] rrpp enable
l Configure UPE C.

<UPEC> system-view
[UPEC] rrpp enable
l Configure PE-AGG.

[PE-AGG] rrpp enable


perform the following operations to verify the configuration. Here, UPE A and PE-AGG are
used as examples.
l Run the display rrpp brief command on UPE A. The following information is displayed:
<UPEA> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable

RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default).
Number of RRPP Domains: 2
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
Domain Index : 2
----------------------------------------------------------------------------
You can see that the RRPP protocol is enabled on UPE A.

In domain 1, VLAN 5 is the control VLAN; VLANs mapping instance 1 are the protected
VLANs; UPE A is a transit node on ring 1. The primary port is GE 1/0/0, and the secondary port
is GE 2/0/0.
VLANs; UPE A is a transit node on ring 1. The primary port is GE 1/0/0, and the secondary port
is GE 2/0/0.
l Run the display rrpp brief command on PE-AGG. The following information is displayed:
<PE-AGG> display rrpp brief

Domain Index : 1
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port
Enabled
---------------------------------------------------------------------------
1 0 M GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
Domain Index : 2


Protected VLAN: Reference Instance 2
Enabled
---------------------------------------------------------------------------
The preceding information shows that the RRPP protocol is enabled on PE-AGG.
VLANs; PE-AGG is the master node on ring 1. The primary port is GE 1/0/0, and the secondary
port is GE 2/0/0.
port is GE 1/0/0.
l Run the display rrpp verbose domain command on UPE A. You can obtain the following
results:
# View detailed information about UPE A in domain 1.
<UPEA> display rrpp verbose domain 1
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port: GigabitEthernet2/0/0 Port status: UP
The preceding information shows that VLAN 5 is the control VLAN in domain 1 and VLANs
mapping instance 1 are the protected VLANs. UPE A is a transit node in domain 1 and is in
LinkUp state.
# View detailed information about UPE A in domain 2.
<UPEA> display rrpp verbose domain 2
Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
The preceding information shows that VLAN 10 is the control VLAN in domain 2, and VLANs
mapping instance 2 are the protected VLANs. UPE A is a transit node in domain 2 and is in
LinkUp state.
l Run the display rrpp verbose domain command on PE-AGG. You can obtain the following
results:
# View detailed information about PE-AGG in domain 1.

<PE-AGG> display rrpp verbose domain 1

Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Secondary port: GigabitEthernet2/0/0 Port status: BLOCKED
mapping instance 1 are the protected VLANs.
PE-AGG is the master node in domain 1 and is in Complete state.
The primary port is GE 1/0/0, and the secondary port is GE 2/0/0.
Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
----End
Configuration Files
l Configuration file of UPE A
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
instance 1 vlan 5 6 100 to 200
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 1/0/0 secondary-port
GigabitEthernet 2/0/0 level 0
ring 1 enable

rrpp domain 2
control-vlan 10
ring 1 enable
#
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
stp disable
#
return
l Configuration file of UPE B

#
sysname UPEB
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return
l Configuration file of UPE C

#
sysname UPEC
#
#
rrpp enable
#

#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
Return
l Configuration file of PE-AGG

#
sysname PE-AGG
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 node-mode master primary-port GigabitEthernet 1/0/0 secondary-port
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return
Example for Configuring Crossed RRPP Rings with Multiple Instances (GB
version)

As shown in Figure 5-103, UPE A, UPE B, UPE C, UPE D, and PE-AGG form two multi-
instance major rings: ring 1 in domain 1 and ring 1 in domain 2.
CE1, UPE B, and UPE C form two subrings: ring 2 in domain 1 and ring 2 in domain 2. CE1 is
connected to the major rings through GE 3/0/0 of UPE B and GE 3/0/0 of UPE C. UPE B and
UPE C are edge transit nodes.
connected to the major rings through GE 3/0/1 of UPE B and GE 3/0/1 of UPE C. UPE B and
UPE C are edge transit nodes.
VLANs 100 to 300 are configured on the CE devices. Domain 1 and domain 2 share the traffic
of packets from VLANs 100 to 300. Packets from VLANs 100 to 200 are transmitted through
domain 1, and packets from VLANs 201 to 300 are transmitted through domain 2.
2.
Ring ID Control VLAN Instance ID of Data VLAN Instance ID of

Control Data VLAN
VLAN
Domain 1 VLAN 5, VLAN Instance 1 VLAN 100-200 Instance 1

6
Domain 2 VLAN 10, Instance 2 VLAN 201-300 Instance 2

VLAN 11
Table 5-4 shows the master node of each ring, and the primary port and secondary port on each
master node.
Ring ID Master Node Primary Port Secondary Port Ring Type
Ring 1 in PE-AGG GE 1/0/0 GE 2/0/0 Major ring

domain 1
Ring 1 in PE-AGG GE 2/0/0 GE 1/0/0 Major ring

domain 2
Ring 2 in CE1 GE 1/0/0 GE 2/0/0 Subring

domain 1

domain 2

domain 1

Ring ID Master Node Primary Port Secondary Port Ring Type

domain 2
Table 5-5 shows the edge transit nodes and edge nodes on the subrings.
Table 5-5 Edge transit nodes and edge nodes on the subrings
Ring ID Edge-Transit Edge Port Edge-Transit Edge Port
Node Node
Ring 2 in UPE B GE 3/0/0 UPE C GE 3/0/0

domain 1
Ring 3 in UPEB GE 3/0/1 UPEC GE 3/0/1

domain 1

domain 2

domain 2
To prevent topology flapping, you need to set the Link-Up timer on the master nodes.

Figure 5-103 Networking diagram of crossed RRPP rings with multiple instances
Backbone
network
GE/1/0/0 GE2/0/0
PE-AGG
Master 1
GE2/0/0 Master 2 GE/1/0/0
UPE A UPED
Domain 1 ring 1
GE/1/0/0
GE2/0/00
Domain 2 ring 1
Edge Edge
GE2/0/0 Transit Transit GE/1/0/0
UPE B GE2/0/0 UPEC
GE/1/0/0
GE3/0/0 GE3/0/1
GE3/0/1 GE3/0/0
Domain 2 ring 2 Domain 2 ring 3

GE/1/0/0 GE2/0/0
Master 1 Master 1
Master 2 Master 2
GE2/0/0 Domain 1 ring 2 Domain 1 ring 3 GE/1/0/0
CE 1 CE 2
VLAN 100-300 VLAN 100-300
Domain 1
Domain 2
2. Add UPE A, UPE B, UPE C, UPE D, and PE-AGG to ring 1 in domain 1 and ring 1 in
domain 2.
domain 2.
domain 2.


7. Configure PE-AGG as the master node and configure UPE A, UPE B, UPE C and UPE D
as transit nodes on ring 1 in domain 1 and ring 1 in domain 2.
8. Configure CE1 as the master node and configure UPE B and UPE C as transit nodes on
ring 2 in domain 1 and ring 2 in domain 2.
10. Set the link-Up-Delay timer.
Data Preparation
l Instance IDs
l Link-Up timer
Procedure
l Configure CE1.
# Create data VLANs 100 to 300 on CE1.

[CE1] vlan batch 100 to 300
to 200 in domain 1.
<CE1> system-view
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 5 6 100 to 200
# Create instance 2 and map it control VLANs VLAN 10 and VLAN 11 and data VLANs 201
to 300 in domain 2.

[CE1-mst-region] active region-configuration
l Configure CE2.

to 200 in domain 1.
<CE2> system-view

to 300 in domain 2.

l Configure UPE A.

to 200 in domain 1.
<UPEA> system-view
to 300 in domain 2.


to 200 in domain 1.
<UPEB> system-view
to 300 in domain 2.

l Configure UPE C.

to 200 in domain 1.
<UPEC> system-view
to 300 in domain 2.


l Configure UPE D.
# Create data VLANs 100 to 300 on UPE D.

[UPED] vlan batch 100 to 300
to 200 in domain 1.
<UPED> system-view
[UPED] stp region-configuration
[UPED-mst-region] instance 1 vlan 5 6 100 to 200
to 300 in domain 2.

[UPED-mst-region] active region-configuration
l Configure PE-AGG.

to 200 in domain 1.
to 300 in domain 2.

Oper configuration
Format selector :0
Revision level :0

0 1 to 4, 7 to 9, 12 to 99, 301 to 4094
1 5 to 6, 100 to 200
2 10 to 11, 201 to 300

l Configure CE1.

# Disable STP on the interfaces that need to be added to the RRPP ring on CE1. Configure the
RRPP interfaces to allow packets of VLANs 100 to 300 to pass through.
<CE1> system-view
[CE1] interface GigabitEthernet 1/0/0
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet1/0/0] stp disable
l Configure CE2.
# Disable STP on the interfaces that need to be added to the RRPP ring on CE2. Configure the
RRPP interfaces to allow packets of VLANs 100 to 300 to pass through.
<CE2> system-view
l Configure UPE A.
<UPEA> system-view
<UPEB> system-view

l Configure UPE C.
<UPEC> system-view
l Configure UPE D.
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE D. Configure
<UPED> system-view
[UPED] interface GigabitEthernet 1/0/0
[UPED-GigabitEthernet1/0/0] port link-type trunk
[UPED-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPED-GigabitEthernet1/0/0] stp disable
[UPED-GigabitEthernet1/0/0] quit
l Configure PE-AGG.

l Configure CE1.
<CE1> system-view
[CE1] rrpp working-mode gb
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] protected-vlan reference-instance 1
[CE1-rrpp-domain-region1] control-vlan 5
[CE1-rrpp-domain-region1] quit
<CE1> system-view
[CE1] rrpp domain 2
l Configure CE2.
<CE2> system-view
[CE2] rrpp working-mode gb
[CE2] rrpp domain 1
<CE2> system-view
[CE2] rrpp domain 2
l Configure UPE A.
<UPEA> system-view
[UPEA] rrpp working-mode gb
<UPEA> system-view

<UPEB> system-view
[UPEB] rrpp working-mode gb
<UPEB> system-view
l Configure UPE C.
<UPEC> system-view
[UPEC] rrpp working-mode gb
<UPEC> system-view
l Configure UPE D.
<UPED> system-view
[UPED] rrpp working-mode gb
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] protected-vlan reference-instance 1
[UPED-rrpp-domain-region1] control-vlan 5
[UPED-rrpp-domain-region1] quit
<UPED> system-view
l Configure PE-AGG.
[PE-AGG] rrpp working-mode gb


l Configure CE1.
# Configure CE1 as the master node of ring 2 in domain 1. Configure GE 1/0/0 as the primary
port and GE 2/0/0 as the secondary port.
<CE1> system-view
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] ring 2 node-mode master primary-port GigabitEthernet
[CE1-rrpp-domain-region1] ring 2 enable
<CE1> system-view
[CE1] rrpp domain 2
l Configure CE2.
<CE2> system-view
[CE2] rrpp domain 1
<CE2> system-view
[CE2] rrpp domain 2
l Configure UPE A.
ports on UPE A.
<UPEA> system-view
ports on UPE A.

<UPEA> system-view
ports on UPE B.
<UPEB> system-view
ports on UPE B.
<UPEB> system-view
# Configure UPE B as an edge transit node on ring 2 in domain 1 and configure GE 3/0/0 as the
edge port.
<UPEB> system-view
[UPEB-rrpp-domain-region1] ring 2 node-mode transit secondary-port GigabitEthernet
3/0/0
edge port.
<UPEB> system-view
3/0/0
edge port.
<UPEB> system-view
3/0/1
edge port.
<UPEB> system-view
3/0/1

l Configure UPE C.
ports on UPE C.
<UPEC> system-view
ports on UPE C.
<UPEC> system-view
# Configure UPE C as an edge transit node on ring 2 in domain 1 and configure GE 3/0/0 as the
edge port.
<UPEC> system-view
[UPEC-rrpp-domain-region1] ring 2 node-mode transit secondary-port GigabitEthernet
3/0/0
edge port.
<UPEC> system-view
3/0/0
edge port.
<UPEC> system-view
3/0/1
edge port.
<UPEC> system-view
3/0/1
l Configure UPE D.
# Configure UPE D as a transit node of ring 1 in domain 1 and specify primary and secondary
ports on UPE D.
<UPED> system-view

[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port GigabitEthernet

[UPED-rrpp-domain-region1] ring 1 enable
ports on UPE D.
<UPED> system-view
l Configure PE-AGG.

l Configure CE1.

<CE1> system-view
[CE1] rrpp enable
l Configure CE2.

<CE2> system-view
[CE2] rrpp enable
l Configure UPE A.

<UPEA> system-view
[UPEA] rrpp enable

<UPEB> system-view
[UPEB] rrpp enable

l Configure UPE C.

<UPEC> system-view
[UPEC] rrpp enable
l Configure UPE D.

<UPED> system-view
[UPED] rrpp enable
l Configure PE-AGG.

Step 6 Set the link-Up timer.

l Configure CE1.
# Set the link-Up timer to 1 seconds.

[CE1] rrpp linkup-delay-timer 1
l Configure CE2.

l Configure PE-AGG.

[PE-AGG] rrpp linkup-delay-timer 1

perform the following operations to verify the configuration. Here, UPE B and PE-AGG are
used as examples.
l Run the display rrpp brief command on UPE B. The following information is displayed:
<UPEB> display rrpp brief
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit

RRPP Working Mode: GB
Domain Index : 1
----------------------------------------------------------------------------
2 1 ET GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes

Domain Index : 2
----------------------------------------------------------------------------
The preceding information shows that the RRPP protocol is enabled on UPE B.
In domain 1:
VLAN 1 is the control VLAN and VLANs mapping instance 1 are the protected VLANs.
UPE B is a transit node on ring 1; GE 1/0/0 is the primary port; GE 2/0/0 is the secondary port.
UPE B is an edge transit node on ring 2. GE 3/0/0 is the edge port.
In domain 2:
UPE B is a transit node on ring 1. The primary port is GE 1/0/0, and the secondary port is GE
2/0/0.
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit

RRPP Working Mode: GB
Domain Index : 1
---------------------------------------------------------------------------
Domain Index : 2
---------------------------------------------------------------------------
The preceding information shows that the RRPP protocol is enabled on PE-AGG, and the link-
Up timer is 1 second.

port is GE 2/0/0.
port is GE 1/0/0.
l Run the display rrpp verbose domain command on UPE B. You can obtain the following
results:
# View detailed information about UPE B in domain 1.
<UPEB> display rrpp verbose domain 1
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Secondary port : GigabitEthernet2/0/0 Port status: UP
RRPP Ring :
2
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Enable Is Active: Yes
Primary port :
GigabitEthernet1/0/0 Port status: UP
RRPP Ring :
3
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Primary port :
UPE B is a transit node on ring 1 in domain 1 and is in LinkUp state.
UPE B is a transit node on ring 2 in domain 1 and is in LinkUp state. GE 3/0/0 is the edge port.
UPE B is an edge transit node on ring 3 in domain 1 and is in LinkUp state. GE 3/0/1 is the edge
port.
Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit

Ring State : LinkUp

RRPP Ring :
2
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Primary port :
RRPP Ring :
3
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Primary port :
UPE B is a transit node in domain 2 and is in LinkUp state.
UPE B is a transit node on ring 2 in domain 2 and is in LinkUp state. GE 3/0/0 GE 3/0/0 is the
edge port.
UPE B is an edge transit node on ring 3 in domain 2 and is in LinkUp state. GE 3/0/1 is the edge
port.
results:
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Secondary port : GigabitEthernet2/0/0 Port status: BLOCKED
Domain Index : 2


RRPP Ring : 1
Ring Level : 0
Node Mode : Master
----End
Configuration Files
#
sysname CE1
#
#
rrpp working-mode GB
rrpp enable
rrpp linkup-delay-timer 1
#
instance 1 vlan 5 to 6 100 to 200
#
rrpp domain 1
control-vlan 5
ring 2 enable
rrpp domain 2
control-vlan 10
ring 2 enable
#
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
stp disable
#
return

#
sysname CE2
#


#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 3 enable
rrpp domain 2
control-vlan 10
ring 3 enable
#
stp disable
#
stp disable
#
Return

#
sysname UPEA
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#


stp disable
#
return

#
sysname UPEB
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet 3/0/0
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
stp disable
#
stp disable
#
stp disable
#
stp disable
#
return

#
sysname UPEC
#
#

rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
stp disable
#
stp disable
#
stp disable
#
stp disable
#
Return
l Configuration file of UPE D

#
sysname UPED
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5


ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return

#
sysname PE-AGG
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return

Example for Configuring Crossed RRPP Rings with Multiple Instances(HW

version)
As shown in Figure 5-104, UPE A, UPE B, UPE C, UPE D, and PE-AGG form two multi-
instance major rings: ring 1 in domain 1 and ring 1 in domain 2.
connected to the major rings through GE 3/0/0 of UPE B and GE 3/0/0 of UPE C. UPE B is an
edge node, and UPE is an assistant edge node.
connected to the major rings through GE 3/0/1 of UPE B and GE 3/0/1 of UPE C. UPE B is an
edge node, and UPE is an assistant edge node.
2.
Domain ID Control Instance ID Data VLAN ID Instance ID of

VLAN ID of Control Data VLAN
VLAN

VLAN 6

VLAN 11
master node.
Ring ID Master Primary Secondary Port Ring Type

Node Port
Ring 1 in PE-AGG GE1/0/0 GE2/0/0 Major ring

domain 1
Ring 1 in PE-AGG GE2/0/0 GE1/0/0 Major ring

domain 2
Ring 2 in CE1 GE1/0/0 GE2/0/0 Sub ring

domain 1

Ring ID Master Primary Secondary Port Ring Type

Node Port

domain 2

domain 1

domain 2
Table 5-8 shows the edge nodes, assistant edge nodes, public port, and edge port of the subrings.
Table 5-8 Edge nodes, assistant edge nodes, public port, and edge port of the subrings
Ring Edge Comm Edge Port Edge- Common Edge Port
ID Node on Port Assistant Port
Node
Ring 2 UPE B GE GE 3/0/0 UPE C GE 2/0/0 GE 3/0/0

in 1/0/0
domain
1

in 1/0/0
domain
1

in 1/0/0
domain
2

in 1/0/0
domain
2
To reduce the Edge-Hello packets sent on the major ring and increase available bandwidth, you
can add the four subrings to a ring group.
To prevent topology flapping, you need to set the Link-Up timer on the master nodes.

Figure 5-104 Networking diagram of crossed RRPP rings with multiple instances
Backbone
network
GE/1/0/0 GE2/0/0
PE-AGG
Master 1
GE2/0/0 Master 2 GE/1/0/0
UPE A Domain 1 ring 1
UPED
GE/1/0/0
GE2/0/00
Domain 2 ring 1
GE2/0/0 Edge Assistant GE/1/0/0

UPE B GE/1/0/0 GE2/0/0 UPEC
GE3/0/0 GE3/0/1
GE3/0/1 GE3/0/0

GE/1/0/0 GE2/0/0
Master 1 Master 1
Master 2 Domain 1 ring 2 Domain 1 ring 3 GE/1/0/0 Master 2
GE2/0/0
CE 1 CE 2
VLAN 100-300 VLAN 100-300
Domain 1
Domain 2
domain 2.
3. Add CE1, UPE B, and UPE C to ring 2 in domain 1 and ring 2 in domain 2.
4. Add CE2, UPE B, and UPE C to ring 3 in domain 1 and ring 3 in domain 2.

7. Configure PE-AGG as the master node and configure UPE A, UPE B, and UPE C as transit
nodes on ring 1 in domain 1 and ring 1 in domain 2.
10. Configure a ring group.
11. Set the link-Up timer.
Data Preparation
l Instance IDs
l ID of the ring group
l Link-Up-Delay timer
Procedure
l Configure CE1.
<CE1> system-view
# Create instance 1 and map it to control VLANs VLAN 5 and VLAN 6 and data VLANs
100 to 200 in domain 1.

l Configure CE2.
<CE2> system-view

l Configure UPE A.
<UPEA> system-view

<UPEB> system-view

l Configure UPE C.
<UPEC> system-view

l Configure UPE D.
<UPED> system-view


l Configure PE-AGG.


View the mapping between instances and VLANs. The displayed information on UPE A is
as follows:
Oper configuration
Format selector :0
Revision level :0

0 1 to 4, 7 to 9, 12 to 99, 301 to 4094
1 5 to 6, 100 to 200
2 10 to 11, 201 to 300

l Configure CE1.
# Disable STP on the interfaces that need to be added to the RRPP ring on CE1. Configure
<CE1> system-view
l Configure CE2.
# Disable STP on the interfaces that need to be added to the RRPP ring on CE2. Configure
<CE2> system-view

l Configure UPE A.
<UPEA> system-view
<UPEB> system-view
l Configure UPE C.
<UPEC> system-view


l Configure UPE D.
<UPED> system-view
l Configure PE-AGG.
l Configure CE1.
<CE1> system-view
[CE1] rrpp domain 1
<CE1> system-view
[CE1] rrpp domain 2
l Configure CE2.
<CE2> system-view
[CE2] rrpp domain 1

<CE1> system-view
[CE2] rrpp domain 2
l Configure UPE A.
<UPEA> system-view
<UPEA> system-view
<UPEB> system-view
<UPEB> system-view
l Configure UPE C.
<UPEC> system-view
<UPEC> system-view
l Configure UPE D.
<UPED> system-view


<UPED> system-view
l Configure PE-AGG.
Step 4 Create an RRPP ring.

l Configure PE-AGG.
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port
GigabitEthernet 1/0/0 secondary-port GigabitEthernet 2/0/0 level 0
[PE-AGG-rrpp-domain-region2] ring 1 node-mode master primary-port
l Configure UPE A.
ports on UPE A.
<UPEA> system-view
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port
ports on UPE A.
<UPEA> system-view

[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port

l Configure UPE D.
ports on UPE D.
<UPED> system-view
[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port
ports on UPE D.
<UPED> system-view
[UPED-rrpp-domain-region2] ring 1 node-mode transit primary-port
ports on UPE B.
<UPEB> system-view
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port
ports on UPE B.
<UPEB> system-view
[[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port
# Configure UPE B as an edge node of ring 2 in domain 1. Configure GE 1/0/0 as the public
port and GE 3/0/0 as the edge port.
<UPEB> system-view
[UPEB-rrpp-domain-region1] ring 2 node-mode edge common-port GigabitEthernet
1/0/0 edge-port GigabitEthernet 3/0/0
<UPEB> system-view
<UPEB> system-view


<UPEB> system-view
l Configure UPE C.
ports on UPE C.
<UPEC> system-view
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port
ports on UPE C.
<UPEC> system-view
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port
<UPEC> system-view
[UPEC-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port
GigabitEthernet 2/0/0 edge-port GigabitEthernet 3/0/0
<UPEC> system-view
# Configure UPE C as an edge node of ring 3 in domain 1. Configure GE 1/0/0 as the public
<UPEC> system-view
# Configure UPE C as an edge node of ring 3 in domain 2. Configure GE 2/0/0 as the public
<UPEC> system-view


l Configure CE1.
<CE1> system-view
[CE1] rrpp domain 1
<CE1> system-view
[CE1] rrpp domain 2
l Configure CE2.
<CE2> system-view
[CE2] rrpp domain 1
<CE2> system-view
[CE2] rrpp domain 2

l Configure PE-AGG.
l Configure UPE A.
<UPEA> system-view
[UPEA] rrpp enable
l Configure UPE D.
<UPED> system-view
[UPED] rrpp enable

<UPEB> system-view
[UPEB] rrpp enable
l Configure UPE C.
<UPEC> system-view
[UPEC] rrpp enable
l Configure CE1.
<CE1> system-view
[CE1] rrpp enable
l Configure CE2.
<CE2> system-view
[CE2] rrpp enable
Step 6 Configure a ring group.

l Configure UPE C (assistant edge node).
# Create ring group 1, which consists of four subrings: ring 2 in domain 1, ring 3 in domain
1, ring 2 in domain 2, and ring 3 in domain 2.
<UPEC> system-view
[UPEC] rrpp ring-group 1
[UPEC-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEC-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEC-rrpp-ring-group1] quit
l Configure UPE B (edge node).

# Create ring group 1, which consists of four subrings: ring 2 in domain 1, ring 3 in domain
1, ring 2 in domain 2, and ring 3 in domain 2.
<UPEB> system-view
[UPEB] rrpp ring-group 1
[UPEB-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEB-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEB-rrpp-ring-group1] quit
Step 7 Set the link-Up timer.

l Configure CE1.
# Set the link-Up timer to 1 second.
l Configure CE2.
l Configure PE-AGG.
[PE-AGG] rrpp linkup-delay-timer 1

perform the following operations to verify the configuration. Here, UPE B and PE-AGG are
used as examples.
l Run the display rrpp brief command on UPE B. The following information is displayed.
<UPEB> display rrpp brief


RRPP Linkup Delay Timer: 0 sec(default is 0 sec)
Domain Index : 1
Enabled
-------------------------------------------------------------------------------
--
2 1 E GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes
Domain Index : 2
Enabled
-------------------------------------------------------------------------------
--
You can see that the RRPP protocol is enabled on UPE B.

In domain 1:
UPE B is a transit node on ring 1; GE 1/0/0 is the primary port; GE 2/0/0 is the secondary
port.
UPE B is an edge transit node on ring 2. GE 1/0/0 is the public port and GE 3/0/0 is the edge
port.
port.
In domain 2:
UPE B is a transit node on ring 1. GE 1/0/0 is the primary port, and GE 2/0/0 is the secondary
port.
port.
port.

RRPP Linkup Delay Timer: 1 sec(default is 0 sec)

Domain Index : 1
Enabled
-------------------------------------------------------------------------------
--
Domain Index : 2
Enabled
-------------------------------------------------------------------------------
--
The preceding information shows that the RRPP protocol is enabled on PE-AGG, and the
link-Up timer is 2 seconds.
VLANs; PE-AGG is the master node on ring 1. GE 1/0/0 is the primary port, and GE 2/0/0
is the secondary port.
VLANs; PE-AGG is the master node on ring 1. GE 2/0/0 is the primary port, and GE 1/0/0
is the secondary port.
l Run the display rrpp verbose domain command on UPE B. You can obtain the following
results:
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
Common port : GigabitEthernet1/0/0 Port status: UP
Edge port : GigabitEthernet3/0/0 Port status: UP
RRPP Ring : 3
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp


UPE B is a transit node on ring 1 in domain 1 and is in LinkUp state.
UPE B is a transit node on ring 2 in domain 1 and is in LinkUp state. GE 1/0/0 is the public
port, and GE 3/0/0 is the edge port.
Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
RRPP Ring : 3
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
The preceding information shows that VLAN 10 is the control VLAN in domain 2, and
VLANs mapping instance 2 are the protected VLANs.
UPE B is a transit node in domain 2 and is in LinkUp state.
results:
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Master


GE 1/0/0 is the primary port, and GE 2/0/0 is the secondary port.
Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
The preceding information shows that VLAN 10 is the control VLAN in domain 2, and
VLANs mapping instance 2 are the protected VLANs.
GE 2/0/0 is the primary port, and GE 1/0/0 is the secondary port.
l Run the display rrpp ring-group command on UPE B to view the configuration of the ring
group.
# View the configuration of ring group 1.
<UPEB> display rrpp ring-group 1
Ring Group 1:
domain 1 ring 2 to 3
domain 1 ring 2 send Edge-Hello packet
----End
Configuration Files
#
sysname CE1
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 2 enable
rrpp domain 2

control-vlan 10
ring 2 enable
#
stp disable
#
stp disable
#
return
#
#
sysname CE2
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 3 enable
rrpp domain 2
control-vlan 10
ring 3 enable
#
stp disable
#
stp disable
#
Return
#
#
sysname UPEA
#
#
rrpp enable
#

#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return
#
sysname UPEB
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 node-mode edge common-port GigabitEthernet 1/0/0 edge-port
GigabitEthernet 3/0/0
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
rrpp ring group 1
#


stp disable
#
stp disable
#
stp disable
#
stp disable
#
return
#
sysname UPEC
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 node-mode assistant-edge common-port GigabitEthernet 2/0/0 edge-port
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
rrpp ring group 1
#
stp disable
#


stp disable
#
stp disable
#
stp disable
#
Return
#
sysname UPED
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return
#
sysname PE-AGG
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5


ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return
Example for Configuring Tangent RRPP Rings with Multiple Instances
As shown in Figure 5-105, UPE A, UPE B, UPE C, and UPE D form two multi-instance rings:
ring 1 in domain 1 and ring 1 in domain 2. UPE D, UPE E, UPE F, and UPE G form ring 1 in
domain 3. Packets of the data VLANs connected to CE are forwarded to the backbone network
through the two tangent rings.
The tangent point of the two rings is UPE D.
Table 5-9 shows the mapping between protected VLANs and instances in domain 1, domain 2,
and domain 3.
Domain ID Control VLAN Instance ID Protected VLAN Instance ID
Domain 1 VLAN 5, 6 Instance 1 VLAN 100-200 Instance 1
Domain 3 (on VLAN 20, 21 Instance 3 VLAN 100-300 Instance 1 and

UPE D) instance 2
master node.

Ring ID Master Node Primary Port Secondary Port
Ring 1 in domain 1 UPE D GE 1/0/0 GE 2/0/0
Ring 1 in domain 2 UPE D GE 2/0/0 GE 1/0/0
Ring 1 in domain 3 UPE F GE 1/0/0 GE 2/0/0
Figure 5-105 Networking diagram of tangent RRPP rings with multiple instances
UPE B UPE E
GE1/0/0 GE2/0/0 GE1/0/0 GE2/0/0
Domain 1 ring 1
GE2/0/0 GE1/0/0
GE1/0/0 GE1/0/1
Master 1 UPE F
UPE A UPE D Master 3
Master 2
CE GE1/0/0 GE2/0/0 GE2/0/1 GE2/0/0
VLAN 100-300
GE2/0/0 GE1/0/0 GE2/0/0 GE1/0/0

UPE C UPE G
domain 1
domain 2
domain 3
2. Add UPE A, UPE B, UPE C, and UPE D to ring 1 in domain 1 and ring 1 in domain 2.
3. Add UPE D, UPE E, UPE F, and UPE G to ring 1 in domain 3.
6. Configure the control VLAN in domain 3.
7. Configure UPE D as the master node and configure UPE A, UPE B, and UPE C as transit
nodes on ring 1 in domain 1 and ring 1 in domain 2.

8. Configure UPE F as the master node and configure UPE D, UPE E, and UPE G as transit
nodes on ring 1 in domain 3.
Data Preparation
l Instance IDs
Procedure
l Configure UPE A.

to 200 in domain 1.
<UPEA> system-view
to 300 in domain 2.


to 200 in domain 1.
<UPEB> system-view
to 300 in domain 2.

l Configure UPE C.

to 200 in domain 1.
<UPEC> system-view
to 300 in domain 2.

l Configure UPE D.

to 200 in domain 1.
<UPED> system-view
to 300 in domain 2.
# Create instance 3 and map it to control VLANs VLAN 20 and VLAN 21 in domain 3.
[UPED-mst-region] instance 3 vlan 20 21

l Configure UPE E.
# Create data VLANs 100 to 300 on UPE E.

[UPEE] vlan batch 100 to 300
to 300 in domain 3.
<UPEE> system-view
[UPEE] stp region-configuration
[UPEE-mst-region] instance 1 vlan 20 21 100 to 300

[UPEE-mst-region] active region-configuration
l Configure UPE F.
# Create data VLANs 100 to 300 on UPE F.

[UPEF] vlan batch 100 to 300
to 300 in domain 3.

<UPEF> system-view
[UPEF] stp region-configuration
[UPEF-mst-region] instance 1 vlan 20 21 100 to 300

[UPEF-mst-region] active region-configuration
l Configure UPE G.
# Create data VLANs 100 to 300 on UPE G.

[UPEG] vlan batch 100 to 300
to 300 in domain 3.
<UPEG> system-view
[UPEG] stp region-configuration
[UPEG-mst-region] instance 1 vlan 20 21 100 to 300

[UPEG-mst-region] active region-configuration
Oper configuration
Format selector :0
Revision level :0

0 1 to 4, 7 to 9, 12 to 99, 301 to 4094
1 5 to 6, 100 to 200
2 10 to 11, 201 to 300

l Configure UPE A.
<UPEA> system-view
<UPEB> system-view


l Configure UPE C.
<UPEC> system-view
l Configure UPE D.
<UPED> system-view
l Configure UPE E.
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE E. Configure
<UPEE> system-view
[UPEE] interface GigabitEthernet 1/0/0
[UPEE-GigabitEthernet1/0/0] port link-type trunk
[UPEE-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEE-GigabitEthernet1/0/0] stp disable
[UPEE-GigabitEthernet1/0/0] quit
[UPEE] interface GigabitEthernet 2/0/0
[UPEE-GigabitEthernet2/0/0] port link-type trunk
[UPEE-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 to 300
[UPEE-GigabitEthernet2/0/0] stp disable
[UPEE-GigabitEthernet2/0/0] quit

l Configure UPE F.
# Disable STP on the interfaces that need to be added to the RRPP ring on UPE F. Configure
<UPEF> system-view
[UPEF] interface GigabitEthernet 1/0/0
[UPEF-GigabitEthernet1/0/0] port link-type trunk
[UPEF-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEF-GigabitEthernet1/0/0] stp disable
[UPEF-GigabitEthernet1/0/0] quit
[UPEF] interface GigabitEthernet 2/0/0
[UPEF-GigabitEthernet2/0/0] port link-type trunk
[UPEF-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 to 300
[UPEF-GigabitEthernet2/0/0] stp disable
[UPEF-GigabitEthernet2/0/0] quit
l Configure UPE G.
# Disable the STP function on the interfaces to be added to the RRPP ring on UPE G. Configure
<UPEG> system-view
[UPEG] interface GigabitEthernet 1/0/0
[UPEG-GigabitEthernet1/0/0] port link-type trunk
[UPEG-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[UPEG-GigabitEthernet1/0/0] stp disable
[UPEG-GigabitEthernet1/0/0] quit
[UPEG] interface GigabitEthernet 2/0/0
[UPEG-GigabitEthernet2/0/0] port link-type trunk
[UPEG-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 to 300
[UPEG-GigabitEthernet2/0/0] stp disable
[UPEG-GigabitEthernet2/0/0] quit
l Configure UPE A.
<UPEA> system-view
<UPEA> system-view
<UPEB> system-view

<UPEB> system-view
l Configure UPE C.
<UPEC> system-view
<UPEC> system-view
l Configure UPE D.
<UPED> system-view
<UPED> system-view
# Configure the VLANs mapping instances 1 to 3 as the protected VLANs in domain 3.

Configure VLAN 20 as the control VLAN.
<UPED> system-view
[UPED-rrpp-domain-region3] protected-vlan reference-instance 1 2 3
l Configure UPE E.
# Configure VLAN 20 as the control VLAN in domain 3.

<UPEE> system-view
[UPEE] rrpp domain 3
[UPEE-rrpp-domain-region3] protected-vlan reference-instance 1
[UPEE-rrpp-domain-region3] control-vlan 20
[UPEE-rrpp-domain-region3] quit
l Configure UPE F.

<UPEF> system-view
[UPEF] rrpp domain 3
[UPEF-rrpp-domain-region3] protected-vlan reference-instance 1
[UPEF-rrpp-domain-region3] control-vlan 20
[UPEF-rrpp-domain-region3] quit
l Configure UPE G.

<UPEG> system-view
[UPEG] rrpp domain 3
[UPEG-rrpp-domain-region3] protected-vlan reference-instance 1
[UPEG-rrpp-domain-region3] control-vlan 20
[UPEG-rrpp-domain-region3] quit

l Configure UPE A.
ports on UPE A.
<UPEA> system-view
ports on UPE A.
<UPEA> system-view
ports on UPE B.
<UPEB> system-view
ports on UPE B.
<UPEB> system-view
l Configure UPE C.
ports on UPE C.
<UPEC> system-view


ports on UPE C.
<UPEC> system-view
l Configure UPE D.
# Configure UPE D as the master node of ring 1 in domain 1. Configure GE 1/0/0 as the primary
<UPED> system-view
[UPED-rrpp-domain-region1] ring 1 node-mode master primary-port GigabitEthernet
# Configure UPE D as the master node of ring 1 in domain 2. Configure GE 2/0/0 as the primary
<UPED> system-view
[UPED-rrpp-domain-region2] ring 1 node-mode master primary-port GigabitEthernet
ports on UPE D.
<UPED> system-view
l Configure UPE E.
# Configure UPE E as a transit node of ring 1 in domain 3 and specify primary and secondary
ports on UPE E.
<UPEE> system-view
[UPEE] rrpp domain 3
[UPEE-rrpp-domain-region3] ring 1 node-mode transit primary-port GigabitEthernet
[UPEE-rrpp-domain-region3] ring 1 enable
[UPEE-rrpp-domain-region3] quit
l Configure UPE F.
# Configure UPE F as the master node of ring 1 in domain 3. Configure GE 1/0/0 as the primary
<UPEF> system-view
[UPEF] rrpp domain 3
[UPEF-rrpp-domain-region3] ring 1 node-mode master primary-port GigabitEthernet

[UPEF-rrpp-domain-region3] ring 1 enable

[UPEF-rrpp-domain-region3] quit
l Configure UPE G.
# Configure UPE G as a transit node of ring 1 in domain 3 and specify primary and secondary
ports on UPE G.
<UPEG> system-view
[UPEG] rrpp domain 3
[UPEG-rrpp-domain-region3] ring 1 node-mode transit primary-port GigabitEthernet
[UPEG-rrpp-domain-region3] ring 1 enable
[UPEG-rrpp-domain-region3] quit

l Configure UPE A.

<UPEA> system-view
[UPEA] rrpp enable

<UPEB> system-view
[UPEB] rrpp enable
l Configure UPE C.

<UPEC> system-view
[UPEC] rrpp enable
l Configure UPE D.

<UPED> system-view
[UPED] rrpp enable
l Configure UPE E.

<UPEE> system-view
[UPEE] rrpp enable
l Configure UPE F.

<UPEF> system-view
[UPEF] rrpp enable
l Configure UPE G.

<UPEG> system-view
[UPEG] rrpp enable

perform the following operations to verify the configuration. Here, UPE D is taken for example.
l Run the display rrpp brief command on UPE D. The following information is displayed:
<UPED> display rrpp brief

Domain Index : 1
----------------------------------------------------------------------------
Domain Index : 2
----------------------------------------------------------------------------
Domain Index : 3
Protected VLAN : Reference Instance 1 to 3
----------------------------------------------------------------------------
The preceding information shows that the RRPP protocol is enabled on UPE D.
In domain 1:
UPE D is the master on ring 1; GE 1/0/0 is the primary port; GE 2/0/0 is the secondary port.
In domain 2:
UPE D is the master node on ring 1. The primary port is GE 2/0/0, and the secondary port is GE
1/0/0.
In domain 3:
VLAN 20 is the control VLAN and VLANs mapping instance 1 to 3 are the protected VLANs.
UPE D is a transit node on ring 1. The primary port is GE 1/0/1, and the secondary port is GE
2/0/1.
l Run the display rrpp verbose domain command on UPE D. You can obtain the following
results:
# View detailed information about UPE D in domain 1.

<UPED> display rrpp verbose domain 1

Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
UPE D is the master node in domain 1 and is in Complete state.

Domain Index : 2
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
UPE D is the master node in domain 2 and is in Complete state.

Domain Index : 3
Protected VLAN : Reference Instance 1 to 3
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
mapping instance 1 to 3 are the protected VLANs.
UPE D is a transit node in domain 3 and is in LinkUp state.

----End
Configuration Files
#
sysname UPEA
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return

#
sysname UPEB
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10

ring 1 enable
#
stp disable
#
stp disable
#
return

#
sysname UPEC
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 1
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
Return

#
sysname UPED
#
vlan batch 5 to 6 10 to 11 20 to 21 100 to 300
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5


ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1 2 3
ring 1 enable
#
stp disable
#
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
stp disable
#
stp disable
#
return
l Configuration file of UPE E

#
sysname UPEE
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
#
rrpp domain 3
control-vlan 20
ring 1 enable
#
stp disable
#
stp disable
#
return

l Configuration file of UPE F

#
sysname UPEF
#
#
rrpp enable
#
#
rrpp domain 3
control-vlan 20
ring 1 enable
#
stp disable
#
stp disable
#
return
l Configuration file of UPE G

#
sysname UPEG
#
#
rrpp enable
#
#
rrpp domain 3
control-vlan 20
ring 1 enable
#
stp disable
#
stp disable
#
return
5.5 Configuration Guide - Multicast

This document describes the multicast service supported by the S9300, including basic
knowledge, protocol implementation, configuration procedures, and configuration examples.

This document guides you through the configuration of the multicast service of the S9300.
5.5.1 Layer 2 Multicast Configuration
This chapter describes the procedures for configuring static Layer 2 multicast, multicast VLAN
replication, and IGMP snooping, and provides configuration examples.
5.5.2 IGMP Snooping Configuration
This chapter describes the procedure for configuring IGMP snooping and the commands for
maintaining IGMP snooping, and provides configuration examples.
5.5.3 IGMP Proxy Configuration
This chapter describes the procedure for configuring the IGMP proxy and the commands for
maintaining the IGMP proxy, and provides configuration examples.
5.5.4 IGMP Configuration
This chapter describes the procedure for configuring IGMP and commands for maintaining
IGMP, and provides configuration examples.
5.5.5 PIM-DM Configuration
This chapter describes the procedure for configuring PIM-DM on the IP network and the
commands for maintaining PIM-DM, and provides configuration examples.
5.5.6 PIM-SM Configuration
This chapter describes the procedure for configuring PIM-SM on the IP network and the
commands for maintaining PIM-SM, and provides configuration examples.
5.5.7 MSDP Configuration
This chapter describes the procedure for configuring MSDP and commands for maintaining
MSDP, and provides configuration examples.
5.5.8 Multicast Route Management
This chapter describes the principle of RPF, procedures for configuring multicast static routes
and forwarding policies, and commands for maintaining multicast static routes and forwarding
policies, and provides configuration examples.
5.5.1 Layer 2 Multicast Configuration

This chapter describes the procedures for configuring static Layer 2 multicast, multicast VLAN
replication, and IGMP snooping, and provides configuration examples.
Example for Configuring Static Layer 2 Multicast
As shown in Figure 5-106, GE 3/0/1 of the S9300 is connected to a router, and GE 1/0/1 of the
S9300 is connected to Host 3, Host 4, and Host 5. It is required that all the hosts in VLAN 3
should receive the multicast packets from the multicast group 225.0.0.1.

Figure 5-106 Networking diagram for configuring static Layer 2 multicast for a VLAN
DHCP server Multicast source
IP/MPLS core
GE3/0/1
S9300
GE1/0/1
VLAN3
Host3 Host4 Host5
1. Create a VLAN.
2. Add interfaces to the VLAN.
3. Add interfaces to the multicast group statically.
Data Preparation
l ID of the VLAN
l Type and number of each interface
l Address of the multicast group
Procedure
Step 1 Create a VLAN.
# Create VLAN 3 on the S9300.

<S9300> system-view
[S9300] vlan 3
[S9300-vlan3] quit

Step 2 Enable IGMP snooping.
Enable IGMP snooping globally and in VLAN 3.

[S9300] igmp-snooping enable
[S9300] vlan 3
[S9300-vlan3] igmp-snooping enable
[S9300-vlan3] quit
Step 3 Add interfaces to VLAN 3.
# Configure GE 1/0/1 on the S9300 to allow data frames from VLAN 3 to pass through.
[S9300-GigabitEthernet1/0/1] port hybrid tagged vlan 3
# Configure GE 3/0/1 on the S9300 to allow data frames from VLAN 3 to pass through.
Step 4 Add GE 1/0/1 to the multicast group 225.0.0.1 statically.

[S9300-GigabitEthernet1/0/1] l2-multicast static-group group-address 225.0.0.1
vlan 3
Run the display l2-multicast forwarding-table vlan command on the S9300. You can view
information about the outgoing interface of the multicast group 225.0.0.1.
<S9300> display l2-multicast forwarding-table vlan 3
VLAN ID : 3, Forwarding Mode : IP
-----------------------------------------------------------------------
(Source, Group) Interface Out-Vlan
-----------------------------------------------------------------------
(*, 225.0.0.1) GigabitEthernet1/0/1 3
-----------------------------------------------------------------------
Total Group(s) : 1
The preceding output shows that GE 1/0/1 is added to the multicast group 225.0.0.1.
----End
Configuration Files
l Configuration file of the S9300
#
sysname S9300
#
vlan batch 3
#
igmp-snooping enable
#
vlan 3
#
l2-multicast static-group group-address 225.0.0.1 vlan 3
#

#
return
Example for Configuring Multicast VLAN Replication
As shown in Figure 5-107, GE 3/0/1 of the S9300 is connected to a router, and is added to VLAN
3. GE 1/0/2 and GE 1/0/3 of the S9300 are connected to hosts, and are respectively added to
VLAN 100 and VLAN 200. It is required that the four hosts connected to the S9300 should
receive the multicast flow from the multicast groups 225.0.0.1 to 225.0.0.3. VLAN 3 is the
multicast VLAN; VLAN 100 and VLAN 200 are user VLANs.
Figure 5-107 Networking diagram for configuring multicast VLAN replication on the S9300
IP/MPLS core
VLAN3 GE3/0/1
S9300
GE1/0/2 GE1/0/3
VLAN100 VLAN200
1. Create a multicast VLAN.

2. Create user VLANs.
3. Configure the mapping between the multicast VLAN and the user VLANs.
4. Configure the VLAN that the interfaces of the S9300 belong to and static multicast entries.
Data Preparation

l Interface connected to the router and the VLAN that the interface belongs to
l Interfaces connected to hosts and the VLANs that the interfaces belong to
l IP address of the multicast group in entries of the static multicast VLAN
Procedure
Step 1 Create a multicast VLAN.
<S9300> system-view
[S9300] vlan 3
[S9300-vlan3] multicast-vlan enable
[S9300-vlan3] quit
Step 2 Create user VLANs.

[S9300] vlan batch 100 200
Step 3 Configure the mapping between the multicast VLAN and the user VLANs.
[S9300] vlan 3
[S9300-vlan3] multicast-vlan user-vlan 100 200
[S9300-vlan3] quit
Step 4 Configure the VLAN that the interfaces of the S9300 belong to and static multicast entries.
# Allow packets from VLAN 3 to pass through GE 3/0/1.
# Add GE 1/0/2 to VLAN 100 and add the interface to the multicast groups.
vlan 100
vlan 100
vlan 100
# Add GE 1/0/3 to VLAN 200 and add the interface to the multicast groups.
vlan 200
vlan 200
vlan 200

Run the display l2-multicast forwarding-table vlan command on the S9300. You can view
the configuration of static entries of the multicast VLAN.
--------------------------------------------------------------------
(Source, Group) Status Age Index Port-cnt
--------------------------------------------------------------------
(*, 225.0.0.1) Ok No 0 1

(*, 225.0.0.2) Ok No 1 1
(*, 225.0.0.3) Ok No 2 1
--------------------------------------------------------------------
Total Entry(s) : 3
----End
Configuration Files
#
sysname S9300
#
#
#
vlan 3
multicast-vlan enable
multicast-vlan user-vlan 100 200
vlan 100
vlan 200
#
#
#
#
return
5.5.2 IGMP Snooping Configuration

This chapter describes the procedure for configuring IGMP snooping and the commands for
maintaining IGMP snooping, and provides configuration examples.
Example for Configuring IGMP Snooping
As shown in Figure 5-108, GE 3/0/1 of the S9300 is connected to a router on the multicast
source side, and GE 1/0/1 is connected to hosts. You are required to configure IGMP snooping
to ensure that three hosts in VLAN 3 can receive multicast data from multicast groups in the
range of 225.1.1.1 to 225.1.1.3 permanently.

Figure 5-108 Networking diagram for configuring VLAN-based IGMP snooping
IP/MPLS core
GE3/0/1
S9300
GE1/0/1
VLAN3
Host3 Host4 Host5
2. Enable IGMP snooping globally and in the VLAN.
3. Configure a static router interface.
4. Configure static multicast groups 225.1.1.1, 225.1.1.2, and 225.1.1.3.
Data Preparation
l ID of the VLAN that GE 1/0/1 and GE 3/0/1 belong to: VLAN 3
l Static router interface: GE 3/0/1
l Addresses of static multicast groups: 225.1.1.1, 225.1.1.2, 225.1.1.3
Procedure
<S9300> system-view
[S9300] vlan 3
[S9300-vlan3] quit

Step 2 Enable IGMP snooping.

# Enable IGMP snooping globally.
# Enable IGMP snooping in VLAN 3.

[S9300] vlan 3
[S9300-vlan3] quit
Step 3 Configure GE 3/0/1 as the static router interface of VLAN 3.

[S9300-GigabitEthernet3/0/1] igmp-snooping static-router-port vlan 3
Step 4 Configure static multicast groups.

vlan 3
vlan 3
vlan 3

# Check all configurations of IGMP snooping.
<S9300> display igmp-snooping vlan configuration
IGMP Snooping Configuration for VLAN 3
According to the preceding information, the IGMP snooping of the VLAN is enabled.
# Check the configuration of the static router interface.
Run the display igmp-snooping router-port vlan 3 command on the S9300.
<S9300> display igmp-snooping router-port vlan 3
Port Name UpTime Expires Flags
---------------------------------------------------------------------
VLAN 3, 1 router-port(s)
GE3/0/1 2d:10h 00:01:02 STATIC
According to the preceding information, GE 3/0/1 is configured as a static router interface.

# Verify the information about member interfaces of a static multicast group.
<S9300> display igmp-snooping port-info
VLAN 3, 3 Entry(s)
-----------------------------------------------------------------------
(Source, Group) Port Flag
-----------------------------------------------------------------------
(1.1.1.1,225.1.1.1) GE1/0/4
S--
1 port(s)
(1.1.1.1,225.1.1.2) GE1/0/4 S--
1 port(s)
(1.1.1.1,225.1.1.3) GE1/0/4 S--
1 port(s)

According to the preceding information, multicast groups 225.1.1.1 to 225.1.1.3 are configured
with static forwarding entries.
# View the multicast forwarding table.

-----------------------------------------------------------------------
(Source, Group) Interface Out-Vlan
-----------------------------------------------------------------------
Router-port GigabitEthernet3/0/1 3
-----------------------------------------------------------------------
Total Group(s) : 3
The preceding information shows the VLAN ID and outgoing interface mapping the data from
multicast groups 225.1.1.1 to 225.1.1.3.
----End
Configuration Files
#
sysname S9300
#
vlan batch 3
#
#
vlan 3
#
#
igmp-snooping static-router-port vlan 3
#
return
5.5.3 IGMP Proxy Configuration

This chapter describes the procedure for configuring the IGMP proxy and the commands for
maintaining the IGMP proxy, and provides configuration examples.
Example for Configuring the Static Router Interface
As shown in Figure 5-109, the S9300 is connected to a router and multiple hosts. IGMP runs
on the router. The S9300 should send multicast packets to each host steadily for a long time. In
this case, you can configure a static router interface.

Figure 5-109 Networking diagram for configuring a static router interface

Multicast source
DHCP server
IP/MPLS core
GE3/0/1
S9300
GE1/0/2
GE1/0/3
VLAN100
Host1 Host2
1. Create VLAN 100 and add GE 1/0/2, GE 1/0/3, and GE 3/0/1 to VLAN 100.
2. Enable IGMP proxy globally.
3. Configure GE 3/0/1 as a static router interface in VLAN 100.
4. Enable IGMP proxy for VLAN 100.
Data Preparation
l Sstatic router interface: GE 3/0/1
l VLAN that Host1 and Host2 belong to: VLAN 100
Procedure
# Create VLAN 100.
<S9300> system-view
[S9300] vlan 100
[S9300] quit

# Add GE 1/0/2, GE 1/0/3, and GE 3/0/1 to VLAN 100. The configurations of GE 1/0/3 and GE
3/0/1 are similar to the configuration of GE 1/0/2, and are not mentioned here.
Step 2 Enable IGMP proxy.
# Enable IGMP proxy globally.

[S9300] igmp-proxy enable
# Enable IGMP proxy for VLAN 100.

[S9300] vlan 100
[S9300-vlan100] igmp-proxy enable
[S9300-vlan100] quit
Step 3 Configure GE 3/0/1 as a static router interface in VLAN 100.

[S9300-GigabitEthernet3/0/1] igmp-proxy static-router-port vlan 100
Run the display igmp-proxy router-port command on the S9300.

[S9300] display igmp-proxy router-port vlan 100
---------------------------------------------------------------------
GigabitEthernet3/0/1 2d:10h -- STATIC
As shown in the preceding output, GE 3/0/1 is configured as a static router interface.
----End
Configuration Files
#
sysname S9300
#
igmp-proxy enable
#
vlan batch 100
#
vlan 100
igmp-proxy enable
#
#
#
igmp-proxy static-router-port vlan 100
#
return
Example for Configuring a Multicast Policy

As shown in Figure 5-110, three hosts are all in VLAN3. You are required to configure data to
ensure that the three hosts cannot receive data from multicast group 225.0.0.10.
Figure 5-110 Networking diagram for configuring a multicast group policy
DHCP server
Multicast source
IP/MPLS core
GE3/0/1
S9300
GE1/0/5
VLAN3
Host3 Host4 Host5
2. Enable IGMP proxy globally and in the VLAN.
3. Configure a multicast group policy the VLAN.
Data Preparation
l VLAN that Host3, Host4, and Host5 belong to: VLAN 3
l Address of multicast groups that Host3, Host4, and Host5 can join: 225.0.0.10
Procedure
# Create VLAN 3.

<S9300> system-view
[S9300] vlan 3
[S9300] quit
# Add GE 1/0/5 to GE 3/0/1 to VLAN 3.



[S9300] vlan 3
[S9300-vlan3] quit
Step 3 Configure a multicast group policy for VLAN3.

Create an ACL.
[S9300] acl 2000
[S9300-acl-basic-2000] rule deny source 225.0.0.10 0
[S9300-acl-basic-2000] quit
# Configure a multicast group policy.

[S9300] vlan 3
[S9300-vlan3] igmp-proxy group-policy 2000
[S9300-vlan3] quit

Send IGMP Report messages from Host3, Host4, or Host5 to multicast group 225.0.0.10, and
then run the display igmp-proxy port-info on the S9300. You can view information about the
outgoing interface of the multicast group.
[S9300] display igmp-proxy port-info vlan 3
Group LiveTime Port Host PortList Flag
-----------------------------------------------------------------------
IGMP Proxy Group Port Information on VLAN 3 (Total 1 Groups)
225.0.0.2 00:01:06 1 1 GigabitEthernet1/0/5 -D-
According to the preceding information, no information about the outgoing interface of multicast
group 225.0.0.10 is displayed. It indicates that GE 1/0/5 does not join the multicast group
225.0.0.10.
----End
Configuration Files
#
sysname S9300
#
igmp-proxy enable
#
vlan batch 3
#

vlan 3
igmp-proxy enable
igmp-proxy group-policy 2000
#
acl number 2000
rule 5 deny source 225.0.0.10 0
#
#
#
return
Example for Configuring Prompt Leaving of Interfaces in VLAN
As shown in Figure 5-111, GE 1/0/3 and GE 1/0/4 of the S9300 are connected to only one host
respectively. Other hosts connected to the two interfaces do not need to receive multicast packets.
Therefore, when receiving IGMP Leave messages from the two interfaces, the S9300 deletes
the forwarding entries of the multicast group that the hosts leave, without waiting for the timeout
of the aging timer. This saves the bandwidth and system resources.
Figure 5-111 Networking diagram for configuring prompt leave for interfaces in a VLAN
IP/MPLS core
VLAN3 GE3/0/1
S9300
GE1/0/3 GE1/0/4
Host1 Host2 Host3 Host4 Host5


2. Enable IGMP proxy globally and in the VLAN.
3. Enable prompt leave for interfaces
Data Preparation
l ID of the VLAN where prompt leave is enabled: 3
Procedure
# Create VLAN3 on the S9300.

<S9300> system-view
[S9300] vlan 3
[S9300] quit
# Add GE 1/0/3, GE 1/0/4, and GE 3/0/1 to VLAN3. The configurations of GE 1/0/4 and GE
3/0/1 are similar to the configuration of GE 1/0/3, and are not mentioned here.

# Enable IGMP proxy for VLAN3.

[S9300] vlan 3
Step 3 Configure prompt leave for interfaces in VLAN3.

[S9300-vlan3] igmp-proxy prompt-leave
Run the display igmp-proxy command on the S9300.

[S9300] display igmp-proxy vlan 3
IGMP Proxy Information for VLAN 3
IGMP Proxy is Enable
IGMP Version is Set to default 2
IGMP Query Interval is 300
IGMP Max Response Interval is 24
IGMP Robustness is 3
IGMP Last Member Query Interval is 5
IGMP Router Port Aging Interval is 800
IGMP Filter Group-Policy 2000
IGMP Prompt Leave Enable
IGMP Require Router Alert
IGMP Send Router Alert Enable
According to the preceding information, "IGMP Prompt Leave Enable" indicates that the
configuration of prompt leave for interface in VLAN 3 succeeds.
----End

Configuration Files
#
sysname S9300
#
igmp-proxy enable
#
vlan batch 3
#
vlan 3
igmp-proxy enable
igmp-proxy prompt-leave
#
#
#
#
return
Example for Configuring VLAN-based IGMP Proxy
On the network as shown in Figure 5-112, GE 3/0/1 of the S9300 is connected to a multicast
router. GE 1/0/1, GE 1/0/2, and GE 1/0/3 are connected to hosts. You are required to configure
IGMP proxy on the S9300 to ensure that:
l Two hosts in VLAN 100 can receive multicast data continuously for a long time.
l Two hosts in VLAN 200 do not receive multicast data from the multicast group 225.0.0.10.
l Only the host Host 5 in VLAN 300 receives multicast data and is required to release
bandwidth and system resources rapidly.

Figure 5-112 Networking of VLAN-based IGMP proxy
IP/MPLS core
GE3/0/1
S9300
GE1/0/1 GE1/0/3
GE1/0/2
Host1 Host2 Host3 Host4 Host5 Host6

VLAN100 VLAN200 VLAN300
1. Create VLANs and add interfaces to the VLANs.
2. Enable IGMP proxy globally and in the multicast VLAN.
3. Enable multicast VLAN replication.
4. Configure a static router interface.
5. Configure a multicast group policy for VLAN 200.
6. Configure prompt leave for interfaces in VLAN 300.
Data Preparation
l Number of each interface and ID of the VLAN that each interface belongs to
l Static router interface: GE 3/0/1
l IP address of the multicast group that hosts in VLAN 200 cannot join: 225.0.0.10
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<S9300> system-view
[S9300] vlan batch 10 100 200 300

[S9300] interface gigabiethernet 1/0/1


[S9300] vlan 10
Step 3 Enable multicast VLAN replication. VLAN 10 is a multicast VLAN, and VLAN 100, VLAN
200, and VLAN 300 are user VLANs.
[S9300] vlan 10
[S9300-vlan10] multicast-vlan enable
[S9300-vlan10] multicast-vlan user-vlan 100 200 300
[S9300-vlan10] quit
Step 4 Configure GE 3/0/1 as the static router interface in VLAN10.

[S9300-GigabitEthernet3/0/1] igmp-proxy static-router-port vlan 10
Step 5 Configure a multicast group policy in VLAN 200 to prohibit hosts from joining the multicast
group 225.0.0.10.
Create an ACL.
[S9300] acl 2008
[S9300-acl-basic-2008] rule deny source 225.0.0.10 0
[S9300-acl-basic-2008] quit
# Configure a multicast group policy.

[S9300] vlan 200
[S9300-vlan200] igmp-proxy group-policy 2008
Step 6 Configure prompt leave for interfaces in VLAN 300.

[S9300] vlan 300
[S9300-vlan300] igmp-proxy prompt-leave

# Check replication of the multicast VLAN.
<S9300> display multicast-vlan
Multicast-Vlan 10 IGMP-Proxy state: Enable
Total entry 3 matched on vlan 10
User-Vlan: 100 200 300
According to the preceding information, VLAN 10 is the multicast VLAN and the corresponding
user VLANs are VLAN 100, VLAN 200, and VLAN 300.
# Check the configuration of the static router interface.

Run the display igmp-proxy router-port command on the S9300.

[S9300] display igmp-proxy router-port vlan 10
---------------------------------------------------------------------
GigabitEthernet3/0/1 2d:10h -- STATIC
According to the preceding information, GE 3/0/1 is configured as a static router interface.

# Hosts in VLAN 200 does not receive multicast packets from multicast group 225.0.0.10.
Send IGMP Report messages from Host3, Host4, or Host5 to multicast group 225.0.0.10, and
then run the display igmp-proxy port-info on the S9300. You can view information about the
outgoing interface of the multicast group.
[S9300] display igmp-proxy port-info vlan 3
Group LiveTime Port Host PortList Flag
-----------------------------------------------------------------------
IGMP Proxy Group Port Information on VLAN 10 (Total 1 Groups)
225.0.0.2 00:00:06 1 1 GigabitEthernet1/0/2 -D-
According to the preceding information, no information about the outgoing interface of multicast
group 225.0.0.10 is displayed. It indicates that GE 1/0/5 does not join the multicast group
225.0.0.10.
----End
Configuration Files
#
sysname S9300
#
vlan batch 10 100 200 300
#
igmp-proxy enable
#
vlan 10
igmp-proxy enable
multicast-vlan enable
multicast-vlan user-vlan 100 200 300
#
vlan 100
igmp-proxy enable
#
vlan 200
igmp-proxy enable
igmp-proxy group-policy 2008
#
vlan 300
igmp-proxy enable
igmp-proxy prompt-leave
#
acl number 2008
rule 5 deny source 225.0.0.10 0
#
#
#
#


igmp-proxy static-router-port vlan 10
#
return
5.5.4 IGMP Configuration

This chapter describes the procedure for configuring IGMP and commands for maintaining
IGMP, and provides configuration examples.
Example for Configuring Basic IGMP Functions
On the network as shown in Figure 5-113, the unicast routing function is normal. You are
required to implement multicast on the network to enable hosts to receive the Video On Demand
(VOD) information.
When the hosts connected to a certain interface need to receive a popular program for a long
time, you can add the interface to a multicast group statically. As shown in the following figure,
if HostA needs to receive the multicast data from the multicast group 225.1.1.1 for a long time,
you need to add GE 1/0/0 on the S9300-A to the multicast group 225.1.1.1 statically.
Figure 5-113 Networking diagram for configuring basic IGMP functions
Ethernet
HostA
S9300-A
Receiver
GE2/0/0 GE1/0/0 N1
HostB
S9300-B
GE1/0/0 Leaf network
GE2/0/0
PIM network HostC

S9300-C Receiver
GE1/0/0 N2
GE2/0/0 HostD
Ethernet
Switch Physical interface VLANIF interface IP address

S9300-A GE 1/0/0 VLANIF 10 10.110.1.1/24
GE 2/0/0 VLANIF 11 192.168.1.1/24
S9300-B GE 1/0/0 VLANIF 20 10.110.2.1/24
GE 2/0/0 VLANIF 21 192.168.2.1/24
S9300-C GE 1/0/0 VLANIF 30 10.110.3.1/24
GE 2/0/0 VLANIF 31 192.168.3.1/24

1. Enable multicast on all S9300s providing multicast services.

2. Enable PIM-SM on all the interfaces on S9300.
3. Enable IGMP on the interfaces on hosts side.
4. Add VLANIF 10 on S9300-A to the multicast group 225.1.1.1 statically.
Data Preparation
l Version of IGMP running between S9300s and hosts

l Static multicast group address: 225.1.1.1
NOTE
This configuration example describes only the commands used to configure IGMP.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol on each S9300.
Configure the IP address and mask of each interface according to Figure 5-113. Configure OSPF
to ensure the communication between S9300-A, S9300-B, and S9300-C on the network layer,
and to ensure the dynamic update through the unicast routing protocol.
For how to configure IP addresses of interfaces, see Assigning an IP address to an Interface

in the Quidway S9300 Terabit Routing Switch Configuration Guide - Basic Configurations. For
how to configure OSPF, see OSPF Configuration in theQuidway S9300 Terabit Routing
Switch Configuration Guide - IP Routing.
Step 2 Enable multicast on all S9300s and PIM-SM on all interfaces.
# Enable multicast on S9300-A and enable PIM-SM on all interfaces. The configurations of
S9300-B and S9300-C are similar to the configuration of S9300-A, and are not mentioned here.
[S9300-A] multicast routing-enable
[S9300-A-Vlanif10] pim sm
Step 3 Enable IGMP on the interfaces connected to hosts.
# Enable IGMP on VLANIF 10 on S9300-A and configure the IGMP version as IGMPv2. The
configurations of S9300-B and S9300-C are similar to the configuration of S9300-A, and are
not mentioned here.
NOTE
By default, IGMPv2 is used and you do not need to set the IGMP version here. To use other IGMP versions,
run the igmp version command to set the version.
[S9300-A-Vlanif10] igmp enable

[S9300-A-Vlanif10] igmp version 2

Step 4 Add VLANIF 10 on S9300-A to the multicast group 225.1.1.1 statically. In this manner, the
hosts connected to VLANIF 10 can steadily receive the multicast data sent to the multicast group
225.1.1.1.
[S9300-A-Vlanif10] igmp static-group 225.1.1.1

# Run the display igmp interface command. You can check the configuration and running status
of IGMP on each interface. For example, the information about IGMP on VLANIF 10 of
S9300-A is as follows:
<S9300-A> display igmp interface vlanif 10
Vlanif 10(10.110.1.1):
IGMP is enabled
Current IGMP version is 2
IGMP state: up
IGMP group policy: none
IGMP limit: -
Value of query interval for IGMP (negotiated): -
Value of query interval for IGMP (configured): 60 s
Value of other querier timeout for IGMP: 0 s
Value of maximum query response time for IGMP: 10 s
Querier for IGMP: 10.110.1.1 (this router)
# Run the display igmp routing-table command on S9300-A. You can check whether VLANIF
10 is added to the multicast group 225.1.1.1 statically. If the (*, 225.1.1.1) entry exists on
S9300-A, the downstream interface is VLANIF 10, and the protocol type is STATIC, you can
infer that VLANIF 10 is added to the multicast group 225.1.1.1 statically.
<S9300-A> display igmp routing-table
Routing table of VPN-Instance: public net
Total 1 entry
00001. (*, 225.1.1.1)
List of 1 downstream interface
Vlanif10 (10.110.1.1),
Protocol: STATIC
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 11
#
#
interface vlanif 10
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
igmp static-group 225.1.1.1
#
interface vlanif 11
ip address 192.168.1.1 255.255.255.0
pim sm
#
#


#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
vlan batch 20 21
#
#
interface vlanif 20
ip address 10.110.2.1 255.255.255.0
pim sm
igmp enable
#
interface vlanif 21
ip address 192.168.2.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return

#
sysname S9300-C
#
vlan batch 30 31
#
#
interface vlanif 30
ip address 10.110.2.2 255.255.255.0
pim sm
igmp enable
#
interface vlanif 31
ip address 192.168.3.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return

Example for Configuring SSM Mapping
On the multicast network as shown in Figure 5-114, PIM-SM is run and ASM and SSM models
are used to provide multicast services. IGMPv3 is run on the interface on the S9300 connected
to the Receiver. The IGMP version on the Receiver is IGMPv2 and cannot be upgraded to
IGMPv3.
The range of SSM group addresses on the current network is 232.1.1.0/24. S1, S2, and S3 send
multicast data to the multicast group whose IP address is in this range. The Receiver receives
the multicast data only from S1 and S3.
Solution: Configure SSM mapping on S9300-D.
Figure 5-114 Networking of the SSM mapping configuration

S2 S3
133.133.2.1/24 S9300-B S9300-C 133.133.3.1/24
GE1/0/0 GE3/0/0 GE3/0/0 GE1/0/0
GE2/0/0 GE2/0/0
PIM-SM
S1 Receiver
133.133.1.1/24 GE2/0/0 GE2/0/0 133.133.4.1/24
GE1/0/0 GE1/0/0
GE3/0/0 GE3/0/0
S9300-A
S9300-D
Switch Physical interfaces VLANIF interface IP address

S9300-A GE 1/0/0 VLANIF 10 133.133.1.2/24
GE 2/0/0 VLANIF 20 192.168.1.1/24
GE 3/0/0 VLANIF 30 192.168.4.2/24
S9300-B GE 1/0/0 VLANIF 11 133.133.2.2/24
GE 2/0/0 VLANIF 20 192.168.1.2/24
GE 3/0/0 VLANIF 31 192.168.2.1/24
S9300-C GE 1/0/0 VLANIF 12 133.133.3.2/24
GE 2/0/0 VLANIF 21 192.168.3.1/24
GE 3/0/0 VLANIF 31 192.168.2.2/24
S9300-D GE 1/0/0 VLANIF 13 133.133.4.2/24
GE2/0/0 VLANIF 21 192.168.3.2/24
GE 3/0/0 VLANIF 30 192.168.4.1/24
1. Enable SSM mapping on the interfaces of the S9300s connected to hosts.

2. Set the range of SSM group addresses on all the S9300s in the PIM-SM domain.
3. Configure the static SSM mapping rules on the S9300s where SSM mapping is enabled.
Data Preparation
l Range of SSM multicast groups

l IP addresses of Source 1 and Source 3
NOTE
This configuration example describes only the commands used to configure SSM mapping.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
Step 2 Configure the IP address of each VLANIF and the unicast routing protocol according to Figure
5-114.
Step 3 Enable IGMP and SSM mapping on the interfaces connected to hosts.
[S9300-D] multicast routing-enable
[S9300-D-Vlanif10] igmp enable
[S9300-D-Vlanif10] igmp version 3
[S9300-D-Vlanif10] igmp ssm-mapping enable
Step 4 Configure the range of SSM group addresses.
# Set the range of SSM group addresses to 232.1.1.0/24 on all S9300s. The configurations of
S9300-B, S9300-C, and S9300-D are similar to configuration of S9300-A, and are not mentioned
here.
[S9300-A] acl number 2000
[S9300-A-acl-basic-2000] rule permit source 232.1.1.0 0.0.0.255
[S9300-A-acl-basic-2000] quit
[S9300-A] pim
[S9300-A-pim] ssm-policy 2000
Step 5 Configure static SSM mapping rules on the S9300s connected to hosts.
# Map the multicast group in the range of 232.1.1.0/24 to Source 1 and Source 3.
[S9300-D] igmp
[S9300-D-igmp] ssm-mapping 232.1.1.0 24 133.133.1.1
[S9300-D-igmp] ssm-mapping 232.1.1.0 24 133.133.3.1
# Check the information about SSM mapping of specific sources and group addresses on S9300s.
<S9300-D> display igmp ssm-mapping group
IGMP SSM-Mapping conversion table of VPN-Instance: public net
Total 2 entries
Total 2 entries matched
00001. (133.133.1.1, 232.1.1.0)
00002. (133.133.3.1, 232.1.1.0)
# The Receiver joins the group 232.1.1.1.

# Run the display igmp group ssm-mapping command to view the information about the
specific sources or group addresses on the S9300s. Take the information about the specific source
or group address on S9300-D for example:
<S9300-D> display igmp group ssm-mapping
IGMP SSM mapping interface group report information of VPN-Instance: public net
Vlanif10 (133.133.4.2):
Total 1 IGMP SSM-Mapping Group reported
Group Address Last Reporter Uptime Expires
232.1.1.1 133.133.4.1 00:01:44 00:00:26
<S9300-D> display igmp group ssm-mapping verbose

Interface group report information of VPN-Instance: public net
Vlanif10 (133.133.4.2):
Total entry on this interface: 1
Total 1 IGMP SSM-Mapping Group reported
Group: 232.1.1.1
Uptime: 00:01:52
Expires: 00:00:18
Last reporter: 133.133.4.1
Last-member-query-counter: 0
Last-member-query-timer-expiry: off
Group mode: exclude
Version1-host-present-timer-expiry: off
Version2-host-present-timer-expiry: 00:00:17
# Run the display pim routing-table command to view the PIM-SM multicast routing table on
an S9300. Take the information displayed on S9300-D for example:
<S9300-D> display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 2 (S, G) entries
(133.133.1.1, 232.1.1.1)
RP: 192.168.3.2
Protocol: pim-sm, Flag:
UpTime: 00:11:25
1: Vlanif13
Protocol: igmp, UpTime: 00:11:25, Expires:-
(133.133.3.1, 232.1.1.1)
RP: 192.168.3.2
Protocol: pim-sm, Flag:
UpTime: 00:11:25
1: Vlanif13
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20 30
#

#
acl number 2000
#
interface vlanif 10
ip address 133.133.1.2 255.255.255.0
pim sm
#
interface vlanif 20
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface vlanif 30
ip address 192.168.4.2 255.255.255.0
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 133.133.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
#
sysname S9300-B
#
vlan batch 11 20 31
#
#
acl number 2000
#
interface vlanif 11
ip address 133.133.2.2 255.255.255.0
pim sm
#
interface vlanif 20
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface vlanif 31
ip address 192.168.2.1 255.255.255.0
pim sm
#
#
#
#
ospf 1
area 0.0.0.0

network 133.133.2.0 0.0.0.255

network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
#
sysname S9300-C
#
vlan batch 12 21 31
#
#
acl number 2000
#
interface vlanif 12
ip address 133.133.3.2 255.255.255.0
pim sm
#
interface vlanif 21
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface vlanif 31
ip address 192.168.2.2 255.255.255.0
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 133.133.3.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
#
sysname S9300-D
#
vlan batch 13 21 30
#
#
interface vlanif 13
ip address 133.133.4.2 255.255.255.0
pim sm
igmp enable
igmp version 3
igmp ssm-mapping enable
#
interface vlanif 21
ip address 192.168.3.2 255.255.255.0
pim sm

#
interface vlanif 30
ip address 192.168.4.1 255.255.255.0
pim sm
#
#
#
#
pim
c-bsr vlanif30
c-rp vlanif30
ssm-policy 2000
#
acl number 2000
#
igmp
ssm-mapping 232.1.1.0 255.255.255.0 133.133.1.1
ssm-mapping 232.1.1.0 255.255.255.0 133.133.3.1
#
return
5.5.5 PIM-DM Configuration

This chapter describes the procedure for configuring PIM-DM on the IP network and the
commands for maintaining PIM-DM, and provides configuration examples.
Example for Configuring the PIM-DM Network
On the experiment network shown in Figure 5-115, multicast is deployed. The unicast routes
work normally. The S9300s on the network need to be configured properly so that hosts can
receive the VOD information in multicast mode.

Figure 5-115 Networking diagram for configuring basic PIM-DM functions
S9300-A Ethernet
Receiver
GE2/0/0
Ethernet HostA
GE1/0/0 N1
PIM-DM
Source GE3/0/0 Leaf network
GE4/0/0
GE1/0/0 GE2/0/0
S9300-D
GE1/0/0 N2
GE2/0/0 S9300-B
GE1/0/0 Receiver
HostB
GE2/0/0
Ethernet
S9300-C

S9300-A GE 1/0/0 VLANIF 100 192.168.1.1/24
GE 2/0/0 VLANIF 101 10.110.1.1/24
S9300-B GE 1/0/0 VLANIF 200 192.168.2.1/24
GE 2/0/0 VLANIF 102 10.110.2.1/24
S9300-C GE 1/0/0 VLANIF 300 192.168.3.1/24
GE 2/0/0 VLANIF 102 10.110.2.2/24
S9300-D GE 1/0/0 VLANIF 200 192.168.2.2/24
GE 2/0/0 VLANIF 300 192.168.3.2/24
GE 3/0/0 VLANIF 100 192.168.1.2/24
GE 4/0/0 VLANIF 103 10.110.5.1/24
In a small-scale experiment network, PIM-DM is adopted to configure multicast. Enable PIM
silent on the VLANIF interfaces of S9300-A to protect S9300-A from Hello message attacks.
1. Enable multicast on the S9300.

2. Enable PIM-DM on each interface.
3. Enable PIM silent and configure IGMP on the VLANIF interfaces connected to hosts.
Data Preparation
l Address of multicast group G: 225.1.1.1/24

l Address of multicast group S: 10.110.5.100/24
l Version of the IGMP protocol running between routers and hosts: IGMPv2
NOTE
This configuration example describes only the commands used to configure PIM-DM.

Procedure
Step 1 Enable multicast on all S9300s and enable PIM-DM on all interfaces.
# Enable multicast on S9300-A and enable PIM-DM on each interface. The configurations of
S9300-B, S9300-C, and S9300-D are similar to the configuration of S9300-A, and are not
mentioned here.
[S9300-A-Vlanif100] pim dm
Step 2 Configure the interfaces connected to hosts to be PIM silent and configure IGMP on the interface.
# On S9300-A, configure the vlanif interfaces connected to hosts to be PIM silent, and configure
IGMP on the interface. The configurations of S9300-B, S9300-C, and S9300-D are similar to
[S9300-A-Vlanif101] pim slient

# Run the display pim interface command to view the configuration and operating of PIM on
the router interface. The display of the PIM configuration on S9300-D is as follows:
<S9300-D> display pim interface
Interface NbrCnt HelloIntDR-PriDR-Address
Vlanif103 0301 10.110.5.1(local)
Vlanif100 1301 192.168.1.2(local)
Vlanif200 1301 192.168.2.2(local)
Vlanif300 1301 192.168.3.2(local)
# Run the display pim neighbor command to check the PIM neighbor relation between the
S9300s. The display of the PIM neighbor relation S9300-D is as follows:
<S9300-D> display pim neighbor
Total Number of Neighbors = 3
Neighbor Interface Uptime Expires Dr-Priority BFD-

Session
192.168.1.1 Vlanif100 00:02:22 00:01:27 1
N
192.168.2.1 Vlanif200 00:00:22 00:01:29 1
N
192.168.3.1 Vlanif300 00:00:23 00:01:31 1 N
# Run the display pim routing-table command to view the PIM multicast routing table on the
S9300. Assume that HostA needs to receive the information about multicast group G
225.1.1.1/24. When sending multicast packets to multicast group G, multicast source S
10.110.5.100/24 generates an SPT through flooding and the (S, G) entries exist on S9300-A and
S9300-D that are in the SPT. When HostA joins multicast group G, an (*, G) entry is generated
on S9300-A. The information displayed on S9300-B and S9300-C is similar to the information
displayed on S9300-A. The displayed information is as follows:
<S9300-A> display pim routing-table

(*, 225.1.1.1)
UpTime: 03:54:19
1: Vlanif101
Protocol: igmp, UpTime: 01:38:19, Expires: never
(10.110.5.100, 225.1.1.1)
UpTime: 00:00:44
1: Vlanif101

(10.110.5.100, 225.1.1.1)
Protocol: pim-dm, Flag: LOC ACT
UpTime: 01:35:25
1: Vlanif100
2: Vlanif200
----End
Configuration Files
#
sysname S9300-A
#
#
vlan batch 100 101
#
interface vlanif 100
ip address 192.168.1.1 255.255.255.0
pim dm
#
ip address 10.110.1.1 255.255.255.0
pim dm
pim silent
igmp enable
#
port hybrid tagged vlanif 100
#


#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 10.110.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
#
vlan batch 200 102
#
ip address 10.110.2.1 255.255.255.0
pim dm
igmp enable
#
ip address 192.168.2.1 255.255.255.0
pim dm
#
#
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 10.110.2.0 0.0.0.255
#
return

#
sysname S9300-C
#
#
vlan batch 102 300
#
ip address 10.110.2.2 255.255.255.0
pim dm
igmp enable
#
ip address 192.168.3.1 255.255.255.0
pim dm
#
#
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 10.110.2.0 0.0.0.255
#
return


#
sysname S9300-D
#
#
vlan batch 100 103 200 300
#
ip address 192.168.1.2 255.255.255.0
pim dm
#
ip address 10.110.5.1 255.255.255.0
pim dm
#
ip address 192.168.2.2 255.255.255.0
pim dm
#
ip address 192.168.3.2 255.255.255.0
pim dm
#
#
#
#
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 10.110.5.0 0.0.0.255
#
return
5.5.6 PIM-SM Configuration

This chapter describes the procedure for configuring PIM-SM on the IP network and the
commands for maintaining PIM-SM, and provides configuration examples.
Example for Configuring the PIM-SM Network
As shown in Figure 5-116, multicast is deployed on the network of an Internet Service Provider
(ISP). The Interior Gateway Protocol (IGP) is deployed on the network. The unicast routing
routes work normally and are connected to the Internet. The routers on the network need to be
configured properly so that hosts can receive the video on demand (VOD) in multicast mode.

Figure 5-116 Networking diagram for configuring PIM-SM multicast network

Ethernet
S9300-A N1
GE2/0/0 Receiver
Ethernet GE3/0/0
GE1/0/0
HostA
PIM-SM
GE2/0/0
S9300-E GE3/0/0
Source Leaf networks
GE3/0/0 GE1/0/0 GE2/0/0
GE4/0/0 GE2/0/0
S9300-D Receiver
GE4/0/0 GE1/0/0
GE1/0/0
S9300-B
GE2/0/0 HostB
N2
GE1/0/0
Ethernet
S9300-C
S9300 Physical interface VLANIF interface IP address

S9300-A GE 1/0/0 VLANIF 100 192.168.9.1/24
GE 2/0/0 VLANIF 101 10.110.1.1/24
GE 3/0/0 VLANIF 200 192.168.1.1/24
S9300-B GE 1/0/0 VLANIF 300 192.168.2.1/24
GE 2/0/0 VLANIF 102 10.110.2.1/24
S9300-C GE 1/0/0 VLANIF 102 10.110.2.2/24
GE 2/0/0 VLANIF 400 192.168.3.1/24
S9300-D GE 1/0/0 VLANIF 500 192.168.4.2/24
GE 2/0/0 VLANIF 200 192.168.1.2/24
GE 3/0/0 VLANIF 103 10.110.5.1/24
GE 4/0/0 VLANIF 104 10.110.4.1/24
S9300-E GE 1/0/0 VLANIF 400 192.168.3.2/24
GE 2/0/0 VLANIF 300 192.168.2.2/24
GE 3/0/0 VLANIF 100 192.168.9.2/24
GE 4/0/0 VLANIF 500 192.168.4.1/24
The ISP network connects to the Internet. The PIM-SM protocol is used to configure the
multicast function, which facilitates service expansion. The ASM and SSM models provide
multicast services. The configuration roadmap is as follows:
1. Configure the IP addresses of interfaces and the unicast routing protocol. PIM is an intra-
domain multicast routing protocol that depends on a unicast routing protocol. The multicast
routing protocol can work normally after the unicast routing protocol works normally.
2. Enable multicast on all S9300s providing multicast services. Before configuring other PIM-
SM functions, you must enable the multicast function.
3. Enable PIM-SM on all the interfaces of S9300s. After PIM-SM is enabled, you can
configure other PIM-SM functions.

NOTE
If IGMP is also required on this interface, PIM-SM must be enabled before IGMP is enabled. The
configuration order cannot be reversed; otherwise, the configuration of PIM fails.
4. Enable IGMP on the interfaces of S9300s connected to hosts. A receiver can join and leave
a multicast group freely by sending an IGMP message. The leaf S9300s maintain the
multicast membership through IGMP.
5. Enable the PIM silent function on interface that is directly connected to hosts. In this
manner, malicious hosts are prevented from simulating PIM Hello messages and security
of multicast routers is ensured.
NOTE
PIM silent is applicable only to the interfaces of an S9300 directly connected to the host network
segment that is connected only to this S9300.
6. Configure the RP. The RP is a root node of an RPT on the PIM-SM network. It is
recommended that you configure the RP on a device that has more multicast flows, for
example, S9300-E in Figure 5-116.
NOTE
l After creating an (*, G) entry according to the new multicast membership, the DR on the user
side sends Join/Prune messages towards the RP and updates the shared tree on the path.
l When a multicast data source starts to send data to groups, the DR unicasts the Register message
to the RP. After receiving the Register message, the RP decapsulates it and then forwards it to
other multicast members along the shared tree. At the same time, the RP sends a Register-Stop
message to the DR on the multicast source side. After the Register-Stop is performed, the RPT
can be switched to the SPT.
7. (Optional) Set the BSR boundary on the interfaces connected to the Internet. The Bootstrap
message cannot pass through the BSR boundary; therefore, the BSR serves only this PIM-
SM domain. In this manner, multicast services can be controlled effectively.
8. (Optional) Configure range of SSM group addresses on each S9300. Ensure that S9300s
in the PIM-SM domain provide services only for multicast groups in the range of SSM
group addresses. In this manner, multicast can be controlled effectively.
NOTE
This configuration example describes only the commands used to configure PIM-SM.
Data Preparation

l Address of multicast group S: 10.110.5.100/24
l Version of the IGMP protocol running between routers and hosts: IGMPv3
l Range of SSM group addresses: 232.1.1.0/24
Procedure
Step 1 Configure the IP address of each interface and the unicast routing protocol.
# Configure IP addresses and masks of interfaces on the S9300s according to Figure 5-116.
Configure OSPF between S9300s to ensure that the S9300s can communicate at the network
layer and update routes through the unicast routing protocol.

For how to configure IP addresses of interfaces, see Assigning an IP Address to an

Interface in the Quidway S9300 Terabit Routing Switch - Basic Configuration. For how to
configure OSPF, see OSPF Configuration in the Quidway S9300 Terabit Routing Switch - IP
Routing.
Step 2 Enable multicast on all S9300s and PIM-SM on all interfaces.
# Enable multicast on all the S9300s and enable PIM-SM on all interfaces. The configurations
of S9300-B, S9300-C, and S9300-D are similar to the configuration of S9300-A, and are not
mentioned here.
Step 3 Enable IGMP on the interfaces connected to hosts.

# Enable IGMP on the interface connecting S9300-A to hosts. The configurations of S9300-B,
S9300-C, and S9300-D are similar to configuration of S9300-A, and are not mentioned here.
[S9300-A-Vlanif101] igmp version 3
Step 4 Enable PIM silent on S9300-A.

[S9300-A-GVlanif101] pim silent
Step 5 Configure the RP.

NOTE
The RP can be configured in two modes: the static RP and the dynamic RP. The static RP can be configured
together with the dynamic RP. You can also configure only the static RP or the dynamic RP. When the
static RP and the dynamic RP are configured simultaneously, you can change the parameter values to
specify which RP is preferred.
This example shows how to configure the static RP and the dynamic RP and to specify the
dynamic RP as the preferred RP and the static RP as the standby RP.
# Configure the dynamic RP on one or more S9300s in the PIM-SM domain. In this example,
set the service range of the RP and specify the locations of the C-BSR and the C-RP on S9300-
E.
[S9300-E] acl number 2008
[S9300-E-acl-basic-2008] rule permit source 225.1.1.0 0.0.0.255
[S9300-E-acl-basic-2008] quit
[S9300-E] pim
[S9300-E-pim] c-bsr vlanif 100
[S9300-E-pim] c-rp vlanif 100 group-policy 2008 priority 0
# Configure static RPs on all S9300s. The configurations of S9300-B, S9300-C, S9300-D, and
S9300-E are similar to configuration on S9300-A, and are not mentioned here.
NOTE
If you enter preferred to the right of static-rp X.X.X.X, the static RP is selected as the RP in the PIM-SM
domain.

[S9300-A] pim
[S9300-A-pim] static-rp 192.168.2.2
Step 6 Configure the BSR boundary on the interface connecting S9300-D to the Internet.
[S9300-D-Vlanif104] pim bsr-boundary
Step 7 Configure the range of SSM group addresses.

# Set the range of SSM group addresses to 232.1.1.0/24 on all S9300s. The configurations of
S9300-B, S9300-C, S9300-D, and S9300-E are the same as the configuration of S9300-A, and
[S9300-A] acl number 2000
[S9300-A-acl-basic-2000] rule permit source 232.1.1.0 0.0.0.255
[S9300-A-acl-basic-2000] quit
[S9300-A] pim
[S9300-A-pim] ssm-policy 2000

# Run the display pim interface command. You can view the configuration and running status
of PIM on the interface. For example, the PIM information displayed on S9300-C is as follows:
<S9300-C> display pim interface
Interface State NbrCnt HelloInt DR-Pri DR-Address
Vlanif102 up 0 30 1 10.110.2.2 (local)
Vlanif400 up 1 30 1 192.168.3.1
# Run the display pim bsr-info command to view information about BSR election on the
S9300s. For example, the BSR information on S9300-A and S9300-E (including the C-BSR
information on S9300-E) is as follows:
<S9300-A> display pim bsr-info
Elected AdminScoped BSR Count: 0
Elected BSR Address: 192.168.9.2
Priority: 0
Hash mask length: 30
State: Accept Preferred
Scope: Not scoped
Uptime: 01:40:40
Expires: 00:01:42
C-RP Count: 1
<S9300-E> display pim bsr-info

Elected AdminScoped BSR Count: 0
Elected BSR Address: 192.168.9.2
Priority: 0
Mask length: 30
State: Elected
Scope: Not scoped
Uptime: 00:00:18
Next BSR message scheduled at :00:01:42
C-RP Count: 1
Candidate AdminScoped BSR Count: 0
Candidate BSR Address is: 192.168.9.2
Priority: 0
Hash mask length: 30
State:Elected
Scope: Not scoped
Wait to be BSR: 0
# Run the display pim rp-info command to view the RP information on the S9300s. For example,
the RP information displayed on S9300-A is as follows:

<S9300-A> display pim rp-info

PIM-SM BSR RP information:
Group/MaskLen: 225.1.1.0/24
RP: 192.168.9.2
Priority: 0
Uptime: 00:45:13
Expires: 00:02:17
PIM SM static RP information:
Static RP: 192.168.2.2
# Run the display pim routing-table command. You can view the PIM multicast routing table.
Host A needs to receive the information from group 225.1.1.1/24, and HostB needs to receive
the information sent by the source 10.110.5.100/24 to the group 232.1.1.1/24. The displayed
information is as follows:
<S9300-A> display pim routing-table
(*, 225.1.1.1)
RP: 192.168.9.2
Protocol: pim-sm, Flag: WC
UpTime: 00:13:46
Upstream interface: vlanif100,
RPF neighbor: 192.168.9.2
1: vlanif101
(10.110.5.100, 225.1.1.1)
RP: 192.168.9.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: vlanif200
1: vlanif101
Protocol: pim-sm, UpTime: 00:00:42, Expires:-

(10.110.5.100, 225.1.1.1)
RP: 192.168.9.2
UpTime: 00:00:42
1: vlanif200
(10.110.5.100, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 00:01:20
1: vlanif500

Protocol: pim-ssm, UpTime: 00:01:20, Expires:-
<S9300-E> display pim routing-table

(*, 225.1.1.1)
RP: 192.168.9.2 (local)
UpTime: 00:13:16
Upstream interface: Register
1: vlanif100
Protocol: pim-sm, UpTime: 00:13:16, Expires: 00:03:22
(10.110.5.100, 232.1.1.1)
UpTime: 00:01:22
1: vlanif400
Protocol: pim-ssm, UpTime: 00:01:22, Expires:-
<S9300-C> display pim routing-table

Total 1 (S, G) entry
(10.110.5.100, 232.1.1.1)
UpTime: 00:01:25
1: vlanif102
----End
Configuration Files
#
sysname S9300-A
#
#
#
acl number 2000
#
ip address 192.168.9.1 255.255.255.0
pim sm
#
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
igmp version 3

pim silent
#
ip address 192.168.1.1 255.255.255.0
pim sm
#
#
#
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.9.0 0.0.0.255
#
pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
#
sysname S9300-B
#
#
vlan batch 102 300
#
acl number 2000
#
ip address 10.110.2.1 255.255.255.0
pim sm
igmp enable
igmp version 3
#
ip address 192.168.2.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
Pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
#
sysname S9300-C
#
vlan batch 102 400

#
#
acl number 2000
#
ip address 10.110.2.2 255.255.255.0
pim sm
igmp enable
igmp version 3
#
ip address 192.168.3.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
#
sysname S9300-D
#
vlan batch 103 104 200 500
#
#
acl number 2000
#
ip address 10.110.5.1 255.255.255.0
pim sm
#
ip address 10.110.4.1 255.255.255.0
pim sm
pim bsr-boundary
#
ip address 192.168.1.2 255.255.255.0
pim sm
#
ip address 192.168.4.2 255.255.255.0
pim sm
#
#
#
#

#
ospf 1
area 0.0.0.0
network 10.110.4.0 0.0.0.255
network 10.110.5.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
#
sysname S9300-E
#
vlan batch 100 300 400 500
#
#
acl number 2000
#
acl number 2008
#
ip address 192.168.9.2 255.255.255.0
pim sm
#
ip address 192.168.2.2 255.255.255.0
pim sm
#
ip address 192.168.3.2 255.255.255.0
pim sm
#
ip address 192.168.4.1 255.255.255.0
pim sm
#
#
#
#
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.9.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
c-bsr vlanif 100
c-rp vlanif 100 group-policy 2005 priority 0
static-rp 192.168.2.2
ssm-policy 2000

#
return
Example for Configuring SPT Switchover in PIM-SM Domain
Receivers can receive the VOD information in multicast mode. The entire PIM network adopts
a single BSR administrative domain. By default, after receiving the first multicast data packet,
the RP and the DR on the receiver side perform the SPT switchover, finding the optimal path to
receive the multicast information from the multicast source. If the receiver requires that the SPT
switchover be performed after the traffic reaches the threshold, you need to configure the SPT
switchover function.
As shown in Figure 5-117, you need to configure the S9300s properly. In this way, HostA on
the leaf network then can receive multicast data from the RP (GE1/0/0 of S9300-A). When the
transmission rate of multicast packets reaches 1024 kbit/s, the SPT switchover is performed.
After the SPT switchover, the path through which HostA receive multicast packets is Source--
S9300-B--S9300-C--HostA.
Figure 5-117 Networking diagram for performing the SPT switchover in PIM-SM domain
S9300-A
GE2/0/0
Ethernet GE1/0/0
PIM-SM
GE2/0/0 Leaf networks
GE1/0/0
Source GE3/0/0 GE1/0/0
Receiver
GE3/0/0 GE2/0/0
S9300-B S9300-C
HostA
Ethernet

S9300-A GE 1/0/0 VLANIF 100 192.168.1.1/24
GE 2/0/0 VLANIF 200 192.168.3.1/24
S9300-B GE 1/0/0 VLANIF 300 192.168.2.1/24
GE 2/0/0 VLANIF 200 192.168.3.2/24
GE 3/0/0 VLANIF 101 10.110.5.1/24
S9300-C GE 1/0/0 VLANIF 100 192.168.1.2/24
GE 2/0/0 VLANIF 102 10.110.2.1/24
GE 3/0/0 VLANIF 300 192.168.2.2/24

1. Configure the IP addresses of interfaces and the unicast routing protocol.

2. Enable the multicast function on all S9300s, enable PIM-SM on all interfaces, and enable
IGMP on the interfaces connected to hosts.
3. Configure the same static RP on each S9300.
4. Perform the SPT switchover on S9300-C.
Data Preparation
l Address of multicast source S: 10.110.5.100/24

l Version of IGMP running between S9300-C and the leaf network: 2
Procedure
# Based on Figure 5-117, configure the IP address and mask of each interface on S9300s; connect
the S9300s through OSPF to ensure that S9300-A, S9300-B, and S9300-C can connect to each
other at the network layer and can dynamically update routes through the unicast routing
protocol.

Routing.
Step 2 Enable multicast on all S9300s, PIM-SM on all interfaces, and IGMP on the interfaces connected
to hosts.
# Enable multicast on all S9300s, PIM-SM on all interfaces, and IGMP on the interface through
which S9300-C is connected to the leaf network. The configurations of S9300-A and S9300-B
are similar to the configuration of S9300-C, and are not mentioned here.
[S9300-C] multicast routing-enable
[S9300-C-Vlanif102] pim sm
[S9300-C-Vlanif102] igmp enable
[S9300-C-Vlanif102] igmp version 2
[S9300-C] interface vlan 100
Step 3 Configure the static RP.
# Configure the static RP on S9300-A, S9300-B, and S9300-C. The configurations of S9300-B
and S9300-C are similar to configuration of S9300-A, and are not mentioned here.

[S9300-A] pim
[S9300-A-pim] static-rp 192.168.1.1
Step 4 Configure the threshold of the SPT switchover.

# Configure S9300-C to perform the SPT switchover when the transmission rate of multicast
packets reaches 1024 kbit/s.
[S9300-C] pim
[S9300-C-pim] spt-switch-threshold 1024
[S9300-C-pim] quit

# The multicast source begins to send data to the multicast group, and HostA can receive the
data from the source. When the rate is smaller than 1024 kbit/s, you can run the display pim
routing-table command to view the PIM multicast routing table on S9300-C. You can find that
the upstream neighbor is S9300-A. The displayed information is as follows:
(*, 225.1.1.1)
RP: 192.168.1.1
UpTime: 00:13:46
1: vlanif102
(10.110.5.100, 225.1.1.1)
RP: 192.168.1.1
Protocol: pim-sm, Flag: ACT
UpTime: 00:00:42
1: vlanif102
# When the rate is higher than 1024 kbit/s, you can run the display pim routing-table command
to view the PIM multicast routing table on S9300-C. You can find that the upstream neighbor
is S9300-B. The displayed information is as follows:
(*, 225.1.1.1)
RP: 192.168.1.1
UpTime: 00:13:46
1: vlanif102,
(10.110.5.100, 225.1.1.1)
RP: 192.168.1.1
Protocol: pim-sm, Flag:RPT SPT ACT

UpTime: 00:00:42
1: vlanif102
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 100 200
#
#
ip address 192.168.1.1 255.255.255.0
pim sm
#
ip address 192.168.3.1 255.255.255.0
pim sm
#
#
#
pim
static-rp 192.168.1.1
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return

#
sysname S9300-B
#
#
#
ip address 10.110.5.1 255.255.255.0
pim sm
#
ip address 192.168.3.2 255.255.255.0
pim sm
#
ip address 192.168.2.1 255.255.255.0
pim sm
#
#

#
#
pim
static-rp 192.168.1.1
#
ospf 1
area 0.0.0.0
network 10.110.5.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return

#
sysname S9300-C
#
#
#
ip address 192.168.1.2 255.255.255.0
pim sm
#
ip address 10.110.2.1 255.255.255.0
pim sm
igmp enable
igmp version 2
#
ip address 192.168.2.2 255.255.255.0
pim sm
#
#
#
#
pim
spt-switch-threshold 1024
static-rp 192.168.1.1
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Example for Configuring PIM BFD
On the multicast network shown in Figure 5-118, PIM-SM is run between S9300s. Hosts receive
the VOD information from the multicast source. S9300-A is the DR on the source side. S9300-

B and S9300-C are connected to the segment where hosts reside. When the DR changes, other
S9300s on the network segment can detect the change of the DR quickly.
You can set up the BFD session on the network segment where the host is located to respond to
the changes of the DR quickly. In addition, you can configure the DR switchover delay. In this
case, when an S9300 is added to the network segment and may become a DR, the multicast
routing table of the original DR is reserved until the routing entries of the new DR are created.
Therefore, the packet loss due to the delay in creating multicast entries is prevented.
NOTE
After the delay of PIM DR switchover is set, the downstream receiver may receive two copies of the same
data during the DR switchover and the assert mechanism will be triggered. If you do not want to trigger
the assert mechanism, you do not need to set the DR switchover delay.
Figure 5-118 Configuring the PIM BFD networking in the shared network segment
S9300-A
Source
10.1.7.1/24 PIM-SM GE1/0/0
S9300-C
GE1/0/0
GE2/0/0
S9300-B
GE2/0/0
VLAN100
User1 User2
1. Configure PIM BFD on the interfaces that connect S9300s to the network segment where
the host is located.
2. Set the PIM DR switchover delay on the interfaces that connect S9300s to the network
segment where the host is located.
Data Preparation
l Parameters of PIM BFD sessions
l PIM DR switchover delay
NOTE
This configuration example describes only the commands used to configure PIM-SM BFD.

Procedure
Step 1 Configure the IP address of each interface and the unicast routing protocol.
# Configure IP addresses and masks of interfaces on the S9300s according to Figure 5-118.
Configure OSPF between S9300s to ensure that the S9300s can communicate at the network
layer and update routes through the unicast routing protocol.
Routing.
Step 2 Enable BFD globally and configure PIM BFD in the interface view.
# Enable BFD globally on S9300-B and S9300-C, enable PIM BFD on the interfaces that are
connected to the network segment where the host resides, and set PIM BFD parameters. The
configuration on S9300-C is similar to the configuration on S9300-B and is not mentioned here.
[S9300-B] bfd
[S9300-B-bfd] quit
[S9300-B-Vlanif100] pim bfd enable
[S9300-B-Vlanif100] pim bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplie 3
Step 3 Configure the PIM DR switchover delay.

# Configure PIM DR switchover delay on S9300-B and S9300-C. The configuration on S9300-
C is similar to the configuration on S9300-B and is not mentioned here.
[S9300-B-Vlanif100] pim timer dr-switch-delay 20
[S9300-B] quit

# Run the display pim interface verbose command, and you can view detailed information
about the interface that runs PIM. The information about the interface that runs PIM on S9300-
B indicates that the DR on the network segment where the host is located is S9300-C. PIM BFD
is enabled on the interface and the switchover delay is set.
<S9300-B> display pim interface vlanif100 verbose
Interface: Vlanif100, 10.1.1.1
PIM version: 2
PIM mode: Sparse
PIM DR: 10.1.1.2
PIM DR Priority (configured): 1
PIM neighbor count: 1
PIM Hello interval: 30 s
PIM LAN delay (negotiated): 500 ms
PIM LAN delay (configured): 500 ms
PIM Hello override interval (negotiated): 2500 ms
PIM Hello override interval (configured): 2500 ms
PIM Silent: disabled
PIM neighbor tracking (negotiated): disabled
PIM neighbor tracking (configured): disabled
PIM generation ID: 0XF5712241
PIM Hello hold interval: 105 s
PIM Hello assert interval: 180 s
PIM triggered Hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM BSR domain border: disabled

PIM BFD: enable

PIM BFD min-tx-interval: 100 ms
PIM BFD min-rx-interval: 100 ms
PIM BFD detect-multiplier: 3
PIM dr-switch-delay timer : 20 s
Number of routers on network not using DR priority: 0
Number of routers on network not using LAN delay: 0
Number of routers on link not using neighbor tracking: 2
# Run the display pim bfd session command to display information about the BFD session on
each S9300. You can check whether the BFD session is set up on each S9300.
<S9300-B> display pim bfd session
Total 1 BFD session Created
Vlanif100 (10.1.1.1): Total 1 BFD session Created
Neighbor ActTx(ms) ActRx(ms) ActMulti Local/Remote State

10.1.1.2 100 100 3 8192/8192 Up
# Run the display pim routing-table command to view the PLM routing table. S9300-C
functions as the DR. The (S, G) and (*, G) entries exist. The displayed information is as follows:
(*, 225.1.1.1)
RP: 10.1.5.2
UpTime: 00:13:46
1: Vlanif100,
(10.1.7.1, 225.1.1.1)
RP: 10.1.5.2
UpTime: 00:00:42
1: Vlanif100
----End
Configuration Files
l S9300-A needs to be configured with only basic PIM SM functions. The configuration file
is not provided here.
l The following is the configuration file of S9300-B. The configuration file of S9300-C is
similar to the configuration file of S9300-B, and is not provided here.
#
sysname S9300-B
#
vlan batch 100 200
#
#

bfd
#
ip address 10.1.1.1 255.255.255.0
pim sm
igmp enable
pim bfd enable
pim bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 3
pim timer dr-switch-delay 20
#
ip address 10.1.2.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
return
5.5.7 MSDP Configuration

This chapter describes the procedure for configuring MSDP and commands for maintaining
MSDP, and provides configuration examples.
Example for Configuring Basic MSDP Functions
As shown in Figure 5-119, two ASs exist on the network. Each AS contains one or more PIM-
SM domains; each PIM-SM domain has 0 or 1 multicast source and receiver. The receivers in
PIM-SM2 need to receive the multicast data sent by S3 in the PIM-SM3 domain and multicast
data sent by S1 in the PIM-SM1 domain.

Figure 5-119 Networking diagram for configuring basic MSDP functions
AS100 AS200
Loopback0 Receiver
2.2.2.2/32
Loopback0
1.1.1.1/32
PIM-SM2
S9300-A S9300-C GE1/0/0
GE2/0/0 GE1/0/0 GE1/0/0 GE2/0/0
GE2/0/0 GE2/0/0
S9300-B GE3/0/0 S9300-D
GE1/0/0
PIM-SM1
S9300-F
S1 GE3/0/0
GE2/0/0
GE2/0/0
GE1/0/0
S9300-E
PIM-SM3
S3
Loopback0
3.3.3.3/32
MSDP peer

S9300-A GE 1/0/0 VLANIF 101 10.110.1.1/24
GE 2/0/0 VLANIF 100 192.168.1.1/24
S9300-B GE 1/0/0 VLANIF 200 192.168.2.1/24
GE 2/0/0 VLANIF 100 192.168.1.2/24
S9300-C GE 1/0/0 VLANIF 200 192.168.2.2/24
GE 2/0/0 VLANIF 300 192.168.3.1/24
GE 3/0/0 VLANIF 400 192.168.4.1/24
S9300-D GE 1/0/0 VLANIF 102 10.110.2.1/24
GE 2/0/0 VLANIF 300 192.168.3.2/24
S9300-E GE 2/0/0 VLANIF 500 192.168.5.1/24
GE 3/0/0 VLANIF 400 192.168.4.2/24
S9300F GE 1/0/0 VLANIF 103 10.110.3.1/24
GE 2/0/0 VLANIF 500 192.168.5.2/24
1. Configure the IP addresses of the interfaces on each S9300 and configure OSPF in the AS
to ensure that the unicast routes within the AS are reachable.
2. Configure EBGP peers and import BGP and OSPF routes into each other's routing table to
ensure that the unicast routes between ASs are reachable.

3. Enable multicast and PIM-SM on each interface, configure the boundary domain, and
enable the IGMP function on the interfaces connected to hosts.
4. Configure the C-BSR and C-RP. Configure the RPs of PIM-SM1 and PIM-SM2 on the
ASBR.
5. Establish MSDP peer relation between RPs of each doman. The MSDP peers and the EBGP
peers between ASs use the same interface addresses. According to the RPF rule, the S9300s
receive SA messages from the next hop toward the source RP.
Data Preparation
l Number of the AS that S9300-A and S9300-B belong to, namely 100, and router ID of
S9300-B, namely, 1.1.1.1
l Number of the AS that S9300-C and S9300-D belong to, namely 200, and Router ID of
S9300-C, namely, 2.2.2.2
l Number of the AS that S9300-E and S9300-F belong to, namely 200
NOTE
This configuration example describes only the commands related to MSDP configuration.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol.
# According to Figure 5-119, configure IP addresses and masks for the interfaces on each S9300.
Configure the OSPF protocol between S9300s. Ensure the communication on the network layer
within an AS. Ensure the dynamic route update between S9300s through unicast routing
protocol. The configuration procedure is not mentioned.
Step 2 Configure EBGP peer relation between ASs and import routes of BGP and OSPF into each
other's routing table.
# Configure EBGP on S9300-B and import OSPF routes.
[S9300-B] bgp 100
[S9300-B-bgp] import-route ospf 1
[S9300-B-bgp] quit
# Configure EBGP on S9300-C and import OSPF routes.

[S9300-C] bgp 200
[S9300-C-bgp] import-route ospf 1
[S9300-C-bgp] quit
# Import BGP routes to OSPF on S9300-B. The configuration on S9300-C is similar to the
configuration on S9300-B, and is not mentioned here.
[S9300-B] ospf 1
[S9300-B-ospf-1] import-route bgp
Step 3 Enable multicast, enable PIM-SM on all interfaces, configure the domain boundary, and enable
IGMP on the interface connecting to the host.

# Enable multicast on S9300-B and enable PIM-SM on each interface. The configurations of
other S9300s are similar to the configuration of S9300-B, and are not mentioned here.
[S9300-B] multicast routing-enable
[S9300-B-Vlanif100] pim sm
[S9300-B-Vlanif200] pim sm
# Configure the domain boundary on VLANIF 100 of S9300-B.

[S9300-B-Vlanif100] pim bsr-boundary
# Configure the domain boundary on VLANIF 200 and VLANIF 400 of S9300-C. Configure
the service boundary of BSR on VLANIF 400 of S9300-E. The configuration on S9300-E is
similar to the configuration on S9300-B, and is not mentioned here.
# Enable IGMP on the interface connecting S9300-D to the leaf network.
[S9300-D-Vlanif102] igmp enable
Step 4 Configure the C-BSR and C-RP.

# Create Loopback0, and then configure a C-BSR, and a C-RP on Loopback0 on S9300-B. The
configurations of S9300-C and S9300-E are similar to the configuration of S9300-B, and are
not mentioned here.
[S9300-B] interface loopback 0
[S9300-B-LoopBack0] ip address 1.1.1.1 255.255.255.255
[S9300-B-LoopBack0] pim sm
[S9300-B-LoopBack0] quit
[S9300-B] pim
[S9300-B-pim] c-bsr loopback 0
[S9300-B-pim] c-rp loopback 0
[S9300-B-pim] quit
Step 5 Configure MSDP peer relations.

# Configure the MSDP peer relation on S9300-B.
[S9300-B] msdp
[S9300-B-msdp] peer 192.168.2.2 connect-interface vlanif200
[S9300-B-msdp] quit
# Configure the MSDP peer relation on S9300-C.

[S9300-C] msdp
[S9300-C-msdp] peer 192.168.2.1 connect-interface vlanif200
[S9300-C-msdp] quit
# Configure the MSDP peer relation on S9300-E.

[S9300-E] msdp
[S9300-E-msdp] peer 192.168.4.1 connect-interface vlanif400
[S9300-E-msdp] quit

# Run the display bgp peer command to view the BGP peer relation between S9300s. For
example, the following information shows the BGP peer relation on S9300-B and S9300-C:
<S9300-B> display bgp peer



PrefRcv
192.168.2.2 4 200 24 21 0 00:13:09 Established 6
<S9300-C> display bgp peer


PrefRcv
192.168.2.1 4 100 18 16 0 00:12:04 Established 1
# Run the display bgp routing-table command to view the BGP routing table on an S9300. For
example, the BGP routing table displayed on S9300-C is as follows:
<S9300-C> display bgp routing-table

*> 1.1.1.1/32 192.168.2.1 0 0 100?
*>i 2.2.2.2/32 0.0.0.0 0 0 ?
*> 192.168.2.0 0.0.0.0 0 0 ?
*> 192.168.2.1/32 0.0.0.0 0 0 ?
*> 192.168.2.2/32 0.0.0.0 0 0 ?
# Run the display msdp brief command to view the status of the MSDP peer relation between
S9300s. The information about establishing MSDP peer relation among S9300-B, S9300-C and
S9300-E is as follows:
<S9300-B> display msdp brief
MSDP Peer Brief Information of VPN-Instance: public net

Configured Up Listen Connect Shutdown Down
1 1 0 0 0 0
Peer's Address State Up/Down time AS SA Count Reset Count

192.168.2.2 UP 00:12:27 200 13 0
<S9300-C> display msdp brief

2 2 0 0 0 0

192.168.2.1 UP 01:07:08 100 8 0
192.168.4.2 UP 00:06:39 200 13 0
<S9300-E> display msdp brief

1 1 0 0 0 0
192.168.4.1 UP 00:15:32 200 8 0
# Run the display msdp peer-status command to view the details about MSDP peer relations
between S9300s. The details displayed on S9300-B are as follows:

<S9300-B> display msdp peer-status
MSDP Peer Information of VPN-Instance: public net

MSDP Peer 192.168.2.2, AS 200
Description:
Information about connection status:
State: Up
Up/down time: 00:15:47
Resets: 0
Connection interface: vlanif200 (192.168.2.1)
Number of sent/received messages: 16/16
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 00:17:51
Information about (Source, Group)-based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: none
Sending SA-Requests status: disable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SA-cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 0/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
# Run the display pim routing-table command to view the PIM routing table on an S9300.
When multicast sources S1 (10.110.1.2/24) in PIM-SM1 and S3 (10.110.3.2/24) in PIM-SM3
send multicast data to multicast group G (225.1.1.1/24), Receiver (10.110.2.2/24) in PIM-SM2
can receive the multicast data. The PIM routing tables displayed on S9300-B and S9300-C are
as follows:
<S9300-B> display pim routing-table
(10.110.1.2, 225.1.1.1)
RP: 1.1.1.1(local)
Protocol: pim-sm, Flag: SPT EXT ACT
UpTime: 00:00:42
1: vlanif100

Total 1 (*, G) entry; 2 (S, G) entries
(*, 225.1.1.1)
RP: 2.2.2.2(local)
Protocol: pim-sm, Flag: WC RPT
UpTime: 00:13:46
Upstream interface: NULL,
1: vlanif300,
(10.110.1.2, 225.1.1.1)
RP: 2.2.2.2
Protocol: pim-sm, Flag: SPT MSDP ACT

UpTime: 00:00:42
1: vlanif300
(10.110.3.2, 225.1.1.1)
RP: 2.2.2.2
Protocol: pim-sm, Flag: SPT MSDP ACT
UpTime: 00:00:42
1: vlanif300
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 100 101
#
#
ip address 192.168.1.1 255.255.255.0
pim sm
#
ip address 10.110.1.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 10.110.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
vlan batch 100 200
#
#
ip address 192.168.1.2 255.255.255.0
pim sm
#
ip address 192.168.2.1 255.255.255.0
pim sm

pim bsr-boundary
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
#
#
bgp 100
router-id 1.1.1.1
import-route ospf 1
#
ospf 1
import-route bgp
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
peer 192.168.2.2 connect-interface vlanif200
#
return
#
sysname S9300-C
#
#
#
ip address 192.168.2.2 255.255.255.0
pim sm
pim bsr-boundary
#
ip address 192.168.3.1 255.255.255.0
pim sm
#
ip address 192.168.4.1 255.255.255.0
pim sm
pim bsr-boundary
#
#
#
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
bgp 200
router-id 2.2.2.2

import-route ospf 1
#
ospf 1
import-route bgp
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
#
return
#
sysname S9300-D
#
vlan batch 102 300
#
#
ip address 10.110.2.1 255.255.255.0
pim sm
igmp enable
#
ip address 192.168.3.2 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 10.110.2.0 0.0.0.255
#
return
#
sysname S9300-E
#
vlan batch 400 500
#
#
ip address 192.168.4.2 255.255.255.0
pim sm
pim bsr-boundary
#
ip address 192.168.5.1 255.255.255.0
pim sm
#
#


#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
#
return

#
sysname S9300-F
#
vlan batch 103 500
#
#
ip address 10.110.3.1 255.255.255.0
pim sm
#
ip address 192.168.5.2 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 192.168.5.0 0.0.0.255
network 10.110.3.0 0.0.0.255
#
return
Example for Configuring Inter-AS Multicast by Using Static RPF Peers
As shown in Figure 5-120, two ASs exist on the network. Each AS contains one or more PIM-
SM domains; each PIM-SM domain has 0 or 1 multicast source and receiver. MSDP peers need
to be set up between PIM-SM domains to share the information of the multicast source.

Figure 5-120 Networking diagram for configuring inter-AS multicast by using static RPF peers
AS100 AS200
2.2.2.2/32
Loopback0
S9300-E
GE1/0/0
1.1.1.1/32 GE2/0/0
Loopback0 GE1/0/0
GE3/0/0 S9300-D
S9300-C GE2/0/0 PIM-SM2

GE1/0/0 Receiver
GE1/0/0
3.3.3.3/32
GE2/0/0 S9300-B Receiver
PIM-SM1 Loopback0
GE2/0/0
GE3/0/0 S9300-G GE3/0/0
GE1/0/0 GE1/0/0 GE2/0/0
S1
S9300-F GE2/0/0
S9300-A GE1/0/0
PIM-SM3
S2
BGP peers
Switch Interface VLANIF interface IP address

S9300-A GE 1/0/0 VLANIF 500 192.168.5.2/24
GE 2/0/0 VLANIF 400 192.168.4.2/24
GE 3/0/0 VLANIF 101 10.110.1.1/24
S9300-B GE 1/0/0 VLANIF 100 192.168.1.2/24
GE 2/0/0 VLANIF 200 192.168.2.2/24
S9300-C GE 1/0/0 VLANIF 100 192.168.1.1/24
GE 2/0/0 VLANIF 400 192.168.4.1/24
S9300-D GE 1/0/0 VLANIF 300 192.168.3.2/24
S9300-E GE 1/0/0 VLANIF 300 192.168.3.1/24
GE 2/0/0 VLANIF 200 192.168.2.1/24
GE 3/0/0 VLANIF 102 10.110.2.1/24
S9300-F GE 1/0/0 VLANIF 500 192.168.5.1/24
GE 2/0/0 VLANIF 600 192.168.6.1/24
S9300-G GE 1/0/0 VLANIF 103 10.110.3.1/24
GE 2/0/0 VLANIF 600 192.168.6.2/24
GE 3/0/0 VLANIF 104 10.110.4.1/24
Set up an MSDP peer on the RP in each PIM-SM domain. Establish the static RPF peer relation
between MSDP peers. In this way, the source information can be transmitted across domains
without changing unicast topology.

1. Configure IP addresses for the interfaces on each S9300, configure OSPF in the AS,
configure EBGP between ASs, and import BGP and OSPF routes into each other's routing
table.
2. Enable multicast on all S9300s and PIM-SM on all interfaces and enable IGMP on the
interfaces at the user side. Configure Loopback0, C-BSR, and C-RP. The Loopback 0
interfaces on S9300-C, S9300-D, and S9300-F function as the C-BSR and the C-RP of each
PIM-SM domain.
3. Establish MSDP peer relation between RPs of each domain. Establish the MSDP peer
relation between S9300-C and S9300-D and establish the MSDP peer relation between
S9300-C and S9300-F.
4. Specify a static RPF peer for the MSDP peer. The static RPF peers of S9300-C are S9300-
D and S9300-F. S9300-D and S9300-F have only one static RPF peer, namely, S9300-C.
According to RPF rules, S9300s receive SA messages from static RPF peers.
Data Preparation
l Number of the AS that S9300-A, S9300-B, and S9300-C belong to: 100
l Router IDs of S9300-A, S9300-B, and S9300-C: 1.1.1.3, 1.1.1.2 and 1.1.1.1
l Number of the AS that S9300-D and S9300-E belong to: 200
l Router IDs of S9300-D and S9300-E: 2.2.2.2 and 2.2.2.1
l Number of the AS that S9300-F and S9300-G belong to: 200
l Router ID of S9300-F: 3.3.3.3
l S9300-C uses the list-df policy to filter the SA messages from S9300-D and S9300-F.
l S9300-D and S9300-F use the list-c policy to filter the SA messages from S9300-C.
NOTE
This configuration example describes only the commands used to configure static RPF peers.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol
# According to Figure 5-120, configure IP addresses and masks for the interfaces of each S9300.
Configure OSPF in the AS. Configure EBGP between S9300-A and S9300-F, and between
S9300-B and S9300-E. Import BGP and OSPF routes into each other's routing table. Ensure that
the S9300s can communicate with each other through the network layer. Ensure the dynamic
route update between routers through the unicast routing protocol. The configuration procedure
is not mentioned.
Step 2 Enable multicast on all S9300s and PIM-SM on all interfaces, and enable the IGMP function on
the interfaces connected to the hosts. In addition, configure the service boundary of BSR on the
interfaces of S9300s on the AS boundary.
# Enable multicast all the S9300s and enable PIM-SM on each interface. The configurations of
other S9300s are similar to configuration of S9300-C, and are not mentioned here.

# Configure the service boundary of BSR on VLANIF 500 of S9300-A, VLANIF 200 of S9300-
B, VLANIF 200 of S9300-E, and VLANIF 500 of S9300-F. The configurations of S9300-B,
S9300-E, and S9300-F are similar to configuration of S9300-A, and are not mentioned here.
[S9300-A-Vlanif500] pim bsr-boundary
Step 3 Configure Loopback0, C-BSR, and C-RP.

# Configure loopback0, C-BSR, and C-RP on S9300-C, S9300-D, and S9300-F. The
configurations of S9300-D and S9300-F are similar to the configuration of S9300-C, and are
not mentioned here.
[S9300-C] interface loopback 0
[S9300-C-LoopBack0] ip address 1.1.1.1 255.255.255.255
[S9300-C-LoopBack0] pim sm
[S9300-C-LoopBack0] quit
[S9300-C] pim
[S9300-C-pim] c-bsr loopback 0
[S9300-C-pim] c-rp loopback 0
[S9300-C-pim] quit
Step 4 Configure static RPF peers.

# Configure S9300-D and S9300-F as the static RPF peers of S9300-C.
[S9300-C] ip ip-prefix list-df permit 192.168.0.0 16 greater-equal 16 less-equal
32
[S9300-C] msdp
[S9300-C-msdp] static-rpf-peer 192.168.3.2 rp-policy list-df
[S9300-C-msdp] static-rpf-peer 192.168.5.1 rp-policy list-df
[S9300-C-msdp] quit
# Configure S9300-C as the static RPF peer of S9300-D and S9300-F. The configuration of
S9300-F is similar to the configuration of S9300-D, and is not mentioned here.
[S9300-D] ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32
[S9300-D] msdp
[S9300-D-msdp] peer 192.168.1.1 connect-interface vlanif300
[S9300-D-msdp] static-rpf-peer 192.168.1.1 rp-policy list-c

# Run the display bgp peer command to view the status of the BGP peer relation between
S9300s. No output information is displayed on S9300-C, which indicates that no BGP peer
relation is set up between S9300-C and S9300-D, and between S9300-C and S9300-F.
S9300s. When multicast source S1 in the PIM-SM1 domain sends multicast packets, the
receivers in the PIM-SM2 and PIM-SM3 domains can receive the packets. For example, the
displayed information of MSDP peers on S9300-C, S9300-D and S9300-F is as follows:
2 2 0 0 0 0

192.168.3.2 UP 01:07:08 ? 8 0
192.168.5.1 UP 00:16:39 ? 13 0

<S9300-D> display msdp brief

1 1 0 0 0 0

192.168.1.1 UP 01:07:09 ? 8 0
<S9300-F> display msdp brief

1 1 0 0 0 0

192.168.4.1 UP 00:16:40 ? 13 0
----End
Configuration Files
l Configuration file of S9300-A The configuration files of S9300-D and S9300-F are similar
to the configuration file of S9300-A, and are not provided here.
#
sysname S9300-A
#
#
#
ip address 10.110.1.1 255.255.255.0
pim sm
#
ip address 192.168.4.2 255.255.255.0
pim sm
#
ip address 192.168.5.2 255.255.255.0
pim sm
pim bsr-boundary
#
#
#
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 10.110.1.0 0.0.0.255
#
return

#
sysname S9300-C
#
vlan batch 100 400
#

#
ip address 192.168.1.1 255.255.255.0
pim sm
#
ip address 192.168.4.1 255.255.255.0
pim sm
#
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
ip ip-prefix list-df permit 192.168.0.0 16 greater-equal 16 less-equal 32
#
msdp
static-rpf-peer 192.168.3.2 rp-policy list-df
static-rpf-peer 192.168.5.1 rp-policy list-df
#
return
#
sysname S9300-D
#
vlan batch 300
#
#
ip address 192.168.3.2 255.255.255.0
pim sm
#
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32
#
msdp


static-rpf-peer 192.168.1.1 rp-policy list-c
#
return
#
sysname S9300-F
#
vlan batch 500 600
#
#
ip address 192.168.5.1 255.255.255.0
pim sm
pim bsr-boundary
#
ip address 192.168.6.1 255.255.255.0
pim sm
#
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.5.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32
#
msdp
static-rpf-peer 192.168.4.1 rp-policy list-c
#
return
l Configuration file of S9300-G
#
sysname S9300-G
#
#
#
ip address 10.110.3.1 255.255.255.0
pim sm
#
ip address 10.110.4.1 255.255.255.0
pim sm
igmp enable
#
ip address 192.168.6.2 255.255.255.0
pim sm

#
#
#
#
ospf 1
area 0.0.0.0
network 192.168.6.0 0.0.0.255
network 10.110.3.0 0.0.0.255
network 10.110.4.0 0.0.0.255
#
return
Example for Configuring Anycast RP
As shown in Figure 5-121, a PIM-SM domain contains multiple multicast sources and receivers.
The MSDP peer relation needs to be set up in the PIM-SM domain to implement RP load
balancing.
Figure 5-121 Networking diagram for configuring anycast RP
Receiver
user2
GE2/0/0 S9300-B
Loopback10
PIM-SM GE1/0/0
GE3/0/0 GE2/0/0
Source
S1
Loopback1 S9300-D
Source
GE1/0/0 GE1/0/0 S2
S9300-A Loopback0
GE2/0/0 Loopback0
GE1/0/0
GE2/0/0
GE1/0/0
Loopback1
GE2/0/0
S9300-C GE3/0/0 S9300-E
Loopback10 Receiver
user1
MSDP peers
Switch Interface VLANIF interface IP address

S9300-A GE 1/0/0 VLANIF 105 10.110.5.1/24
GE 2/0/0 VLANIF 101 10.110.1.2/24
S9300-B GE 1/0/0 VLANIF 106 10.110.6.1/24

GE 2/0/0 VLANIF 102 10.110.2.2/24

S9300-C GE 1/0/0 VLANIF 100 192.168.1.1/24
GE 2/0/0 VLANIF 101 10.110.1.1/24
GE 3/0/0 VLANIF 104 10.110.4.1/24
Loopback0 1.1.1.1/32
Loopback10 10.1.1.1/32
S9300-D GE 1/0/0 VLANIF 300 192.168.3.1/24
GE 2/0/0 VLANIF 102 10.110.2.1/24
GE 3/0/0 VLANIF 103 10.110.3.1/24
Loopback10 10.1.1.1/32
S9300-E GE 1/0/0 VLANIF 300 192.168.3.2/24
GE 2/0/0 VLANIF 100 192.168.1.2/24
Configure anycast RPs. Then the receiver sends a Join message to the nearest RP and the
multicast source sends a Register message to the nearest RP.
1. Configure IP addresses for the interfaces of each S9300 and configure OSPF in the PIM-
SM domain.
2. Enable multicast on all S9300s and PIM-SM on all interfaces and enable the IGMP function
on the interfaces connected the hosts.
3. Configure Loopback10 interfaces on S9300-C and S9300-D. Configure C-RPs on
Loopback10 interfaces, and configure the C-BSR on Loopback1.
4. Configure MSDP peers on Loopback0 interfaces of S9300-C and S9300-D. According to
RPF rules, the S9300s receive SA messages from the source RP.
Data Preparation

l Router ID of S9300-C: 1.1.1.1
l Router ID of S9300-D: 2.2.2.2
NOTE
This configuration example describes only the commands used to configure anycast RP.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol
# According to Figure 5-121, configure IP addresses and masks for the interfaces in the PIM-
SM domain. Configure the OSPF protocol between S9300s. The configuration procedure is not
mentioned.

Step 2 Enable multicast and configure PIM-SM.

# Enable multicast on all S9300s, and PIM-SM on all interfaces. Enable the IGMP function on
the interfaces at the host side. The configurations of other S9300s are similar to configuration
of S9300-C, and are not mentioned here.
Step 3 Configure Loopback1, Loopback10, C-BSR, and C-RP.

# Configure the same address for Loopback1 and Loopback10 on both S9300-C and S9300-D.
Configure C-BSR on Loopback1 and C-RP on Loopback 10. The configuration of S9300-D is
similar to configuration of S9300-C, and is not mentioned here.
[S9300-C] pim
[S9300-C-pim] c-bsr loopback 1
[S9300-C-pim] c-rp loopback 10
[S9300-C-pim] quit
Step 4 Configure Loopback0 interfaces and MSDP peers.

# Configure the MSDP peer on Loopback0 of S9300-C.
[S9300-C] msdp
[S9300-C-msdp] originating-rp loopback0
[S9300-C-msdp] peer 2.2.2.2 connect-interface loopback0
[S9300-C-msdp] quit
# Configure the MSDP peer on Loopback0 of S9300-D.

[S9300-D] interface loopback 0
[S9300-D-LoopBack0] ip address 2.2.2.2 255.255.255.255
[S9300-D-LoopBack0] pim sm
[S9300-D-LoopBack0] quit
[S9300-D] msdp
[S9300-D-msdp] originating-rp loopback0
[S9300-D-msdp] peer 1.1.1.1 connect-interface loopback0
[S9300-D-msdp] quit

S9300s. Information about MSDP peers on S9300-C and S9300-D is as follows:


1 1 0 0 0 0

2.2.2.2 Up 00:10:17 ? 0 0
<S9300-D> display msdp brief

1 1 0 0 0 0
1.1.1.1 Up 00:10:18 ? 0 0
# Run the display pim routing-table command to view the PIM routing table on an S9300. In
the PIM-SM domain, multicast source S1 (10.110.5.100/24) sends multicast packets to multicast
group G (225.1.1.1). User 1 that joins G receives the multicast packets. Comparing information
about the PIM routing tables on S9300-C and S9300-D, you can find that S9300-C is the valid
RP. That is, S1 registers to S9300-C, and User 1 sends a Join message to S9300-C.
(*, 225.1.1.1)
RP: 10.1.1.1 (local)
UpTime: 00:28:49
Upstream interface: Register
1: vlanif104
Protocol: static, UpTime: 00:28:49, Expires: -
(10.110.5.1, 225.1.1.1)
RP: 10.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT
UpTime: 00:02:26
1: vlanif104
Protocol: pim-sm, UpTime: 00:02:26, Expires: -
No output information is displayed.
# User 1 leaves group G, and multicast source S1 stops sending multicast packets to G. You can
run the reset multicast routing-table all and reset multicast forwarding-table all commands
to clear the multicast routing entries and multicast forwarding entries on S9300-C.
<S9300-C> reset multicast routing-table all
<S9300-C> reset multicast forwarding-table all
# User 2 joins group G, and multicast source S2 (10.110.6.100/24) sends multicast packets to
G. Comparing information about the PIM routing tables on S9300-C and S9300-D, you can find
that S9300-D is the valid RP. That is, S2 registers to S9300-D, and User 2 sends a Join message
to S9300-D.
No output information is displayed.


(*, 225.1.1.1)
RP: 10.1.1.1 (local)
Protocol: pim-sm, Flag: WC RPT
UpTime: 00:07:23
Upstream interface: NULL,
1: vlanif103,
(10.110.6.100, 225.1.1.1)
RP: 10.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT
UpTime: 00:10:20
1: vlanif103
Protocol: pim-sm, UpTime: 00:10:22, Expires: -
----End
Configuration Files
l Configuration file of S9300-A The configuration files of S9300-B and S9300-E are similar
to the configuration file of S9300-A, and are not provided here.
#
sysname S9300-A
#
vlan batch 101 105
#
#
ip address 10.110.1.2 255.255.255.0
pim sm
#
ip address 10.110.5.1 255.255.255.0
pim sm
#
#
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 10.110.5.0 0.0.0.255
#
return
l Configuration file of S9300-C The configuration file of S9300-D IS similar to the

configuration file of S9300-C, and is not provided here.
#
sysname S9300-C
#
#

#
ip address 192.168.1.1 255.255.255.0
pim sm
#
ip address 10.110.1.1 255.255.255.0
pim sm
#
ip address 10.110.4.1 255.255.255.0
igmp enable
pim sm
#
#
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface LoopBack10
ip address 10.1.1.1 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 10.110.4.0 0.0.0.255
network 1.1.1.1 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.1.1 0.0.0.0
network 192.168.1.0 0.0.0.255
#
pim
c-bsr LoopBack1
c-rp LoopBack10
#
msdp
originating-rp LoopBack0
peer 2.2.2.2 connect-interface LoopBack0
#
return
5.5.8 Multicast Route Management

This chapter describes the principle of RPF, procedures for configuring multicast static routes
and forwarding policies, and commands for maintaining multicast static routes and forwarding
policies, and provides configuration examples.
Example for Changing Static Multicast Routes to RPF Routes

As shown in Figure 5-122, PIM-DM runs on the network and all the S9300s support multicast.
The receiver can receive information from the multicast source. S9300-A, S9300-B, and S9300-
C run OSPF. You need to configure a static multicast route to make the multicast path from the
source to the receiver different from the unicast path from the source to the receiver.
Figure 5-122 Networking diagram for changing static multicast routes to RPF routes
S9300-C
GE3/0/0 GE2/0/0
GE3/0/0 PIM-DM GE2/0/0
S9300-A S9300-B
GE1/0/0 GE1/0/0
GE2/0/0 GE3/0/0
8.1.1.2/24 7.1.1.2/24
Source Receiver
Multicast static route

S9300-A GE 1/0/0 VLANIF 10 9.1.1.1/24
GE 2/0/0 VLANIF 20 8.1.1.1/24
GE 3/0/0 VLANIF 30 12.1.1.1/24
S9300-B GE 1/0/0 VLANIF 10 9.1.1.2/24
GE 2/0/0 VLANIF 40 13.1.1.1/24
GE 3/0/0 VLANIF 50 7.1.1.1/24
S9300-C GE 2/0/0 VLANIF 40 13.1.1.2/24
GE 3/0/0 VLANIF 30 12.1.1.2/24
1. Configure the IP addresses of interfaces and the unicast routing protocol on each S9300.
2. Enable the multicast function on all S9300s, PIM-SM on all interfaces, and IGMP on the
interfaces at the host side.
3. Configure static multicast RPF routes on S9300-B, and configure S9300-C as the RPF
neighbor.

Data Preparation
l IP address of the source
l Outgoing interface of the route from S9300-B to S9300-C: VLANIF 40
NOTE
This configuration example describes only the commands used to configure static multicast routes.
Procedure
# Configure the IP addresses and masks on the interfaces on each S9300 according to Figure
5-122. IP addresses must be configured on the VLANIF interfaces. OSPF runs between S9300-
A, S9300-B and S9300-C, and the S9300s can update routes among them through the unicast
routing protocol. The configuration procedure is not provided here.
Step 2 Enable multicast on all S9300s and PIM-DM on all interfaces.
# Enable multicast on all S9300s, and PIM-SM on all interfaces. Enable the IGMP function on
the interfaces at the host side. The configurations of other S9300s are similar to configuration
of S9300-B, and are not mentioned here.
[S9300-B-Vlanif10] pim dm
[S9300-B-Vlanif30] igmp enable
# Run the display multicast rpf-info command on S9300-B to view the RPF information of the
source. The RPF routes are unicast routes, and the RPF neighbor is S9300-A. The following
information is displayed:
<S9300-B> display multicast rpf-info 8.1.1.2
RPF information about source 8.1.1.2:
RPF interface: vlanif10, RPF neighbor: 9.1.1.1
Referenced route/mask: 8.1.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disable
Step 3 Configure the static multicast route.

# Configure a static multicast RPF route on S9300-B, and configure S9300-C as the RPF
neighbor.
[S9300-B] ip rpf-route-static 8.1.1.0 255.255.255.0 13.1.1.2

# Run the display multicast rpf-info command on S9300-B to view the RPF information of the
source. The RPF information is as follows. The RPF routes and the RPF neighbor are updated
according to the static multicast route.


Referenced route type: mstatic
----End
Configuration Files
#
sysname S9300-B
#
vlan batch 10 40 50
#
#
interface vlanif 10
ip address 9.1.1.2 255.255.255.0
pim dm
#
interface vlanif 40
ip address 13.1.1.1 255.255.255.0
pim dm
#
interface vlanif 50
ip address 7.1.1.1 255.255.255.0
pim dm
igmp enable
#
#
#
#
ospf 1
area 0.0.0.0
network 7.1.1.0 0.0.0.255
network 9.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
ip rpf-route-static 8.1.1.0 255.255.255.0 13.1.1.2
#
return
Example for Connecting RPF Routes Through Static Multicast Routes
As shown in Figure 5-123, PIM-DM runs on the network and all S9300 support multicast. The
receiver can receive information from the multicast source Source1. S9300-B and S9300-C run
OSPF. No unicast route is available between S9300-A and S9300-B. You need to use a multicast
static route to enable the receiver to receive information sent by Source2.

Figure 5-123 Networking diagram for connecting the RPF route through static multicast routes
OSPF PIM-DM
Source1
10.1.3.2/24
GE2/0/0
S9300-A
GE3/0/0 GE3/0/0
S9300-B
GE1/0/0 GE1/0/0
GE1/0/0
S9300-C
Source2
GE2/0/0 10.1.5.2/24
Receiver
Multicast static route

S9300-A GE 1/0/0 VLANIF 11 10.1.5.1/24
GE 3/0/0 VLANIF 40 10.1.4.2/24
S9300-B GE 1/0/0 VLANIF 20 10.1.2.2/24
GE 2/0/0 VLANIF 13 10.1.3.1/24
GE 3/0/0 VLANIF 40 10.1.4.1/24
S9300-C GE 1/0/0 VLANIF 20 10.1.2.1/24
GE 2/0/0 VLANIF 12 10.1.1.1/24
1. Configure the IP addresses of interfaces and the unicast routing protocol on each S9300.
2. Enable the multicast function on all routers, PIM-SM on all interfaces, and IGMP on the
interfaces connected to hosts.
3. Configure static multicast RPF routes on S9300-B and S9300-C.
Data Preparation
l IP address of Source2

l RPF interface, VLANIF 40, through which S9300-B connects to Source 2 and the RPF
neighbor, namely, S9300-A
l RPF interface, VLANIF 20, through which S9300-C connects to Source 2 and the RPF
neighbor, namely, S9300-C
NOTE
This configuration example describes only the commands used to configure static multicast routes.
Procedure
# Configure the IP addresses and masks on the interfaces on each S9300 according to Figure
5-123. S9300-B and S9300-C belong to the same OSPF area, and they can update routes between
them through the unicast routing protocol. The configuration procedure is not provided here.
Step 2 Enable multicast on all S9300s and PIM-DM on all interfaces.
# Enable multicast on all S9300s, and PIM-DM on all interfaces. Enable the IGMP function on
the interfaces connected to hosts.
[S9300-A] interface vlanif11


[S9300-C-Vlanif20] pim dm
[S9300-C-Vlanif12] pim dm
# Source 1 (10.1.3.2/24) and Source 2 (10.1.5.2/24) send multicast data to the multicast group
G (225.1.1.1). The receiver joins multicast group G. Therefore, the receiver can receive the
multicast data sent by Source1, but cannot receive the multicast data sent by Source2.
# Run the display multicast rpf-info 10.1.5.2 command on S9300-B and S9300-C. If no
information is displayed, it indicates that S9300-B and S9300-C have no RPF route to Source2.
Step 3 Configure the static multicast route.
# Configure a static multicast RPF route on S9300-B, and configure S9300-A as the RPF
neighbor.
[S9300-B] ip rpf-route-static 10.1.5.0 255.255.255.0 10.1.4.2

# Configure a static multicast RPF route on S9300-C, and configure S9300-B as the RPF
neighbor.
[S9300-C] ip rpf-route-static 10.1.5.0 255.255.255.0 10.1.2.2

# Run the display multicast rpf-info 10.1.5.2 command on S9300-B and S9300-C to view the
RPF information of Source2. The RPF information is as follows:
RPF information about: 10.1.5.2
Route selecting rule: preference-preferred
<S9300-C> display multicast rpf-info 10.1.5.2

# Run the display pim routing-table command on S9300-C to view the routing table. S9300-
C has the multicast entries of Source2. The receiver can receive the multicast data from Source2.
(*, 225.1.1.1)
UpTime: 03:54:19
1: vlanif12
(10.1.3.2, 225.1.1.1)
UpTime: 00:00:44
1: vlanif12
(10.1.5.2, 225.1.1.1)
UpTime: 00:00:44
1: vlanif12
----End

Configuration Files
#
sysname S9300-A
#
#
vlan batch 11 40
#
interface vlanif 11
ip address 10.1.5.1 255.255.255.0
pim dm
#
interface vlanif 40
ip address 10.1.4.2 255.255.255.0
pim dm
#
#
#
ospf 1
area 0.0.0.0
network 10.1.5.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return

#
sysname S9300-B
#
vlan batch 13 20 40
#
#
interface vlanif 13
ip address 10.1.3.1 255.255.255.0
pim dm
#
interface vlanif 20
ip address 10.1.2.2 255.255.255.0
pim dm
#
interface vlanif 40
ip address 10.1.4.1 255.255.255.0
pim dm
#
#
#
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
ip rpf-route-static 10.1.5.0 24 10.1.4.2
#
return


#
sysname S9300-C
#
vlan batch 12 20
#
#
interface vlanif 12
ip address 10.1.1.1 255.255.255.0
igmp enable
pim dm
#
interface vlanif 20
ip address 10.1.2.1 255.255.255.0
pim dm
#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
ip rpf-route-static 10.1.5.0 24 10.1.2.2
#
return
5.6 Configuration Guide - Reliability

This document describes the configuration of BFD, DLDP, smart link, RRPP, VRRP, VRRP6,
Ethernet OAM, hot backup, and active/standby switchover to ensure reliability of Ethernet
services on the S9300.
The document provides the configuration procedures and configuration examples to illustrate
the service configuration methods and application scenario.
5.6.1 DLDP Configuration
This chapter describes the principle, configuration procedure, and configuration example of the
Device Link Detection Protocol (DLDP).
5.6.2 Smart Link Configuration
Smart Link.
5.6.3 VRRP Configuration
This chapter describes the principle, basic functions, and advanced functions of the Virtual
Router Redundancy Protocol (VRRP).
5.6.4 BFD Configuration
This chapter describes the principle and configuration of BFD.
5.6.5 Ethernet OAM Configuration
This chapter describes the principle, configuration procedure, and configuration example of
Ethernet operations administration and maintenance (OAM).
5.6.6 Hot Backup and Active/Standby Switchover Configuration

This chapter describes the principle and configuration of hot backup and active/standby
switchover.
5.6.1 DLDP Configuration

Device Link Detection Protocol (DLDP).
Example for Configuring DLDP
As shown in Figure 5-124, one of the fibers between two S9300s is disconnected. All interfaces
of the two S9300s work in non-auto negotiation mode.
Figure 5-124 Disconnection of one fiber

S9300-A
GE2/0/1 GE2/0/2
GE2/0/1 GE2/0/2
S9300-B
1. Enable DLDP.
2. Set the operation mode of DLDP.
3. Set the interval for sending Advertisement packets.
4. Set the Delay Down timer.
5. Set the mode of disabling the interface when a unidirectional link is detected.
6. Set the authentication mode of DLDP packets.
Data Preparation
l Type and number of each interface
l Interval for sending Advertisement packets
l Value of the Delay Down timer

Procedure
Step 1 Enable DLDP globally
[S9300-A] dldp enable
Step 2 Enable DLDP on an interface.

[S9300-A-GigabitEthernet2/0/1] dldp enable
Step 3 Set the operation mode of DLDP.

[S9300-A] dldp work-mode enhance
Step 4 Set the interval for sending Advertisement packets.

[S9300-A] dldp interval 80
Step 5 Set the Delay Down timer.

[S9300-A] dldp delaydown-timer 4
Step 6 Set the mode of disabling the interface when a unidirectional link is detected.
[S9300-A] dldp unidirectional-shutdown auto
Step 7 Set the authentication mode of DLDP packets.

[S9300-A] dldp authentication-mode simple 12345
Repeat the preceding steps on S9300-B.

When a unidirectional link is detected, GE 2/0/1 is automatically blocked.
# Run the display dldp command on GigabitEthernet2/0/1, and you can find that the DLDP
status on the interface is disable.
<Quidway> display dldp gigabitethernet 2/0/1
Interface GigabitEthernet2/0/1
DLDP port state : disable
DLDP link state : down
The neighbor number of the port is 1.
Neighbor mac address : 0000-0000-0100
Neighbor port index : 21
Neighbor state : two way
Neighbor aged time : 13
----End
Configuration Files
Configuration file of S9300-A
#
sysname S9300-A
#
dldp enable
dldp interval 80
dldp delaydown-timer 4
dldp authentication-mode simple 12345
#
dldp enable
#
return

5.6.2 Smart Link Configuration

Smart Link.
Context
Example for Configuring Load Balancing of Active and Standby Links of the Smart
Link Group
As shown in Figure 5-125, the user-side network is connected to the MAN in dual-homing mode
to guarantee the reliability of the network. This networking ensures rapid switching of traffic
over the standby link when the active link fails so that the duration of service interruption is
limited to several milliseconds.
Figure 5-125 Networking diagram for configuring load balancing of active and standby links
of the Smart Link group
MAN
Switch-D Switch-C
GE1/0/0 GE1/0/2
GE1/0/1 GE1/0/0
GE1/0/1
GE1/0/2
Smart Link group Smart Link group
GE1/0/1 GE1/0/2
GE1/0/2 GE1/0/1
Switch-A Switch-B
User1 User2
Active link
Inactive link
1. Configure Smart Link multi-instance on Switch-A and Switc-B, and add uplink interfaces
to the groups.
2. Enable revertive switching on Switch-A and Switch-B.
3. Enable Switch-A and Switch-B to send Flush packets.
4. Enable Switch-C and Switch-D to receive Flush packets.
5. Enable functions of the Smart Link group on Switch-A and Switch-B.

Data Preparation
l IDs of the instances on Switch-A and Switch-B and IDs of the VLANs bound to the
instances
l IDs of the Smart Link groups
l Numbers of the uplink interfaces on Switch-A and Switch-B
l Control VLAN ID and password contained in Flush packets
Procedure
Step 1 Create the same control VLAN on Switch-A and Switch-B, and add uplink interfaces to the
VLAN.
The configuration procedure is not mentioned here. For details, see "VLAN Configuration" in
the Quidway S9300 Terabit Routing Switch Configuration Guide - Ethernet.
Step 2 Configure Smart Link multi-instance.
# Configure Switch-A.
<Switch-A> system-view
[Switch-A] stp region-configuration
[Switch-A-mst-region] instance 10 vlan 100 500
[Switch-A-mst-region] active region-configuration
[Switch-A-mst-region] quit
[Switch-A] smart-link group 1
[Switch-A-smlk-group1] protected-vlan reference-instance 0 10
[Switch-A-smlk-group1] load-balance reference-instance 10 slave
# Configure Switch-B.
<Switch-B> system-view
[Switch-B] stp region-configuration
[Switch-B-mst-region] instance 15 vlan 600 1000
[Switch-B-mst-region] active region-configuration
[Switch-B-mst-region] quit
[Switch-B] smart-link group 2
[Switch-B-smlk-group2] protected-vlan reference-instance 0 15
[Switch-B-smlk-group2] load-balance reference-instance 15 slave
Step 3 Add the uplink interfaces to the Smart Link group and specify the master and slave interfaces.
Ensure that STP is disabled on the uplink interfaces.
# Disable STP on interfaces.
[Switch-A-GigabitEthernet1/0/1] stp disable
[Switch-A-GigabitEthernet1/0/2] stp disable
[Switch-B-GigabitEthernet1/0/1] stp disable
[Switch-B-GigabitEthernet1/0/2] stp disable
[Switch-A-smlk-group1] port gigabitethernet 1/0/1 master
[Switch-A-smlk-group1] port gigabitethernet 1/0/2 slave
[Switch-B-smlk-group2] port gigabitethernet 1/0/2 master
[Switch-B-smlk-group2] port gigabitethernet 1/0/1 slave
Step 4 Enable revertive switching and set the interval of revertive switching.

[Switch-A-smlk-group1] restore enable
[Switch-A-smlk-group1] timer wtr 30
[Switch-B-smlk-group2] restore enable
[Switch-B-smlk-group2] timer wtr 30
Step 5 Enable the sending of Flush packets.

[Switch-A-smlk-group1] flush send control-vlan 10 password simple 123
[Switch-B-smlk-group2] flush send control-vlan 10 password simple 123
Step 6 Enable functions of the Smart Link group.

[Switch-A-smlk-group1] smart-link enable
[Switch-B-smlk-group2] smart-link enable
Step 7 Enable the receiving of Flush packets.

# Configure Switch-C.
[Switch-C-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10 password
simple 123
simple 123
simple 123
# Configure Switch-D.
[Switch-D-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10 password
simple 123
simple 123
simple 123

# Run the display smart-link group command to view information about the Smart Link groups
on Switch-A and Switch-B. If the following information is displayed, it indicates that the
configuration is successful.
l The functions of the Smart Link group are enabled.
l The interval of revertive switching is 30 seconds.
l The control VLAN ID is 10.
l GE 1/0/1 is the active interface and is in Active state, and GE 1/0/2 is the standby interface
and is in Inactive state. Load balancing functions are configured and CurrentState in FSM
Info is Multimaster, indicating that the two links can forward data.
<Switch-A> display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled

Wtr-time is: 30 sec.

Load-Balance Instance: 10
Reference Instance: 0 10
DeviceID: 0018-2000-0083 Control-vlan ID: 10
Member Role State Flush Count Last-Flush-Time
------------------------------------------------------------------------
GigabitEthernet1/0/1 Master Active 1 2009/01/05 10:33:46
GigabitEthernet1/0/2 Slave Inactive 0 0000/00/00 00:00:00
<Switch-A> display smart-link protocol-parameter group 1
SMART-LINK Group 1:
********************************
*Master Port Info:
IfIndex: 11905(GigabitEthernet1/0/1)
PortStatus: 2(active) <-- 2(active)
LinkStatus: 1(up)
IFNET_S
SMLK Group ID: 1
MTLK Group ID: 0
Role: 1(master)
Ctrl Vlan: 0
Password:
*Slave Port Info:
IfIndex: 13441(GigabitEthernet1/0/2)
PortStatus: 3(inactive) <-- 2(active)
LinkStatus: 1(up)
IFNET_S
SMLK Group ID: 1
MTLK Group ID: 0
Role: 2(slave)
CTRL Vlan: 0
Password:
*FSM Info:
CurrentState: 2(MultiMaster)
TransEvent: 16(SMLK_EVT_TIMEREXP)
TransIfIndex: 0()
*Other Config:
Lock|Force: 0(unknown)
WtrTime: 30 sec.
RevertEnable: 1(enable)
GroupActive: 1(active)
MTLK Uplink: 0
RvtTimeCounter: 7 sec.
*Flush Send Info:
CTRL Vlan: 10
Password: 123
*1AG Event Info:
Event Type: 0
# Run the shutdown command to shut down GE 1/0/1, and you can find that GE 1/0/1 is in
Inactive state and GE 1/0/2 is in Active state.
[Switch-A-GigabitEthernet1/0/1] shutdown
[Switch-A-GigabitEthernet1/0/1] display smart-link group 1
------------------------------------------------------------------------
GigabitEthernet1/0/1 Master Inactive 1 2009/01/05 10:33:46
GigabitEthernet1/0/2 Slave Active 1 2009/01/05 10:37:58
# Run the undo shutdown command to enable GE 1/0/1, and you can find that GE 1/0/1 is in
Active state and GE 1/0/2 is in Inactive state after 30 seconds.
[Switch-A-GigabitEthernet1/0/1] undo shutdown
[Switch-A-GigabitEthernet1/0/1] display smart-link group 1


------------------------------------------------------------------------
GigabitEthernet1/0/1 Master Active 2 2009/01/05 10:45:31
GigabitEthernet1/0/2 Slave Inactive 1 2009/01/05 10:37:58
----End
Configuration Files
The following lists only the configuration files of the user-side switches.
l Configuration file of Switch-A
#
sysname Switch-A
#
vlan batch 10 100 500 600 1000
#
instance 10 vlan 100 500
#
port trunk allow-pass vlan 10 100 500 600 1000
stp disable
#
stp disable
#
smart-link group 1
protected-vlan reference-instance 0 10
load-balance reference-instance 10 slave
restore enable
smart-link enable
port GigabitEthernet1/0/1 master
port GigabitEthernet1/0/2 slave
timer wtr 30
flush send control-vlan 10 password simple 123
#
return
l Configuration file of Switch-B

#
sysname Switch-B
#
vlan batch 10 100 500 600 1000
#
instance 15 vlan 600 1000
#
stp disable
#
stp disable

#
smart-link group 2
protected-vlan reference-instance 0 15
load-balance reference-instance 15 slave
restore enable
smart-link enable
timer wtr 30
#
Return
l Configuration file of Switch-C

#
sysname Switch-C
#
vlan batch 10 100 500 600 1000
#
smart-link flush receive control-vlan 10 password simple 123
#
#
#
Return
l Configuration file of Switch-D

#
sysname Switch-D
#
vlan batch 10 100 500 600 1000
#
#
#
#
Return
Example for Applying the Smart Link Functions
As shown in Figure 5-126, S9300-C on the MAN is connected to user networks. It accesses the
backbone network through uplink devices S9300-A and S9300-B in dual-homed mode.

S9300-A and S9300-C are connected to uplink devices in dual-homed mode. One out of each
link pair needs to be blocked to prevent loops. When the active link fails, the data flows can be
rapidly switched to the standby link to ensure normal services.
In addition, a monitoring mechanism is required to prevent service interruption caused by faults

of the uplink. This monitoring mechanism enables the downlink to quickly detect the fault of
the uplink. When the uplink fails, link switching can be performed immediately to shorten the
duration of service interruption.
Figure 5-126 Networking of Smart Link application
IP/MPLS
core
network
Smart Link group

GE1/0/1 GE1/0/1
GE1/0/2
Monitor Link group Monitor Link group
S9300-A GE2/0/1
GE2/0/1 S9300-B
Smart Link group GE1/0/1 GE1/0/2
S9300-C
Active link
User1 User2 Inactive link
1. Configure Smart Link groups on S9300-A and S9300-C, and add uplink interfaces to the
groups.
2. Configure Monitor Link groups on S9300-A and S9300-B.
3. Enable S9300-A and S9300-C to send Flush packets.
4. Enable S9300-A and S9300-C to receive Flush packets.

Data Preparation
l Numbers of interfaces on S9300-A, S9300-B, and S9300-C

l IDs of the Smart Link groups
l Control VLAN ID and password contained in Flush packets
l IDs of the Monitor Link groups and the numbers of the downlinks
Procedure
Step 1 Configure the same control VLAN on S9300-A, S9300-B, and S9300-C. Add the interfaces of
the Smart Link group or Monitor Link group to this VLAN.
The configuration procedures are not mentioned here. For details, see "VLAN Configuration"
in the Quidway S9300 Terabit Routing Switch Configuration Guide - Ethernet.
Step 2 Create Smart Link groups and enable the functions of the groups.
[S9300-A] smart-link group 1
[S9300-A-smlk-group1] protected-vlan reference-instance 0
[S9300-A-smlk-group1] smart-link enable
[S9300-C] smart-link group 2
[S9300-C-smlk-group2] protected-vlan reference-instance 0
[S9300-C-smlk-group2] smart-link enable
Step 3 Add interfaces to Smart Link groups and specify the master and slave interfaces of each Smart
Link group
# Disable STP on the interfaces.

[S9300-A-GigabitEthernet1/0/1] stp disable
[S9300-A-GigabitEthernet1/0/2] stp disable
[S9300-C-GigabitEthernet1/0/1] stp disable
[S9300-C-GigabitEthernet1/0/2] stp disable
[S9300-A-smlk-group1] port gigabitethernet 1/0/1 master
[S9300-A-smlk-group1] port gigabitethernet 1/0/2 slave
[S9300-C-smlk-group2] port gigabitethernet 1/0/1 master
[S9300-C-smlk-group2] port gigabitethernet 1/0/2 slave
Step 4 Enable revertive switching and set the interval of revertive switching.
[S9300-A-smlk-group1] restore enable
[S9300-A-smlk-group1] timer wtr 30

[S9300-C-smlk-group2] restore enable

[S9300-C-smlk-group2] timer wtr 30
Step 5 Enable the sending and receiving of Flush packets.

[S9300-A-smlk-group1] flush send control-vlan 10 password simple 123
[S9300-A-smlk-group1] quit
[S9300-A- gigabitethernet2/0/1] smart-link flush receive control-vlan 10 password
simple 123
[S9300-B- gigabitethernet2/0/1] smart-link flush receive control-vlan 10 password
simple 123
[S9300-C-smlk-group2] flush send control-vlan 10 password simple 123
Step 6 Create Monitor Link groups and add the uplink and downlink interfaces to the Monitor Link
groups.
[S9300-A] monitor-link group 1
[S9300-A-mtlk-group1] smart-link group 1 uplink
[S9300-A-mtlk-group1] port gigabitethernet 2/0/1 downlink 1
[S9300-B] monitor-link group 2
[S9300-B-mtlk-group2] port gigabitethernet 1/0/1 uplink
[S9300-B-mtlk-group2] port gigabitethernet 2/0/1 downlink 1
Step 7 Set the revertive switching interval of the Monitor Link groups.
[S9300-A-mtlk-group1] timer recover-time 10
[S9300-B-mtlk-group2] timer recover-time 10
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
stp disable
#
stp disable

#
#
smart-link group 1
smart-link enable
timer wtr 30
restore enable
#
monitor-link group 1
smart-link group 1 uplink
port GigabitEthernet2/0/1 downlink 1
timer recover-time 10
#
return

#
sysname S9300-B
#
vlan batch 10
#
#
#
monitor-link group 2
port GigabitEthernet1/0/1 uplink
port GigabitEthernet2/0/1 downlink 1
timer recover-time 10
#
return

#
sysname S9300-C
#
vlan batch 10
#
stp disable
#
stp disable
#
smart-link group 2
smart-link enable
timer wtr 30
restore enable

#
return
5.6.3 VRRP Configuration

This chapter describes the principle, basic functions, and advanced functions of the Virtual
Router Redundancy Protocol (VRRP).
Example for Configuring VRRP in Master/Backup Mode
As shown in Figure 5-127, Host A communicates with Host B through the default gateway.
The requirements are as follows:
l The VRRP backup group that consists of S9300 A and S9300 B functions as the default
gateway of Host A.
l S9300 A functions as the gateway. When S9300 A fails, S9300 B becomes the gateway.
l After S9300 A recovers, it preempts to be the master router within 20 seconds.
Figure 5-127 Networking of a VRRP backup group in master/backup mode
Backup group 1
Virtual IP Address:
10.1.1.111
S9300A
Master
VLANIF200
VLANIF100 192.168.1.1/24
10.1.1.1/24
VLANIF400
192.168.1.2/24
S9300C VLANIF300
HostA 20.1.1.1/24
10.1.1.100/24 VLANIF500 HostB
192.168.2.2/24 20.1.1.100/24
VLANIF100 VLANIF200
10.1.1.2/24 192.168.2.1/24
Ethernet S9300B
Backup
1. Create backup group 1 on VLANIF 100 of S9300 A. Set the highest priority for S9300 A
in the backup group to ensure that S9300 A functions as the master. Configure the
preemption mode on S9300 A.

2. Create backup group 1 on VLANIF 100 of S9300 B and use the default priority.
Data Preparation
l ID and virtual IP address of the VRRP backup group
l Priorities of S9300 A and S9300 B in the backup group
l Preemption mode
Procedure
Step 1 Configure interworking between devices on the network.
# Configure the default gateway address of Host A to 10.1.1.111 and default gateway address
of Host B to 20.1.1.1.
# Configure Open Shortest Path First (OSPF) between S9300 A, S9300 B, and S9300 C.
Step 2 Configure a VRRP backup group.
# On S9300 A, assign an IP address to the VLANIF interface. Create backup group 1 and set
the priority of S9300 A in the backup group to 120 so that S9300 A functions as the master.
[S9300A] interface Vlanif 100
[S9300A-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111
[S9300A-Vlanif100] vrrp vrid 1 priority 120
[S9300A-Vlanif100] vrrp vrid 1 preempt-mode timer delay 20
# On S9300 B, assign an IP address to the VLANIF interface. Create backup group 1 and retain
the default priority of S9300 B in the backup group so that S9300 B functions as the backup.
[S9300B] interface Vlanif 100
[S9300B-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111

l The VRRP backup group can function as the gateway.
After the preceding configuration, Host A can ping Host B. Run the display vrrp command on
S9300 A, and you can find that S9300 A is the master switch. Run the display vrrp command
on S9300 B, and you can find that S9300 B is the backup switch.
<S9300A> display vrrp
Vlanif100 | Virtual Router 1
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp

<S9300B> display vrrp

state : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Run the display ip routing-table command on S9300 A and S9300 B. You can find a direct
route to the virtual IP address in the routing table of S9300 A. In the routing table of S9300 B,
this direct route is an OSPF route. The displayed information on S9300 A and S9300 B is as
follows:
<S9300A> display ip routing-table
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif100
20.1.1.0/24 OSPF 10 2 D 192.168.1.2 Vlanif200
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif200
192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif200
192.168.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif100
<S9300B> display ip routing-table
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif100
10.1.1.111/32 OSPF 10 2 D 10.1.1.1 Vlanif100
20.1.1.0/24 OSPF 10 2 D 192.168.2.2 Vlanif200
192.168.1.0/24 OSPF 10 2 D 10.1.1.1 Vlanif100
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif200
192.168.2.2/32 Direct 0 0 D 192.168.2.2 Vlanif200
l When S9300 A fails, S9300 B becomes the master switch.
Run the shutdown command on VLANIF 100 of S9300 A to simulate a link fault.
Run the display vrrp command on S9300 B to view information about the VRRP status. You
can find that S9300 B is the master switch.
<S9300B> display vrrp
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1

TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
l When S9300 A recovers, it preempts to be the master.

Run the undo shutdown command on VLANIF 100 of S9300 A Wait for 20 seconds after
VLANIF 100 recovers to the Up state, and then run the display vrrp command on S9300 A to
view the VRRP status. You can find that S9300 A is the master switch.
----End
Configuration Files
#
sysname S9300A
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif200
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300B
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif200
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300C
#
interface Vlanif300
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif400
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif500
ip address 192.168.2.2 255.255.255.0
#
ospf 1

area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
Example for Configuring VRRP in Load Balancing Mode
l S9300 A is the master switch in backup group 1 and the backup switch in backup group 2.
l S9300 B is the master switch in backup group 2 and the backup switch in backup group 1.
l Host A on the internal network uses backup group 1 as the gateway, and Host C uses backup
group 2 as the gateway. The backup groups share data flows and back up each other.
Figure 5-128 Networking diagram for configuring VRRP in load balancing mode
Backup group 2
Virtual IP Address: S9300A
10.1.1.112 group 1:Master
group 2:Backup
VLANIF200
192.168.1.1/24
VLANIF100
10.1.1.1/24 VLANIF400
HostA 192.168.1.2/24
10.1.1.100/24 VLANIF300
S9300C 20.1.1.1/24
VLANIF500 HostB
192.168.2.2/24 20.1.1.100/24
HostC VLANIF200
10.1.1.101/24 VLANIF100 192.168.2.1/24
10.1.1.2/24 S9300B
Ethernet group 2:Master
Backup group 1 group 1:Backup
Virtual IP Address:
10.1.1.111
1. Create two backup groups on VLANIF 100 of S9300 A. Configure S9300 A as the master
switch in backup group 1 and the backup switch in backup group 2.
2. Create two backup groups on VLANIF 100 of S9300 B. Configure S9300 B as the master
switch in backup group 2 and the backup switch in backup group 1.

Data Preparation
l IDs and virtual IP addresses of the VRRP backup groups
l Priorities of S9300 A and S9300 B in the backup groups
Procedure
Step 1 Configure interworking between devices on the network.
# Configure the default gateway of Host A to the virtual IP address 10.1.1.111 of backup group
1, the default gateway of Host B to 20.1.1.1, and the default gateway of Host C to the virtual IP
address 10.1.1.112 of backup group 2.
# Configure OSPF between S9300 A, S9300 B, and S9300 C.
Step 2 Configure VRRP backup groups.
# On S9300 A, assign an IP address to VLANIF 100. Create backup group 1 and set the priority
of S9300 A in backup group 1 to 120 so that S9300 A functions as the master. Create backup
group 2 and retain the default priority (100) of S9300 A in backup group 2 so that S9300 A
functions as the backup switch in backup group 2.
# On S9300 B, assign an IP address to VLANIF 100. Create backup group 1 and retain the default
priority (100) of S9300 B in backup group 1 so that S9300 B functions as the backup. # Create
backup group 2 on S9300 B and set the priority of S9300 B in backup group 2 to 120 so that
S9300 B functions as the master in backup group 2.
[S9300B-Vlanif100] vrrp vrid 2 priority 120

After the preceding configuration, Host A and Host C can ping Host B successfully.
Tracert Host B from Host A and Host C. Packets from Host A to Host B pass through S9300 A
and S9300 C. Packets from Host C to Host B pass through S9300 B and S9300 C. That is, load
balancing is implemented between S9300 A and S9300 B.
<HostA> tracert 20.1.1.100
1 10.1.1.1 120 ms 50 ms 60 ms
2 192.168.1.2 100 ms 60 ms 60 ms
3 20.1.1.100 130 ms 90 ms 90 ms
<HostC> tracert 20.1.1.100
1 10.1.1.2 30 ms 60 ms 40 ms
2 192.168.2.2 90 ms 60 ms 60 ms
3 20.1.1.100 70 ms 60 ms 90 ms

Run the display vrrp command on S9300 A, you can find that S9300 A is the master in backup
group 1 and the backup in backup group 2.
<S9300A> display vrrp
state : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
state : Backup
Virtual IP : 10.1.1.112
PriorityRun : 100
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0102
Check TTL : YES
----End
Configuration Files
#
sysname S9300A
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif200
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300B
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif200
ip address 192.168.2.1 255.255.255.0
#

ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300C
#
interface Vlanif300
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif400
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif500
ip address 192.168.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
Example for Configuring VRRP Fast Switchover
As shown in Figure 5-129, S9300 A, S9300 B, Switch A, Switch B and the Universal Medium
Gateway (UMG) form a simple next generation network (NGN).
The networking is as follows:
l The UMG connects to S9300 A and S9300 B through Switch A and Switch B.
l S9300 A and S9300 B run VRRP. S9300 A functions as the master, and S9300 B functions
as the backup.
When S9300 A fails, or when the GE link between S9300 A and S9300 B fails, the master/
backup switchover should be completed within 1 second. That is, fast switchover is required on
the bearer network.

Figure 5-129 Networking diagram for configuring VRRP fast switchover
Backbone
Network
VLANIF200 VLANIF200
S9300A 192.168.0.1/24 192.168.0.2/24
S9300B
VLANIF100 VLANIF100
10.1.1.1/24 Backup group 10 10.1.1.2/24
Virtual IP address: 10.1.1.3/24
SwitchA SwitchB
VLAN
UMG
1. Configure a BFD session on S9300 A and S9300 B to monitor S9300 A and its downlink
S9300 A - Switch A - Switch B - S9300 B.
2. Enable VRRP to track the BFD session on S9300 B. When the BFD session becomes Down,
the priority of S9300 B increases by 40 and then the switchover is triggered.
NOTE
This example describes only the configurations on S9300 A and S9300 B.
Data Preparation
l Local and remote discriminators of the BFD session
l ID and virtual IP address of the VRRP backup group
l Priorities of the S9300s in the backup group
Procedure
Step 1 Assign IP addresses to the interfaces.
Step 2 Create a BFD session.
# Create a BFD session on S9300 A.
[S9300A] bfd

[S9300A-bfd] quit
[S9300A] bfd atob bind peer-ip 10.1.1.2 interface Vlanif 100
[S9300A-bfd-session-atob] discriminator local 1
[S9300A-bfd-session-atob] discriminator remote 2
[S9300A-bfd-session-atob] min-rx-interval 50
[S9300A-bfd-session-atob] min-tx-interval 50
[S9300A-bfd-session-atob] commit
[S9300A-bfd-session-atob] quit
# Create a BFD session on S9300 B.

[S9300B] bfd
[S9300B-bfd] quit
[S9300B] bfd btoa bind peer-ip 10.1.1.1 interface Vlanif 100
[S9300B-bfd-session-btoa] discriminator local 2
[S9300B-bfd-session-btoa] discriminator remote 1
[S9300B-bfd-session-btoa] min-rx-interval 50
[S9300B-bfd-session-btoa] min-tx-interval 50
[S9300B-bfd-session-btoa] commit
[S9300B-bfd-session-btoa] quit
Run the display bfd session command on S9300 A and S9300 B, and you can see that the BFD
session is Up. Take S9300 A for example. The display is as follows:
[S9300A] display bfd session all
--------------------------------------------------------------------------------
Local Remote Peer IP Address Interface Name State Type
--------------------------------------------------------------------------------
1 2 10.1.1.2 Vlanif100 Up Static
--------------------------------------------------------------------------------
Step 3 Configure VRRP fast switchover.

# Create backup group 10 on S9300 A and set the priority of S9300 A in backup group 10 to
160 so that S9300 A functions as the master in backup group 10.
# Create backup group 10 on S9300 B and set the priority of S9300 B in backup group 10 to 140
so that S9300 B functions as the backup in backup group 10.
# Configure VRRP to track the status of the BFD session on the backup switch. If the BFD
session becomes Down, the priority of S9300 B increases by 40.
[S9300B-Vlanif100] vrrp vrid 10 track bfd-session 2 increased 40
Run the display vrrp command on S9300 A or S9300B, and you can see that S9300 A is the
master and S9300 B is the backup. You can also view the tracked BFD session and its status on
S9300 B.
[S9300A] display vrrp
state : Master
Virtual IP : 10.1.1.3
PriorityRun : 160

TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0110
Check TTL : YES
[S9300B] display vrrp
state : Backup
PriorityRun : 140
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0110
Check TTL : YES
Track BFD : 2 Priority increased : 40
BFD-Session State : UP

# Run the shutdown command on VLANIF 100 of S9300 A to simulate a link fault.
[S9300A-Vlanif100] shutdown
On S9300 B, VRRP fast switchover is performed after BFD fails.

%May 10 15:48:30 2008 S9300B BFD/5/BFD:Slot=1;IO(1) BFD Session(Discr:2) FSM Change
To Down(Detect)
%May 10 15:48:30 2008 S9300B VRRP/5/BfdWarning:
Virtual Router 10 | BFD-SESSION 2 : BFD_STATE_UP --> BFD_STATE_DOWN
%May 10 15:48:30 2008 S9300B VRRP/5/StateWarning:
Vlanif100 | Virtual Router 10 : BACKUP --> MASTER
Run the display vrrp command on S9300 A, and you can see that the status of S9300 A changes
to Initialize.
[S9300A] display vrrp
state : Initialize
PriorityRun : 160
MasterPriority : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0110
Check TTL : YES
Run the display vrrp command on S9300 B, and you can see that S9300 becomes the master,
and the status of the BFD session changes to Down.
[S9300B] display vrrp
state : Master
PriorityRun : 180
TimerRun : 1

TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0110
Check TTL : YES
Track BFD : 2 Priority increased : 40
BFD-Session State : DOWN
----End
Configuration Files
#
sysname S9300A
#
bfd
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
bfd atob bind peer-ip 10.1.1.2 interface Vlanif 100
min-tx-interval 50
min-rx-interval 50
#
return

#
sysname S9300B
#
bfd
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
vrrp vrid 10 track bfd-session 2 increased 40
#
bfd btoa bind peer-ip 10.1.1.1 interface Vlanif 100
min-tx-interval 50
min-rx-interval 50
commit
#
return

Example for Configuring a VRRP Management Group in Master/Backup Mode
Figure 5-130 Networking diagram of a VRRP management group in master/backup mode
Backup group 1
Virtual IP Address
10.100.10.1/24
Network1 S9300A
VLANIF100 Master
10.100.10.0/24 10.100.10.2/24 VLANIF300
202.38.10.2/24 Network3
0 0 4
N IF2 .2/2 202.38.10.0/24
L A . 20
V 0
.10
10 10V
.10 LA
0.1 NIF
0.3 100 Backup group 3
/24 Virtual IP Address
Network2 VLANIF200 VLANIF300 202.38.10.1/24
10.100.20.3/24 202.38.10.3/24
10.100.20.0/24
S9300B
Backup
Backup group 2
Virtual IP Address
10.100.20.1/24
l S9300 A and S9300 B work in master/backup mode. S9300 A functions as the master switch
and S9300 B functions as the backup switch.
l The address of Network 1 is 10.100.10.0/24; the address of Network 2 is 10.100.20.0/24;
Network 3 is an external network. Two switches connect to the networks through LAN
switches.
l The virtual IP address of the backup group configured for Network 1 is 10.100.10.1; the
virtual IP address of the backup group configured for Network 2 is 10.100.20.1; the virtual
IP address of the backup group configured for Network 3 is 202.38.10.1.
S9300 A and S9300 B connect to Network 1, Network 2, and Network 3 through VLANIF 100,
VLANIF 200, and VLANIF 300 respectively.
1. Assign IP addresses to interfaces of the S9300s.

2. Create VRRP backup groups and set priorities of the S9300s in the backup groups.

3. Create a VRRP management group.

4. Add backup groups to the VRRP management group.
5. Enable the VRRP management group.
6. Set the IDs and number of members in the backup groups and the interval for sending Hello
packets on S9300 A and S9300 B. Ensure that the settings on the two S9300s are the same.
Data Preparation
l Virtual IP address of each VRRP backup group
l Priority of each VRRP backup group
According to the algorithm of the priority of the VRRP management group, the priority of
each member of a VRRP backup group must be greater than 128 to ensure that the priority
of the VRRP management group is reduced by at least 1 when an interface fails.
l Priority of the VRRP management group
Procedure
Step 1 Assign IP addresses to interfaces of the S9300s.
# Assign IP addresses to interfaces of S9300 A.
# Assign IP addresses to interfaces of S9300 B.

Step 2 Create VRRP backup groups on the S9300s.

# Configure VRRP backup groups on interfaces of S9300 A.
[S9300A-Vlanif100] interface Vlanif 200


# Configure VRRP backup groups on interfaces of S9300 B.

[S9300B-Vlanif100] interface Vlanif 200
Step 3 Create a VRRP management group on the S9300s.
# Create a VRRP management group on S9300 A.

[S9300A] vrrp-group 1
# Create a VRRP management group on S9300 B.

[S9300B] vrrp-group 1
Step 4 Add the VRRP backup groups to the VRRP management group on the S9300s. Ensure that the
management group has at least one data channel.
# Add VRRP backup groups to the VRRP management group on S9300 A.

[S9300A-Vlanif100] add vrrp vrid 1 data to vrrp-group 1
[S9300A-Vlanif200] add vrrp vrid 2 to vrrp-group 1
# Add VRRP backup groups to the VRRP management group on S9300 B.

[S9300B-Vlanif100] add vrrp vrid 1 data to vrrp-group 1
[S9300B-Vlanif200] add vrrp vrid 2 to vrrp-group 1
Step 5 Set the priority of the VRRP management group and enable the VRRP management group.
In this example, the priority of the VRRP management is calculated through the priorities of the
VRRP backup groups.
# Enable the VRRP management group and immediate preemption on S9300 A.

[S9300A-vrrpgroup-1] vrrp-group priority using-vrrp-priority
[S9300A-vrrpgroup-1] vrrp-group preempt
[S9300A-vrrpgroup-1] vrrp-group enable
# Enable the VRRP management group and immediate preemption on S9300 B.

[S9300B-vrrpgroup-1] vrrp-group priority using-vrrp-priority
[S9300B-vrrpgroup-1] vrrp-group preempt
[S9300B-vrrpgroup-1] vrrp-group enable


After the preceding configuration, physical interfaces between S9300 A and S9300 B can ping
each other successfully.
<S9300A> ping 10.100.10.3

0.00% packet loss
Run the display vrrp-group verbose command on S9300 A and S9300 B to view information
about the VRRP management group.
<S9300A> display vrrp-group verbose
total number of vrrp-groups: 1
vrrp-group 1
state: master
enable: yes
priority config: 100
using vrrp priority: yes
priority run: 130
preempt: no
timer: 1000
group-send: no
peer status: online
create time: 00:04:24
last change time: 00:04:24
vrrp number: 3
interface: Vlanif100, vrrp id: 1 peer up, data
interface: Vlanif200, vrrp id: 2 peer up
interface: Vlanif300, vrrp id: 3 peer up
<S9300B> display vrrp-group verbose
vrrp-group 1
state: slave
enable: yes
priority run: 100
preempt: yes, delay time: 0
timer: 1000
group-send: no
peer status: online
vrrp number: 3
interface: Vlanif100, vrrp id: 1 up, data
interface: Vlanif200, vrrp id: 2 up
Disable VLANIF 200 of S9300 A, and you can see that the status of S9300 A and S9300 B
changes.
[S9300A-Vlanif200] shutdown
[S9300A] quit


vrrp-group 1
state: slave
enable: yes
priority run: 86
timer: 1000
group-send: no
peer status: online
vrrp number: 3
interface: Vlanif200, vrrp id: 2 down
vrrp-group 1
state: master
priority run: 100
timer: 1000
group-send: no
peer status: online
vrrp number: 3
interface: Vlanif200, vrrp id: 2 peer down
----End
Configuration Files
#
sysname S9300A
#
vrrp-group 1
vrrp-group enable
vrrp-group priority using-vrrp-priority
vrrp-group preempt delay 0
#
interface Vlanif100
ip address 10.100.10.2 255.255.255.0
add vrrp vrid 1 data to vrrp-group 1
#
interface Vlanif200
ip address 10.100.20.2 255.255.255.0
add vrrp vrid 2 to vrrp-group 1
#
interface Vlanif300
ip address 202.38.10.2 255.255.255.0
#
return


#
sysname S9300B
#
vrrp-group 1
vrrp-group enable
#
interface Vlanif100
ip address 10.100.10.3 255.255.255.0
#
interface Vlanif200
ip address 10.100.20.3 255.255.255.0
#
interface Vlanif300
ip address 202.38.10.3 255.255.255.0
#
return
Example for Configuring VRRP Management Groups in Load Balancing Mode
Figure 5-131 Networking diagram of VRRP management groups in load balancing mode
Backup group 1 Backup group 4

Virtual IP Address Virtual IP Address
10.100.10.1/24 10.100.10.101/24
Network1
Backup group 6
10.100.10.0/24 S9300A Virtual IP Address
Master/ Slave
VLANIF300 202.38.10.101/24
VLANIF100 202.38.10.2/24
10.100.10.2/24
00 4
N I F2 . 2/ 2
A 0
VL 00.2
. 1 Network3
10V
10
. 10 LAN 202.38.10.0/24
0.1 I F1
0. 3 0
/ 24 0
VLANIF200 VLANIF300
10.100.20.3/24 202.38.10.3/24
S9300B Backup group 3
Network2 Virtual IP Address
Slave /Master
10.100.20.0/24 202.38.10.1/24
Backup group 2 Backup group 5

Virtual IP Address Virtual IP Address
10.100.20.1/24 10.100.20.101/24

l S9300 A and S9300 B connect to Network 1, Network 2, and Network 3 through VLANIF
100, VLANIF 200, and VLANIF 300 respectively.
l Add three interfaces of S9300 A and S9300 B to six VRRP backup groups.
l Create two VRRP management groups to control these six VRRP backup groups:
– VRRP backup group 1, VRRP backup group 2, and VRRP backup group 3 are added
into VRRP management group 1.
– VRRP backup group 4, VRRP backup group 5, and VRRP backup group 6 are added
into VRRP management group 2.
l The status of the VRRP management groups on S9300 A and S9300 B:
– S9300 A: VRRP management group 1 works in the Master state, and the VRRP
management group 2 works in Backup state.
– S9300 B: VRRP management group 1 works in Backup state, and the VRRP
management group 2 works in Master state.
l The address of Network 1 is 10.100.10.0/24; the address of Network 2 is 10.100.20.0/24;
Network 3 is an external network. The S9300s connect to the networks through LAN
switches.
l The virtual IP addresses of backup groups configured for Network 1 are 10.100.10.1 and
10.100.10.101. The default gateway of part of hosts in Network 1 is 10.100.10.1, and the
default gateway of other hosts in Network 1 is 10.100.10.101. The two gateways performs
load balancing. The configuration of default gateways for hosts on Network 2 and Network
3 are the same as that on Network 1.
1. Assign IP addresses to interfaces.

2. Create and configure VRRP backup groups.
3. Create and configure VRRP management groups.
4. Add backup groups to VRRP management groups.
5. Enable the VRRP management groups.
Data Preparation

l Virtual IP addresses of VRRP backup groups
l Priorities of VRRP backup groups
According to the algorithm of the priority of the VRRP management group, the priority of
each member of a VRRP backup group must be greater than 128 to ensure that the priority
of the VRRP management group is reduced by at least 1 when an interface fails.
l Priorities of VRRP management groups

Procedure
Step 1 Assign IP addresses to interfaces. The configuration procedure is not mentioned here.
Step 2 # Create VRRP backup groups.
# Create VRRP backup groups on S9300 A and set virtual IP addresses and priorities of these
backup groups.

# Create VRRP backup groups on S9300 B and set virtual IP addresses and priorities of these
backup groups.
Step 3 Create and configure VRRP management groups.

# Create VRRP management group 1 and VRRP management group 2 on S9300 A. Set the
priority of VRRP management group 1 to 101, and retain the default priority 100 of VRRP
management group 2. Enable preemption in VRRP management group 1 and VRRP
management group 2.
[S9300A-vrrp-group-1] vrrp-group priority 101
[S9300A-vrrp-group-1] vrrp-group preempt
[S9300A-vrrp-group-1] vrrp group 2
[S9300A-vrrp-group-2] vrrp-group preempt
# Create VRRP management group 1 and VRRP management group 2 on S9300 B. Set the
priority of VRRP management group 2 to 101, and retain the default priority 100 of VRRP
management group 1. Enable preemption in VRRP management group 1 and VRRP
management group 1.

[S9300B-vrrp-group-1] vrrp-group preempt
[S9300B-vrrp-group-1] vrrp group 2
[S9300B-vrrp-group-2] vrrp-group priority 101
[S9300B-vrrp-group-2] vrrp-group preempt
Step 4 Add the VRRP backup groups to the VRRP management groups.
# On S9300 A, add backup groups 1, 2, and 3 to VRRP management group 1. Ensure that the
VRRP management group has at least one data channel. Repeat this procedure on S9300 B.
# On S9300 A, add backup groups 4, 5, and 6 to VRRP management group 2. Ensure that the
VRRP management group has at least one data channel. Repeat this procedure on S9300 B.
Step 5 Enable the VRRP management groups.

# On S9300 A, enable VRRP management group 1 and VRRP management group 2. Repeat the
procedure on S9300 B.
[S9300A-vrrp-group-1] vrrp-group enable
[S9300A-vrrp-group-1] vrrp-group 2
[S9300A-vrrp-group-2] vrrp-group enable

# After the preceding configuration, physical interfaces between S9300 A and S9300 B can ping
<S9300A> ping 10.100.10.3

5
packet(s) transmitted
0.00% packet loss
# Run the display vrrp-group verbose command on S9300 A to view the configuration of the
VRRP management groups.
vrrp-group 1

state: master
enable: yes
using vrrp priority: no
priority run: 101
timer: 1000
group-send: no
peer status: online
vrrp number: 3
vrrp-group 2
state: slave
enable: yes
priority run: 100
timer: 1000
group-send: no
peer status: online
vrrp number: 3
# Run the display vrrp-group verbose command on S9300 B to view the configuration of the
VRRP management groups.
vrrp-group 1
state: slave
priority run: 100
timer: 1000
group-send: no
peer status: online
vrrp number: 3
vrrp-group 2
state: master
priority run: 101
timer: 1000
group-send: no
peer status: online
vrrp number: 3


----End
Configuration Files
#
sysname S9300A
#
vrrp-group 1
vrrp-group enable
vrrp-group priority 101
vrrp-group 2
vrrp-group enable
#
interface Vlanif100
ip address 10.100.10.2 255.255.255.0
bfd
#
interface Vlanif200
ip address 10.100.20.2 255.255.255.0
#
interface Vlanif300
ip address 202.38.10.2 255.255.255.0
#
return

#
sysname S9300B
#
vrrp-group 1
vrrp-group enable
vrrp-group 2
vrrp-group enable
vrrp-group priority 101
#
interface Vlanif100
ip address 10.100.10.3 255.255.255.0


#
interface Vlanif200
ip address 10.100.20.3 255.255.255.0
#
interface Vlanif300
ip address 202.38.10.3 255.255.255.0
#
return
Configuring Fast Switchover in a VRRP Management Group
VRRP backup groups perform master/backup switchover fast in preemption mode. In non-
preemption mode or in the case where the VRRP interface is Down, the switchover takes several
seconds, which cannot meet the requirements of telecommunication.
BFD can detect the failure of links within one second. The VRRP management group speeds up
the switchover by tracking BFD sessions. Thus, the master/backup switchover completes within
one second.
When the BFD sessions are tracked, the interval at which the VRRP management group sends
packets can be set to a relatively large value to reduce the load of the main control board.

Figure 5-132 Networking diagram of fast switchover in a VRRP management group
Backup group 1
Virtual IP Address
10.100.10.1/24
Network1
10.100.10.0/24 S9300A
Master/Slave
VLANIF300
VLANIF100 202.38.10.2/24
10.100.10.2/24
00 4
IF2 .2/2
AN .20
V L 100 Network3
.
10 10VLA 202.38.10.0/24
.10
0.1 NIF1
0.3 00
/24
VLANIF200 VLANIF300
10.100.20.3/24 202.38.10.3/24Backup group 3
Network2 S9300B
Slave/Master Virtual IP Address
10.100.20.0/24 202.38.10.1/24
Backup group 2
Virtual IP Address
10.100.20.1/24
1. Create a VRRP management group.
2. Enable BFD in the system and interface views.
3. Create a BFD session.
4. Configure the VRRP management group to track the BFD session.
Data Preparation
l IP address, type and number of the interfaces of the direct link detected by the BFD session
l Local and remote discriminators of the BFD session
Procedure
Step 1 Assign IP addresses to interfaces. The configuration procedure is not mentioned here.
Step 2 Create VRRP backup groups on the S9300s.
# Configure VRRP backup groups on interfaces of S9300 A.


# Configure VRRP backup groups on interfaces of S9300 B.

Step 3 Create a VRRP management group on the S9300s.
# Create a VRRP management group on S9300 A.

# Create a VRRP management group on S9300 B.

Step 4 Add the VRRP backup groups to the VRRP management group on the S9300s. Ensure that the
management group has at least one data channel.
# Add VRRP backup groups to the VRRP management group on S9300 A.

# Add VRRP backup groups to the VRRP management group on S9300 B.

[S9300B-Vlanif100] add vrrp vrid 1 data to vrrp-group 1
Step 5 Set the priority of the VRRP management group and enable the VRRP management group.
In this example, the priority of the VRRP management is calculated through the priorities of the
VRRP backup groups.
# Enable the VRRP management group on S9300 A.

[S9300A-vrrpgroup-1] vrrp-group priority using-vrrp-priority
[S9300A-vrrpgroup-1] vrrp-group preempt
[S9300A-vrrpgroup-1] vrrp-group enable
# Enable the VRRP management group and immediate preemption on S9300 B.

[S9300B-vrrpgroup-1] vrrp-group priority using-vrrp-priority
[S9300B-vrrpgroup-1] vrrp-group preempt
[S9300B-vrrpgroup-1] vrrp-group enable
Step 6 Enable BFD in the system and interface views

# Enable BFD in the system and interface views on S9300 A and S9300 B.
[S9300A] bfd
[S9300A-bfd] quit
Step 7 Create a BFD session.

# Create a BFD session on S9300 A.
[S9300A] bfd atob bind peer-ip 10.100.10.3 interface Vlanif 100
[S9300A-bfd-session-atob] min-tx-interval 20
[S9300A-bfd-session-atob] min-rx-interval 20
# Create a BFD session on S9300 B.

[S9300B] bfd btoa bind peer-ip 10.100.10.2 interface Vlanif 100
[S9300B-bfd-session-btoa] min-tx-interval 20
[S9300B-bfd-session-btoa] min-rx-interval 20
Step 8 Configure the VRRP management group to track the BFD sessions.
# Configure the VRRP management group to track the BFD session in preemption mode on
S9300 A and S9300 B.
[S9300A] vrrp-group 1 track bfd-session 1 preempt

After the preceding configuration, physical interfaces between S9300 A and S9300 B can ping
<S9300A> ping 10.100.10.3

0.00% packet loss
# Run the display vrrp-group verbose command to view the result of the configuration.
Total number of vrrp-groups: 1

Vrrp-group 1
state: master
enable: yes
priority run: 100
timer: 1000
group-send: no
peer status: online
track bfd: 1, preempt mode, bfd-session state: up
vrrp number: 3
Interface: Vlanif100, vrrp id: 1 Up, data
Interface: Vlanif200, vrrp id: 2 Up,
Interface: Vlanif300, vrrp id: 3 Up,
----End
Configuration Files
#
sysname S9300A
#
bfd
#
vrrp-group 1
vrrp-group enable
#
interface Vlanif100
ip address 10.100.10.2 255.255.255.0
bfd
#
interface Vlanif200
ip address 10.100.20.2 255.255.255.0
#
interface Vlanif300
ip address 202.38.10.2 255.255.255.0
#
bfd atob bind peer-ip 10.100.10.3 interface Vlanif100
min-tx-interval 20
min-rx-interval 20
commit
#
vrrp-group 1 track bfd-session 1 preempt
#
return

#
sysname S9300B
#
bfd
#
vrrp-group 1
vrrp-group enablevrrp-group priority using-vrrp-priority


#
interface Vlanif100
ip address 10.100.10.3 255.255.255.0
bfd
#
interface Vlanif200
ip address 10.100.20.3 255.255.255.0
#
interface Vlanif300
ip address 202.38.10.3 255.255.255.0
#
bfd btoa bind peer-ip 10.100.10.2 interface Vlanif100
min-tx-interval 20
min-rx-interval 20
commit
#
vrrp-group 1 track bfd-session 2 preempt
#
return
5.6.4 BFD Configuration

This chapter describes the principle and configuration of BFD.
Example for Configuring Single-Hop BFD
Interfaces of the S9300 are Layer 2 interfaces. If you need to detect the connectivity of the Layer
2 forwarding link between two directly connected S9300s, configure single-hop BFD, and bind
the BFD session to a multicast IP address and local interface.
As shown in Figure 5-133, a BFD session is created to detect the connectivity of the Layer 2
link between S9300-A and S9300-B.
Figure 5-133 Networking diagram of single-hop BFD (for Layer 2 forwarding link)
GE1/0/1 GE1/0/1
S9300-A S9300-B
1. Configure a BFD session on S9300-A to detect the direct link from S9300-A to S9300-B.

2. Configure a BFD session on S9300-B to detect the direct link from S9300-B to S9300-A.
Data Preparation
l Type and number of the interface bound to the BFD session
l Local and remote identifiers of the BFD session
Use the default values of the minimum sending interval, the minimum receiving interval, and
the local detection multiplier of BFD control packets.
Procedure
Step 1 Configure single-hop BFD on S9300-A.
# Enable BFD on S9300-A.
[S9300-A] bfd
[S9300-A-bfd] quit
# Create a BFD session on S9300-A.

[S9300-A] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/1
[S9300-A-bfd-session-atob] discriminator local 1
[S9300-A-bfd-session-atob] discriminator remote 2
[S9300-A-bfd-session-atob] commit
[S9300-A-bfd-session-atob] quit
Step 2 Configure single-hop BFD on S9300-B.

# Enable BFD on S9300-B.
[S9300-B] bfd
[S9300-B-bfd] quit
# Create a BFD session on S9300-B.

[S9300-B] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/1
[S9300-B-bfd-session-btoa] discriminator local 2
[S9300-B-bfd-session-btoa] discriminator remote 1
[S9300-B-bfd-session-btoa] commit
[S9300-B-bfd-session-btoa] quit

After the configuration, run the display bfd session command on S9300-A and S9300-B, and
you can find that a single-hop BFD session is set up and is in Up state.
<S9300-A> display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4097 (One Hop) State : Up Name : atob
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(GigabitEthernet1/0/1)
Bind Session Type : Static
Bind Peer IP Address : 224.0.0.184
NextHop Ip Address : 224.0.0.184

Bind Interface : GigabitEthernet1/0/2

FSM Board Id : 0 TOS-EXP : 6
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000
Local Detect Multi : 3 Detect Interval (ms) : 3000
Echo Passive : Disable Acl Number : -
Proc Interface Status : Disable Process PST : Disable
WTR Interval (ms) : - WTR Timer State : Stop
Active Multi : 3
Last Local Diagnostic : No Diagnostic
Bind Application : No Application Bind
Session TX TmrID : - Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
--------------------------------------------------------------------------------
----End
Configuration Files
#
sysname S9300-A
#
bfd
#
bfd atob bind peer-ip default-ip interface GigabitEthernet1/0/1
commit
#
return

#
sysname S9300-B
#
bfd
#
bfd btoa bind peer-ip default-ip interface GigabitEthernet1/0/1
commit
#
return
Example for Configuring Multi-Hop BFD
As shown in Figure 5-134, a BFD session is used to test the multi-hop path between S9300-A
and S9300-C.
Interfaces of the S9300 are Layer 2 interfaces. To configure multi-hop BFD, you need to add an
interface to a VLAN, create a VLANIF interface, and assign an IP address to the VLANIF
interface.

Figure 5-134 Networking diagram of multi-hop BFD
GE1/0/1 GE1/0/1 GE1/0/2 GE1/0/1
S9300-A VLAN 10 S9300-B VLAN 20 S9300-C
1. Configure a BFD session on S9300-A to detect the multi-hop path from S9300-A to
S9300-C.
2. Configure a BFD session on S9300-C to detect the multi-hop path from S9300-C to
S9300-A.
Data Preparation
l Peer IP address bound to the BFD session

l Local and remote identifiers of the BFD session
l IP address of VLANIF 10 on S9300-A: 10.1.1.1/16
l IP address of VLANIF 10 on S9300-B: 10.1.1.2/16
l IP address of VLANIF 20 on S9300-B: 10.2.1.1/16
l IP address of VLANIF 20 on S9300-C: 10.2.1.2/16
the local detection multiplier of a BFD control packet.
Procedure
Step 1 Add interfaces to VLANs, create VLANIF interfaces, and assign an IP address to each VLANIF
interface.
# Create a VLAN on S9300-A and add the interface to the VLAN.

[S9300-A] vlan batch 10
# Create a VLNAIF interface and assign an IP address to the VLANIF interface.


Step 2 Configure a reachable static route between S9300-A and S9300-C.

[S9300-A] ip route-static 10.2.1.2 16 10.1.1.2
The configuration of S9300-C is the same as the configuration of S9300-A, and is not mentioned
here.
Step 3 Configure multi-hop BFD on S9300-A and S9300-C.
# Create a BFD session with S9300-C on S9300-A.

[S9300-A] bfd
[S9300-A-bfd] quit
[S9300-A] bfd atoc bind peer-ip 10.2.1.2
[S9300-A-bfd-session-atoc] discriminator local 10
[S9300-A-bfd-session-atoc] discriminator remote 20
[S9300-A-bfd-session-atoc] commit
[S9300-A-bfd-session-atoc] quit
# Create a BFD session with S9300-A on S9300-C.

[S9300-C] bfd
[S9300-C-bfd] quit
[S9300-C] bfd ctoa bind peer-ip 10.1.1.1
[S9300-C-bfd-session-ctoa] discriminator local 20
[S9300-C-bfd-session-ctoa] discriminator remote 10
[S9300-C-bfd-session-ctoa] commit
[S9300-C-bfd-session-ctoa] quit
After the configuration is complete, run the display bfd session command on S9300-A and
S9300-C, and you can find that a BFD session is set up and is in Up state.

<S9300-A> display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4096 (Multi Hop) State : Up Name : atoc
--------------------------------------------------------------------------------
BFD Bind Type : Peer IP Address
Bind Interface : -
WTR Interval (ms) : 1800000 WTR Timer State : Stop
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Session TX TmrID : 16434 Session Detect TmrID : 16435
--------------------------------------------------------------------------------

----End
Configuration Files
#
sysname S9300-A
#
bfd
#
interface Vlanif10
ip address 10.1.1.1 255.255.0.0
#
#
bfd atoc bind peer-ip 10.2.1.2
commit
#
ip route-static 10.2.0.0 255.255.0.0 10.1.1.2
#
return

#
sysname S9300-B
#
interface Vlanif10
ip address 10.1.1.2 255.255.0.0
#
interface Vlanif20
ip address 10.2.1.1 255.255.0.0
#
#
#
return

#
sysname S9300-C
#
bfd
#
interface Vlanif20
ip address 10.2.1.2 255.255.0.0
#
#
bfd ctoa bind peer-ip 10.1.1.1
commit
#
ip route-static 10.1.0.0 255.255.0.0 10.2.1.1

#
return
Example for Associating the BFD Status with the Interface Status (1)
As shown in Figure 5-135, transmission devices exist on the link. After the BFD status is
associated with the interface status, the status change of the BFD session between GE 1/0/0 of
S9300 A and GE 1/0/0 of S9300 B affects the protocol status of the interfaces when the link
between transmission devices fails. Fast convergence of routes is thus triggered.
Figure 5-135 Networking diagram for associating the BFD session status with the interface
status
GE1/0/0 GE1/0/0
S9300A S9300B
1. Create a BFD session on S9300 A.
2. Create a BFD session on S9300 B.
3. Associate the BFD status with the interface status on S9300 A when the BFD session is
Up.
4. Associate the BFD status with the interface status on S9300 B when the BFD session is
Up.
Data Preparation
l Peer IP address bound to the BFD session
l Local interface that sends and receives BFD control packets
l Local discriminator and remote discriminator of the BFD session
the local detection multiplier of a BFD control packet.
Procedure
Step 1 Set the IP addresses of the interfaces through which S9300 A and S9300 B are directly connected.
# Assign an IP address to the interface of S9300 A.

[S9300A] vlan 10
[S9300A-vlan10] quit
[S9300A-GigabitEthernet1/0/0] port link-type access
[S9300A-GigabitEthernet1/0/0] port default vlan 10
# Assign an IP address to the interface of S9300 B.

[S9300B] vlan 20
[S9300B-vlan20] quit
[S9300B-GigabitEthernet1/0/0] port link-type access
[S9300B-GigabitEthernet1/0/0] port default vlan 20
Step 2 Configure single-hop BFD.

# On S9300 A, enable BFD and create a BFD session with S9300 B.
[S9300A] bfd
[S9300A-bfd] quit
[S9300A] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/0
# On S9300 B, create a BFD session with S9300 A.

[S9300B] bfd
[S9300B-bfd] quit
[S9300B] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/0
# Run the display bfd session all verbose command on S9300 A and S9300 B, and you can
find that a single-hop BFD session is set up and is in Up state. Take S9300 A for example. The
display is as follows:
[S9300A] display bfd session all verbose
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Bind Peer Ip Address : 224.0.0.184
Echo Passive : Disable Acl Number : --
Proc interface status : Enable Process PST : Disable
WTR Interval (ms) : -- Local Demand Mode : Disable
Active Multi : 3


Session TX TmrID : -- Session Detect TmrID : --
Session Init TmrID : -- Session WTR TmrID : --
Session Description : --
--------------------------------------------------------------------------------
Step 3 Associate the BFD session status with the interface status.
# Associate the BFD status with the interface status on S9300 A.
[S9300A] bfd
[S9300A-bfd] quit
[S9300A] bfd atob
[S9300A-bfd-session-atob] process-interface-status
# Associate the BFD status with the interface status on S9300 B.

[S9300B] bfd
[S9300B-bfd] quit
[S9300B] bfd btoa
[S9300B-bfd-session-btoa] process-interface-status

After the configuration is complete, run the display bfd session all verbose command on
S9300 A and S9300 B, and you can find that the Proc interface status displays field is
Enable.
Take S9300 A for example. The display is as follows:
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Active Multi : 3
Bind Application : IFNET
--------------------------------------------------------------------------------
Run the shutdown command on GE 1/0/0 of S9300 B so that the BFD session is Down.


[S9300B-GigabitEthernet1/0/0] shutdown
Run the display bfd session all verbose and display interface gigabitethernet 1/0/0 commands
on S9300 A, and you can find that the status of the BFD session is Down, and the status of GE
1/0/0 is Up (BFD status down).
--------------------------------------------------------------------------------
Session MIndex : 16384 (One Hop) State : Down Name : atob
--------------------------------------------------------------------------------
Active Multi : 3
Last Local Diagnostic : Neighbor Signaled Session Down
Bind Application : IFNET
--------------------------------------------------------------------------------

[S9300A] display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP(BFD status down)
IP Sending Frames" Format is PKTFMT_ETHNT_2, Hardware address is 0000-0100-0124
Port Mode: COMMON COPPER
Mdi : AUTO
Last 300 seconds input rate 12008 bits/sec, 21 packets/sec
Last 300 seconds output rate 12056 bits/sec, 21 packets/sec
Input: 142356 packets, 10487150 bytes
Jumbo : 0
Output: 156315 packets, 11525276 bytes
Jumbo : 0
----End
Configuration Files
#
sysname S9300A
#
vlan batch 10
#
bfd
#

interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
bfd atob bind peer-ip default-ip interface GigabitEthernet1/0/0
process-interface-status
commit
#
return

#
sysname S9300B
#
vlan batch 20
#
bfd
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
#
bfd btoa bind peer-ip default-ip interface GigabitEthernet1/0/0
process-interface-status
commit
#
return
5.6.5 Ethernet OAM Configuration

This chapter describes the principle, configuration procedure, and configuration example of
Ethernet operations administration and maintenance (OAM).
Example for Configuring EFM OAM
As shown in Figure 5-136, a user network is connected to an ISP network through S9300 A and
S9300 B. S9300 A functions as the CE device, and S9300 B functions as the underlayer PE
(UPE) device. The networking requirements are as follows:
l Automatic connectivity detection can be performed between S9300 A and S9300 B. After
detecting connectivity faults, S9300 A and S9300 B generate alarms.
l S9300 B monitors the errored frames, errored codes, and errored frame seconds on GE
2/0/1. When the number of errored frames, errored codes, or errored frame seconds exceeds
the threshold, S9300 B generates an alarm.

Figure 5-136 Networking diagram for configuring EFM OAM
S9300A S9300B
User ISP
network network
GE1/0/1 GE2/0/1
1. Enable EFM OAM globally on S9300 A and S9300 B.

2. Configure EFM OAM on GE 1/0/1 of S9300 A to work in passive mode.
3. Enable EFM OAM on GE 2/0/1 on S9300 B. Enable EFM OAM on GE 1/0/1 on S9300 A.
4. Configure GE 2/0/1 of S9300 B to detect the errored frames, errored codes, and errored
frame seconds.
Data Preparation
l Period for detecting errored frames on GE2/0/1 of S9300 B (5 seconds) and threshold of
number of errored frames (5)
l Period for detecting errored codes on GE2/0/1 of S9300 B (5 seconds) and threshold of
number of errored codes (5)
l Period for detecting errored frame seconds on GE 2/0/1 of S9300 B (120 seconds) and
threshold of number of errored frame seconds (5)
Procedure
Step 1 Enable EFM OAM globally.
# Enable EFM OAM globally on S9300 A.

[S9300A] efm enable
# Enable EFM OAM globally on S9300 B.

[S9300B] efm enable
Step 2 Configure EFM OAM on GE 1/0/1 of S9300 A to work in passive mode.


[S9300A-GigabitEthernet1/0/1] efm mode passive
Step 3 Enable EFM OAM on GE 2/0/1 of S9300 B and GE 1/0/1 of S9300 A.

# Enable EFM OAM on GE 1/0/1 of S9300 A.
[S9300A-GigabitEthernet1/0/1] efm enable
# Enable EFM OAM of GE 2/0/1 on S9300 B.

[S9300B-GigabitEthernet2/0/1] efm enable
Step 4 Configure GE 2/0/1 of S9300 B to detect the errored frames, errored codes, and errored frame
seconds.
# Configure GE 2/0/1 of S9300 B to detect the errored frames.
[S9300B-GigabitEthernet2/0/1] efm error-frame period 5
[S9300B-GigabitEthernet2/0/1] efm error-frame threshold 5
[S9300B-GigabitEthernet2/0/1] efm error-frame notification enable
# Configure GE 2/0/1 of S9300 B to detect the errored codes.

[S9300B-GigabitEthernet2/0/1] efm error-code period 5
[S9300B-GigabitEthernet2/0/1] efm error-code threshold 5
[S9300B-GigabitEthernet2/0/1] efm error-code notification enable
# Configure GE 2/0/1 of S9300 B to detect the errored frames seconds.

[S9300B-GigabitEthernet2/0/1] efm error-frame-second period 120
[S9300B-GigabitEthernet2/0/1] efm error-frame-second threshold 5
[S9300B-GigabitEthernet2/0/1] efm error-frame-second notification enable

# If EFM OAM is configured correctly on S9300 A and S9300 B, GE 2/0/1 and GE 1/0/1 start
the handshake after negotiation. Run the display efm session command on S9300 A or S9300
B, and you can find that the EFM OAM protocol is in detect state.
[S9300B] display efm session interface gigabitethernet 2/0/1
Interface EFM State Loopback Timeout
--------------------------------------------------------------------
GigabitEthernet2/0/1 detect --
# Run the display efm command on S9300 B. If the function of detecting errored frames, errored
codes, and errored frame seconds on GE 2/0/1 is configured corrected, the following information
is displayed:
[S9300B] display efm interface gigabitethernet 2/0/1
Item Value
-------------------------------------
Interface: GigabitEthernet2/0/1
EFM Enable Flag: enable
Mode: active
OAMPDU MaxSize: 128
ErrCodeNotification: enable
ErrCodePeriod: 5
ErrCodeThreshold: 5
ErrFrameNotification: enable
ErrFramePeriod: 5
ErrFrameThreshold: 5
ErrFrameSecondNotification: enable
ErrFrameSecondPeriod: 120
ErrFrameSecondThreshold: 5

TriggerIfDown: disable
Remote MAC: 0010-0010-0010
Remote EFM Enable Flag: enable
Remote Mode: passive
Remote MaxSize: 128
----End
Configuration Files
#
sysname S9300A
#
efm enable
#
efm mode passive
efm enable
#
return

#
sysname S9300B
#
efm enable
#
efm enable
efm error-frame period 5
efm error-frame threshold 5
efm error-frame notification enable
efm error-frame-second period 120
efm error-frame-second threshold 5
efm error-frame-second notification enable
efm error-code period 5
efm error-code threshold 5
efm error-code notification enable
#
return
Example for Testing the Packet Loss Ratio on a Link
As shown in Figure 5-137, a user network is connected to an ISP network through S9300 A and
S9300 B. S9300 A functions as the CE device, and S9300 B functions as the UPE device. The
link between S9300 A and S9300 B is newly established. The ISP needs to test the packet loss
ratio on the link on S9300 B before using the link.

Figure 5-137 Networking diagram for testing the packet loss ratio on the link
S9300A S9300B
User ISP
network network
GE1/0/1 GE2/0/1
1. Enable EFM OAM on S9300 A and S9300 B. Configure EFM OAM on GE 1/0/1 of
S9300 A to work in passive mode.
2. Enable EFM OAM remote loopback on S9300 B.
3. Send test packets from S9300 B to S9300 A.
4. Check the returned test packets on S9300 B.
Data Preparation
l Timeout interval for EFM OAM remote loopback

l Size, number, and sending rate of test packets
Procedure
Step 1 Configure basic functions of EFM OAM.
# Enable EFM OAM globally on S9300 B.

[S9300B] efm enable
# Enable EFM OAM globally on S9300 A.

[S9300A] efm enable
# Configure EFM OAM on GE 1/0/1 of S9300 A to work in passive mode.

# Enable EFM OAM on GE 1/0/1 of S9300 A.


# Enable EFM OAM on GE 2/0/1 of S9300 B.

# If EFM OAM is configured correctly on S9300 A and S9300 B, GE 2/0/1 and GE 1/0/1 start
the handshake after negotiation. Run the display efm session command on S9300 A or S9300
B, and you can find that the EFM OAM protocol is in detect state.
[S9300B] display efm session interface gigabitethernet 2/0/1
--------------------------------------------------------------------
GigabitEthernet2/0/1 detect --
Step 2 Enable EFM OAM remote loopback.
# Enable EFM OAM remote loopback on S9300 B.

[S9300B-GigabitEthernet2/0/1] efm loopback start
Run the display efm session command on S9300 B. If the EFM OAM protocol on GE 2/0/1 is
in Loopback (control) state, that is, GE 2/0/1 initiates remote loopback, it indicates that the
configuration is successful. The displayed information is as follows:
[S9300B] display efm session interface gigabitethernet2/0/1
----------------------------------------------------------------------
GigabitEthernet2/0/1 Loopback(control) 20
Run the display efm session command on S9300 A. If the EFM OAM protocol on GE 1/0/1 is
in Loopback (be controlled) state, that is, GE 1/0/1 responds to remote loopback, it indicates
that the configuration is successful. The displayed information is as follows:
[S9300A] display efm session interface gigabitethernet1/0/1
----------------------------------------------------------------------
GigabitEthernet1/0/1 Loopback(be controlled) --
Step 3 Send test packets from S9300 B to S9300 A.

[S9300B] test-packet start interface gigabitethernet 2/0/1
Test Packet is sending ,press CTRL_C to break |
Info: The test is complete.
Step 4 Check the returned test packets on S9300 B.

[S9300B] display test-packet result
Test Result Value
------------------------------------------
PacketsSend : 5
PacketsReceive : 5
PacketsLost : Lost = 0 (0% loss)
BytesSend : 320
BytesReceive : 320
BytesLost : 0
StartTime : 2009-02-21 18:07:01
EndTime : 2009-02-21 18:07:02

You can obtain the packet loss ratio on the link based on the preceding data.
Step 5 Disable EFM OAM remote loopback.
[S9300B-GigabitEthernet2/0/1] efm loopback stop
NOTE
By default, the timeout interval for remote loopback is 20 minutes. After 20 minutes, remote loopback
stops. To disable remote loopback, you can perform the preceding step.

Run the display efm session command on S9300 A or S9300 B. If the EFM OAM protocol on
the interfaces is in Detect or Discovery state, it indicates that the configuration is successful.
The displayed information on S9300 B is as follows:
[S9300B] display efm session interface gigabitethernet2/0/1
----------------------------------------------------------------------
GigabitEthernet2/0/1 Detect --
----End
Configuration Files
#
sysname S9300A
#
efm enable
#
efm mode passive
efm enable
#
return

#
sysname S9300B
#
efm enable
#
efm enable
#
return
Example for Configuring Basic Functions of Ethernet CFM
As shown in Figure 5-138, the Ethernet is managed by two ISPs. S9300 A, S9300 B, and
S9300 D are managed by ISP 1; S9300 C, S9300 E, S9300 F, S9300 G, S9300 H, and S9300 I
are managed by ISP 2. Connectivity of links needs to be tested on the network.

Figure 5-138 Networking diagram for configuring basic functions of Ethernet CFM
VLAN2
GE1/0/1
S9300A S9300E
S9300I GE1/0/1
GE1/0/0
S9300B GE1/0/0
VLAN2 GE1/0/2 S9300F

MD2
GE1/0/1 GE1/0/1
S9300D GE1/0/0
S9300C GE1/0/2
GE1/0/0
MD1 S9300G
S9300H
GE1/0/0
GE1/0/2 GE1/0/1
VLAN2 VLAN3 VLAN3
MD1 MD2
M EP in MA1 M EP in MA3
M EP in MA2

2. Create MD 1 at level 6 on all the S9300s.
3. Create MA 1 in MD 1 on all the S9300s except S9300 G. Associate MA 1 with VLAN 2.
4. Create MA 1 in MD 1 on all the S9300s except S9300 E and S9300 I. Associate MA 2 with
VLAN 3.
5. Create MD 2 at level 4 and create MA 3 in MD 2 on S9300 A, S9300 B, S9300 C, and
S9300 D. Associate MA 3 with VLAN 4.
6. Create MEPs and RMEPs in MA 1 of MD 1 on S9300 I, S9300 H, and S9300 E.
7. Create MEPs and RMEPs in MA 2 of MD 1 on S9300 H and S9300 G.
8. Create MEPs and RMEPs in MA 3 of MD 2 on S9300 A, S9300 C, and S9300 D.
9. Enable sending and receiving of CCMs.

Data Preparation
l Level of MD 1: 6
l Level of MD 2: 4
Procedure
Step 1 Create VLANs and add interfaces to the VLANs. The configuration procedure is not mentioned
here.
Step 2 Create MD 1.
# Create MD 1 on S9300 A.
[S9300A] cfm enable
[S9300A] cfm md md1 level 6
# Create MD 1 on S9300s B to I.
The configurations of these S9300s are similar to the configuration of S9300 A, and are not
mentioned here.
Step 3 Create MA 1 in MD 1 on all the S9300s except S9300 G.
# Create MA 1 in MD 1 on S9300 A.
[S9300A-md-md1] ma ma1
[S9300A-md-md1-ma-ma1] map vlan 2
[S9300A-md-md1-ma-ma1] quit
# Create MA 1 in MD 1 on S9300s B to I.
mentioned here.
Step 4 Create MA 2 in MD 1 on all the S9300s except S9300 E and S9300 I.
# Create MA 2 in MD 1 on S9300 A.
[S9300A-md-md1] quit
# Create MA 2 in MD 1 on S9300s B to H.
mentioned here.
Step 5 Create MD 2 and create MA 3 in MD 2 on S9300 A, S9300 B, S9300 C, and S9300 D.
# Create MD 2 and create MA 3 in MD 2 on S9300 A.
[S9300A] cfm md md2 level 4
[S9300A-md-md2] quit
Create MD 2 and create MA 3 in MD 2 on S9300 A, S9300 B, S9300 C, and S9300 D.

mentioned here.
Step 6 Create MEPs and RMEPs in MA 1 of MD 1 on S9300 I, S9300 H, and S9300 E.
# Create a MEP in MA 1 of MD 1 on S9300 E.
[S9300E] cfm md md1
[S9300rE-md-md1] ma ma1
[S9300E-md-md1-ma-ma1] mep mep-id 3 interface gigabitethernet 1/0/1 inward
# Create a MEP in MA 1 of MD 1 on S9300 H.

[S9300H] cfm md md1
[S9300H-md-md1] ma ma1
[S9300H-md-md1-ma-ma1] mep mep-id 2 interface gigabitethernet 1/0/2 inward
# Create a MEP in MA 1 of MD 1 on S9300 I.

[S9300I] cfm md md1
[S9300I-md-md1] ma ma1
[S9300I-md-md1-ma-ma1] mep mep-id 1 interface gigabitethernet 1/0/1 inward
# Create an RMEP in MA 1 of MD 1 on S9300 E.

[S9300E-md-md1-ma-ma1] remote-mep mep-id 1
[S9300E-md-md1-ma-ma1] remote-mep mep-id 2
# Create an RMEP in MA 1 of MD 1 on S9300 H.

[S9300H-md-md1-ma-ma1] remote-mep mep-id 1
# Create an RMEP in MA 1 of MD 1 on S9300 I.

[S9300I-md-md1-ma-ma1] remote-mep mep-id 2
[S9300I-md-md1-ma-ma1] remote-mep mep-id 3
Step 7 Create MEPs and RMEPs in MD 1 of MA 2 on S9300 H and S9300 G.

# Create a MEP in MA 2 of MD 1 on S9300 H.
[S9300H] cfm md md1
[S9300H-md-md1] ma ma2
[S9300H-md-md1-ma-ma2] mep mep-id 1 interface gigabitethernet 1/0/1 inward
# Create a MEP in MA 2 of MD 1 on S9300 G.

[S9300G] cfm md md1
[S9300G-md-md1] ma ma2
[S9300G-md-md1-ma-ma2] mep mep-id 2 interface gigabitethernet 1/0/0 inward
# Create an RMEP in MA 2 of MD 1 on S9300 H.

# Create an RMEP in MA 2 of MD 1 on S9300 G.

[S9300G-md-md1-ma-ma2] remote-mep mep-id 1
Step 8 Create MEPs and RMEPs in MA 3 of MD 2 on S9300 A, S9300 C, and S9300 D.

# Create a MEP in MA 3 of MD 2 on S9300 A.
[S9300A] cfm md md2
[S9300A-md-md2-ma-ma3] mep mep-id 1 interface gigabitethernet 1/0/0 inward
# Create a MEP in MA 3 of MD 2 on S9300 C.

[S9300C] cfm md md2

[S9300C-md-md2] ma ma3
[S9300C-md-md2-ma-ma3] mep mep-id 2 interface gigabitethernet 1/0/0 outward
# Create a MEP in MA 3 of MD 2 on S9300 D.

[S9300D] cfm md md2
[S9300D-md-md2] ma ma3
[S9300D-md-md2-ma-ma3] mep mep-id 3 interface gigabitethernet 1/0/0 inward
# Create an RMEP in MA 3 of MD 2 on S9300 A.

[S9300A-md-md2-ma-ma3] remote-mep mep-id 2
[S9300A-md-md2-ma-ma3] remote-mep mep-id 3
# Create an RMEP in MA 3 of MD 2 on S9300 C.

[S9300C-md-md2-ma-ma3] remote-mep mep-id 1
# Create an RMEP in MA 3 of MD 2 on S9300 D.

[S9300D-md-md2-ma-ma3] remote-mep mep-id 1
[S9300D-md-md2-ma-ma3] remote-mep mep-id 2
Step 9 Enable sending and receiving of CCMs.

# Enable S9300 A to send CCMs of all the MEPs.
[S9300A-md-md2-ma-ma3] mep ccm-send enable
# Enable S9300 A to receive CCMs sent from all the RMEPs.

[S9300A-md-md2-ma-ma3] remote-mep ccm-receive enable
# Enable sending and receiving of CCMs on S9300s B to I.

mentioned here.
----End
Configuration Files
#
sysname S9300A
#
vlan batch 2 to 4
#
cfm enable
#
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
ma ma2

map vlan 3
#
cfm md md2 level 4
ma ma3
map vlan 4
mep mep-id 1 interface gigabitethernet 1/0/0 inward
mep ccm-send mep-id 1 enable
remote-mep mep-id 2
remote-mep ccm-receive mep-id 2 enable
remote-mep mep-id 3
#
return
#
sysname S9300B
#
vlan batch 2 to 4
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
ma ma2
map vlan 3
#
cfm md md2 level 4
ma ma3
map vlan 4
#
return
#
sysname S9300C
#
vlan batch 2 to 4
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
ma ma2
map vlan 3
#
cfm md md2 level 4
ma ma3
map vlan 4
mep mep-id 2 interface gigabitethernet 1/0/0 outward
remote-mep mep-id 1


remote-mep mep-id 3
#
return

#
sysname S9300D
#
vlan batch 2 to 4
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
ma ma2
map vlan 3
#
cfm md md2 level 4
ma ma3
map vlan 4
remote-mep mep-id 1
remote-mep mep-id 2
#
return

#
sysname S9300E
#
vlan batch 2
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
remote-mep mep-id 1
remote-mep mep-id 2
#
return

#
sysname S9300F
#
vlan batch 2 to 3
#
cfm enable
#
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
ma ma2
map vlan 3
#
return
l Configuration file of S9300 G
#
sysname S9300G
#
vlan batch 3
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma2
map vlan 3
remote-mep mep-id 1
#
return
l Configuration file of S9300 H
#
sysname S9300H
#
vlan batch 2 to 3
#
cfm enable
#
#
#


#
cfm md md1 level 6
ma ma1
map vlan 2
remote-mep mep-id 1
remote-mep mep-id 3
ma ma2
map vlan 3
remote-mep mep-id 2
#
return
l Configuration file of S9300 I

#
sysname S9300I
#
vlan batch 2
#
cfm enable
#
#
#
cfm md md1 level 6
ma ma1
map vlan 2
remote-mep mep-id 2
remote-mep mep-id 3
#
return
Example for Associating EFM OAM with Ethernet CFM
As shown in Figure 5-139, to implement end-to-end link fault detection, you need to enable
EFM OAM between S9300 A and S9300 B and between S9300 C and S9300 D. and enable
Ethernet CFM between S9300 B and S9300 C. When a fault occurs on the link between
S9300 A and S9300 B, Ethernet CFM is triggered to send trap message to S9300 D. When a
fault occurs on the link between S9300 C and S9300 D, Ethernet CFM is triggered to send trap
message to S9300 A.

Figure 5-139 Networking diagram for associating EFM OAM with Ethernet CFM
S9300A S9300B S9300C S9300D
VLAN10 VLAN10
GE2/0/0 GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0 GE1/0/0 GE1/0/0 GE2/0/0
2. Configure EFM OAM between S9300 A and S9300 B.
3. Configure Ethernet CFM between the S9300 B and S9300 C.
4. Configure EFM OAM between S9300 C and S9300 D.
5. Associate EFM OAM with Ethernet CFM on S9300 B and S9300 C.
Procedure
Step 1 Create VLAN 10 and add interfaces to VLAN 10.
Step 2 Enable EFM OAM globally on S9300 A and S9300 B.
[S9300A] efm enable
[S9300B] efm enable
Step 3 Configure Ethernet CFM between the S9300 B and S9300 C.

[S9300B] cfm enable
[S9300B] cfm md md1
[S9300B-md-md1] ma ma1
[S9300B-md-md1-ma-ma1] map vlan 10
[S9300B-md-md1-ma-ma1] mep mep-id 1 interface gigabitethernet 2/0/0 outward
[S9300B-md-md1-ma-ma1] remote-mep mep-id 2
[S9300B-md-md1-ma-ma1] mep ccm-send enable
[S9300B-md-md1-ma-ma1] remote-mep ccm-receive enable
[S9300B-md-md1-ma-ma1] return
# Configure S9300 C.
[S9300C] cfm enable
[S9300C] cfm md md1
[S9300C-md-md1] ma ma1
[S9300C-md-md1-ma-ma1] map vlan 10

[S9300C-md-md1-ma-ma1] mep mep-id 2 interface gigabitethernet 2/0/0 outward

[S9300C-md-md1-ma-ma1] mep ccm-send enable
[S9300C-md-md1-ma-ma1] remote-mep ccm-receive enable
[S9300C-md-md1-ma-ma1] return
Step 4 Configure EFM OAM between S9300 C and S9300 D.

# Configure S9300 C.
[S9300C] efm enable
[S9300C-GigabitEthernet1/0/0] efm enable
# Configure S9300 D.
[S9300D] efm enable
[S9300D-GigabitEthernet1/0/0] efm mode passive
[S9300D-GigabitEthernet1/0/0] efm enable
Step 5 Associate EFM OAM with Ethernet CFM.

# Associate EFM OAM between S9300 A and S9300 B with Ethernet CFM between S9300 B
and S9300 C in both directions. That is, enable the EFM OAM and Ethernet CFM modules to
send trap messages to each other.
[S9300B] oam-mgr
[S9300B-oam-mgr] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0
# Associate EFM OAM between S9300 C and S9300 D with Ethernet CFM between S9300 B
and S9300 C in both directions. That is, enable the EFM OAM and Ethernet CFM modules to
send trap messages to each other.
[S9300C] oam-mgr
[S9300C-oam-mgr] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0

After the preceding configuration is complete, when EFM OAM running between S9300 A and
S9300 B detects a fault, Ethernet CFM notifies EFM OAM running between S9300 C and
S9300 D of the fault.
----End
Configuration Files
#
sysname S9300A
#
vlan batch 10
#
efm enable
#
efm mode passive
efm enable
#

#
return

#
sysname S9300B
#
vlan batch 10
#
efm enable
#
cfm enable
#
efm enable
#
#
cfm md md1
ma ma1
map vlan 10
mep ccm-send enable
remote-mep mep-id 2
#
oam-mgr
oam-bind ingress efm interface GigabitEthernet1/0/0 egress cfm md md1 ma ma1
oam-bind ingress cfm md md1 ma ma1 egress efm interface GigabitEthernet1/0/0
#
return

#
sysname S9300C
#
vlan batch 10
#
efm enable
#
cfm enable
#
efm enable
#
#
cfm md md1
ma ma1
map vlan 10
mep ccm-send enable
remote-mep mep-id 1
#
oam-mgr
oam-bind ingress efm interface GigabitEthernet1/0/0 egress cfm md md1 ma ma1
oam-bind ingress cfm md md1 ma ma1 egress efm interface GigabitEthernet1/0/0
#
return


#
sysname S9300D
#
vlan batch 10
#
efm enable
#
efm mode passive
efm enable
#
#
return
5.6.6 Hot Backup and Active/Standby Switchover Configuration

This chapter describes the principle and configuration of hot backup and active/standby
switchover.
Example for Configuring Hot Backup and Active/Standby Switchover
During routine maintenance, for example, when you need to replace the main control board, you
can perform active/standby switchover on the S9300 to minimize the impact on services.
1. Run the slave switchover command to make the slave main control board active.
Data Preparation
l Slot IDs of the master and slave main control board In this example, the master main control
board is in slot 4, and the slave main control board is in slot 5.
Procedure
Step 1 Perform active/standby switchover.
Run the slave switchover command when the slave main control board is in real-time backup
state. Then the slave main control board becomes active, and the master main control board is
restarted.
[S9300] slave switchover
Step 2 Check the hot backup state of the master main control board.
[S9300] display switchover state 4
Slave MPU: Receiving realtime and routine data.

As shown in the preceding output, the master main control board is in real-time backup state,
indicating that the active/standby switchover is successful. You can replace the main control
board if necessary.
----End
Configuration Files
None.
5.7 Configuration Guide - QoS

This document describes QoS features of the S9300 including class-based QoS, traffic policing,
traffic shaping, congestion avoidance, and congestion management from function introduction,
configuration methods, maintenance and configuration examples. This document guides you
through the configuration and the applicable environment of QoS.
5.7.1 Class-based QoS Configuration
This chapter describes the basic concepts of the traffic classifier, traffic behavior, traffic policy,
DiffServ domain, and priority mapping, and configuration methods and configuration examples
of the traffic policy based on complex traffic classification and priority mapping based on simple
traffic classification.
5.7.2 Traffic Policing and Traffic Shaping Configuration
This chapter describes the basic concepts and configuration methods of traffic policing and
traffic shaping.
5.7.3 Congestion Avoidance and Congestion Management Configuration
This chapter describes the principle and configuration methods of congestion avoidance and
congestion management.
5.7.4 Mirroring Configuration
This chapter describes basic concepts and configuration methods of port mirroring and flow
mirroring.
5.7.1 Class-based QoS Configuration

This chapter describes the basic concepts of the traffic classifier, traffic behavior, traffic policy,
DiffServ domain, and priority mapping, and configuration methods and configuration examples
of the traffic policy based on complex traffic classification and priority mapping based on simple
traffic classification.
Example for Configuring Priority Mapping Based on Simple Traffic Classification
As shown in Figure 5-140, the S9300 is connected to the router through GE 2/0/1; enterprise
and individual users access the network through the S9300 and router. Enterprise and individual
users belong to VLANs 100 and 200. Enterprise users require better QoS guarantee; therefore,
the priority of data packets from enterprise users is mapped to 4 and the priority of data packets
from individual users is mapped to 2. In this manner, differentiated services are provided.

Figure 5-140 Networking diagram for configuring priority mapping based on simple traffic
classification
Core network
Router VLAN 300
GE 2/0/1
GE 1/0/1 GE 1/0/2
VLAN 100 S9300 VLAN 200
Switch Switch
Enterprise users Individual users
1. Create VLANs and configure interfaces so that enterprise and individual users can access
the network through the S9300.
2. Create DiffServ domains and map 802.1p priorities to PHBs and colors.
3. Bind the DiffServ domain to incoming interfaces GE 1/0/1 and GE 1/0/2 on the S9300.
Data Preparation
l Names of DiffServ domains
l 802.1p priorities of packets of enterprise and individual users
l CoS of enterprise and individual users
Procedure
Step 1 Create VLANs and configure interfaces.
# Create VLANs 100, 200, and 300.
[S9300] vlan batch 100 200 300
# Configure the type of GE 1/0/1, GE 1/0/2, and GE 2/0/1 as trunk, add GE1/0/1 to VLAN 100,
add GE1/0/2 to VLAN 200, and add GE2/0/1 to VLAN 100, VLAN 200, and VLAN 300.

[S9300] interface gigabitethernet1/0/1

[S9300-GigabitEthernet1/0/1] port link-type trunk
[S9300-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[S9300-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 200 300
# Create VLANIF 300 and assign interface IP address uo192.168.1.1/24 to VLANIF 300.
NOTE
Assign IP address 192.168.1.2/24 to the interface connecting the router and S9300.
Step 2 Create and configure DiffServ domains.

# Create DiffServ domains ds1 and ds2 and map 802.1p priorities of packets of enterprise and
individual users to PHBs and colors.
[S9300] diffserv domain ds1

[S9300-dsdomain-ds1] 8021p-inbound 0 phb af4 green
[S9300-dsdomain-ds1] quit
[S9300-dsdomain-ds2] 8021p-inbound 0 phb af2 green
Step 3 Bind DiffServ domains to interfaces.

# Bind DiffServ domains ds1 and ds2 to GE 1/0/1 and GE 1/0/2 respectively.
[S9300-GigabitEthernet1/0/1] trust upstream ds1
----End
Configuration Files
#
sysname S9300
#
#
diffserv domain ds1
8021p-inbound 0 phb af4 green
#
diffserv domain ds2
#
interface Vlanif300
ip address 192.168.1.1 255.255.255.0
#
trust upstream ds1

#
trust upstream ds2
#
port trunk allow-pass vlan 100 200 300
#
return
Example for Re-marking the Priorities Based on Complex Traffic Classification
The S9300 is connected to the router through GE 2/0/1; enterprise and individual users can access
the network through the S9300 and router. See Figure 5-141.
Data services of enterprise and individual users come from VLANs 100 and 200 respectively.
When the data service packets of enterprise and individual users pass the S9300, the S9300 needs
to add the outer VLAN tag with the VLAN ID as 300 to the packets so that these packets are
identified as data services on the ISP. In addition, enterprise users require better QoS guarantee;
therefore, the priority of data packets from enterprise users is mapped to 4 and the priority of
data packets from individual users is mapped to 2. In this manner, differentiated services are
provided.
Figure 5-141 Networking diagram for re-marking the priorities based on complex traffic
classification
Core network
GE 2/0/1 VLAN 300
GE 1/0/1 GE 1/0/2
S9300
VLAN 100 VLAN 200
Individual
users
Enterprise
users

2. Create traffic classifiers based on the VLAN ID in the inner VLAN tag on the S9300.
3. Create traffic behaviors on the S9300 and re-mark 802.1p priorities of packets.
4. Create a traffic policy on the S9300, bind traffic behaviors to traffic classifiers in the traffic
policy, and apply the traffic policy to the interface at the outbound direction.
Data Preparation
l Re-marked priorities of packets with different VLAN IDs in the inner VLAN tags
l Type, direction, and number of the interface that a traffic policy needs to be applied to
Procedure
# Create VLANs 100, 200, and 300 on the S9300 and configure GE 1/0/1, GE 1/0/2, and GE
2/0/1 so that the S9300 adds the outer VLAN tag with the VLAN ID as 300 to the packets sent
from GE 1/0/1 and GE 1/0/2 and GE 2/0/1 can forward packets in VLAN 300.
[S9300] vlan batch 100 200 300
[S9300-GigabitEthernet1/0/1] port vlan-stacking vlan 100 stack-vlan 300
[S9300-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 300
[S9300-GigabitEthernet1/0/2] port vlan-stacking vlan 200 stack-vlan 300
# Create VLANIF 300 and assign IP address 192.168.1.1/24 to VLANIF 300.

Step 2 Create traffic classifiers.
# Create traffic classifiers c1 to c2 on the S9300 to classify incoming packets based on the VLAN
ID in the inner VLAN tag.
[S9300] traffic classifier c1 operator and
[S9300-classifier-c1] if-match cvlan-id 100
[S9300-classifier-c1] quit
[S9300-classifier-c2] if-match cvlan-id 200

Step 3 Create traffic behaviors.

# Create traffic behaviors b1 to b2 on the S9300 to re-mark priorities of user packets.
[S9300] traffic behavior b1
[S9300-behavior-b1] remark 8021p 4
[S9300-behavior-b1] quit
[S9300-behavior-b2] remark 8021p 2
Step 4 Create a traffic policy and apply it to an interface.

# Create traffic policy p1 on the S9300, bind traffic classifiers to traffic behaviors in the traffic
policy, and apply the traffic policy to GE 2/0/1 in the inbound direction to re-mark priorities of
packets coming from the user side.
[S9300] traffic policy p1
[S9300-trafficpolicy-p1] classifier c1 behavior b1
[S9300-trafficpolicy-p1] quit
[S9300-GigabitEthernet2/0/1] traffic-policy p1 outbound
[S9300] quit

# Check the configuration of traffic classifiers.
<S9300> display traffic classifier user-defined
User Defined Classifier Information:
Classifier: c2
Precedence: 5
Operator: AND
Rule(s) : if-match cvlan-id 200
Classifier: c1
Precedence: 5
Operator: AND
Rule(s) : if-match cvlan-id 100
# Check the configuration of the traffic policy.

<S9300> display traffic policy user-defined p1
User Defined Traffic Policy Information:
Policy: p1
Classifier: default-class
Behavior: be
-none-
Classifier: c1
Behavior: b1
Marking:
Remark 8021p 4
Classifier: c2
Behavior: b2
Marking:
Remark 8021p 2
# Check the statistics about the traffic policy applied to the interface.
<S9300> display traffic policy statistics interface gigabitethernet 2/0/1 outbound
verbose rule-base
Traffic policy outbound: p1
Rule number: 2
Current status: OK!
Classifier: c1 operator and

Behavior: b1
if-match cvlan-id 100
Board : 2
Passed Packet 2000,Passed Bytes -
Droped Packet 0,Droped Bytes -
Classifier: c2 operator and
Behavior: b2
Board : 2
Passed Packet 1000,Passed Bytes -
Droped Packet 0,Droped Bytes -
----End
Configuration Files
#
sysname S9300
#
#
traffic classifier c2 operator and precedence 5
#
traffic behavior b2
remark 8021p 2
traffic behavior b1
remark 8021p 4
#
traffic policy p1
classifier c1 behavior b1
#
interface Vlanif300
ip address 192.168.1.1 255.255.255.0
#
#
#
traffic-policy p1 outbound
#
return
Example for Redirecting Packets Based on Complex Traffic Classification
The Layer 2 switch of a company is connected to the ISP device through the S9300; one is a 1-
Gbit/s link with the gateway as 20.20.20.1 and the other is a 10-Gbit/s link with the gateway as
20.20.30.1. The company requires that the 10 Gbit/s links send only the packets with priorities
as 4, 5, 6, and 7 and 1 Gbit/s links send packets of lower priorities to the ISP. See Figure
5-142.

Figure 5-142 Networking diagram for redirecting packets based on complex traffic
classification
20.20.20.2/24
GE 3/0/2 20.20.20.1/24
GE 3/0/1
ISP
L2 Switch S9300 GE 2/0/1 20.20.30.1/24

20.20.30.2/24 Router
Company
1. Create VLANs and configure interfaces so that the S9300 can ping the ISP device.
2. Create ACL rules to match the packets with priorities as 4, 5, 6, and 7 and priorities as 0,
1, 2, and 3.
3. Create traffic classifiers to match the preceding ACL rules.
4. Create traffic behaviors to redirect matching packets to 20.20.20.1/24 and 20.20.30.1/24.
5. Create a traffic policy, bind traffic classifiers to traffic behaviors in the traffic policy, and
apply the traffic policy to an interface.
Data Preparation
l VLAN 20 that GE 2/0/1 is added to and VLAN 30 that GE 3/0/2 is added to
l ACL rules 3001 and 3002
l Traffic classifiers c1 and c2
l Traffic behaviors b1 and b2
l Traffic policy p1
Procedure
# Create VLANs 20 and 30.
[S9300] vlan batch 20 30
# Configure the type of GE 3/0/1, GE 3/0/2, and GE 2/0/1 as trunk, and add GE 2/0/1 to VLAN
30 and GE 3/0/2 to VLAN 20.


# Create VLANIF 20 and VLANIF 30 and assign IP addresses to them.

NOTE
Assign network segment addresses 20.20.20.1/24 and 20.20.30.1/24 to the interfaces connecting the router
and S9300. The details are not mentioned here.
Step 2 Create ACL rules.

# Create advanced ACL rules 3001 and 3002 on the S9300 to permit the packets with priorities
as 4, 5, 6, and 7 and priorities as 0, 1, 2, and 3 to pass through.
[S9300] acl 3001
[S9300-acl-adv-3001] rule permit ip precedence 0
[S9300-acl-adv-3001] quit
[S9300] acl 3002
[S9300-acl-adv-3002] quit

Create traffic classifiers c1 and c2 on the S9300 with matching rules as ACL 3001 and ACL
3002.
[S9300] traffic classifier c1

[S9300-classifier-c1] if-match acl 3001

# Create traffic behaviors b1 and b2 on the S9300 to redirect packets to network segments
20.20.20.1/24 and 20.20.30.1/24.
[S9300-behavior-b1] redirect ip-nexthop 20.20.20.1
[S9300-behavior-b2] redirect ip-nexthop 20.20.30.1

# Create traffic policy p1 on the S9300 and bind traffic classifiers to traffic behaviors in the
traffic policy.


# Apply traffic policy p1 to GE 3/0/1.

[S9300-GigabitEthernet3/0/1] traffic-policy p1 inbound
[S9300] quit

# Check the configuration of ACL rules.
<S9300> display acl 3001
Advanced ACL 3001, 4 rules
Acl's step is 5
rule 5 permit ip precedence routine (0 times matched)
rule 10 permit ip precedence priority (0 times matched)
rule 15 permit ip precedence immediate (0 times matched)
rule 20 permit ip precedence flash (0 times matched)
Advanced ACL 3002, 4 rules
Acl's step is 5
rule 5 permit ip precedence flash-override (0 times matched)
rule 10 permit ip precedence critical (0 times matched)
rule 15 permit ip precedence internet (0 times matched)
rule 20 permit ip precedence network (0 times matched)
# Check the configuration of traffic classifiers.

Classifier: c2
Precedence: 5
Operator: OR
Rule(s) : if-match 5 acl 3002
Classifier: c1
Precedence: 10
Operator: OR
# View the configuration of the traffic policy.

Policy: p1
Behavior: be
-none-
Classifier: c1
Behavior: b1
Redirect:
Redirect ip-nexthop 20.20.20.1
Classifier: c2
Behavior: b2
Redirect:
Redirect ip-nexthop 20.20.30.1
----End
Configuration Files
#
sysname S9300
#
vlan batch 20 30

#
acl number 3001
rule 5 permit ip precedence routine
rule 10 permit ip precedence priority
rule 15 permit ip precedence immediate
rule 20 permit ip precedence flash
#
acl number 3002
rule 5 permit ip precedence flash-override
rule 10 permit ip precedence critical
rule 15 permit ip precedence internet
rule 20 permit ip precedence network
#
traffic classifier c2 operator or precedence 5
if-match acl 3002
if-match acl 3001
#
traffic behavior b2
redirect ip-nexthop 20.20.30.1
traffic behavior b1
redirect ip-nexthop 20.20.20.1
#
traffic policy p1
#
interface Vlanif20
ip address 20.20.20.2 255.255.255.0
#
interface Vlanif30
ip address 20.20.30.2 255.255.255.0
#
#
traffic-policy p1 inbound
#
port trunk allow-pass 20
#
return
Example for Configuring Traffic Statistics Based on Complex Traffic Classification
PC1 with the MAC address as 0000-0000-0003 is connected to other devices through GE 2/0/1
on the S9300. It is required that the S9300 should take the statistics on the packets with the
source MAC address as 0000-0000-0003. See Figure 5-143.
Figure 5-143 Networking diagram for configuring traffic statistics based on complex traffic
classification
MAC:0000-0000-0003
GE 2/0/1 GE 3/0/1 Core
network
PC1 S9300 Router

1. Configure interfaces so that the S9300 is connected to PC1 and the router.
2. Create an ACL to match the packets with the source MAC address as 0000-0000-0003.
3. Create a traffic classifier to match the ACL.
4. Create a traffic behavior to take the statistics on the matching packets.
5. Create a traffic policy, bind the traffic classifier to the traffic behavior in the traffic policy,
and apply the traffic policy to GE 2/0/1 in the inbound direction.
Data Preparation
l VLAN 20 and IP address of GE 3/0/1 being 20.20.20.1/24
l ACL 4000
l Traffic classifier c1
l Traffic behavior b1
l Traffic policy p1
Procedure
Step 1 Create a VLAN and configure interfaces.
# Create VLAN 20.

[S9300] vlan 20
[S9300-vlan20] quit
# Configure the type of GE 2/0/1 as access and GE 3/0/1 as trunk, and add GE 2/0/1 and GE
3/0/1 to VLAN 20.
[S9300-GigabitEthernet2/0/1] port link-type access
[S9300-GigabitEthernet2/0/1] port default vlan 20
# Create VLANIF 20 and assign IP address 20.20.20.1/24 to it.

NOTE
Assign network segment address 20.20.20.2/24 to the interface connecting the router and S9300. The details
Step 2 Create an ACL.

# Create MAC address ACL 4000 on the S9300 to match the packets with the source MAC
address as 0000-0000-0003.
[S9300] acl 4000
[S9300-acl-ethernetframe-4000] rule permit source-mac 0000-0000-0003 ffff-ffff-
ffff
[S9300-acl-ethernetframe-4000] quit
Step 3 Create a traffic classifier.
Create traffic classifier c1 on the S9300 with ACL 4000 as the matching rule.
<S9300> system-view
Step 4 Create a traffic behavior.
# Create traffic behavior b1 on the S9300 and configure the traffic statistics action.
[S9300-behavior-b1] statistic enable
# Create traffic policy p1 on the S9300 and bind the traffic classifier to the traffic behavior in
the traffic policy.
Apply traffic policy p1 to GE 2/0/1.

[S9300-GigabitEthernet3/0/1] quit[S9300] quit
# Check the configuration of the ACL.

Ethernet frame ACL 4000, 1 rule
Acl's step is 5
rule 5 permit source-mac 0000-0000-0003 ffff-ffff-ffff(0 times matched)
# Check the configuration of the traffic classifier.

Classifier: c1
Precedence: 5
Operator: OR
# View the configuration of the traffic policy.

Policy: p1
Behavior: be
-none-
Classifier: c1

Behavior: b1
statistic: enable
----End
Configuration Files
#
sysname S9300
#
vlan batch 20
#
acl number 4000
rule 5 permit source-mac 0000-0000-0003 ffff-ffff-ffff
#
if-match acl 4000
#
traffic behavior b1
statistic enable
#
traffic policy p1
#
interface Vlanif20
ip address 20.20.20.1 255.255.255.0
#
#
#
return
5.7.2 Traffic Policing and Traffic Shaping Configuration

This chapter describes the basic concepts and configuration methods of traffic policing and
traffic shaping.
Example for Configuring QoS CAR
As shown in Figure 5-144, the S9300 is connected to the router through GE 2/0/1; enterprise
and individual users access the S9300 through GE 1/0/1 and GE 1/0/2 and access the network
through the S9300 and router. It is required that the fixed bandwidth of enterprise users be 8
Mbit/s and the maximum bandwidth be 10 Mbit/s, and the fixed bandwidth of individual users
be 5 Mbit/s and the maximum bandwidth be 8 Mbit/s.

Figure 5-144 Networking diagram for configuring QoS CAR
Core network
Router
GE 2/0/1
GE 1/0/1 GE 1/0/2
S9300
Switch Switch
Enterprise users Individual users
1. Configure each interface of the S9300 so that users can access the network.
2. Create QoS CAR templates and set the CIR and PIR.
3. Apply QoS CAR templates on GE 1/0/1 and GE 1/0/2 of the S9300 at inbound direction.
Data Preparation
l IP address of the upstream interface on the S9300 being 192.168.1.1/24
l VLANs 100 and 200 that enterprise and individual users belong to
l CIR 8000 kbit/s and PIR 10000 kbit/s of enterprise users, and CIR 5000 kbit/s and PIR
8000 kbit/s of individual users
Procedure
Step 1 Create VLANs and configure each interface of the S9300.
# Create VLANs 100, 200, and 300, and add GE 1/0/1, GE 1/0/2, and GE 1/0/1 to VLANs 100,
200, and 300 respectively.
[S9300] vlan batch 100 200 300
# Configure the type of GE 1/0/1, GE 1/0/2, and GE 2/0/1 as trunk and permit packets from
VLANs 100, 200, and 300 to pass through.


# Create VLANIF 300 and assign network segment address 192.168.1.1/24 to VLANIF 300.

NOTE
Step 2 Configure QoS CAR.

# Create QoS CAR templates qoscar1 and qoscar2 on the S9300 and police the traffic of
enterprise and individual users.
[S9300] qos car qoscar1 cir 8000 pir 10000
Step 3 Apply QoS CAR.

# Apply QoS CAR templates qoscar1 and qoscar2 at inbound directions of GE 1/0/1 and GE
1/0/2 on the S9300 to police incoming traffic of enterprise and individual users.
[S9300] interface gigabitEthernet1/0/1
[S9300-GigabitEthernet1/0/1] qos car inbound qoscar1
[S9300-GigabitEthernet1/0/2] qos car inbound qoscar2
[S9300] quit

# Check the configuration of QoS CAR.
<S9300> display qos car all
----------------------------------------------------------------
CAR Name : qoscar1
CAR Index : 0
car cir 8000 (Kbps) pir 10000 (Kbps) cbs 1000000 (byte) pbs 1250000 (byte)
Applied number on behavior : 0
Applied number on Interface inbound : 1
Applied number on Interface outbound : 1
Applied number on Trunk inbound : 0
Applied number on Trunk outbound : 0
Applied number on Vlan Unknown Unicast : 0
Applied number on Vlan Multicast : 0
Applied number on Vlan Broadticast : 0
----------------------------------------------------------------
CAR Name : qoscar2
CAR Index : 1
car cir 5000 (Kbps) pir 8000 (Kbps) cbs 625000 (byte) pbs 1000000 (byte)
Applied number on behavior : 0
Applied number on Interface inbound : 1

Applied number on Interface outbound : 1
Applied number on Trunk inbound : 0
Applied number on Trunk outbound : 0
Applied number on Vlan Unknown Unicast : 0
Applied number on Vlan Multicast : 0
Applied number on Vlan Broadticast : 0
# Send traffic to GE 1/0/1 and GE 1/0/2 at the rate of 6000 kbit/s, 9000 kbit/s, and 11000 kbit/
s, and then use the display qos car statistics command to check the statistics on QoS CAR. If
the configuration succeeds, you can obtain the following results:
l When packets are sent to GE 1/0/1 and GE 1/0/2 at the rate of 6000 kbit/s, all the packets are
forwarded.
l When packets are sent to GE 1/0/1 and GE 1/0/2 at the rate of 9000 kbit/s, all the packets on
GE 1/0/1 are forwarded but certain packets on GE 1/0/2 are discarded.
l When packets are sent to GE 1/0/1 and GE 1/0/2 at the rate of 11000 kbit/s, certain packets
on GE 1/0/1 and GE 1/0/2 are discarded.
Use the display qos car statistics command on GE 1/0/1 in the inbound direction, and the
following information is displayed:
<S9300> display qos car statistics interface gigabitethernet 1/0/1 inbound
Passed packets: 100
Passed bytes: 104800
Discard packets: 1
Discard bytes: 1048
----End
Configuration Files
#
sysname S9300
#
#
qos car qoscar1 cir 8000 pir 10000 cbs 1000000 pbs 1250000
qos car qoscar2 cir 5000 pir 8000 cbs 625000 pbs 1000000
#
interface Vlanif300
ip address 192.168.1.1 255.255.255.0
#
qos car inbound qoscar1
#
qos car inbound qoscar2
#
#
return

Example for Configuring Traffic Policing Based on a Traffic Classifier
The S9300 is connected to the router through GE 2/0/1; enterprise and individual users can access
the network through the S9300 and router. SeeTable 5-11.
l The voice services of enterprise and individual users belong to VLANs 120 and 220.
l The video services of enterprise and individual users belong to VLANs 110 and 210.
l The data services of enterprise and individual users belong to VLANs 100 and 200.
On the S9300, packets of different services need to be policed, and the total traffic of enterprise
and individual users needs to be controlled in a proper range.
The DSCP priorities carried in service packets sent from the user side are unreliable and services
require different QoS in actual applications; therefore, you need to re-mark DSCP priorities of
different service packets on the S9300. In this manner, the downstream router can process
packets according to different priorities.
The requirements are as follows:
Table 5-11 QoS provided by the S9300 for upstream traffic

User Type Traffic Type CIR (Mbit/s) PIR (Mbit/s) DSCP
Priority
Enterprise Voice 10 15 46
users
Video 50 75 30
Data 40 60 14
Total traffic 150 - -
Individual Voice 10 15 46
users
Video 40 60 30
Data 30 45 14
Total traffic 120 - -

Figure 5-145 Networking diagram for configuring traffic policing based on a traffic classifier
Core network
GE 2/0/1
GE 1/0/1 GE 1/0/2
VLAN S9300
VLAN
100 200
LSW
LSW
Enterprise
users Individual
VLAN users VLAN
VLAN VLAN
110 210
120 220
2. Create traffic classifiers based on the VLAN ID on the S9300.
3. Configure QoS CAR on the S9300 to police the incoming and outgoing traffic of enterprise
and individual users.
4. Create traffic behaviors on the S9300 to police the traffic received from the user side and
re-mark DSCP priorities of packets, and police the traffic sent to the user side.
5. Create traffic policies on the S9300, bind traffic behaviors to traffic classifiers in the traffic
policies, and apply the traffic policies to the interfaces that packets pass through.
Data Preparation
l Re-marked priorities of packets with different VLAN IDs
l Parameters for packets with different VLAN IDs: CIR and PIR
l Type, direction, and number of the interface on which a traffic policy needs to be applied
Procedure
# Create VLAN 100, VLAN 110, VLAN 120, VLAN 200, VLAN 210, and VLAN 220 on the
S9300.

[S9300] vlan batch 100 110 120 200 210 220
# Configure the access types of GE1/0/1, GE1/0/2, and GE2/0/1 to trunk, add GE1/0/1 to VLAN
100, VLAN 110, and VLAN 120, add GE1/0/2 to VLAN 200, VLAN 210, and VLAN 220, and
add GE2/0/1 to VLAN 100, VLAN 110, VLAN 120, VLAN 200, VLAN 210, and VLAN 220.
[S9300-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 110 120 200 210 220

# Create traffic classifiers c1 to c6 on the S9300 to classify incoming and outgoing user packets
based on the VLAN ID.
[S9300-classifier-c1] if-match vlan-id 120
Step 3 Configure QoS CAR.

# Create QoS CAR templates qoscar1 and qoscar2 on the S9300 to police incoming and
outgoing traffic of enterprise and individual users.

# Create traffic behaviors b1 to b6 on the S9300 to police user packets and re-mark priorities of
the packets.
[S9300-behavior-b1] car cir 10000 pir 15000 green pass
[S9300-behavior-b1] remark dscp 46
[S9300-behavior-b1] car qoscar1 share


Step 5 Create traffic policies and apply them on interfaces.

# Create traffic policy p1 on the S9300, bind traffic classifiers to traffic behaviors in the traffic
policy, and apply the traffic policy to GE 1/0/1 and GE 1/0/2 in the inbound direction to police
the packets received from the user side and re-mark priorities of these packets.

[S9300] display traffic classifier user-defined
Classifier: c6
Precedence: 30
Operator: AND
Rule(s) : if-match 5 vlan-id 200
Classifier: c4
Precedence: 20
Operator: AND
Classifier: c2
Precedence: 10
Operator: AND

Classifier: c5
Precedence: 25
Operator: AND
Classifier: c3
Precedence: 15
Operator: AND
Classifier: c1
Precedence: 5
Operator: AND
# Check the configuration of the traffic policy. Here, the configuration of traffic policy p1 is
displayed.
[S9300] display traffic policy user-defined p1
Policy: p1
Behavior: be
-none-
Classifier: c1
Behavior: b1
Committed Access Rate:
CIR 10000 (Kbps), PIR 15000 (Kbps), CBS 1250000 (byte), PBS 1875000 (byt
e)
Color Mode: color Blind
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
Marking:
Remark DSCP ef
Share car:
car qoscar1 share
statistic: enable
Classifier: c2
Behavior: b2
e)
Yellow Action: pass
Marking:
Remark DSCP af33
Share car:
car qoscar1 share
statistic: enable
Classifier: c3
Behavior: b3
CIR 40000 (Kbps), PIR 60000 (Kbps), CBS 5000000 (byte), PBS 7500000 (
byte)
Yellow Action: pass
Share car:
car qoscar1 share
statistic: enable
Classifier: c4
Behavior: b4

e)
Yellow Action: pass
Share car:
car qoscar2 share
statistic: enable
Classifier: c5
Behavior: b5
CIR 40000 (Kbps), PIR 60000 (Kbps), CBS 5000000 (byte), PBS 7500000 (
byte)
Yellow Action: pass
Share car:
car qoscar2 share
statistic: enable
Classifier: c6
Behavior: b6
CIR 30000 (Kbps), PIR 45000 (Kbps), CBS 3750000 (byte), PBS 5625000 (b
yte)
Yellow Action: pass
Share car:
car qoscar2 share
statistic: enable
# Check the configuration of the traffic policy applied on an interface. Here, the configuration
of the traffic policy applied on GE 1/0/1 is displayed.
[S9300] display traffic policy statistics interface gigabitethernet 1/0/1
Traffic policy inbound: p1
Rule number: 0
Current status: OK!
Item Packets Bytes
---------------------------------------------------------------------
Matched 10 10000
+--Passed 8 8000
+--Dropped 2 2000
+--Filter 2 2000
+--URPF 0 0
+--CAR 2 2000
----End
Configuration Files
#
sysname S9300
#
vlan batch 100 110 120 200 210 220
#
qos car qoscar1 cir 150000 cbs 28200000
qos car qoscar2 cir 120000 cbs 22560000
#


#
traffic behavior b1
car cir 10000 pir 15000 cbs 1250000 pbs 1875000 mode color-blind green pass
yel
low pass red discard
remark dscp ef
car qoscar1 share
statistic enable
traffic behavior b3
yellow pass red discard
remark dscp af13
car qoscar1 share
statistic enable
traffic behavior b5
yello
w pass red discard
remark dscp af33
car qoscar2 share
statistic enable
traffic behavior b2
yel
low pass red discard
remark dscp af33
car qoscar1 share
statistic enable
traffic behavior b4
yello
w pass red discard
remark dscp ef
car qoscar2 share
statistic enable
traffic behavior b6
car cir 30000 pir 45000 cbs 3750000 pbs 5625000 mode color-blind green pass y
ellow pass red discard
remark dscp af13
car qoscar2 share
statistic enable
#
traffic policy p1
#
#
#

port trunk allow-pass vlan 100 110 120 200 210 220
#
return
Example for Configuring Traffic Policing for Host Packets
As shown in Figure 5-146, PC1 at 10.10.10.10 is connected to GE 2/0/1 of the S9300; PC2 at
10.10.10.20 is connected to GE 3/0/1 of the S9300; PC1 and PC2 belong to VLAN 10. It is
required that traffic policing for host packets on the S9300 be used to limit ICMP traffic received
on GE 2/0/1 and GE 3/0/1 to 2048 kbit/s and discard the excessive traffic.
Figure 5-146 Networking diagram for configuring traffic policing for host packets
S9300
GE 2/0/1 GE 3/0/1
VLAN 10 VLAN 10
10.10.10.10/24 10.10.10.20/24
PC1 PC2
1. Create a VLAN and configure each interface to ensure that routes between the PC and
devices are reachable.
2. Configure CPCAR to limit ICMP traffic less than 2048 kbit/s.
Data Preparation
l ID of the VLAN, that is, 10
l CIR of ICMP traffic, that is, 2048 kbit/s
Procedure
Step 1 Create a VLAN and configure each interface.
# Create VLAN 10 on the S9300 and add GE 2/0/1 and GE 3/0/1 to VLAN 10.
[S9300] vlan 10

[S9300-vlan10] quit
# Create VLANIF 10 and assign IP address 10.10.10.1/24 to it.

Step 2 Configure CPCAR.

# Configure CPCAR for ICMP packets on the S9300 and set the CIR to 2048 kbit/s.
[S9300] cpcar icmp
[S9300-cpcar-icmp] car cir 2048
[S9300-cpcar-icmp] quit
[S9300] quit

# Check the CPCAR configuration of ICMP packets.
<S9300> display cpcar icmp configuration
Cpcar Configurations on main board!
-------------------------------------------------------
Packet Name Cir(Kbps) Cbs(Bytes)
-------------------------------------------------------
icmp 2048 385024
-------------------------------------------------------
----End
Configuration Files
#
sysname S9300
#
vlan batch 10
#
cpcar icmp
car cir 2048 cbs 385024
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
#
#
return

Example for Configuring Traffic Shaping
The S9300 is connected to GE 2/0/1 and the router; the 802.1p priorities of voice, video, and
data services from the Internet are 6, 5, and 2 respectively, and these services can reach individual
users through the router and S9300, as shown in Figure 5-147. The rate of the traffic from the
network side is greater than the rate of the LSW interface; therefore, a jitter may occur in the
outbound direction of GE 1/0/1. To reduce the jitter and ensure the bandwidth of various services,
the requirements are as follows:
l The CIR on the interface is10000 kbit/s.

l The CIR and PIR for the voice service are 3000 kbit/s and 5000 kbit/s respectively.
l The CIR and PIR for the video service are 5000 kbit/s and 8000 kbit/s respectively.
l The CIR and PIR for the data service are 2000 kbit/s and 3000 kbit/s respectively.
Figure 5-147 Networking diagram for configuring traffic shaping
Phone
802.1p = 6
802.1p = 2 Individual GE 1/0/1 GE 2/0/1 Core

PC users network
LSW S9300 Router
802.1p = 5
TV
1. Configure priority mapping based on simple traffic classification to map priorities of
packets to PHBs.
2. Configure traffic shaping on an interface to limit the bandwidth of the interface.
3. Configure traffic shaping in an interface queue to limit the CIRs of voice, video, and data
services.
Data Preparation
l 802.1p priorities being 6, 5, and 2 mapped to PHBs
l Rate for traffic shaping on an interface

l Rate for traffic shaping in each interface queue
Procedure
# Create VLAN 10.

[S9300] vlan batch 10
# Configure the type of GE 1/0/1 and GE 2/0/1 as trunk, and then add GE1/0/1 and GE2/0/1 to
VLAN 10.
# Create VLANIF 10 and assign network segment address 10.10.10.1/24 to VLANIF 10.
[S9300-Vlanif10] ip address 10.10.10.1 255.255.255.0
NOTE
Step 2 Configure priority mapping based on simple traffic classification.
# Create DiffServ domain ds1 in which 802.1p priorities being 6, 5, and 2 are mapped to PHBs
CS7, EF, and AF2.
[S9300-dsdomain-ds1] 8021p-inbound 6 phb cs7
[S9300-dsdomain-ds1] 8021p-inbound 5 phb ef
[S9300-dsdomain-ds1] 8021p-inbound 2 phb af2
Step 3 Configure traffic shaping on an interface.
# Configure traffic shaping on an interface of the S9300 and set the CIR to 10000 kbit/s.
[S9300-GigabitEthernet1/0/1] port shaping cir 10000
Step 4 Configure traffic shaping in an interface queue.
# Set the scheduling mode of each queue to WRR. Set the WRR weight of queue 7 to 60, WRR
weight of queue 5 to 40, and WRR weight of queue 2 to 20. The other queues retain the default
weight.
[S9300-GigabitEthernet1/0/1] qos wrr 0 to 7
[S9300-GigabitEthernet1/0/1] qos queue 7 wrr weight 60

# Configure traffic shaping in the interface queues on the S9300, and then set the CIR and PIR
of the voice service to 3000 kbit/s and 5 000kbit/s, the CIR and PIR of the video service to 5000
kbit/s and 8000 kbit/s, and the CIR and PIR of the data service to 2000 kbit/s and 3000 kbit/s.
[S9300-GigabitEthernet1/0/1] qos queue 7 shaping cir 3000 pir 5000
[S9300] quit
# Check the configuration of DiffServ domain ds1.

<S9300> display diffserv domain name ds1
diffserv domain name:ds1
8021p-inbound 0 phb be green
8021p-inbound 5 phb ef green
8021p-inbound 6 phb cs7 green
8021p-outbound be green map 0
......
# If the configuration succeeds, the committed bandwidth for the packets transmitted by
GE1/0/1is 10000 kbit/s; the transmission rate of the voice service ranges from 3000 kbit/s to
5000 kbit/s; the transmission rate of the video service ranges from 5000 kbit/s to 8000 kbit/s;
the transmission rate of the data service ranges from 2000 kbit/s to 3000 kbit/s.
----End
Configuration Files
#
sysname S9300
#
vlan batch 10
#
diffserv domain ds1
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
qos lr cir 10000 cbs 1250000 outbound
qos wrr
qos queue 2 wrr weight 20
qos queue 2 shaping cir 2000 pir 3000
#
trust upstream ds1
#
return

5.7.3 Congestion Avoidance and Congestion Management

Configuration
This chapter describes the principle and configuration methods of congestion avoidance and
congestion management.
Example for Configuring Congestion Avoidance and Congestion Management
The S9300 is connected to the router through GE 2/0/1; the 802.1p priorities of voice, video,
and data services on the Internet are 6, 5, and 2 respectively, and these services can reach
individual users through the router and S9300, as shown in Figure 5-148. The rate of incoming
interface GE 2/0/1 on the S9300 is greater than the rates of outgoing interfaces GE 1/0/1 and
GE 1/0/2; therefore, congestion may occur on these two outgoing interfaces. To reduce the effect
caused by congestion and ensure that high-priority and short-delay services are processed first,
the requirements are as follows.
Table 5-12 Congestion avoidance parameters

Types of Color Lower Upper Drop Percent
Services Threshold (%) Threshold (%)
Voice Green 80 100 10
Video Yellow 60 80 20
Data Red 40 60 40
Table 5-13 Congestion management parameters

Type of Services CoS
Voice CS7
Video EF
Data AF2

Figure 5-148 Networking diagram for configuring congestion avoidance and congestion
management
Core network
Router
GE 2/0/1
GE 1/0/1 GE 1/0/2
S9300
PC TV
802.1p 802.1p
=2 Switch Switch =5
Individual
Individual
user n
user 1
802.1p 802.1p 802.1p
802.1p =6
=5 =2
=6
TV Phone PC Phone
1. Configure the VLAN for each interface so that the devices can communicate with each
other through the link layer.
2. Create and configure a DiffServ domain on the S9300, map packets of 802.1p priorities to
PHBs and colors of packets, and bind an incoming interface on the S9300 to the DiffServ
domain.
3. Create a WRED drop profile on the S9300 and apply the WRED drop profile on an outgoing
interface.
4. Set scheduling parameters of queues of different CoS on outgoing interfaces of the
S9300.
Data Preparation
l VLAN IDs of data packets, video packets, and voice packets, namely, 2, 5, and 6
l PHBs mapped to 802.1p priorities being 6, 5, and 2 and colors
l Name of the WRED drop profile and WRED parameters
l Scheduling parameters of queues of different CoS

Procedure
Step 1 Configure the VLAN for each interface so that the devices can communicate with each other
through the link layer.
[S9300] vlan batch 2 5 6
Step 2 Configure priority mapping based on simple traffic classification.
# Create DiffServ domain ds1, map packets of 802.1p priorities being 6, 5, and 2 to PHBs CS6,
EF, and AF2, and color packets as green, yellow, and red.
[S9300-dsdomain-ds1] 8021p-inbound 6 phb cs7 green
[S9300-dsdomain-ds1] 8021p-inbound 5 phb ef yellow
[S9300-dsdomain-ds1] 8021p-inbound 2 phb af2 red
# Bind incoming interface GE 2/0/1 on the S9300 to DiffServ domain ds1.

[S9300-GigabitEthernet2/0/1] trust 8021p outer
Step 3 Configure congestion avoidance.
# Create drop profile wred1 on the S9300 and set parameters of packets of three colors.
[S9300] drop-profile wred1
[S9300-drop-wred1] color green low-limit 80 high-limit 100 discard-percentage 10
[S9300-drop-wred1] color yellow low-limit 60 high-limit 80 discard-percentage 20
[S9300-drop-wred1] color red low-limit 40 high-limit 60 discard-percentage 40
[S9300-drop-wred1] quit
# Apply drop profile wred1 on outgoing interfaces GE 1/0/1 and GE 1/0/2 of the S9300.
[S9300-GigabitEthernet1/0/1] qos wred wred1
[S9300-GigabitEthernet1/0/1] qos queue 7 wred wred1
[S9300-GigabitEthernet1/0/2] qos wred wred1
Step 4 Configure congestion management.

# Set scheduling parameters of queues of different CoS on outgoing interfaces GE 1/0/1 and GE
1/0/2 of the S9300.
[S9300-GigabitEthernet1/0/1] qos pq 7
[S9300-GigabitEthernet1/0/1] qos drr 0 to 6
[S9300-GigabitEthernet1/0/1] qos queue 5 drr weight 100
[S9300-GigabitEthernet1/0/1] qos queue 2 drr weight 50
[S9300-GigabitEthernet1/0/2] qos pq 7
[S9300-GigabitEthernet1/0/2] qos drr 0 to 6
[S9300-GigabitEthernet1/0/2] qos queue drr 5 weight 100
[S9300-GigabitEthernet1/0/2] qos queue drr 2 weight 50
[S9300] quit

# Check the configuration of DiffServ domain ds1.
<S9300> display diffserv domain name ds1
8021p-inbound 0 phb be green
8021p-inbound 2 phb af2 red
8021p-inbound 5 phb ef yellow
8021p-outbound be green map 0
......
# Check the configuration of drop profile wred1.

<S9300> display drop-profile name wred1
Drop-profile[3]: wred1
Color Low-limit High-limit Discard-percentage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Green 80 100 10
Yellow 60 80 20
Red 40 60 40
Non-tcp 100 100 100
-----------------------------------------------------------------
----End
Configuration Files
#
sysname S9300
#
vlan batch 2 5 6
#
diffserv domain ds1
8021p-inbound 2 phb af2 red
8021p-inbound 5 phb ef yellow
#
drop-profile wred1
color green low-limit 80 high-limit 100 discard-percentage 10
color yellow low-limit 60 high-limit 80 discard-percentage 20
color red low-limit 40 high-limit 60 discard-percentage 40
#

qos wred wred1

qos pq 7 drr 0 to 6
qos queue 2 drr weight 50
qos queue 2 wred wred1
#
qos wred wred1
qos pq 7 drr 0 to 6
#
trust upstream ds1
#
return
5.7.4 Mirroring Configuration

This chapter describes basic concepts and configuration methods of port mirroring and flow
mirroring.
Example for Configuring Local Port Mirroring
The R&D department and marketing department access the S9300 through GE 1/0/1 and
GE1/0/2; a data detection device, that is, a server, is connected to GE 1/0/3 of the S9300. It is
required that the server should monitor received and sent packets of the R&D department and
marketing department through local port mirroring. Figure 5-149 shows the networking
diagram.
Figure 5-149 Networking diagram for configuring local port mirroring
GE 1/0/1
R&D LSWA
department GE 1/0/3
S9300 Server
GE 1/0/2 192.168.1.100
Marketing LSWB
department

1. Configure GE 1/0/3 as an observing interface.
2. Configure GE 1/0/1 and GE 1/0/2 as mirroring interfaces.
Data Preparation
l Type and number of the observing interface
l Type and number of the mirroring interface
l Index number of the observing interface, that is, 1
Procedure
Step 1 Configure each interface to ensure that the routes between hosts are reachable.
# Create VLANs 1, 2, and 3, and add GE 1/0/1, GE 1/0/2, and GE 1/0/3 to VLANs 1, 2, and 3
respectively.
[S9300] vlan batch 1 to 3
Step 2 Configure a local observing interface.

# Configure GE 1/0/3 on the S9300 as a local observing interface.
[S9300] observe-port 1 interface gigabitethernet1/0/3
Step 3 Configure local mirroring interfaces.

# Configure GE 1/0/1 on the S9300 as a local mirroring interface to monitor received and sent
packets of the finance department.
[S9300-GigabitEthernet1/0/1] port-mirroring observe-port 1 both
# Configure GE 1/0/2 on the S9300 as a local mirroring interface to monitor received and sent
packets of the purchase department.
[S9300-GigabitEthernet1/0/2] port-mirroring observe-port 1 both

[S9300] quit

# Check the configuration of the observing interface.
<Quidway> display observe-port
---------------------------------------------------------------------------
Index : 1
Used : 4
---------------------------------------------------------------------------
# Check the configuration of mirroring interfaces.

<S9300> display mirror-port
----------------------------------------------------------------------
Index Interface Bound Observe
----------------------------------------------------------------------
1 GigabitEthernet1/0/1 Both GigabitEthernet1/0/3
----------------------------------------------------------------------
# Check the number of packets on GE 1/0/1, GE 1/0/2, and GE 1/0/3, and you can view that the
number of packets on GE1/0/3 is the sum of packets on GE 1/0/1 and GE 1/0/2. On the server,
you can view that all the packets received and sent on GE 1/0/1 and GE 1/0/2. This indicates
that packets on GE 1/0/1 and GE 1/0/2 are mirrored by the S9300.
<S9300> display interface GigabitEthernet 1/0/1
GigabitEthernet1/0/1 current state : Up
Internet protocol processing : disabled
Vlan Shaping: Not supported
Input: 342496 bytes
Output: 0 bytes
Input: 171248 bytes
Output: 0 bytes
Input: 513744 bytes

Output: 0 bytes
----End
Configuration Files
#
sysname S9300
#
vlan batch 1 to 3
#
observe-port 1 interface GigabitEthernet1/0/3
#
interface Vlanif3
ip address 192.168.1.1 255.255.255.0
#
port default vlan 1
port-mirroring observe-port 1 both
#
port default vlan 2
#
#
return
Example for Configuring Remote Port Mirroring
The packets of the marketing department is sent to S9300A; S9300A, S9300B, and S9300C are
connected through trunks; a detection device, that is, a server, is connected to GE 1/0/1 of
S9300C. It is required that the server should monitor received and sent packets of the marketing
department through remote port mirroring.
Figure 5-150 Networking diagram for configuring remote port mirroring
S9300A S9300B S9300C

VLAN 1 VLAN 1
GE 1/0/1 GE 1/0/2
GE 1/0/1 GE 1/0/2
GE 1/0/2 GE 1/0/1
VLAN 1
Marketing Server
department

1. Configure each interface to ensure that the routes between Layer 2 devices are reachable.
2. Configure GE 1/0/1 on S9300A as a remote observing interface.
3. Configure GE 1/0/2 on S9300A as a mirroring interface.
Data Preparation
l ID of the VLAN to which packets are mirrored
l Index of the observing interface
Procedure
Step 1 Configure each interface to ensure that the routes between Layer 2 devices are reachable.
# Configure S9300A.
<<Quidway> system-view
[S9300A] vlan 1
[S9300A-vlan1] port gigabitethernet 1/0/1 1/0/2
[S9300A-vlan1] quit
# Configure S9300B.
<<Quidway> system-view
[S9300B] vlan 1
[S9300B-vlan1] port GigabitEthernet 1/0/1 1/0/2
[S9300B-vlan1] quit
# Configure S9300C.
[Quidway] sysname S9300C
[S9300C] vlan 1
[S9300C-vlan1] port GigabitEthernet 1/0/1 1/0/2
[S9300C-vlan1] quit

Step 2 Configure a remote observing interface.

# Configure GE 1/0/1 on S9300A as a remote observing interface.
[S9300A] observe-port 1 interface GigabitEthernet1/0/1 vlan 1
Step 3 Configure a remote mirroring interface.

# Configure GE 1/0/2 on S9300A as a remote mirroring interface to monitor received and sent
packets of the marketing department.
[S9300A-GigabitEthernet1/0/2] port-mirroring observe-port 1 both
[S9300A] quit

# Check the configuration of the observing interface.
[Quidway] display observe-port
---------------------------------------------------------------------------
Index : 1
Used : 2
Vlan : 2
---------------------------------------------------------------------------
# Check the configuration of the mirroring interface.

[S9300] display mirror-port
----------------------------------------------------------------------
Index Interface Bound Observe
----------------------------------------------------------------------
----------------------------------------------------------------------
# On the server, you can view that all the packets received and sent on GE 1/0/2 of S9300A.
This indicates that packets on GE 1/0/2 are mirrored by S9300A.
----End
Configuration Files
#
sysname S9300A
#
vlan batch 1
#
observe-port 1 interface GigabitEthernet1/0/1 vlan 1
#
port default vlan 1
#
port default vlan 1
#
return

#
sysname S9300B
#
vlan batch 1

#
port default vlan 1
#
port default vlan 1
#
return

#
sysname S9300C
#
vlan batch 1
#
port default vlan 1
#
port default vlan 1
#
return
Example for Configuring Flow Mirroring
The R&D department and marketing department are connected to GE 1/0/1 and GE1/0/2 of the
S9300 through LSWA and LSWB. It is required that the S9300 should monitor the packets with
the 802.1p priority as 6 and the outgoing interface as GE 1/0/3 of the R&D department and
marketing department through local port mirroring. See Figure 5-151.
Figure 5-151 Networking diagram for configuring flow mirroring
GE 1/0/1
R&D LSWA
department GE 1/0/3
S9300 Server
GE 1/0/2 192.168.1.100
Marketing LSWB
department

1. Create a VLAN on the S9300 and add GE 1/0/1, GE 1/0/2, and GE 1/0/3 to the VLAN.
2. Configure GE 1/0/3 as an observing interface.
3. Create a traffic classifier and set the traffic classification rule of matching the packets with
the 802.1p priority as 6.
4. Create a traffic behavior and configure flow mirroring actions in the traffic behavior.
5. Create a traffic policy to bind the traffic classifier and traffic behavior.
6. Apply the traffic policy on GE 1/0/1 and GE 1/0/2.
Data Preparation
l Name of the traffic classifier, that is, c1
l Name of the traffic behavior, that is, b1
l Name of the traffic policy, that is, p1
l ID of the VLAN, that is, 2
Procedure
Step 1 Create a VLAN.
# Create VLAN 2 on the S9300 and add GE 1/0/1, GE 1/0/2, and GE 1/0/3 to the VLAN.
[Quidway] sysname S9300[S9300] vlan 2
[S9300-vlan2] port gigabitethernet 2/0/1 to 2/0/3
[S9300-vlan2] quit
# Configure the type of GE 1/0/1, GE 1/0/2, and GE 1/0/3 as trunk.

Step 2 Configure an observing interface.

# Configure GE 1/0/3 on the S9300 as an observing interface.
[S9300] observe-port 1 interface GigabitEthernet 1/0/3
Step 3 Create a traffic classifier.

# Create traffic classifier c1 on the S9300 and set the traffic classification rule of matching the
packets with the 802.1p priority as 6.

[S9300-classifier-c1] if-match vlan-8021p 6
Step 4 Create a traffic behavior.

# Create traffic behavior b1 on the S9300 and configure flow mirroring actions.


[S9300-classifier-b1] mirroring observing-port 1
[S9300-classifier-b1] quit

# Create traffic policy p1 on the S9300 to bind the traffic classifier and traffic behavior, and
apply the traffic policy to GE 1/0/1 and GE 1/0/2 in the inbound direction to monitor the packets
of the R&D department and marketing department.
[S9300] quit

<S9300> display traffic classifier user-defined c1
Classifier: c1
Precedence: 5
Operator: OR
Rule(s) : if-match 5 vlan-8021p 6

Policy: p1
Behavior: be
-none-
Classifier: c1
Behavior: b1
Port-mirroring to observe-port 1
# Check the number of packets forwarded by the S9300 on GE 1/0/1, GE 1/0/2, and GE 1/0/3,
or check all the packets received from and sent to GE 1/0/1 and GE 1/0/2 on the server. This
indicates that packets on GE 1/0/1 and GE 1/0/2 are mirrored by the S9300.
Input: 342496 bytes
Output: 0 bytes


Input: 171248 bytes
Output: 0 bytes
Input: 513744 bytes
Output: 0 bytes
----End
Configuration Files
#
sysname S9300
#
vlan batch 2
#
observe-port 1 interface GigabitEthernet1/0/3
#
if-match 5 vlan-8021p 6
#
traffic behavior b1
mirroring observing-port 1
#
traffic policy p1
#
port default vlan 2
#
port default vlan 2
#
port default vlan 2
#
return
5.8 Configuration Guide - Security

This document describes security features of the S9300 including AAA and user management,
Network Access Control (NAC), DHCP snooping, ARP security, IP source guard, IP source

trail, Unicast Reverse Path Forwarding (URPF), local attack defense, PPPoE+, MAC-forced
forwarding (MFF), interface security, traffic suppression, and ACL from aspects of function
introduction, configuration methods, maintenance, and configuration examples.
This document guides you through the principle and configuration of security features.
5.8.1 AAA and User Management Configuration
This chapter describes the principle and configuration of Authentication, Authorization, and
Accounting (AAA), local user management, Remote Authentication Dial in User Service
(RADIUS), HUAWEI Terminal Access Controller Access Control System (HWTACACS), and
domain.
5.8.2 DHCP Snooping Configuration
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP)
snooping on the S9300 to defend against DHCP attacks.
5.8.3 IP Source Guard Configuration
This chapter describes the principle and configuration of IP source guard.
5.8.4 ARP Security Configuration
This chapter describes the principle and configuration of ARP security features.
5.8.5 Traffic Suppression Configuration
This chapter describes the principle and configuration of traffic suppression .
5.8.6 IP Source Trail Configuration
This chapter describes the principle of IP source trail, and provides configuration methods and
examples of IP source trail.
5.8.7 URPF Configuration
This chapter describes the principle of Unicast Reverse Path Forwarding (URPF), and provides
configuration methods and examples of URPF.
5.8.8 ACL Configuration
This chapter describes how to configure the Access Control List (ACL).
5.8.1 AAA and User Management Configuration

This chapter describes the principle and configuration of Authentication, Authorization, and
Accounting (AAA), local user management, Remote Authentication Dial in User Service
(RADIUS), HUAWEI Terminal Access Controller Access Control System (HWTACACS), and
domain.
Example for Using RADIUS to Authenticate Users
As shown in Figure 5-152, the ISP user on an IP/MPLS backbone network needs to remotely
log in to the S9300 to perform configurations. The user accesses the S9300 through Telnet and
the RADIUS server authenticates the access user.

Figure 5-152 Networking diagram for using RADIUS to authenticate users

Primary server
10.1.1.1/24
User Standby server

IP/MPLS core 10.1.1.2/24
Metro
S9300-B
S9300-A
1. Configure an RADIUS server template and an authentication scheme.

2. Apply the RADIUS server template and authentication scheme to the domain.
Data Preparation
l Name of the domain that the user belongs to being huawei

l IP address and port number of the primary RADIUS authentication server being 10.1.1.1/24
and 1812
l IP address and port number of the secondary RADIUS authentication server being
10.1.1.2/24 and 1812
l Shared key being hello and number of times for retransmitting packets being 2 on the
RADIUS server
The configuration of S9300-A is the same as the configuration of S9300-B; therefore, devices
are not differentiated in the following example. Quidway represents to the device.
NOTE
This configuration example provides only the commands on the S9300. For the configuration of the
RADIUS server, see relevant descriptions.

Procedure
Step 1 Configure an authentication scheme.
# Enter the AAA view.
[Quidway] aaa
# Configure an authentication scheme named scheme1, with the authentication mode as

RADIUS.
[Quidway-aaa] authentication-scheme scheme1
[Quidway-aaa-authen-scheme1] authentication-mode radius
[Quidway-aaa-authen-scheme1] quit
[Quidway-aaa] quit
Step 2 Configure a RADIUS server template.

# Configure a RADIUS server template named rrr.
[Quidway] radius-server template rrr
# Configure the IP address and port number of the primary RADIUS authentication server.
[Quidway-radius-rrr] radius-server authentication 10.1.1.1 1812
# Configure the IP address and port number of the secondary RADIUS authentication server.
[Quidway-radius-rrr] radius-server authentication 10.1.1.2 1812 secondary
# Set the shared key and number of times for retransmitting packets on the RADIUS server.
[Quidway-radius-rrr] radius-server shared-key hello
[Quidway-radius-rrr] radius-server retransmit 2
[Quidway-radius-rrr] quit
Step 3 Configure a domain named huawei.

# Create a domain.
[Quidway] aaa
[Quidway-aaa] domain huawei
# Configure an authentication scheme for the domain.

[Quidway-aaa-domain-huawei] authentication-scheme scheme1
# Configure a RADIUS server template for the domain.

[Quidway-aaa-domain-huawei] radius-server rrr
[Quidway-aaa-domain-huawei] quit
[Quidway-aaa] quit
Step 4 Set an authentication mode for Telnet users.


Run the display radius-server configuration command on the S9300, and you can view that
the configuration of the RADIUS server template meets the requirements.
[Quidway] display radius-server configuration template rrr
------------------------------------------------------------------
Server-template-name : rrr
Protocol-version : standard

Traffic-unit : B
Shared-secret-key : hello
Timeout-interval(in second) : 5
Primary-authentication-server : 10.1.1.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.1.1.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 2
Domain-included : YES
------------------------------------------------------------------
Run the display domain command on the S9300, and you can view the configuration of the
domain.
[Quidway] display domain huawei
------------------------------------------------------------------
Domain-name : huawei
Domain-state : Active
Authentication-scheme-name : scheme1
Accounting-scheme-name : default
Authorization-scheme-name : default
Web-IP-address : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Idle-data-attribute (time,flow) : 0, 60
User-access-limit : 384
Online-number : 0
RADIUS-server-template : rrr
HWTACACS-server-template : -
-------------------------------------------------------------------
----End
Configuration Files
#
sysname Quidway
#
radius-server template rrr
radius-server shared-key hello
radius-server authentication 10.1.1.1 1812
radius-server authentication 10.1.1.2 1812 secondary
radius-server retransmit 2
#
aaa
authentication-scheme default
authentication-scheme scheme1
authentication-mode radius
#
authorization-scheme default
#
domain default
domain huawei
radius-server rrr
#
#
user-interface vty 0 4
authentication-mode aaa
#
return
Example for Using HWTACACS to Authenticate and Authorize Users

As shown in Figure 5-153, users on an IP/MPLS backbone network access the S9300 through
Telnet; the HWTACACS server is used to authenticate access users. The requirements are as
follows:
l The local authentication mode is first used to authenticate access users. If no response is
received, the HWTACACS server is used to authenticate access users.
l To upgrade user levels, the HWTACACS server is first used to authenticate access users.
If no response is received, the local authentication mode is used to authenticate access users.
l The HWTACACS server is used to authorize access users.
Figure 5-153 Networking diagram for using HWTACACS to authenticate and authorize users
Primary server
10.1.1.1/24
User Standby server

IP/MPLS core 10.1.1.2/24
Metro
S9300-B
S9300-A
1. Configure authentication and authorization schemes.

2. Configure an HWTACACS server template.
3. Apply the HWTACACS server template and authentication and authorization schemes to
the domain.
Data Preparation
l Name of the domain that the user belongs to being huawei

l IP address of the primary HWTACACS server being 10.1.1.1/24, authentication port

number being 49, and authorization port number being 49
l IP address of the secondary HWTACACS server being 10.1.1.2/24, authentication port
number being 49, and authorization port number being 49
NOTE
This configuration example provides only the commands on the S9300. For the configuration of the
HWTACACS server, see relevant descriptions.
Procedure
Step 1 Configure an authentication scheme.
# Enter the AAA view.

[Quidway] aaa
# Create an authentication scheme named scheme1.

[Quidway-aaa] authentication-scheme scheme1
# Set an authentication mode for the authentication scheme.

[Quidway-aaa-authen-scheme1] authentication-mode local hwtacacs
# Set an authentication mode for upgrading user levels.

[Quidway-aaa-authen-scheme1] authentication-super hwtacacs super
[Quidway-aaa-authen-scheme1] quit
Step 2 Configure an authorization scheme.
# Create an authorization scheme named scheme1.

[Quidway-aaa] authorization-scheme scheme1
# Set the authorization mode for the authorization scheme.

[Quidway-aaa-author-scheme1] authorization-mode hwtacacs
[Quidway-aaa-author-scheme1] quit
Step 3 Configure an HWTACACS server template.
# Create an HWTACACS server template named hhh.

[Quidway] hwtacacs-server template hhh
# Configure IP addresses and port numbers of primary HWTACACS authentication and

authorization servers.
[Quidway-hwtacacs-hhh] hwtacacs-server authentication 10.1.1.1 49
[Quidway-hwtacacs-hhh] hwtacacs-server authorization 10.1.1.1 49
# Configure IP addresses and port numbers of secondary HWTACACS authentication and

authorization servers.
[Quidway-hwtacacs-hhh] hwtacacs-server authentication 10.1.1.2 49 secondary
[Quidway-hwtacacs-hhh] hwtacacs-server authorization 10.1.1.2 49 secondary
# Set the shared key of the HWTACACS server.

[Quidway-hwtacacs-hhh] hwtacacs-server shared-key crystal
[Quidway-hwtacacs-hhh] quit

Step 4 Configure a domain.
# Create a domain named huawei.

[Quidway] aaa
[Quidway-aaa] domain huawei
# Configure authentication and authorization schemes for the domain.

[Quidway-aaa-domain-huawei] authentication-scheme scheme1
[Quidway-aaa-domain-huawei] authorization-scheme scheme1
# Configure an HWTACACS server template for the domain.

[Quidway-aaa-domain-huawei] hwtacacs-server hhh
[Quidway-aaa-domain-huawei] quit
[Quidway-aaa] quit
Step 5 Set an authentication mode for Telnet users.

Run the display hwtacacs-server template command on the S9300, and you can view the
configuration of the HWTACACS server template.
[Quidway] display hwtacacs-server template hhh
-----------------------------------------------------------------------
HWTACACS-server template name : hhh
Primary-authentication-server : 10.1.1.1:49
Primary-authorization-server : 10.1.1.1:49
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.1.1.2:49
Secondary-authorization-server : 10.1.1.2:49
Secondary-accounting-server : 0.0.0.0:0
Current-authentication-server : 10.1.1.1:49
Current-authorization-server : 10.1.1.1:49
Current-accounting-server : 0.0.0.0:0
Source-IP-address : 0.0.0.0
Shared-key : crystal
Quiet-interval(min) : 5
Response-timeout-Interval(sec) : 5
Domain-included : Yes
Traffic-unit : B
----------------------------------------------------------------------
Run the display domain command on the S9300, and you can view the configuration of the
domain.
[Quidway] display domain huawei
-------------------------------------------------------------------
Domain-name : huawei
Domain-state : Active
Authentication-scheme-name : scheme1
Accounting-scheme-name : default
Authorization-scheme-name : scheme1
Web-IP-address : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Idle-data-attribute (time,flow) : 0, 60
User-access-limit : 384
Online-number : 0
RADIUS-server-template : rrr

HWTACACS-server-template : hhh
-------------------------------------------------------------------
----End
Configuration Files
#
sysname Quidway
#
hwtacacs-server template hhh
hwtacacs-server authentication 10.1.1.1 49
hwtacacs-server authentication 10.1.1.2 49 secondary
hwtacacs-server authorization 10.1.1.1 49
hwtacacs-server authorization 10.1.1.2 49 secondary
hwtacacs-server shared-key crystal
#
aaa
authentication-scheme default
authentication-mode local hwtacacs
#
authorization-scheme default
authorization-scheme shceme1
authorization-mode hwtacacs
authentication-super hwtacacs super
#
domain default
domain huawei
authorization-scheme scheme1
hwtacacs-server hhh
#
user-interface vty 0 4
authentication-mode aaa
#
return
5.8.2 DHCP Snooping Configuration

This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP)
snooping on the S9300 to defend against DHCP attacks.
Example for Preventing the Bogus DHCP Server Attack
As shown in Figure 5-154, the S9300 is deployed between the user network and the Layer 2
network of the ISP. To prevent the bogus DHCP server attack, it is required that DHCP snooping
be configured on the S9300, the user-side interface be configured as untrusted, the network-side
interface be configured as trusted, and the packet discarding alarm function be configured.

Figure 5-154 Networking diagram for preventing the bogus DHCP server attack
ISP network
L3 network
L2 network DHCP relay

GE1/0/0
S9300 DHCP server
GE2/0/0
User network
The configuration roadmap is as follows: (Assume that the DHCP server has been configured.)
1. Enable DHCP snooping globally and on the interface.
2. Configure the interface connected to the DHCP server as a trusted interface.
3. Configure the user-side interface as an untrusted interface. The DHCP Request messages
including Offer, ACK, and NAK messages received from the untrusted interface are
discarded.
4. Configure the packet discarding alarm function.
Data Preparation
l GE 1/0/0 being the trusted interface and GE 2/0/0 being the untrusted interface
l Alarm threshold being 120
NOTE
This configuration example provides only the commands related to the DHCP snooping configuration.
Procedure
Step 1 Enable DHCP snooping.
# Enable DHCP snooping globally.

# Enable DHCP snooping on the user-side interface.

Step 2 Configure the interface as trusted or untrusted.
# Configure the interface at the DHCP server side as trusted.
[Quidway-GigabitEthernet1/0/0] dhcp snooping trusted
# Configure the interface at the user side as untrusted.

After DHCP snooping is enabled on GE 2/0/0, the mode of GE 2/0/0 is untrusted by default.
Step 3 Configure the packet discarding alarm function.
# Configure the S9300 to discard the Reply messages received by the untrusted interfaces.
[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm untrust-reply enable
# Set the alarm threshold.

[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm untrust-reply threshold 120

Run the display dhcp snooping command on the S9300, and you can view that DHCP snooping
is enabled globally and in the interface view.
<Quidway> display dhcp snooping global
dhcp snooping enable
Dhcp snooping enable is configured at these vlan :NULL
Dhcp snooping enable is configured at these interface :

Dhcp snooping trusted is configured at these interface :

Dhcp option82 insert is configured at these interface :NULL
Dhcp option82 rebuild is configured at these interface :NULL
dhcp packet drop count within alarm range : 0

dhcp packet drop count total : 60
<Quidway> display dhcp snooping interface gigabitethernet 1/0/0

dhcp snooping trusted

dhcp snooping alarm untrust-reply enable
dhcp snooping alarm untrust-reply threshold 120
dhcp packet dropped by untrust-reply checking = 60
----End
Configuration Files
#
sysname Quidway
#
dhcp enable


#
#
#
return
Example for Preventing the DoS Attack by Changing the CHADDR Field
As shown in Figure 5-155, the S9300 is deployed between the user network and the ISP Layer
2 network. To prevent the DoS attack by changing the CHADDR field, it is required that DHCP
snooping be configured on the S9300. The CHADDR field of DHCP Request messages is
checked. If the CHADDR field of DHCP Request messages matches the source MAC address
in the frame header, the messages are forwarded. Otherwise, the messages are discarded. The
packet discarding alarm function is configured.
Figure 5-155 Networking diagram for preventing the DoS attack by changing the CHADDR
field
ISP network
L3 network

GE1/0/0
S9300 DHCP server
GE2/0/0
User network

2. Enable the checking of the CHADDR field of DHCP Request messages on the user-side
interface.
Data Preparation
l Alarm threshold
NOTE
Procedure

[Quidway-GigabitEthernet2/0/0] dhcp snooping enable
Step 2 Enable the checking of the CHADDR field of DHCP Request messages on the user-side
interface.
[Quidway-GigabitEthernet2/0/0] dhcp snooping check mac-address enable

# Enable the packet discarding alarm function.
[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm mac-address enable

[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm mac-address threshold 120

is enabled globally and in the interface view.

Dhcp snooping trusted is configured at these interface :NULL


dhcp snooping check mac-address
dhcp snooping alarm mac-address enable
dhcp snooping alarm mac-address threshold 120
dhcp packet dropped by mac-address checking = 25
----End
Configuration Files
#
sysname Quidway
#
dhcp enable
#
dhcp snooping check mac-address enable
#
return
Example for Preventing the Attacker from Sending Bogus DHCP Messages for
Extending IP Address Leases
As shown in Figure 5-156, the S9300 is deployed between the user network and the ISP Layer
2 network. To prevent the attacker from sending bogus DHCP messages for extending IP address
leases, it is required that DHCP snooping be configured on the S9300 and the DHCP snooping
binding table be created. If the received DHCP Request messages match entries in the binding
table, they are forwarded; otherwise, they are discarded. The packet discarding alarm function
is configured.

Figure 5-156 Networking diagram for preventing the attacker from sending bogus DHCP
messages for extending IP address leases
ISP network
L3 network

GE1/0/0
S9300 DHCP server
GE2/0/0
User network
2. Use the operation mode of the DHCP snooping binding table to check DHCP Request
messages.
4. Configure the Option 82 function and create a binding table that contains information about
the interface.
Data Preparation
l ID of the VLAN that each interface belongs to
l Static IP addresses from which packets are forwarded
l Alarm threshold
NOTE
Procedure


Step 2 Configure the checking of packets.

# Configure the checking of DHCP Request messages on the user-side interface.
[Quidway-GigabitEthernet2/0/0] dhcp snooping check user-bind enable
Step 3 Configure static binding entries.

# Configure static binding entries assigned to the user side.
[Quidway] user-bind static ip-address 10.1.1.3 mac-address 0000-005e-008a
interface gigabitethernet 2/0/0 vlan 3

[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm user-bind enable

[Quidway-GigabitEthernet2/0/0] dhcp snooping alarm user-bind threshold 120
Step 5 Configure the Option 82 function.

# Configure the user-side interface to append the Option 82 field to DHCP messages.
[Quidway-GigabitEthernet2/0/0] dhcp option82 insert enable

is enabled globally and on the interface.

Dhcp option82 insert is configured at these interface :




dhcp option82 insert enable

dhcp snooping check user-bind
dhcp snooping alarm check user-bind enable
dhcp snooping alarm user-bind threshold 120
dhcp packet dropped by user-bind checking = 45
Run the display user-bind all command, and you can view all the static binding entries of users.
<Quidway> display user-bind all
bind-table:
ifname vsi O/I-vlan mac-address ip-address tp lease
-------------------------------------------------------------------------------
GE2/0/0 -- 3/ -- 0000-005e-008a 10.1.1.3 S 0
-------------------------------------------------------------------------------
Static binditem count: 1 Static binditem total count: 1
Run the display dhcp option82 interface command, and you can find that the function of
inserting the Option 82 field into packets is enabled on the interface.
<Quidway> display dhcp option82 interface gigabitethernet 2/0/0
----End
Configuration Files
#
sysname Quidway
#
dhcp enable
#
user-bind static ip-address 10.1.1.3 mac-address 0000-005e-008a interface
gigabitethernet 2/0/0 vlan 3
#
dhcp snooping check user-bind enable
dhcp snooping alarm user-bind enable
#
return
Example for Limiting the Rate of Sending DHCP Messages
As shown in Figure 5-157, to prevent the attacker from sending a large number of DHCP Request
messages, it is required that DHCP snooping be enabled on the S9300 to control the rate of
sending DHCP Request messages to the protocol stack. At the same time, the packet discarding
alarm function is enabled.

Figure 5-157 Networking diagram for limiting the rate for sending DHCP messages
Attacker
L2 network
GE1/0/1
L2 network L3 network
GE1/0/2 GE2/0/1
DHCP client DHCP relay
S9300
DHCP server
1. Enable DHCP snooping globally and in the interface view.
2. Set the rate of sending DHCP Request messages to the protocol stack.
Data Preparation
l Rate of sending DHCP Request messages
l Alarm threshold
NOTE
Procedure
# Enable DHCP snooping on the user-side interface. The configuration procedure of GE 1/0/2
is the same as the configuration procedure of GE 1/0/1, and is not mentioned here.

Step 2 Limit the rate for sending DHCP messages.
# Enable the checking of the rate of sending DHCP Request messages.

[Quidway] dhcp snooping check dhcp-rate enable
# Set the rate of sending DHCP Request messages.

[Quidway] dhcp snooping check dhcp-rate 90

[Quidway] dhcp snooping check dhcp-rate alarm enable

[Quidway] dhcp snooping check dhcp-rate alarm threshold 120
Run the display dhcp snooping global command on the S9300, and you can view that DHCP
snooping is enabled globally, and packet discarding alarm is enabled.
[Quidway] display dhcp snooping global
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 90
dhcp snooping check dhcp-rate alarm enable
dhcp snooping check dhcp-rate alarm threshold 80

GigabitEthernet1/0/1 GigabitEthernet1/0/2

----End
Configuration Files
#
sysname Quidway
#
dhcp enable
#
#
#
return

Example for Applying DHCP Snooping on a Layer 2 Network
As shown in Figure 5-158, DHCP clients are connected to the S9300 through VLAN 10. DHCP
client1 uses the dynamically allocated IP address and DHCP client2 uses the statically configured
IP address. It is required that DHCP snooping be configured on user-side interfaces GE 1/0/0
and GE 1/0/1 of the S9300 to prevent the following type of attacks:
l Bogus DHCP server attack

l DoS attack by changing the value of the CHADDR field
l Attack by sending bogus messages to extend IP address leases
l Attack by sending a large number of DHCP Request messages
Figure 5-158 Networking diagram for configuring DHCP snooping

DHCP relay DHCP server
GE2/0/0
S9300
GE1/0/0 GE1/0/1
DHCP client1 DHCP client2

IP:10.1.1.1/24
MAC:0001-0002-0003

2. Configure interfaces to be trusted or untrusted to prevent bogus DHCP server attacks.
3. Configure the DHCP snooping binding table and check DHCP Request messages by
matching them with entries in the binding table to prevent attackers from sending bogus
DHCP messages for extending IP address leases.
4. Configure the checking of the CHADDR field in DHCP Request messages to prevent
attackers from changing the CHADDR field in DHCP Request messages.
5. Set the rate of sending DHCP Request messages to the protocol stack to prevent attackers
from sending a large number of DHCP Request messages.

6. Configure the Option 82 function and create the binding table that contains information
about the interface.
7. Configure the packet discarding alarm function and the alarm function for checking the
rate of sending packets.
Data Preparation
l VLAN that the interface belongs to being 10

l GE 1/0/0 and GE 1/0/1 configured as untrusted and GE 2/0/0 configured as trusted
l Static IP address from which packets are forwarded being 10.1.1.1/24 and corresponding
MAC address being 0001-0002-0003
l Rate of sending DHCP messages to the protocol stack being 90
l Mode of the Option 82 function being insert
l Alarm threshold of the number of discarded packets being 120
l Alarm threshold for checking the rate of sending packets being 80
NOTE
Procedure

# Enable DHCP snooping on the interface at the user side. The configuration procedure of GE
1/0/1 is the same as the configuration procedure of GE 1/0/0, and is not mentioned here.
Step 2 Configure the interface as trusted.
# Configure the interface connecting to the DHCP server as trusted and enable DHCP snooping
on all the interfaces connecting to the DHCP client. If the interface on the client side is not
configured as trusted, the default mode of the interface is untrusted after DHCP snooping is
enabled on the interface. This prevents bogus DHCP server attacks.
Step 3 Configure the checking for certain types of packets.
# Enable the checking of DHCP Request messages on the interfaces at the DHCP client side to
prevent attackers from sending bogus DHCP messages for extending IP address leases. The
configuration of GE 1/0/1 is the same as the configuration of GE 1/0/0, and is not mentioned
here.


# Enable the checking of the CHADDR field on the interfaces at the DHCP client side to prevent
attackers from changing the CHADDR field in DHCP Request messages. The configuration of
GE 1/0/1 is the same as the configuration of GE 1/0/0, and is not mentioned here.
Step 4 Configure the DHCP snooping binding table.

# If you use the static IP address, configuring DHCP snooping static entries is required.
[Quidway] user-bind static ip-address 10.1.1.1 mac-address 0001-0002-0003
Step 5 Limit the rate of sending DHCP messages.

# Check the rate of sending DHCP messages to prevent attackers from sending DHCP Request
messages.

# Configure the user-side interface to append the Option 82 field to DHCP messages. The
configuration of GE 1/0/1 is the same as the configuration of GE 1/0/0, and is not mentioned
here.

# Enable the packet discarding alarm function, and set the alarm threshold of the number of
discarded packets. The configuration of GE 1/0/1 is the same as the configuration of GE 1/0/0,
and is not mentioned here.
# Enable the alarm function for checking the rate of sending packets, and set the alarm threshold
for checking the rate of sending packets.

snooping is enabled globally. You can also view the statistics on alarms.






Run the display dhcp snooping interface command, and you can view information about DHCP
snooping on the interface.
[Quidway] display dhcp snooping interface gigabitethernet 1/0/0


Run the display user-bind all command, and you can view the static binding entries of users.
[Quidway] display user-bind all
bind-table:
-------------------------------------------------------------------------------
GE1/0/1 -- 10/ -- 0001-0002-0003 10.1.1.1 S 0
-------------------------------------------------------------------------------
Run the display dhcp option82 interface command, and you can view the configuration of
Option 82 on the interface.
[Quidway] display dhcp option82 interface gigabitethernet 1/0/0
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
dhcp enable


#
user-bind static ip-address 10.1.1.1 mac-address 0001-0002-0003 interface
#
#
#
#
return
Example for Enabling DHCP Snooping on the DHCP Relay Agent
As shown in Figure 5-159, the S9300 is connected to the DHCP server and DHCP client; the
DHCP relay function is enabled; DHCP client1 uses the dynamically allocated IP address and
DHCP client2 uses the statically configured IP address. It is required that DHCP snooping be
configured on the S9300 to prevent the following types of attacks:
l Bogus DHCP server attack
l DoS attack by changing the value of the CHADDR field
l Attack by sending bogus messages for extending IP address leases
l Attack by sending a large number of DHCP Request messages
When users log out abnormally after requesting for IP addresses, the system detects this failure
automatically, and then deletes the binding in the DHCP binding table, and notifies the DHCP
server to release IP addresses.

Figure 5-159 Networking diagram for enabling DHCP snooping on the DHCP relay agent
GE2/0/0 DHCP server
S9300
DHCP relay
GE1/0/0
DHCP client1 DHCP client2

IP:10.1.1.1/24
MAC:0001-0002-0003
2. Configure interfaces to be trusted or untrusted to prevent bogus DHCP server attacks.
3. Configure the DHCP snooping binding table and check DHCP Request messages by
matching them with entries in the binding table to prevent attackers from sending bogus
DHCP messages for extending IP address leases.
4. Configure the checking of the CHADDR field in DHCP Request messages to prevent
5. Set the rate of sending DHCP Request messages to the protocol stack to prevent attackers
from sending a large number of DHCP Request messages.
6. Configure the Option 82 function and create the binding table that contains information
about the interface.
7. Configure the packet discarding alarm function and the alarm function for checking the
rate of sending packets.
Data Preparation
l GE 1/0/0 belonging to VLAN 10 and GE 2/0/0 belonging to VLAN 20
l Static IP address from which packets are forwarded being 10.1.1.1/24 and corresponding
MAC address being 0001-0002-0003
l GE 1/0/0 configured as untrusted and GE 2/0/0 configured as trusted
l Rate of sending DHCP messages to the CPU being 90
l Mode of the Option 82 function being insert

l Alarm threshold of the number of discarded packets being 120

l Alarm threshold for checking the rate of sending packets being 80
NOTE
For the configuration of DHCP Relay, see Configuring the DHCP Relay Agent in Quidway S9300 Terabit
Routing Switch Configuration Guide - IP Service.
Procedure

# Enable DHCP snooping on the interface at the user side.

Step 2 Configure the interface as trusted.
# Configure the interface connecting to the DHCP server as trusted and enable DHCP snooping
on the interfaces connecting to the DHCP client. If the interface on the client side is not
configured as trusted, the default mode of the interface is untrusted after DHCP snooping is
enabled on the interface. This prevents bogus DHCP server attacks.
Step 3 Enable the checking for certain types of packets and configure the DHCP snooping binding table.
# Enable the checking of DHCP Request messages on the interface at the DHCP client side to
prevent attackers from sending bogus DHCP messages for extending IP address leases.
# Enable the checking of the CHADDR field on the interface at the DHCP client side to prevent
Step 4 Configure the DHCP snooping binding table.
# If you use the static IP address, configuring DHCP snooping static entries is required.
Step 5 Limit the rate of sending DHCP messages
# Check the rate of sending DHCP messages to prevent attackers from sending DHCP Request
messages.


# Configure the user-side interface to append the Option 82 field to DHCP messages.
# Enable the packet discarding alarm function, and set the alarm threshold of the number of
discarded packets.
# Enable the alarm function for checking the rate of sending packets and set the alarm threshold
for checking the rate of sending packets.
Step 8 Associate ARP with DHCP snooping.
# The system sends the ARP packet to probe the IP address that expires within the aging time
in the DHCP snooping entry and does not exist in the ARP entry. If no user is detected within
the specified number of detection times, the system deletes the binding relation in the DHCP
binding table and notifies the DHCP server to release the IP address.
[Quidway] arp dhcp-snooping-detect enable
snooping is enabled globally. You can also view the statistics on alarms.





Run the display dhcp snooping interface command, and you can view information about DHCP
snooping on the interface.


Run the display user-bind all command, and you can view the static binding entries of users.
[Quidway] display user-bind all
bind-table:
-------------------------------------------------------------------------------
GE1/0/0 -- 10/ -- 0001-0002-0003 10.1.1.1 S 0
-------------------------------------------------------------------------------
Run the display dhcp option82 interface command, and you can view the configuration of
Option 82 on the interface.
[Quidway] display dhcp option82 interface gigabitethernet 1/0/0
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
dhcp enable
#
#
#

#
arp dhcp-snooping-detect enable
#
return
5.8.3 IP Source Guard Configuration

This chapter describes the principle and configuration of IP source guard.
Example for Configuring IP Source Guard
As shown in Figure 5-160, Host A is connected to the S9300through GE 1/0/1 and Host B is
connected to the S9300 through GE 1/0/2. You need to configure the IP source guard function
on the S9300 so that Host B cannot forge the IP address and MAC address on Host A and the
IP packets from Host A can be sent to the server.
Figure 5-160 Networking diagram for configuring IP source guard

Server
S9300
GE1/0/1 GE1/0/2
Packets:
SIP:10.0.0.1/24
SMAC:2-2-2
Host A Host B (Attacker)

IP:10.0.0.1/24 IP:10.0.0.2/24
MAC:1-1-1 MAC:2-2-2
Assume that the user is configured with an IP address statically. The configuration roadmap is
as follows:
1. Enable the IP source guard function on the interfaces connected to Host A and Host B.
2. Configure the check items of IP packets.
3. Configure a static binding table.
Data Preparation

l Interface connected to Host A: GE 1/0/1; interface connected to Host B: GE 1/0/2

l Check items: IP address and MAC address
l IP address of Host A: 10.0.0.1/24; MAC address of Host A: 1-1-1
l VLAN where Host A resides: VLAN 10
NOTE
This configuration example provides only the commands related to the IP Source Guard configuration.
Procedure
Step 1 Enable the IP source guard function.
# Enable the IP source guard function on GE 1/0/1 connected to Host A.
[Quidway-GigabitEthernet1/0/1] ip source check user-bind enable
[Quidway-GigabitEthernet1/0/1] ip source check user-bind check-item ip-address mac-
address
# Enable the IP source guard function on GE 1/0/2 connected to Host B.

[Quidway-GigabitEthernet1/0/2] ip source check user-bind enable
[Quidway-GigabitEthernet1/0/2] ip source check user-bind check-item ip-address mac-
address
Step 2 Configure the check items of the static binding table.

# Configure Host A in the static binding table.

Run the display user-bind all command on the S9300 to view information about the binding
table.
<Quidway> display user-bind all
bind-table:
-------------------------------------------------------------------------------
GE1/0/1 -- 10/ -- 0001-0001-0001 10.0.0.1 S 0
-------------------------------------------------------------------------------
The preceding information indicates that Host A exists in the static binding table, whereas Host
B does not exist.
----End
Configuration Files
#
sysname Quidway
#
GigabitEthernet 1/0/1 vlan 10
#
ip source check user-bind enable

ip source check user-bind check-item ip-address mac-address

#
ip source check user-bind enable
ip source check user-bind check-item ip-address mac-address
#
return
5.8.4 ARP Security Configuration

This chapter describes the principle and configuration of ARP security features.
Example for Configuring ARP Security Functions
As shown in Figure 5-161, the S9300 is connected to a server through GE 1/0/3 and is connected
to four users in VLAN 10 and VLAN 20 through GE 1/0/1 and GE 1/0/2. There are the following
ARP attacks on the network:
l The server may send several packets with an unreachable destination IP address, and the
number of these packets is larger than the number of packets from common users.
l After virus attacks occur on User 1, a large number of ARP packets are sent. Among these
packets, the source IP address of certain ARP packets changes on the local network segment
and the source IP address of certain ARP packets is the same as the IP address of the
gateway.
l User 3 constructs a large number of ARP packets with a fixed IP address to attack the
network.
l User 4 constructs a large number of ARP packets with an unreachable destination IP address
to attack the network.
It is required that ARP security functions be configured on the S9300 to prevent the preceding
attacks. The suppression rate of ARP Miss packets set on the server should be greater than the
suppression rate of other users.
Figure 5-161 Networking diagram for configuring ARP security functions

S9300
GE1/0/3
Server GE1/0/1 GE1/0/2
VLAN10 VLAN20
User1 User2 User3 User4

1. Enable strict ARP learning.
2. Enable interface-based ARP entry restriction.
3. Enable the ARP anti-spoofing function.
4. Enable the ARP anti-attack function for preventing ARP packets with the bogus gateway
address.
5. Configure the rate suppression function for ARP packets.
6. Configure the rate suppression function for ARP Miss packets.
7. Enable log and alarm functions for potential attacks.
Data Preparation
l Number of limited ARP entries on the interface being 20
l Anti-spoofing mode used to prevent attacks that is initiated by User 1 being fixed-mac
l IP address of the server being 2.2.2.2/24
l IP address of User 4 that sends a large number of ARP packets being 2.2.4.2/24
l Maximum suppression rate for ARP packets of User 4 being 200 pps and maximum
suppression rate for ARP packets of other users being 300 pps
l Maximum suppression rate for ARP Miss packets of common users being 400 pps and
maximum suppression rate for ARP Miss packets on the server being 1000 pps
l Interval for writing an ARP log and sending an alarm being 30 seconds
Procedure
Step 1 Enable strict ARP learning.
[Quidway] arp learning strict
Step 2 Configure interface-based ARP entry restriction.

# The number of limited ARP entries on each interface is 20. The following lists the configuration
of GE 1/0/1, and the configurations of other interfaces are the same as the configuration of GE
1/0/1.
[Quidway-GigabitEthernet1/0/1] arp-limit vlan 10 maximum 20
Step 3 Enable the ARP anti-spoofing function.

# Set the ARP anti-spoofing mode to fixed-mac to prevent ARP spoofing attacks initiated by
User 1.
[Quidway] arp anti-attack entry-check fixed-mac enable
Step 4 Enable the ARP anti-attack function for preventing ARP packets with the bogus gateway
address.

# Enable the ARP anti-attack function for preventing ARP packets with the bogus gateway
address to prevent User 1 from sending ARP packets with the bogus gateway address.
[Quidway] arp anti-attack gateway-duplicate enable
Step 5 Configure the rate suppression function for ARP packets.

# Set the suppression rate for ARP packets sent by User 4 to 200 pps. To prevent all users from
sending a large number of ARP packets incorrectly, set the suppression rate for ARP packets of
the system to 300 pps.
[Quidway] arp speed-limit source-ip maximum 300
[Quidway] arp speed-limit source-ip 2.2.2.4 maximum 200
Step 6 Configure the rate suppression function for ARP Miss packets.
# Set the suppression rate for ARP Miss packets of the system to 400 pps to prevent users from
sending a large number of IP packets with an unreachable destination IP address.
[Quidway] arp-miss speed-limit source-ip maximum 400
# Set the suppression rate for ARP Miss packets on the server to 1000 pps to prevent the server
from sending a large number of IP packets with an unreachable destination IP address, and to
prevent communication on the network when the rate for the server to send IP packets with an
unreachable destination IP address is not as required.
[Quidway] arp-miss speed-limit source-ip 2.2.2.2 maximum 1000
Step 7 Enable log and alarm functions for potential attacks.

[Quidway] arp anti-attack log-trap-timer 30

After the configuration, run the display arp learning strict command, and you can view
information about strict ARP learning.
<Quidway> display arp learning strict
The global configuration:arp learning strict
interface LearningStrictState
------------------------------------------------------------
------------------------------------------------------------
Total:0
force-enable:0
force-disable:0
You can use the display arp-limit command to check the maximum number of ARP entries
learned by the interface.
<Quidway> display arp-limit interface GigabitEthernet1/0/1
interface LimitNum VlanID LearnedNum(Mainboard)
---------------------------------------------------------------------------
GigabitEthernet1/0/1 20 10 0
---------------------------------------------------------------------------
Total:1
You can use the display arp anti-attack configuration all command to check the configuration
of ARP anti-attack.
<Quidway> display arp anti-attack configuration all
ARP anti-attack entry-check mode: fixed-MAC
ARP gateway-duplicate anti-attack function: enabled
ARP anti-attack log-trap-timer: 30seconds

(The log and trap timer of speed-limit, default is 0 and means disabled.)

ARP speed-limit for source-IP configuration:

IP-address suppress-rate(pps)(rate=0 means function disabled)
------------------------------------------------------------------------
2.2.4.2 200
Others 300
------------------------------------------------------------------------
1 specified IP addresses are configured, spec is 1024 items.
ARP miss speed-limit for source-IP configuration:

IP-address suppress-rate(pps)(rate=0 means function disabled)
------------------------------------------------------------------------
2.2.2.2 1000
Others 400
------------------------------------------------------------------------
1 specified IP addresses are configured, spec is 1024 items.
You can use the display arp packet statistics command to view the number of discarded ARP
packets and the number of learned ARP entries. In addition, you can also use the display arp
anti-attack gateway-duplicate item command to view information about attacks from the
packets with the forged gateway address on the current network.
<Quidway> display arp packet statistics
ARP Pkt Received: sum 167
ARP Learnt Count: sum 8
ARP Pkt Discard For Limit: sum 5
ARP Pkt Discard For SpeedLimit: sum 0
ARP Pkt Discard For Other: sum 3
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10 20 30
#
arp speed-limit source-ip maximum 300
arp-miss speed-limit source-ip maximum 400
arp learning strict
arp anti-attack log-trap-timer 30
#
arp anti-attack entry-check fixed-mac enable
arp anti-attack gateway-duplicate enable
arp-miss speed-limit source-ip 2.2.2.2 maximum 1000
arp speed-limit source-ip 2.2.4.2 maximum 200
#
arp-limit vlan 10 maximum 20
#
#
#
return
Example for Configuring ARP Anti-Attack to Prevent Man-in-the-Middle Attacks

As shown in Figure 5-162, two users are connected to the S9300 through GE 1/0/1 and GE 1/0/2
respectively. Assume that the user connected to GE 1/0/2 is an attacker. To prevent the man-in-
the-middle attacks, you can configure the IP source guard function. After the IP source guard
function is configured on the S9300, the S9300 checks the IP packets according to the binding
table. Only the IP packets that match the content of the binding table can be forwarded; the other
IP packets are discarded. In addition, you can enable the alarm function for discarded packets.
Figure 5-162 Networking diagram for prevent man-in-the-middle attacks
Attacker
S9300
GE1/0/2
GE1/0/1
Server
IP:10.0.0.1/24
MAC:1-1-1
Client VLAN ID:10
1. Enable the IP source guard function.

2. Configure the check items for ARP packets.
3. Configure a static binding table.
4. Enable the alarm function for discarded packets.
Data Preparation
l Interfaces enabled with IP source guard: GE 1/0/1 and GE 1/0/2

l Check items: IP address + MAC address
l Alarm threshold of the number of discarded ARP packets: 80
l IP address of the client configured in the static binding table: 10.0.0.1/2; MAC address:
1-1-1; VLAN ID: 10
Procedure
Step 1 Configure the IP source guard function.
# Enable the IP source guard function on GE 1/0/1 connected to the client.


[Quidway-GigabitEthernet1/0/1] arp anti-attack check user-bind enable
[Quidway-GigabitEthernet1/0/1] arp anti-attack check user-bind check-item ip-
address mac-address
# Enable the IP source guard function on GE 1/0/2 connected to the attacker.

[Quidway-GigabitEthernet1/0/2] arp anti-attack check user-bind enable
[Quidway-GigabitEthernet1/0/2] arp anti-attack check user-bind check-item ip-
address mac-address
Step 2 Configure the check items of the static binding table.

# Configure Client in the static binding table.
Step 3 Configure the alarm function for discarded packets.

# Set the alarm threshold of the ARP packets discarded because they do not match the binding
table.
[Quidway] arp anti-attack check user-bind alarm threshold 80

Run the display this command, and you can view the global alarm threshold set for the ARP
packets discarded because they do not match the binding table. The alarm threshold takes effect
on all interfaces.
<Quidway> display this
#
arp anti-attack check user-bind alarm threshold 80
Run the display arp anti-attack check user-bind interface command, and you can view the
configuration of the IP source guard function on the interface.
<Quidway> display arp anti-attack check user-bind interface gigabitethernet 1/0/1
arp anti-attack check user-bind enable
arp anti-attack check user-bind alarm enable
ARP packet drop count = 0
<Quidway> display arp anti-attack check user-bind interface gigabitethernet 1/0/2

arp anti-attack check user-bind alarm enable
ARP packet drop count = 20
The preceding information indicates that GE 1/0/1 does not discard ARP packets, whereas GE
1/0/2 has discarded ARP packets. It indicates that the anti-attack function takes effect.
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
arp anti-attack check user-bind alarm threshold 80
#

#
arp anti-attack check user-bind check-item ip-address mac-address
#
arp anti-attack check user-bind check-item ip-address mac-address
#
return
5.8.5 Traffic Suppression Configuration

This chapter describes the principle and configuration of traffic suppression .
Example for Configuring Traffic Suppression
As shown in Figure 5-163, the S9300 is connected to the Layer 2 network and Layer 3 router.
To limit the number of broadcast, multicast, or unknown unicast packets forwarded on the Layer
2 network, you can configure traffic suppression on GE 1/0/2.
Figure 5-163 Networking diagram for configuring traffic suppression
GE1/0/2 GE1/0/3
S9300
Configure traffic suppression in the interface view of GE 1/0/2.
Data Preparation
l GE 1/0/2 where traffic suppression is configured
l Traffic suppression for broadcast and unknown unicast packets based on the bit rate
l Traffic suppression for multicast packets based on the rate percentage
l Maximum rate of broadcast and unknown unicast packets being 100 kbit/s after traffic
suppression is configured
l Maximum rate of multicast packets being 80 percent of the interface rate after traffic
suppression is configured

Procedure
Step 1 Enter the interface view.
Step 2 Configure traffic suppression for broadcast packets.

[Quidway-GigabitEthernet1/0/2] broadcast-suppression cir 100
Step 3 Configure traffic suppression for multicast packets.

[Quidway-GigabitEthernet1/0/2] multicast-suppression 80
Step 4 Configure traffic suppression for unknown unicast packets.

[Quidway-GigabitEthernet1/0/2] unicast-suppression cir 100
Run the display flow-suppression interface command, and you can view the configuration of
traffic suppression on GE 1/0/2.
<Quidway> display flow-suppression interface gigabitethernet 1/0/2
storm type rate mode set rate value
-------------------------------------------------------------------------------
unknown-unicast bps cir: 100(kbit/s), cbs: 18800(byte)
multicast percent percent: 80%
broadcast bps cir: 100(kbit/s), cbs: 18800(byte)
-------------------------------------------------------------------------------
----End
Configuration Files
#
sysname Quidway
#
unicast-suppression cir 100 cbs 18800
broadcast-suppression cir 100 cbs 18800
#
return
Example for Adding a Whitelist Item to the CPU
As shown in Figure 5-164, the S9300 is connected to the Layer 2 network and Layer 3 router.
To ensure that users on the Layer 2 network can first access the S9300, you can configure
whitelist items that contain MAC addresses, VLAN IDs, and interfaces of the users.
Figure 5-164 Networking diagram for sending a whitelist item to the CPU
GE1/0/2 GE1/0/3
S9300

Configure the whitelist item in the system view of the S9300.
Data Preparation
l MAC address of the whitelist user: 00e0-fc5e-008a

l User access interface: GE 1/0/2
l ID of the VLAN that the user belongs to: VLAN 10
Procedure
Step 1 Enter the system view.
Step 2 Configure a whitelist item.

[Quidway] whitelist item 00e0-fc5e-008a interface gigabitethernet 1/0/2 vlan 10

<Quidway> display whitelist item verbose
Interface MAC address VLAN ID
------------------------------------------------------------------------------
GigabitEthernet1/0/2 00e0-fc5e-008a 10
------------------------------------------------------------------------------
Table Size: 32. Used item: 1. Free to use: 31.
----End
Configuration Files
#
sysname Quidway
#
whitelist item 00e0-fc5e-008a interface gigabitethernet 1/0/2 vlan 10
#
return
5.8.6 IP Source Trail Configuration

This chapter describes the principle of IP source trail, and provides configuration methods and
examples of IP source trail.
Example for Configuring IP Source Trail
As shown in Figure 5-165, User A is connected to GE 1/0/1 on the S9300. It is required that IP
source trail be enabled on the S9300 so that the attack source can be traced after User A suffers
from DoS attacks.

Figure 5-165 Networking diagram for configuring IP source trail
GE1/0/1
ISP
UserA S9300
10.0.0.3
Configure IP source trail in the system view of the S9300.
Data Preparation
l Interface connecting the S9300 and the user host: GE 1/0/1
l IP address of the attacked user host: 10.0.0.3
Procedure
Step 1 Configure IP source trail based on the destination IP address.
[Quidway] ip source-trail ip-address 10.0.0.3

Run the display ip source-trail ip-address ip-address command, and you can view the trace
result of 10.0.0.3.
<Quidway> display ip source-trail ip-address 10.0.0.3
Destination Address: 10.0.0.3
SrcAddr SrcIF Bytes Pkts Bits/s Pkts/s
----------------------------------------------------------------------
192.10.1.11 GE1/0/2 4.825M 107.420K 5.223M 14.535K
101.1.1.17 GE2/0/1 4.433M 98.708K 5.223M 14.537K
101.1.1.5 GE2/0/1 2.868M 63.861K 5.227M 14.546K
198.19.1.9 GE3/0/1 2.215M 49.339K 5.230M 14.553K
198.19.1.3 GE3/0/1 1001.083K 21.762K 5.248M 14.605K
----End
Configuration Files
#
sysname Quidway
#
ip source-trail ip-address 10.0.0.3
#
return
5.8.7 URPF Configuration

This chapter describes the principle of Unicast Reverse Path Forwarding (URPF), and provides
configuration methods and examples of URPF.

Example for Configuring URPF
As shown in Figure 5-166, the S9300 is connected to the router of the ISP through GE 1/0/0
and is connected to the user network through GE 2/0/0. To protect the S9300 against the attack
based on the source address at the user side, you need to enable the URPF check function and
matching of the default route on the S9300.
Figure 5-166 Networking diagram for configuring URPF
GE2/0/0 GE1/0/0
User network ISP
S9300
Enable URPF on user side interface GE 2/0/0 of the S9300.
Data Preparation
l URPF strict check mode
NOTE
As shown in Figure 5-166, the networking of symmetric routes is adopted. URPF strict check is
recommended in the case of symmetric routes.
The URPF takes effect when the unicast route functions normally. The following configuration
procedure lists only URPF-related configurations, and the configurations of IP addresses and
unicast route are not mentioned.
Procedure
Step 1 Enable URPF on an LPU.
[Quidway] urpf slot 2
Step 2 Set the URPF check mode on an interface.

[Quidway-GigabitEthernet2/0/0] urpf strict allow-default-route

Run the display this command in the view of GE 2/0/0 to view the URPF configuration.
[Quidway-GigabitEthernet2/0/0] display this
#

urpf strict allow-default-route
#
return
----End
Configuration Files
#
sysname Quidway
#
urpf slot 2
#
urpf strict allow-default-route
#
return
5.8.8 ACL Configuration

This chapter describes how to configure the Access Control List (ACL).
Example for Configuring a Basic ACL
As shown in Figure 5-167, GE 1/0/1 of the S9300 is connected to the user, and GE 2/0/1 is
connected to the upstream router. To prevent source address spoofing, you need to configure
strict URPF check on GE 1/0/1 and GE 2/0/1. In addition, it is required that the S9300 trusts the
packets from user A whose IP address is 10.0.0.2/24. In this case, you also need to disable URPF
check for the packets sent by user A.
Figure 5-167 Networking diagram for disabling URPF for the specified traffic
PC A
IP:10.0.0.2/24
GE1/0/1 GE2/0/1
S9300
PC B
1. Configure the URPF function.

2. Configure the ACL.

3. Configure the traffic classifier.
4. Configure the traffic behavior.
5. Configure the traffic policy.
6. Apply the traffic policy to an interface.
Data Preparation
l Interfaces enabled with URPF: GE 1/0/1 and GE 2/0/1

l ACL number: 2000
l IP address of user A: 10.0.0.2/24
l Names of traffic classifier, traffic behavior, and traffic policy: tc1, tb1, and tp1
l Interface where the traffic policy is applied: GE 1/0/1
Procedure
Step 1 Configure the URPF function.
# Enable the URPF function on the LPU.

# Configure the URPF mode on the interface.

[Quidway-GigabitEthernet1/0/1] urpf strict
[Quidway-GigabitEthernet2/0/1] urpf strict
Step 2 Configure the traffic classifier that is based on the ACL rules.
# Define the ACL rules.

[Quidway] acl 2000
[Quidway-acl-basic-2000] rule permit source 10.0.0.2 0.0.0.255
[Quidway-acl-basic-2000] quit
# Configure the traffic classifier and define the ACL rules.

[Quidway] traffic classifier tc1
[Quidway-classifier-tc1] if-match acl 2000
[Quidway-classifier-tc1] quit
Step 3 Configure the traffic behavior.
# Define the traffic behavior and disable the URPF function in the traffic behavior view.
[Quidway] traffic behavior tb1
[Quidway-behavior-tb1] ip uprf disable
[Quidway-behavior-tb1] quit
Step 4 Configure the traffic policy.

# Define the traffic policy and associate the traffic classifier and traffic behavior with the traffic
policy.
[Quidway] traffic policy tp1
[Quidway-trafficpolicy-tp1] classifier tc1 behavior tb1
[Quidway-trafficpolicy-tp1] quit
# Apply the traffic policy to GE 1/0/1.

[Quidway-GigabitEthernet1/0/1] traffic-policy tp1 inbound

# Check the configuration of the ACL rules.
<Quidway> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 10.0.0.0 0.0.0.255 (0 times matched)

<Quidway> display traffic classifier user-defined
Classifier: tc1
Precedence: 20
Operator: OR
Rule(s) : if-match acl 2000

<Quidway> display traffic policy user-defined tp1
Policy: tp1
Behavior: be
-none-
Classifier: tc1
Behavior: tb1
statistic: enable
urpf switch: off
----End
Configuration Files
#
sysname Quidway
#
urpf slot 1
urpf slot 2
#
acl number 2000
#
traffic classifier tc1 operator or precedence 20
if-match acl 2000
#
traffic behavior tb1
statistic enable
ip urpf disable
#
traffic policy tp1
classifier tc1 behavior tb1
#

urpf strict
traffic-policy tp1 inbound
#
urpf strict
#
return
5.9 Configuration Guide - MPLS

This document describes MPLS configurations supported by theS9300, including the principle
and configuration procedures of static LSPs, MPLS LDP, MPLS TE, and MPLS common
features, and provides configuration examples. In the appendix, terms and abbreviations of
MPLS are listed.
NOTE
l The MPLS function of the S9300 is controlled by the license. By default, the MPLS function is
disabled on the S9300. To use the MPLS function of the S9300,buy the license from the Huawei
local office.
l The G24SA,G24CA and X12SA boards do not support the MPLS function.
5.9.1 Static LSP Configuration

This chapter describes the principle of static Link Switched Paths (LSPs), and provides
configuration procedures and configuration examples of static LSPs and static Bidirectional
Forwarding Detection (BFD) for static LSPs.
5.9.2 MPLS LDP Configuration
This chapter describes the principle of Multiprotocol Label Switching (MPLS) Link Distribution
Protocol (LDP), and provides configuration procedures and configuration examples of the LDP
session, dynamic LDP Link Switched Path (LSP), LDP multi-instance, static Bidirectional
Forwarding Detection (BFD) for LDP LSPs, dynamic BFD for LDP LSPs, LDP Fast Reroute
(FRR), synchronization of LDP and an Interior Gateway Protocol (IGP), and LDP Graceful
Restart (GR).
5.9.3 MPLS TE Configuration
This chapter describes the principle of Multiprotocol Label Switching (MPLS) Traffic
Engineering (TE), and provides the configuration procedures and configuration examples of the
static MPLS TE tunnel, the Resource Reservation Protocol (RSVP)-TE tunnel, optimization of
the RSVP-TE tunnel, RSVP authentication, the adjusting of the establishment of Constraint-
based Routed LSPs (CR-LSPs), the adjusting of the establishment of MPLS TE tunnels, the
adjusting of MPLS TE traffic forwarding, TE traffic rate limit, MPLS TE Fast Reroute (FRR),
MPLS TE auto FRR, CR-LSP backup, RSVP Graceful Restart (GR), static Bidirectional
Forwarding Detection (BFD) for CR-LSPs, static BFD for TE tunnels, dynamic BFD for CR-
LSPs, dynamic BFD for RSVP-TE tunnels, and Link Distribution Protocol (LDP) over TE.
5.9.4 MPLS Common Configuration
This chapter describes the principle and applications of Multiprotocol Label Switching (MPLS)
common features, and provides configuration procedures and configuration examples of
processing modes of MPLS TTL, load balancing of MPLS Layer 3 forwarding, Policy-based
Routing (PBR) to the Link Switched Path (LSP) on a public network, and MPLS optimization.
5.9.5 MPLS OAM Configuration
This chapter describes the principle of Multiprotocol Label Switching (MPLS) Operation,
Administration, and Maintenance (OAM), and provides configuration procedures and
configuration examples of protection switching and remote link state advertisement.

5.9.1 Static LSP Configuration

This chapter describes the principle of static Link Switched Paths (LSPs), and provides
configuration procedures and configuration examples of static LSPs and static Bidirectional
Forwarding Detection (BFD) for static LSPs.
Example for Configuring Static LSPs
As shown in Figure 5-168, the nodes support MPLS and OSPF as an IGP is run on the MPLS
backbone network.
Bidirectional static LSPs are set up between S9300_A and S9300_D. The LSP from S9300_A
to S9300_D is S9300_A → S9300_B → S9300_D; the LSP from S9300_D to S9300_A is
S9300_D → S9300_C → S9300_A.
Figure 5-168 Networking diagram for configuring static LSPs

Loopback1
2.2.2.9/32
/ 0
1/0 GE
2/0
GE / 0
Loopback1 S9300_B Loopback1
1.1.1.9/32 4.4.4.9/32
/ 0 GE
1/0 1/0
GE / 0
S9300_A GE / 0 S9300_D
2/0
/ 2/0
0 GE
S9300_C
GE /0
1/0
/ 2/0
0 GE
Loopback1
3.3.3.9/32

S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 2/0/0 VLANIF 30 10.3.1.1/24
S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24

GE 2/0/0 VLANIF 20 10.2.1.1/24

S9300_C GE 1/0/0 VLANIF 30 10.3.1.2/24
GE 2/0/0 VLANIF 40 10.4.1.1/24
S9300_D GE 1/0/0 VLANIF 20 10.2.1.2/24
GE 2/0/0 VLANIF 40 10.4.1.2/24
1. Create VLANs on the S9300 and add interfaces to the VLANs.
2. Assign an IP address to each VLANIF interface on each node and assign the loopback
address used as the LSR ID, and configure OSPF to advertise the network segments that
the interfaces are connected to and the host route of the LSR ID.
3. Enable MPLS globally on each node.
4. Enable MPLS on each VLANIF interface.
5. Configure the destination IP address, next hop, value of the outgoing label for the LSP on
the ingress node.
6. Configure the incoming interface, value of the incoming label corresponding to the
outgoing label of the last node, and next hop and value of the outgoing label of the LSP on
the transit node.
7. Configure the incoming interface and value of the incoming label corresponding to the
outgoing label of the last node of the LSP on the egress node.
Data Preparation
l IP address of each interface on each node shown in Figure 5-168, OSPF process ID, and
OSPF area ID
l Name of the static LSP
l Value of the outgoing label on each interface
Procedure
Step 1 Create VLANs on the S9300 and add GE interfaces to the VLANs, create VLANIF interfaces,
and assign IP addresses to the VLANIF interfaces.
# Configure S9300_A..
[Quidway] sysname S9300_A
[S9300_A] interface loopback1
[S9300_A-LoopBack1] ip address 1.1.1.9 32
[S9300_A-LoopBack1] quit
[S9300_A] interface gigabitethernet1/0/0

[S9300_A-GigabitEthernet1/0/0] port link-type access

[S9300_A-GigabitEthernet1/0/0] quit
[S9300_A] vlan 10
[S9300_A-vlan10] port gigabitethernet1/0/0
[S9300_A-vlan10] quit
[S9300_A] interface vlanif 10
[S9300_A-Vlanif10] ip address 10.1.1.1 24
[S9300_A-Vlanif10] quit
[S9300_A] vlan 30
# Configure S9300_B.
[Quidway] sysname S9300_B
[S9300_B] interface loopback1
[S9300_B-LoopBack1] ip address 2.2.2.9 32
[S9300_B] interface gigabitethernet1/0/0
[S9300_B-GigabitEthernet1/0/0] port link-type access
[S9300_B-GigabitEthernet1/0/0] quit
[S9300_B-LoopBack1] quit
[S9300_B] vlan 10
[S9300_B-vlan10] port gigabitethernet1/0/0
[S9300_B-vlan10] quit
[S9300_B] interface vlanif 10
[S9300_B-Vlanif10] ip address 10.1.1.2 24
[S9300_B-Vlanif10] quit
[S9300_B] vlan 20
# Configure S9300_C.
[Quidway] sysname S9300_C
[S9300_C] interface loopback1
[S9300_C-LoopBack1] ip address 3.3.3.9 32
[S9300_C-LoopBack1] quit
[S9300_C] interface gigabitethernet1/0/0
[S9300_C-GigabitEthernet1/0/0] port link-type access
[S9300_C-GigabitEthernet1/0/0] quit
[S9300_C] vlan 30
[S9300_C-vlan30] port gigabitethernet1/0/0
[S9300_C-vlan30] quit
[S9300_C] interface vlanif 30
[S9300_C-Vlanif30] ip address 10.3.1.2 24
[S9300_C-Vlanif30] quit
[S9300_C] vlan 40

# Configure S9300_D.
[Quidway] sysname S9300_D
[S9300_D] interface loopback1
[S9300_D-LoopBack1] ip address 4.4.4.9 32
[S9300_D-LoopBack1] quit
[S9300_D] interface gigabitethernet1/0/0
[S9300_D-GigabitEthernet1/0/0] port link-type access
[S9300_D-GigabitEthernet1/0/0] quit
[S9300_D] vlan 20
[S9300_D-vlan20] port gigabitethernet1/0/0
[S9300_D-vlan20] quit
[S9300_D] interface vlanif 20
[S9300_D-Vlanif20] ip address 10.2.1.2 24
[S9300_D-Vlanif20] quit
[S9300_D] interface gigabitethernet2/0/0
[S9300_D-GigabitEthernet2/0/0] port link-type access
[S9300_D-GigabitEthernet2/0/0] quit
[S9300_D] vlan 40
[S9300_D-vlan40] port gigabitethernet2/0/0
[S9300_D-vlan40] quit
[S9300_D] interface vlanif 40
[S9300_D-Vlanif40] ip address 10.4.1.2 24
Step 2 Configure OSPF to advertise the network segments that the interfaces are connected to and the
host route of the LSR ID.
# Configure S9300_A.
[S9300_A] ospf 1
[S9300_A-ospf-1] area 0
[S9300_A-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[S9300_A-ospf-1-area-0.0.0.0] quit
[S9300_A-ospf-1] quit
[S9300_B] ospf 1
[S9300_B-ospf-1] area 0
[S9300_B-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[S9300_B-ospf-1-area-0.0.0.0] quit
[S9300_B-ospf-1] quit
[S9300_C] ospf 1
[S9300_C-ospf-1] area 0
[S9300_C-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[S9300_C-ospf-1-area-0.0.0.0] quit
[S9300_C-ospf-1] quit
[S9300_D] ospf 1
[S9300_D-ospf-1] area 0
[S9300_D-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[S9300_D-ospf-1-area-0.0.0.0] quit
[S9300_D-ospf-1] quit

After the configuration, run the display ip routing-table command on each node. You can view
that the nodes learn the routes from each other.
Take the display on S9300_A as an example.

[S9300_A] display ip routing-table
------------------------------------------------------------------------------
2.2.2.9/32 OSPF 10 2 D 10.1.1.2 Vlanif10
3.3.3.9/32 OSPF 10 2 D 10.3.1.2 Vlanif30
4.4.4.9/32 OSPF 10 3 D 10.1.1.2 Vlanif10
OSPF 10 3 D 10.3.1.2 Vlanif30
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
10.2.1.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
10.3.1.0/24 Direct 0 0 D 10.3.1.1 Vlanif30
10.3.1.2/32 Direct 0 0 D 10.3.1.2 Vlanif30
10.4.1.0/24 OSPF 10 2 D 10.3.1.2 Vlanif30
The next hop of the static LSP on 4.4.4.9/32 from S9300_A to S9300_D is determined by the
routing table. It is shown in boldface. In this example, the next hop IP address is 10.1.1.2/30.
Take the display on S9300_D as an example.

[S9300_D] display ip routing-table
------------------------------------------------------------------------------
1.1.1.9/32 OSPF 10 3 D 10.2.1.1 Vlanif20
OSPF 10 3 D 10.4.1.1 Vlanif40
2.2.2.9/32 OSPF 10 2 D 10.2.1.1 Vlanif20
3.3.3.9/32 OSPF 10 2 D 10.4.1.1 vlanif40
10.1.1.0/24 OSPF 10 2 D 10.2.1.1 Vlanif20
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif20
10.2.1.1/32 Direct 0 0 D 10.2.1.1 Vlanif20
10.3.1.0/24 OSPF 10 2 D 10.4.1.1 vlanif40
10.4.1.0/24 Direct 0 0 D 10.4.1.2 vlanif40
10.4.1.1/32 Direct 0 0 D 10.4.1.1 vlanif40
The next hop of the static LSP on 1.1.1.9/32 from S9300_D to S9300_A is determined by the
routing table. It is shown in boldface. In this example, the next hop IP address is 10.4.1.1/24.
Step 3 Enable basic MPLS functions on each node.
[S9300_A] mpls lsr-id 1.1.1.9
[S9300_A] mpls
[S9300_A-mpls]

[S9300_B] mpls lsr-id 2.2.2.9

[S9300_B] mpls
[S9300_B-mpls]
[S9300_C] mpls lsr-id 3.3.3.9
[S9300_C] mpls
[S9300_C-mpls]
[S9300_D] mpls lsr-id 4.4.4.9
[S9300_D] mpls
[S9300_D-mpls]
Step 4 Enable MPLS on each interface.
[S9300_A] interface Vlanif 10
[S9300_A-Vlanif10] mpls
[S9300_A] interface Vlanif 30
[S9300_B] interface Vlanif 10
[S9300_B-Vlanif10] mpls
[S9300_C] interface Vlanif 30
[S9300_C-Vlanif30] mpls
[S9300_C] interface Vlanif 40
[S9300_D] interface Vlanif 20
[S9300_D-Vlanif20] mpls
[S9300_D] interface Vlanif 40
[S9300_D-Vlanif40] mpls
Step 5 Create a static LSP from S9300_A to S9300_D.
# Configure ingress node S9300_A.

[S9300_A] static-lsp ingress SAtoSD destination 4.4.4.9 32 nexthop 10.1.1.2 out-
label 20
# Configure transit node S9300_B.

[S9300_B] static-lsp transit SAtoSD incoming-interface vlanif 10 in-label 20
nexthop 10.2.1.2 out-label 40
# Configure egress node S9300_D.

[S9300_D] static-lsp egress SAtoSD incoming-interface vlanif 20 in-label 40

After the configuration, run the display mpls static-lsp command on each node to view the
status of the static LSP. Take the display on S9300_A as an example.
[S9300_A] display mpls static-lsp
TOTAL : 1 STATIC LSP(S)
UP : 1 STATIC LSP(S)
DOWN : 0 STATIC LSP(S)
Name FEC I/O Label I/O If Stat
SAtoSD 4.4.4.9/32 NULL/20 -/Vlanif10 Up
The LSP is unidirectional, you need to configure a static LSP from S9300_D to S9300_A.
Step 6 Create a static LSP from S9300_D to S9300_A.
# Configure ingress node S9300_D.

[S9300_D] static-lsp ingress SDtoSA destination 1.1.1.9 32 nexthop 10.4.1.1 out-
label 30
# Configure transit node S9300_C.

[S9300_C] static-lsp transit SDtoSA incoming-interface vlanif 40 in-label 30
# Configure egress node S9300_A.

[S9300_A] static-lsp egress SDtoSA incoming-interface vlanif 30 in-label 60
# After the configuration, run the ping lsp ip 1.1.1.9 32 command on S9300_D, and you can
find that the LSP can be pinged.
Run the display mpls static-lsp or display mpls static-lsp verbose command on each node to
check the status and detailed information about the static LSP. Take the display on S9300_D as
an example.
[S9300_D] display mpls static-lsp
SAtoSD -/- 40/NULL Vlanif20/- Up
SDtoSA 1.1.1.9/32 NULL/30 -/Vlanif40 Up
[S9300_D] display mpls static-lsp verbose
No : 1
LSP-Name : SAtoSD
LSR-Type : Egress
FEC : -/-
In-Label : 40
Out-Label : NULL
In-Interface : Vlanif20
Out-Interface : -
NextHop : -
Static-Lsp Type: Normal
Lsp Status : Up
No : 2
LSP-Name : SDtoSA
LSR-Type : Ingress
FEC : 1.1.1.9/32
In-Label : NULL
Out-Label : 30
In-Interface : -
Out-Interface : Vlanif40
NextHop : 10.4.1.1


Lsp Status : Up
----End
Configuration Files
l Configuration file of S9300_A
#
sysname S9300_A
#
vlan batch 10 30
#
mpls lsr-id 1.1.1.9
mpls
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
#
interface Vlanif 30
ip address 10.3.1.1 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
static-lsp ingress SAtoSD destination 4.4.4.9 32 nexthop 10.1.1.2 out-labe
20
static-lsp egress SDtoSA incoming-interface Vlanif30 in-label 60
#
return
l Configuration file of S9300_B

#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
#
#

#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
static-lsp transit SAtoSD incoming-interface Vlanif 10 in-label 20 nexthop
10.2
.1.2 out-label 40
#
return
l Configuration file of S9300_C
#
sysname S9300_C
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
mpls
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
static-lsp transit SDtoSA incoming-interface vlanif 40 in-label 30 nexthop
10.3.1.1 out-label 60
#
return
l Configuration file of S9300_D
#
sysname S9300_D
#
vlan batch 20 40
#
mpls lsr-id 4.4.4.9
mpls
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls

#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
static-lsp egress SAtoSD incoming-interface vlanif 20 in-label 40
static-lsp ingress SDtoSA destination 1.1.1.9 32 nexthop 10.4.1.1 out-label
30
#
return
Example for Configuring Static BFD for Static LSPs
l PE1, PE2, P1, and P2 are in an MPLS domain.
l Two static LSPs are set up between PE1 and PE2; P1 functions as the transit node of
LSP1 and P2 functions as the transit node of LSP2.
P and PE devices are S9300s.
It is required that the connectivity of LSP1 be detected when MPLS OAM is not used. When
the static LSP fails, PE1 can receive the defect notification within 50 ms.

Figure 5-169 Networking diagram for setting up a static LSP

Loopback1
2.2.2.2/32
P1
GE1/0/ 2
Loopback1 GE1/0/0 Loopback1
1.1.1.1/32 4.4.4.4/32
Static LSP1
GE1/0/ 0
GE1/0/0
GE1/0/ 1
GE1/0/ 1 Static LSP2
PE1 PE2
GE1/0/ 0 GE1/0/ 2
P2
Loopback1
3.3.3.3/32

PE1 GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 1/0/1 VLANIF 30 10.3.1.1/24
P1 GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 1/0/2 VLANIF 20 10.2.1.1/24
P2 GE 1/0/0 VLANIF 30 10.3.1.2/24
GE 1/0/2 VLANIF 40 10.4.1.1/24
PE2 GE 1/0/0 VLANIF 20 10.2.1.2/24
GE 1/0/1 VLANIF 40 10.4.1.2/24
1. Configure VLANIF interfaces.
2. Configure OSPF in the MPLS domain to ensure the connectivity between nodes.
3. On PE1, create a BFD session to detect the static LSP.
4. On PE2, create a BFD session to notify PE1 of defects on the static LSP.

Data Preparation
l IP address of each interface on each node
l OSPF process ID
l BFD session parameters including the configuration name and minimum intervals for
sending and receiving packets
Procedure
Step 1 Create VLANs on PE and P devices and add GE interfaces to the VLANs,create VLANIF
interfaces,and assign IP addresses to the VLANIF interfaces.
# Configure PE1.
[Quidway] sysname PE1
[PE1] interface loopback1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet1/0/0
[PE1-GigabitEthernet1/0/0] port link-type access
[PE1] vlan 10
[PE1-vlan10] port gigabitethernet1/0/0
[PE1-vlan10] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 10.1.1.1 24
[PE1-Vlanif10] quit
[PE1] vlan 30
[PE1-vlan30] quit
[PE1-Vlanif30] quit
# Configure P1.
[Quidway] sysname P1
[P1] interface loopback1
[P1-LoopBack1] ip address 2.2.2.2 32
[P1-LoopBack1] quit
[P1] interface gigabitethernet1/0/0
[P1-GigabitEthernet1/0/0] port link-type access
[P1-GigabitEthernet1/0/0] quit
[P1] vlan 10
[P1-vlan10] port gigabitethernet1/0/0
[P1-vlan10] quit
[P1] interface vlanif 10
[P1-Vlanif10] ip address 10.1.1.2 24
[P1-Vlanif10] quit
[P1] vlan 20
[P1-vlan20] quit
[P1-Vlanif20] quit

# Configure P2.
[Quidway] sysname P2
[P2] interface loopback1
[P2-LoopBack1] ip address 3.3.3.3 32
[P2-LoopBack1] quit
[P2] vlan 30
[P2-vlan30] quit
[P2-Vlanif30] quit
[P2] vlan 40
[P2-vlan40] quit
[P2-Vlanif40] quit
# Configure PE2.
[PE2] vlan 20
[PE2-vlan20] quit
[PE2-Vlanif20] quit
[PE2] vlan 40
[PE2-vlan40] quit
[PE2-Vlanif40] quit
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P1.
[P1] ospf 1
[P1-ospf-1] area 0

[P1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[P1-ospf-1-area-0.0.0.0] quit
[P1-ospf-1] quit
# Configure P2.
[P2] ospf 1
[P2-ospf-1] area 0
[P2-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
Step 3 Enable basic MPLS functions on each node.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls]
# Configure P1.
[P1] mpls lsr-id 2.2.2.2
[P1] mpls
[P1-mpls]
# Configure P2.
[P2] mpls
[P2-mpls]
# Configure PE2.
[PE2] mpls
[PE2-mpls]
# Configure PE1.
[PE1] interface Vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] quit
[PE1-Vlanif30] mpls
[PE1-Vlanif30] quit
# Configure P1.
[P1] interface Vlanif 10
[P1-Vlanif10] mpls
[P1-Vlanif10] quit

[P1-Vlanif20] mpls
[P1-Vlanif20] quit
# Configure P2.
[P2-Vlanif30] mpls
[P2-Vlanif30] quit
[P2-Vlanif40] mpls
[P2-Vlanif40] quit
# Configure PE2.
[PE2-Vlanif20] mpls
[PE2-Vlanif20] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit
Step 5 Create a static LSP named LSP1 with PE1 being the ingress node, P1 being the transit node,
and PE2 being the egress node.
# Configure ingress node PE1.
[PE1] static-lsp ingress LSP1 destination 4.4.4.4 32 nexthop 10.1.1.2 out-label 20
# Configure transit node P1.

[P1] static-lsp transit LSP1 incoming-interface vlanif 10 in-label 20 nexthop
10.2.1.2 out-label 40
# Configure egress node PE2.

[PE2] static-lsp egress LSP1 incoming-interface vlanif 20 in-label 40
Step 6 Create a static LSP named LSP2 with PE2 being the ingress node, P2 being the transit node,
and PE1 being the egress node.
# Configure ingress node PE1.
[PE1] static-lsp ingress LSP2 destination 4.4.4.4 32 nexthop 10.3.1.2 out-label 30
# Configure transit node P2.

[P2] static-lsp transit LSP2 incoming-interface vlanif 30 in-label 30 nexthop
10.4.1.2 out-label 60
# Configure egress node PE1.

[PE2] static-lsp egress LSP2 incoming-interface vlanif 40 in-label 60
After the configuration, run the ping lsp ip 4.4.4.4 32 command on PE1, and you can find that
the LSP can be pinged.
Run the display mpls static-lsp or display mpls static-lsp verbose command on each node to
check the status and detailed information about the static LSP. Take the display on PE1 as an
example:
[PE1] display mpls static-lsp
LSP1 4.4.4.4/32 NULL/20 Vlanif10/- Up
LSP2 4.4.4.4/32 NULL/30 Vlanif30/- Up
[PE1] display mpls static-lsp verbose

No : 1
LSP-Name : LSP1
LSR-Type : Ingress
FEC : 4.4.4.4/32
In-Label : -
Out-Label : 20
In-Interface : -
NextHop : 10.1.1.2
Lsp Status : Up
No : 2
LSP-Name : LSP2
LSR-Type : Ingress
FEC : 4.4.4.4/32
In-Label : NULL
Out-Label : 30
In-Interface : -
NextHop : 10.3.1.2
Lsp Status : Up
Step 7 Configure the BFD session to detect static LSP LSP1.

# On ingress node PE1, configure a BFD session, with the local discriminator as 1, the remote
discriminator as 2, and the minimal intervals for sending and receiving packets as 500 ms. The
PST can be modified.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd PE1toPE2 bind static-lsp LSP1
[PE1-bfd-lsp-session-PE1toPE2] discriminator local 1
[PE1-bfd-lsp-session-PE1toPE2] discriminator remote 2
[PE1-bfd-lsp-session-PE1toPE2] min-tx-interval 500
[PE1-bfd-lsp-session-PE1toPE2] min-rx-interval 500
[PE1-bfd-lsp-session-PE1toPE2] process-pst
[PE1-bfd-lsp-session-PE1toPE2] commit
[PE1-bfd-lsp-session-PE1toPE2] quit
# On egress node PE2, configure a BFD session to notify PE1 of defects about the static LSP.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd PE2toPE1 bind peer-ip 1.1.1.1
[PE2-bfd-session-PE2toPE1] discriminator local 2
[PE2-bfd-session-PE2toPE1] discriminator remote 1
[PE2-bfd-session-PE2toPE1] min-tx-interval 500
[PE2-bfd-session-PE2toPE1] min-rx-interval 500
[PE2-bfd-session-PE2toPE1] commit
[PE2-bfd-session-PE2toPE1] quit
# Run the display bfd session all verbose command on PE1, and you can view that the BFD
session is on PE1 Up.
[PE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4096 State : Up Name : PE1toPE2
--------------------------------------------------------------------------------
BFD Bind Type : STATIC_LSP Bind
Bind Interface : -
Static LSP name : LSP1
LSP Token : 0x10002


Actual Tx Interval (ms) : 500 Actual Rx Interval (ms) : 500
WTR Interval (ms) : - Local Demand Mode :
Disable
Active Multi : 3
Bind Application : LSPM | L2VPN | OAM_MANAGER
Session TX TmrID : 16407
Session Detect TmrID : 16408
--------------------------------------------------------------------------------
# Run the display bfd session all verbose command on PE2 to check the configuration.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Bind Interface : -
LSP Token : 0x10002
Proc Interface Status : Disable Process PST :
Disable
Disable
Active Multi : 3
--------------------------------------------------------------------------------

# Run the shutdown command on VLANIF 20 of P1 to simulate a defect on a static LSP.
[P1-Vlanif20] shutdown
# Run the display bfd session all verbose command to check the status of the BFD session.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------


Bind Interface : -
LSP Token : 0x10002
Disable
Disable
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Bind Interface : -
LSP Token : 0x10002
Disable
Disable
Active Multi : 3
Last Local Diagnostic : Neighbor Signaled Session Down
--------------------------------------------------------------------------------
----End
Configuration Files
#
sysname PE1

#
vlan batch 10 30
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bfd PE1toPE2 bind static-lsp LSP1
min-tx-interval 500
min-rx-interval 500
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
static-lsp ingress LSP1 destination 4.4.4.4 32 nexthop 10.1.1.2 out-labe 20
#
return
#
sysname P1
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
#
#
#

interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
static-lsp transit LSP1 incoming-interface Vlanif 10 in-label 20 nexthop 10.2
.1.2 out-label 40
#
return
#
sysname P2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
mpls
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
static-lsp transit LSP2 incoming-interface vlanif 30 in-label 30 nexthop
10.4.1.2 out-label 60
#
return
#
sysname PE2
#
vlan batch 20 40
#
bfd
#
mpls lsr-id 4.4.4.4
mpls
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0

mpls
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bfd PE2toPE1 bind peer-ip 1.1.1.1
min-tx-interval 500
min-rx-interval 500
commit
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
static-lsp egress LSP1 incoming-interface vlanif 20 in-label 40
static-lsp egress LSP2 incoming-interface vlanif 40 in-label 60
#
return
5.9.2 MPLS LDP Configuration

This chapter describes the principle of Multiprotocol Label Switching (MPLS) Link Distribution
Protocol (LDP), and provides configuration procedures and configuration examples of the LDP
session, dynamic LDP Link Switched Path (LSP), LDP multi-instance, static Bidirectional
Forwarding Detection (BFD) for LDP LSPs, dynamic BFD for LDP LSPs, LDP Fast Reroute
(FRR), synchronization of LDP and an Interior Gateway Protocol (IGP), and LDP Graceful
Restart (GR).
Example for Configuring Local LDP Sessions
As shown in Figure 5-170, local LDP sessions are set up between S9300_A and S9300_B, and
between S9300_B and S9300_C.
Figure 5-170 Networking diagram for configuring local LDP sessions

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
S9300_A S9300_B S9300_C

Device Interface VLANIF interface IP address

S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24
S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300_C GE 2/0/0 VLANIF 20 10.2.1.2/24
1. Create VLANs and add interfaces to the VLANs, and create VLANIF interfaces.
2. Enable global MPLS and MPLS LDP on the LSRs.
3. Enable MPLS on interfaces of the LSRs.
4. Enable MPLS LDP on interfaces of the two LSRs of the local LDP session.
Data Preparation
l IP address of each interface on each LSR shown in Figure 5-170, OSPF process ID, and
OSPF area ID
l LSR ID of each node
Procedure
[S9300_A] vlan 10


[S9300_B] vlan 10
[S9300_B] vlan 20
[S9300_C] vlan 20
[S9300_A] ospf 1
[S9300_B] ospf 1
[S9300_C] ospf 1
Step 3 Enable MPLS and MPLS LDP on each node.

[S9300_A] mpls lsr-id 1.1.1.1
[S9300_A] mpls
[S9300_A-mpls]quit
[S9300_A] mpls ldp

[S9300_B] mpls lsr-id 2.2.2.2

[S9300_B] mpls
[S9300_B-mpls]quit
[S9300_B] mpls ldp
[S9300_C] mpls lsr-id 3.3.3.3
[S9300_C] mpls
[S9300_C-mpls]
[S9300_C-mpls]quit
[S9300_C] mpls ldp

Step 5 Enable MPLS LDP on each interface.

[S9300_A-Vlanif10] mpls ldp
[S9300_B-Vlanif10] mpls ldp
[S9300_C-Vlanif20] mpls ldp

After the configuration, run the display mpls ldp session command. You can view that the status
of local LDP sessions between S9300_A and S9300_B, and between S9300_B and S9300_C is
Operational.
[S9300_A] display mpls ldp session
LDP Session(s) in Public Network

------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------

2.2.2.2:0 Operational DU Passive 000:00:22 91/91

------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
----End
Configuration Files
#
sysname S9300_A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return

#
sysname S9300_C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
Example for Configuring a Remote LDP Session
As shown in Figure 5-171, a remote LDP session is set up between S9300_A and S9300_C.
Figure 5-171 Networking diagram for configuring a remote LDP session

1.1.1.1 2.2.2.2 3.3.3.3
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
S9300_A S9300_B S9300_C

S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24

S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24

GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300_C GE 2/0/0 VLANIF 20 10.2.1.2/24
2. Enable global MPLS and MPLS LDP on each LSR.
3. Enable MPLS on interfaces of the LSRs.
4. Enable MPLS LDP on interfaces of the two LSRs of the remote LDP session.
Data Preparation
OSPF area ID
Procedure
[S9300_A] vlan 10
[S9300_A-Vlan10] port gigabitethernet1/0/0
[S9300_A-Vlan10] quit
[S9300_B] vlan 10
[S9300_B-Vlan10] port gigabitethernet1/0/0

[S9300_B-Vlan10] quit
[S9300_B] vlan 20
[S9300_B-Vlan20] port gigabitethernet2/0/0
[S9300_B-Vlan20] quit
[S9300_C] vlan 20
[S9300_C-Vlan20] port gigabitethernet2/0/0
[S9300_C-Vlan20] quit
[S9300_A] ospf 1
[S9300_B] ospf 1
[S9300_C] ospf 1
Step 3 Enable MPLS and MPLS LDP on each node.

[S9300_A] mpls lsr-id 1.1.1.1
[S9300_A] mpls
[S9300_A-mpls]quit
[S9300_A] mpls ldp
[S9300_B] mpls lsr-id 2.2.2.2
[S9300_B] mpls
[S9300_B-mpls]quit
[S9300_B] mpls ldp

[S9300_C] mpls lsr-id 3.3.3.3
[S9300_C] mpls
[S9300_C-mpls] quit
[S9300_C] mpls ldp

Step 5 Specify the name and IP address of the remote peer on the two LSRs of a remote LDP session.
[S9300_A] mpls ldp remote-peer s9300_C
[S9300_A-mpls-ldp-remote-s9300_C] remote-ip 3.3.3.3
[S9300_A-mpls-ldp-remote-s9300_C] quit
[S9300_C] mpls ldp remote-peer s9300a
[S9300_C-mpls-ldp-remote-s9300a] remote-ip 1.1.1.1
[S9300_C-mpls-ldp-remote-s9300a] quit

After the configuration, run the display mpls ldp session command on the node. You can view
that the status of the remote LDP session between S9300_A and S9300_C is Operational.
[S9300_A] display mpls ldp session

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Run the display mpls ldp remote-peer command on the two LSRs of the remote LDP session,
and you can view information about the remote peer.
[S9300_A] display mpls ldp remote-peer
LDP Remote Entity Information

------------------------------------------------------------------------------

Remote Peer Name: S9300_C

Remote Peer IP: 3.3.3.3 LDP ID: 1.1.1.1:0
Transport Address: 1.1.1.1 Entity Status: Active
Configured Keepalive Timer: 45 Sec Configured Hello Timer: 45 Sec
Negotiated Hello Timer: 45 Sec Hello Packet sent/received: 10/7
------------------------------------------------------------------------------
TOTAL: 1 Peer(s) Found.
----End
Configuration Files
#
sysname S9300_A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
mpls ldp remote-peer s9300_c
remote-ip 3.3.3.3
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0
mpls
#
#

#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return

#
sysname S9300_C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
mpls ldp remote-peer s9300_a
remote-ip 1.1.1.1
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
Example for Configuring an LDP LSP
As shown in Figure 5-172, an LDP LSP is set up between S9300_A and S9300_C.
Figure 5-172 Networking diagram for configuring an LDP LSP

1.1.1.1 2.2.2.2 3.3.3.3
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
S9300_A S9300_B S9300_C


S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24
S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300_C GE 2/0/0 VLANIF 20 10.2.1.2/24
1. Configure a local LDP session.

2. Modify the triggering policy for establishing LDP LSPs on the LSRs.
Data Preparation
OSPF area ID
l Modified the policy for triggering the establishement of LDP LSPs.
Procedure
Step 1 Configure the LDP LSP.
After the configuration in Example for Configuring an LDP LSP, all the LSRs triggers the
establishment of LDP LSPs according to the host route, which is the default triggering policy.
Run the display mpls ldp lsp command on the LSRs, and you can view that all the host routes
trigger the establishment of LDP LSPs.

[S9300_A] display mpls ldp lsp
LDP LSP Information

------------------------------------------------------------------------------
SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
------------------------------------------------------------------------------
1 1.1.1.1/32 3/NULL 127.0.0.1 Vlanif10/InLoop0
2 2.2.2.2/32 NULL/3 10.1.1.2 -------/Vlanif10
3 3.3.3.3/32 NULL/1025 10.1.1.2 -------/Vlanif10
------------------------------------------------------------------------------
TOTAL: 3 Normal LSP(s) Found.
TOTAL: 0 Liberal LSP(s) Found.
A '*' before a LSP means the LSP is not established

A '*' before a Label means the USCB or DSCB is stale

NOTE
Generally, the default triggering policy is used. That is, the establishment of an LDP LSP is triggered by
the host route. You can perform the following procedures to modify the policy for triggering the
establishement of LDP LSPs as required.
Step 2 Modify the policy for triggering the establishement of LDP LSPs.
Modify the policy for triggering the establishement of as all on the LSRs so that all the static
routes and IGP routes can trigger the establishment of the LDP LSPs.
[S9300_A] mpls
[S9300_A-mpls] lsp-trigger all
[S9300_A-mpls] quit
[S9300_B] mpls
[S9300_B-mpls] lsp-trigger all
[S9300_B-mpls] quit
[S9300_C] mpls
[S9300_C-mpls] lsp-trigger all
[S9300_C-mpls] quit

Run the display mpls ldp lsp command, and you can view the establishment of the LDP LSP.
LDP LSP Information

------------------------------------------------------------------------------
------------------------------------------------------------------------------
2 2.2.2.2/32 NULL/3 10.1.1.2 -------/Vlanif10
3 3.3.3.2/32 NULL/1025 10.1.1.2 -------/Vlanif10
4 10.2.1.0/30 NULL/3 10.1.1.2 -------/Vlanif10
------------------------------------------------------------------------------

----End
Configuration Files
#
sysname S9300_A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
lsp-trigger all
#
mpls ldp
#

interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname S9300_C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
lsp-trigger all
#

mpls ldp
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
Example for Configuring a Transit LSP Through the IP Prefix List
As shown in Figure 5-173, the LDP LSPs are set up between the nodes. S9300_B, however,
permits only the FEC of 4.4.4.9/32 to establish the transit LSP.
Figure 5-173 Networking diagram for configuring transit LSPs

Loopback0 Loopback0
2.2.2.9/32 3.3.3.9/32
S9300_B GE2/0/0 GE1/0/0

S9300_C
GE1/0/0
GE2/0/0
GE1/0/0 GE1/0/0
S9300_A S9300_D
Loopback0 Loopback0
1.1.1.9/32 4.4.4.9/32

S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24
S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300_C GE 1/0/0 VLANIF 20 10.2.1.2/24
GE 2/0/0 VLANIF 30 10.3.1.1/24

S9300_D GE 1/0/0 VLANIF 30 10.3.1.2/24
1. Create VLANs and add physical interfaces to the VLANs, and create VLANIF interfaces.
2. Configure the IP address of each interface on each node and the address of the loopback
interface used as the LSR ID, and configure OSPF to advertise the network segments that
3. Enable MPLS and MPLS LDP globally on the nodes and configure the policy for triggering
the establishment of LSPs.
4. Configure the IP prefix list for controlling the LSPs.
5. Filter the routes of transit LSPs by using the IP prefix list on transit node S9300_B.
6. Enable MPLS and MPLS LDP on each interface.
Data Preparation
OSPF area ID
l Policy for triggering the establishment of LSPs
l Name of the IP prefix list and routes to be filtered on the transit node
Procedure
Step 1 Create VLANs and add interfaces to the VLANs, and create VLANIF interfaces.
For details, see Example for Configuring a Remote LDP Session.
Step 2 Configure the IP address of each interface on each node and configure OSPF to advertise the
network segments that the interfaces are connected to and the host route of the LSR ID.
# As shown in Figure 5-173, configure the IP address and mask of each interface, including the
loopback interface, and configure OSPF to advertise the network segments that the interfaces
are connected to and the host route of the LSR ID. The configuration details are not mentioned
here.
Step 3 Configure the IP prefix list on transit node S9300_B.
# Configure the IP prefix list on transit node S9300_B to permit only 4.4.4.9/32 on S9300_D to
establish the transit LSP.
[S9300_B]ip ip-prefix FilterOnTransit permit 4.4.4.9 32
Step 4 Configure basic MPLS functions on each node and interface and enable LDP.
[S9300_A] mpls lsr-id 1.1.1.1
[S9300_A] mpls

[S9300_A-mpls] lsp-trigger all

[S9300_A-mpls] quit
[S9300_A] mpls ldp
[S9300_A-mpls-ldp] quit
[S9300_A] interface vlanif10
[S9300_B] mpls lsr-id 2.2.2.9
[S9300_B] mpls
[S9300_B-mpls] lsp-trigger all
[S9300_B-mpls] quit
[S9300_B] mpls ldp
[S9300_B-mpls-ldp] propagate mapping for ip-prefix FilterOnTransit
[S9300_B-mpls-ldp] quit
[S9300_B] interface Vlanif10
[S9300_B] interface Vlanif20
The configurations of S9300_C and S9300_D are similar to the configuration of S9300_A, and
Run the display mpls ldp lsp command, and you can view the establishment of the LDP LSPs.
# Check the LDP LSP on S9300_A.
LDP LSP Information
------------------------------------------------------------------------------
------------------------------------------------------------------------------
2 2.2.2.9/32 NULL/3 10.1.1.2 -------/Vlanif10
3 4.4.4.9/32 NULL/1027 10.1.1.2 -------/Vlanif10
4 10.2.1.0/24 NULL/3 10.1.1.2 -------/Vlanif10
------------------------------------------------------------------------------

# Check the LDP LSP on S9300_B.

[S9300_B] display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
------------------------------------------------------------------------------
1 1.1.1.9/32 NULL/3 10.1.1.1 -------/Vlanif10
4 3.3.3.9/32 NULL/3 10.2.1.2 -------/Vlanif20
5 4.4.4.9/32 NULL/1026 10.2.1.2 -------/Vlanif20
6 4.4.4.9/32 1027/1026 10.2.1.2 Vlanif20/Vlanif20
7 10.1.1.0/24 3/NULL 10.1.1.2 Vlanif10/Vlanif10
9 10.3.1.0/24 NULL/3 10.2.1.2 -------/Vlanif20
------------------------------------------------------------------------------



A '*' before a Label means the USCB or DSCB is stal
# Check the LDP LSP on S9300_C.

[S9300_C] display mpls ldp lsp
LDP LSP Information
--------------------------------------------------------------------------
--------------------------------------------------------------------------
1 2.2.2.2/32 NULL/3 10.2.1.1 -------/Vlanif20
2 2.2.2.2/32 1024/3 10.2.1.1 Vlanif20/Vlanif20
5 4.4.4.4/32 NULL/3 10.3.1.2 -------/Vlanif30
6 4.4.4.4/32 1025/3 10.3.1.2 Vlanif10/Vlanif30
7 10.0.1.0/24 NULL/3 10.1.2.1 -------/Vlanif20
8 10.0.1.0/24 1026/3 10.1.2.1 Vlanif30/Vlanif20
--------------------------------------------------------------------------
# Check the LDP LSP on S9300_D.

[S9300_D] display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
------------------------------------------------------------------------------
1 2.2.2.9/32 NULL/1024 10.3.1.1 -------/Vlanif30
2 3.3.3.9/32 NULL/3 10.3.1.1 -------/Vlanif30
4 10.1.1.0/24 NULL/1025 10.3.1.1 -------/Vlanif30
5 10.2.1.0/24 NULL/3 10.3.1.1 -------/Vlanif30
------------------------------------------------------------------------------

According to the preceding information, only the LDP LSP to the destination 4.4.4.4/32 that
takes S9300_B as the transit node exists on each node, and other LDP LSPs that do not take
S9300_B as the transit node exist on each node. This is because the IP prefix list is configured.
----End
Configuration Files
#
sysname S9300_A
#
vlan batch 10
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#

interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
lsp-trigger all
#
mpls ldp
propagate mapping for ip-prefix FilterOnTransit
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
ip ip-prefix FilterOnTransit index 10 permit 4.4.4.9 32
#
return
#
sysname S9300_C
#
vlan batch 20 30
#
mpls lsr-id 3.3.3.9

mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.3.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
l Configuration file of S9300_D

#
sysname S9300_D
#
vlan batch 30
#
mpls lsr-id 4.4.4.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 30
ip address 10.3.1.2 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 10.3.1.0 0.0.0.255
#
return
Example for Configuring Static BFD for LDP LSPs

As shown in Figure 5-174, an LDP LSP is set up along the path PE1 → P1→ PE2 and the path
PE2 → P2 → PE1 is an IP link. Static BFD is required to detect the connectivity of the LDP
LSP.
Figure 5-174 Networking diagram for configuring static BFD for LDP LSPs
Loopback1
2.2.2.2/32
P1
GE1/0/ 1
Loopback1 GE1/0/0 Loopback1
1.1.1.1/32 4.4.4.4/32
LSP
GE1/0/ 0
GE1/0/0
GE1/0/ 1
GE1/0/ 1
PE1 PE2
GE1/0/ 0 GE1/0/ 1
P2
Loopback1
3.3.3.3/32

PE1 GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 1/0/1 VLANIF 30 10.3.1.1/24
P1 GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 1/0/1 VLANIF 20 10.2.1.1/24
P2 GE 1/0/0 VLANIF 30 10.3.1.2/24
GE 1/0/1 VLANIF 40 10.4.1.1/24
PE2 GE 1/0/0 VLANIF 20 10.2.1.2/24
GE 1/0/1 VLANIF 40 10.4.1.2/24

1. Create VLANIF interfaces, and use OSPF in the entire MPLS domain to ensure the
connectivity between the nodes.
2. Set up an LDP LSP along the path PE1 → P1 → PE2.
3. On PE1, configure a BFD session that is bound to the LDP LSP.
4. On PE2, configure a BFD session that is bound to the IP link to notify PE1 of the detected
LDP LSP faults.
Data Preparation
l OSPF process ID
l BFD configuration name, local discriminator, and remote discriminator
Procedure
Step 1 Create VLANs on PE and P devices and add GE interfaces to the VLANs, create VLANIF
interfaces, and assign IP addresses to the VLANIF interfaces and configure OSPF.
As shown in Figure 5-174, configure IP addresses and masks for the interfaces, including
loopback interfaces.
Configure OSPF on all the nodes and advertise host routes of the loopback interfaces. The
configuration details are not mentioned here.
After the configuration, LSRs can ping each other. Run the display ip routing-table command
on each LSR, and you can view the routing entries to the LSRs.
Step 2 Set up an LDP LSP along the path PE1 → P1 → PE2.

# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
# Configure P1.
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1-Vlanif10] mpls
[P1-Vlanif10] mpls ldp
[P1-Vlanif20] mpls
# Configure PE2.
[PE2] mpls

[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif20] mpls
# Run the display mpls ldp lsp command, and you can view that an LDP LSP destined for
4.4.4.9/32 is set up on PE1.
<PE1> display mpls ldp lsp
LDP LSP Information

------------------------------------------------------------------------------
------------------------------------------------------------------------------
2 2.2.2.2/32 NULL/3 10.1.1.2 -------/Vlanif10
3 4.4.4.4/32 NULL/1025 10.1.1.2 -------/Vlanif10
------------------------------------------------------------------------------

Step 3 Enable global BFD on the two nodes of the detected link.
# Configure PE1.
<PE1> system-view
[PE1] bfd
[PE1-bfd] quit
# Configure PE2.
<PE2> system-view
[PE2] bfd
[PE2-bfd] quit
Step 4 On the ingress node, configure a BFD session that is bound to the LDP LSP.
# Configure PE1.
<PE1> system-view
[PE1] bfd pe1tope2 bind ldp-lsp peer-ip 4.4.4.4 nexthop 10.1.1.2 interface
vlanif10
[PE1-bfd-lsp-session-pe1tope2] discriminator local 1
[PE1-bfd-lsp-session-pe1tope2] discriminator remote 2
[PE1-bfd-lsp-session-pe1tope2] process-pst
[PE1-bfd-lsp-session-pe1tope2] commit
[PE1-bfd-lsp-session-pe1tope2] quit
Step 5 On the egress node, configure a BFD session that is bound to the IP link to notify the ingress
node of LDP LSP faults.
# Configure PE2.
<PE2> system-view
[PE2] bfd pe1tope2 bind peer-ip 1.1.1.1
[PE2-bfd-session-pe1tope2] discriminator local 2
[PE2-bfd-session-pe1tope2] discriminator remote 1
[PE2-bfd-session-pe1tope2] commit
[PE2-bfd-session-pe1tope2] quit

# After the configuration, run the display bfd session all verbose command on the ingress node,
and you can view that the State field is displayed as Up and the BFD Bind Type field is displayed
as LDP_LSP.
--------------------------------------------------------------------------------
Session MIndex : 256 State : Up Name : 1to4
--------------------------------------------------------------------------------
BFD Bind Type : LDP_LSP
Bind Interface : Vlanif10
LSP Token : 0x10000
Proc Interface Status : Disable Process PST : Enable
WTR Interval (ms) : - Local Demand Mode : Disable
Active Multi : 3
Last Local Diagnostic : Neighbor Signaled Session Down(Receive AdminDown)
--------------------------------------------------------------------------------
# After the configuration, run the display bfd session all verbose command on the egress node,
and you can view that the (Multi Hop) State field is displayed as Up and the BFD Bind Type
field is displayed as Peer IP Address.
--------------------------------------------------------------------------------
Session MIndex : 256 (Multi Hop) State : Up Name : 4to1
--------------------------------------------------------------------------------
BFD Bind Type : Peer IP Address
Bind Interface : -
WTR Interval (ms) : - Local Demand Mode : Disable
Active Multi : 3
--------------------------------------------------------------------------------
----End

Configuration Files
#
sysname PE1
#
vlan batch 10 30
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.3.1.1 255.255.255.0
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bfd pe1tope2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 10.1.1.2 interface vlanif10
process-pst
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
#
return
#
sysname P1
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0

mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname P2
#
vlan batch 30 40
#
interface Vlanif 30
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif 40
ip address 10.4.1.1 255.255.255.0
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 20 40
#
bfd
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp

#
interface Vlanif 40
ip address 10.4.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bfd 4to1 bind peer-ip 1.1.1.1
commit
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
Example for Configuring Dynamic BFD for LDP LSPs
As shown in Figure 5-175, S9300_A, S9300_B, and S9300_C belong to one MPLS domain; an
LDP LSP is established between S9300_A and S9300_C. Dynamic BFD is required to detect
the connectivity of the LDP LSP.
Figure 5-175 Networking diagram for configuring dynamic BFD for LDP LSPs
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
S9300_A S9300_B S9300_C

S9300_A GE 1/0/0 VLANIF 10 10.1.1.1/24
S9300_B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300_C GE 2/0/0 VLANIF 20 10.2.1.2/24

1. Establish an LDP LSP between S9300_A and S9300_C.

2. Configure BFD.
3. Adjust BFD parameters.
Data Preparation
l LSR ID of each node and IP address of each interface

l BFD parameters
Procedure
Step 1 Create VLANs on PE and P devices and add GE interfaces to the VLANs, create VLANIF
interfaces, and assign IP addresses to the VLANIF interfaces and configure OSPF.
Configure OSPF on all the nodes and advertise host routes of the loopback interfaces. The
Step 2 Establish an LDP LSP between S9300_A and S9300_C.
<S9300_A> system-view
[S9300_A] mpls lsr-id 1.1.1.1
[S9300_A] mpls
[S9300_A-mpls] quit
[S9300_A] mpls ldp
[S9300_A-mpl-ldp] quit
<S9300_B> system-view
[S9300_B] mpls lsr-id 2.2.2.2
[S9300_B] mpls
[S9300_B-mpls] quit
[S9300_B] mpls ldp
[S9300_B-mpl-ldp] quit

<S9300_C> system-view
[S9300_C] mpls lsr-id 3.3.3.3
[S9300_C] mpls
[S9300_C-mpls] quit
[S9300_C] mpls ldp
[S9300_C-mpl-ldp] quit
[S9300_C-Vlanif20] mpls ldp
After the configuration, run the display mpls ldp lsp command on S9300_A, and you can view
that an LDP LSP is set up between S9300_A and S9300_C. Take the display on S9300_A as an
example.
LDP LSP Information

-----------------------------------------------------------
-----------------------------------------------------------
2 2.2.2.2/32 NULL/3 100.1.1.2 -------/Vlanif10
3 3.3.3.3/32 NULL/1025 100.1.1.2 -------/Vlanif10
-----------------------------------------------------------
A '*' before an LSP means the LSP is not established
Step 3 Configure dynamic BFD to detect the connectivity of the LDP LSP between S9300_A and
S9300_C.
# Configure an FEC list on S9300_A to ensure that BFD detects only the connectivity of the
LDP LSP between S9300_A and S9300_C.
[S9300_A] fec-list tortc
[S9300_A-fec-list-tortc] fec-node 3.3.3.3
# Enable BFD on S9300_A, specify the FEC list that triggers a BFD session dynamically, and
adjust BFD parameters.
[S9300_A] bfd
[S9300_A-bfd] quit
[S9300_A] mpls
[S9300_A-mpls] mpls bfd-trigger fec-list tortc
[S9300_A-mpls] mpls bfd enable
[S9300_A-mpls] mpls bfd min-tx-interval 100 min-rx-interval 600 detect-multiplier 4
# Enable BFD for LSPs passively on S9300_C.

[S9300_C] bfd
[S9300_C-bfd] mpls-passive

# Run the display bfd session all verbose command, and you can view the BFD session status
that is created dynamically.
[S9300_A] display bfd session all verbose
-----------------------------------------------------------
Session MIndex : 256 (One Hop) State : Up Name : bfd1
-----------------------------------------------------------
Local Discriminator: 8192 Remote Discriminator : 8193
BFD Bind Type : LDP_LSP
Bind Session Type : Dynamic


Bind Interface : Vlanif10
LSP Token : 0x10000
Proc interface status : Disable Process PST : Enable
Active Multi : 3
Session Echo Tx TmrID : --
-----------------------------------------------------------
# Check the status of the BFD session created dynamically on S9300_C. The BFD Bind Type
field is displayed as Peer IP Address, which indicates that BFD packets sent by S9300_C are
transmitted through the IP route.
[S9300_C] display bfd session passive-dynamic verbose
-----------------------------------------------------------
Session MIndex : 257 (Multi Hop) State : Up Name : bfd2
-----------------------------------------------------------
BFD Bind Type : Peer Ip Address
Bind Session Type : Entire_Dynamic
Bind Interface : --
Echo Passive : Disabl Acl Number : --
Proc interface status : Disable Process PST : Disable
Active Multi : 4
Bind Application
Session Echo Tx TmrID : --
-----------------------------------------------------------
----End
Configuration Files
#
sysname S9300_A
#
vlan batch 10
#
bfd
#
mpls lsr-id 1.1.1.1
mpls

mpls bfd enable

mpls bfd-trigger fec-list tortc
mpls bfd min-tx-interval 10 min-rx-interval 60 detect-multiplier 4
#
fec-list tortc
fec-node 3.3.3.3
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300_B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return

#
sysname S9300_C
#
bfd
mpls-passive
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
Example for Configuring LDP FRR
As shown in Figure 5-176, two LSPs are required from S9300-A to S9300-C. One is a primary
LSP, namely, S9300-A → S9300-C and another is a backup LSP, namely, S9300-A → S9300-
B → S9300-C. LDP FRR is required to be configured on S9300-A so that port protection can
be implemented on S9300-A and traffic loss is reduced.
NOTE
On a network where LDP FRR is enabled, the backup LSP must be in liberal state. That is, run the display
ip routing-table ip-address verbose command on an LSR that is enabled with FRR, and you can view that
the status of the route of the backup LSP is "Inactive Adv".

Figure 5-176 Networking diagram for configuring LDP FRR

Loopback1
2.2.2.9/32
GE1/0/0
S9300-B
Loopback1 GE2/0/0
1.1.1.9/32
GE1/0/0
S9300-A
GE2/0/0
GE2/0/0
GE1/0/0 S9300-C
Primary LSP
Loopback1
3.3.3.9/32 Bypass
LSP

S9300-A GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 2/0/0 VLANIF 30 10.3.1.1/24
S9300-B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
S9300-C GE 1/0/0 VLANIF 30 10.3.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.2/24
1. Create VLANs and VLANIF interfaces.

2. Configure IP address of each interface on each node and the address of the loopback
3. Enable MPLS and MPLS LDP on each node globally.
5. Specify the next hop address that is used by LDP FRR for generating the backup LSP on
the protected interface.

6. Configure the LDP FRR protection timer on the protected interface.
Data Preparation
OSPF area ID
l Policy for triggering the establishment of LSPs
l Next hop address used by LDP FRR for generating the backup LSP
l Value of the LDP FRR protection timer
Procedure
[S9300-A] ospf 1
[S9300-B] ospf 1
[S9300-C] ospf 1
After the configuration, run the display ip routing-table command on each node, and you can
view that the nodes learn the routes from each other. Take the display on S9300-A as an example.
------------------------------------------------------------------------------


2.2.2.9/32 OSPF 10 2 D 10.1.1.2 Vlanif10
3.3.3.9/32 OSPF 10 2 D 10.3.1.2 Vlanif30
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
10.2.1.0/24 OSPF 10 2 D 10.3.1.2 Vlanif30
OSPF 10 2 D 10.1.1.2 Vlanif10
10.3.1.0/24 Direct 0 0 D 10.3.1.1 Vlanif30
10.3.1.2/32 Direct 0 0 D 10.3.1.2 Vlanif30
Step 3 Enable MPLS and MPLS LDP on each node globally and on the interfaces to forward the MPLS
traffic on the network.
[S9300-A] mpls lsr-id 1.1.1.9
[S9300-A] mpls
[S9300-A] label advertise non-null
[S9300-A-mpls] quit
[S9300-A] mpls ldp
[S9300-A-mpls-ldp] quit
[S9300-A-Vlanif10] mpls
[S9300-A-Vlanif10] mpls ldp
[S9300-B] mpls lsr-id 2.2.2.9
[S9300-B] mpls
[S9300-B] label advertise non-null
[S9300-B-mpls] quit
[S9300-B] mpls ldp
[S9300-B-mpls-ldp] quit
[S9300-B-Vlanif10] mpls
[S9300-B-Vlanif10] mpls ldp
[S9300-B] interface vlanif20
[S9300-C] mpls lsr-id 3.3.3.9
[S9300-C] mpls
[S9300-C] label advertise non-null
[S9300-C-mpls] quit
[S9300-C] mpls ldp
[S9300-C-mpls-ldp] quit
[S9300-C-Vlanif20] mpls
[S9300-C-Vlanif20] mpls ldp

After the configuration, LDP sessions are established between neighboring nodes. Run the
display mpls ldp session command on each node, and you can view that Status is displayed as
Operational. Take the display on S9300-A as an example.
<S9300-A> display mpls ldp session
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 4 Enable LDP FRR on VLANIF 30 of S9300-A, and specify the next hop address used to create
the backup LSP.
[S9300-A-Vlanif30] mpls ldp frr nexthop 10.1.1.2
Step 5 Configure the LDP FRR protection timer on VLANIF 30 of S9300-A.

[S9300-A-Vlanif30] mpls ldp frr timer protect-time 11

After the configuration, run the display mpls lsp command on S9300-A, and you can view that
LDP FRR is enabled on the LSP of S9300-C.
<S9300-A> display mpls lsp
----------------------------------------------------------------------
LSP Information: LDP LSP
----------------------------------------------------------------------
FEC In/Out Label Out IF Vrf Name
1.1.1.9/32 3/NULL -
3.3.3.9/32 NULL/3 Vlanif30
**LDP FRR** /1025 Vlanif10
3.3.3.9/32 1025/3 Vlanif30
**LDP FRR** /1025 Vlanif10
2.2.2.9/32 NULL/3 Vlanif10
2.2.2.9/32 1024/3 Vlanif10
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30
#
mpls lsr-id 1.1.1.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls

mpls ldp
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
mpls
mpls ldp
mpls ldp frr timer protect-time 11
mpls ldp frr nexthop 10.1.1.2
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname S9300-C

#
bfd
mpls-passive
#
vlan batch 20 30
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
Example for Configuring Synchronization of LDP and an IGP
As shown in Figure 5-177, two links are established between PE1 and PE2. The link PE1 →
P1 → P2 → PE2 is an active link and the link PE1 → P1 → P3 → PE2 is a standby link.
Configure synchronization of LDP and an IGP on the interfaces of both ends of the link between
crossing node P1 of the active link and the standby link and LDP neighboring node P2 on the
active link. After the faulty active link is recovered, the synchronization function can be used to
shorten the interval for switching the traffic from the standby link to the active link and reduce
the interruption at the millisecond level.
P and PE devices are the S9300s.

Figure 5-177 Networking diagram for configuring synchronization of LDP and an IGP
Loopback1
2.2.2.9/32
/0 GE
1/0 2/0
/
Loopback1 GE 0 Loopback1
1.1.1.9/32 P2 4.4.4.9/32
/0 GE
1/0 1/0
GE / 0
PE1 PE2
P1 G /0
E 2/0 2/0
/ 0 GE
GE
1/0 P3 /0
/ 0 2/0
GE
Primary link
Loopback1 Bypass link

3.3.3.9/32

P1 GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 2/0/0 VLANIF 30 10.3.1.1/24
P2 GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 20 10.2.1.1/24
P3 GE 1/0/0 VLANIF 30 10.3.1.2/24
GE 2/0/0 VLANIF 40 10.4.1.1/24
PE2 GE 1/0/0 VLANIF 20 10.2.1.2/24
GE 2/0/0 VLANIF 40 10.4.1.2/24

2. Configure synchronization of LDP and an IGP on the interfaces of both ends of the link
between crossing node P1 of the active link and the standby link and LDP neighboring node
P2 on the active link.
3. Set the values of the hold-down timer, hold-max-cost timer, and delay timer on the
interfaces of both ends of the link between crossing node P1 of the active link and the
standby link and LDP neighboring node P2 on the active link.

Data Preparation
OSPF area ID
l Values of the hold-down timer, hold-max-cost timer, and delay timer
Procedure
loopback interfaces. Configure OSPF to advertise the network segments that the interfaces are
connected to and the host route of the LSR ID. The configuration details are not mentioned here.
The link PE1 → P1 → P2 → PE2 is an active link and the link PE1 → P1 → P3 → PE2 is a
standby link. The cost of VLANIF 30 on P1 is 1000.
view that the nodes learn routes from each other. The outgoing interface of the route from P1 to
P2 is VLANIF 10.. Take the display on P1 as an example.
<P1> display ip routing-table
------------------------------------------------------------------------------
2.2.2.9/32 OSPF 10 2 D 10.1.1.2 Vlanif10
3.3.3.9/32 OSPF 10 4 D 10.1.1.2 Vlanif10
4.4.4.9/32 OSPF 10 3 D 10.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
10.2.1.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
10.3.1.0/24 Direct 0 0 D 10.3.1.1 Vlanif30
10.3.1.2/32 Direct 0 0 D 10.3.1.2 Vlanif30
10.4.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10
Step 2 Enable MPLS and MPLS LDP globally and on all the interfaces of the nodes.
# Configure P1.
<P1> system-view
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1-Vlanif10] mpls
[P1-Vlanif10] quit
[P1-Vlanif30] mpls
[P1-Vlanif30] quit
# Configure P2.

<P2> system-view
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2-Vlanif10] mpls
[P2-Vlanif10] quit
[P2-Vlanif20] mpls
[P2-Vlanif20] quit
# Configure P3.
<P3> system-view
[P3] mpls
[P3-mpls] quit
[P3] mpls ldp
[P3-mpls-ldp] quit
[P3-Vlanif30] mpls
[P3-Vlanif30] quit
[P3-Vlanif40] mpls
[P3-Vlanif40] quit
# Configure PE2.
<PE2> system-view
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif20] mpls
[PE2-Vlanif20] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit
After the configuration, LDP sessions are established between neighboring nodes. Run the
display mpls ldp session command on each node, and you can view that Status is displayed as
Operational. Take the display on P1 as an example.
<P1> display mpls ldp session
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 3 Configure synchronization of LDP and an IGP on the interfaces of both ends of the link between
active link.
# Configure P1.

<P1> system-view
[P1-Vlanif10] ospf ldp-sync
[P1-Vlanif10] quit
# Configure P2.
<P2> system-view
[P2-Vlanif20] ospf ldp-sync
[P2-Vlanif20] quit
Step 4 Set the value of the hold-down timer on the interfaces of both ends of the link between crossing
node P1 of the active link and the standby link and LDP neighboring node P2 on the active link.
# Configure P1.
<P1> system-view
[P1-Vlanif10] ospf timer ldp-sync hold-down 8
[P1-Vlanif10] quit
# Configure P2.
<P2> system-view
[P2-Vlanif10] ospf timer ldp-sync hold-down 8
[P2-Vlanif10] quit
Step 5 Set the value of the hold-max-cost timer on the interfaces of both ends of the link between
active link.
# Configure P1.
<P1> system-view
[P1-Vlanif10] ospf timer ldp-sync hold-max-cost 9
[P1-Vlanif10] quit
# Configure P2.
<P2> system-view
[P2-Vlanif10] ospf timer ldp-sync hold-max-cost 9
[P2-Vlanif10] quit
Step 6 Set the value of the delay timer on the interfaces of both ends of the link between crossing node
P1 of the active link and the standby link and LDP neighboring node P2 on the active link.
# Configure P1.
<P1> system-view
[P1-Vlanif10] mpls ldp timer igp-sync-delay 6
[P1-Vlanif10] quit
# Configure P2.
<P2> system-view
[P2-Vlanif10] mpls ldp timer igp-sync-delay 6
[P2-Vlanif10] quit

After the configuration, run the display ospf ldp-sync command on P1, and you can view that
the interface status is Sync-Achieved.

<P1> display ospf ldp-sync interface vlanif 10

Interface Vlanif10
HoldDown Timer: 8 HoldMaxCost Timer: 9
LDP State: Up OSPF Sync State: Sync-Achieved
----End
Configuration Files
#
sysname P1
#
vlan batch 10 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
ospf ldp-sync
ospf timer ldp-sync holddown 8
ospf timer ldp-sync holdmaxcost 9
mpls
mpls ldp
mpls ldp timer igp-sync-delay 6
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
ospf cost 1000
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
#
sysname P2
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
ospf ldp-sync
ospf timer ldp-sync holddown 8

ospf timer ldp-sync holdmaxcost 9

mpls
mpls ldp
mpls ldp timer igp-sync-delay 6
#
interface vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname P3
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
#
sysname PE2
#

vlan batch 20 30
#
mpls lsr-id 4.4.4.9
#
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
Example for Configuring LDP GR
As shown in Figure 5-178, S9300-A, S9300-B, and S9300-C are S9300s with dual main control
boards. The three S9300s belong to the same OSPF area and are interconnected through OSPF.
All of them support the GR mechanism.
LDP sessions are established between S9300-A, S9300-B, and S9300-C. When the main control
board of S9300-B fails and traffic is switched, the LDP GR mechanism is used for
synchronization with neighboring nodes.
Figure 5-178 Networking diagram for configuring LDP GR

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0
S9300-A S9300-B S9300-C

S9300-A GE 1/0/0 VLANIF 10 10.1.1.1/24

S9300-B GE 1/0/0 VLANIF 10 10.1.1.2/24
GE2/0/0 VLANIF20 10.2.1.1/24
S9300-C GE 1/0/0 VLANIF 20 10.2.1.2/24
3. Configure OSPF GR on each node.
4. Enable MPLS and MPLS LDP on each node globally.
6. Set parameters during LDP session negotiation on S9300-B.
7. Enable GR of MPLS LDP on each node.
8. Configure the GR session of MPLS LDP and neighboring parameters on S9300-B.
Data Preparation
OSPF area ID
l Interval for performing OSPF GR
l Value of the LDP Reconnect timer (300 seconds by default)
l Value of the LDP Neighbor-liveness timer (600 seconds by default)
l Value of the LDP Recovery timer (300 seconds by default)
Procedure
Step 1 Create VLANs and VLANIF interfaces.
See Figure 5-178.
See Figure 5-178.
Step 4 Configure OSPF GR.

[S9300-A] ospf 1
[S9300-A-ospf-1] graceful-restart
[S9300-B] ospf 1
[S9300-B-ospf-1] graceful-restart
[S9300-C] ospf 1
[S9300-C-ospf-1] opaque-capability enable
[S9300-C-ospf-1] graceful-restart
Step 5 Configure MPLS and MPLS LDP on each node globally.

[S9300-A] mpls lsr-id 1.1.1.9
[S9300-A] mpls
[S9300-A-mpls] quit
[S9300-A] mpls ldp
[S9300-B] mpls lsr-id 2.2.2.9
[S9300-B] mpls
[S9300-B-mpls] quit
[S9300-B] mpls ldp
[S9300-C] mpls lsr-id 3.3.3.9
[S9300-C] mpls
[S9300-C-mpls] quit
[S9300-C] mpls ldp
Step 6 Configure MPLS and MPLS LDP on each interface.


After the configuration, the local LDP sessions between S9300-A and S9300-B, and between
S9300-B and S9300-C are established.
Run the display mpls ldp session command on each node, and you can view the establishment
of the LDP session. Take the display on S9300-A as an example.
[S9300-A] display mpls ldp session
--------------------------------------------------------------------------
--------------------------------------------------------------------------
--------------------------------------------------------------------------
TOTAL: 1 Session(s) Found.
Step 7 Configure LDP GR.
[S9300-A] mpls ldp
[S9300-A-mpls-ldp] graceful-restart
Warning: All the related sessions will be deleted if the operation is performed
!Continue? (y/n)y
[S9300-B] mpls ldp
[S9300-B-mpls-ldp] graceful-restart
!Continue? (y/n)y
[S9300-C] mpls ldp
[S9300-C-mpls-ldp] graceful-restart
!Continue? (y/n)y
Step 8 Configure the parameters of LDP GR on the GR restarter.
[S9300-B] mpls ldp
[S9300-B-mpls-ldp] graceful-restart timer reconnect 300
!Continue? (y/n)y
[S9300-B-mpls-ldp] graceful-restart timer neighbor-liveness 600
!Continue? (y/n)y
[S9300-B-mpls-ldp] graceful-restart timer recovery 300
!Continue? (y/n)y

# After the configuration, run the display mpls ldp session verbose command on the LSR, and
you can view that the Session FT Flag field is displayed as on. Take the display on S9300-A as
an example.
[S9300-A]display mpls ldp session verbose

------------------------------------------------------------------------------
Peer LDP ID : 2.2.2.9:0 Local LDP ID : 1.1.1.9:0
TCP Connection : 1.1.1.9 <- 2.2.2.9
Session State : Operational Session Role : Passive
Session FT Flag : On MD5 Flag : Off
Reconnect Timer : 300 Sec Recovery Timer : 300 Sec
Negotiated Keepalive Timer : 45 Sec

Keepalive Message Sent/Rcvd : 1/1 (Message Count)
Label Advertisement Mode : Downstream Unsolicited
Label Resource Status(Peer/Local) : Available/Available
Session Age : 000:00:00 (DDD:HH:MM)
Addresses received from peer: (Count: 3)

10.1.1.2 10.2.1.1 2.2.2.9
------------------------------------------------------------------------------
Or, run the display mpls ldp peer verbose command on the LSR, and you can view that the
Peer FT Flag field is displayed as on. Take the display on S9300-A as an example.
[S9300-A]display mpls ldp peer verbose
LDP Peer Information in Public network

------------------------------------------------------------------------------
Peer LDP ID : 2.2.2.9:0
Peer Max PDU Length : 4096 Peer Transport Address : 2.2.2.9
Peer Loop Detection : Off Peer Path Vector Limit : ----
Peer FT Flag : On Peer Keepalive Timer : 45 Sec
Recovery Timer : 300 Sec Reconnect Timer : 300 Sec
Peer Label Advertisement Mode : Downstream Unsolicited

Peer Discovery Source : Vlanif10
------------------------------------------------------------------------------
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
graceful-restart
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#

#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
graceful-restart
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
graceful-restart
graceful-restart timer reconnect 300
graceful-restart timer neighbor-liveness 600
graceful-restart timer recovery 300
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
graceful-restart
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
#
sysname S9300-C
#
vlan batch 20
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
graceful-restart

#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
graceful-restart
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
Return
5.9.3 MPLS TE Configuration

This chapter describes the principle of Multiprotocol Label Switching (MPLS) Traffic
Engineering (TE), and provides the configuration procedures and configuration examples of the
static MPLS TE tunnel, the Resource Reservation Protocol (RSVP)-TE tunnel, optimization of
the RSVP-TE tunnel, RSVP authentication, the adjusting of the establishment of Constraint-
based Routed LSPs (CR-LSPs), the adjusting of the establishment of MPLS TE tunnels, the
adjusting of MPLS TE traffic forwarding, TE traffic rate limit, MPLS TE Fast Reroute (FRR),
MPLS TE auto FRR, CR-LSP backup, RSVP Graceful Restart (GR), static Bidirectional
Forwarding Detection (BFD) for CR-LSPs, static BFD for TE tunnels, dynamic BFD for CR-
LSPs, dynamic BFD for RSVP-TE tunnels, and Link Distribution Protocol (LDP) over TE.
Example for Configuring Static MPLS TE Tunnels
As shown in Figure 5-179, a static TE tunnel from S9300-A to S9300-C and a static TE tunnel
from S9300-C to S9300-A need to be set up. The bandwidth of the two tunnels is 10 Mbit/s.
Figure 5-179 Networking diagram for configuring static CR-LSPs

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
2.1.1.1/24 2.1.1.2/24 3.2.1.1/24 3.2.1.2/24
S9300-A S9300-B S9300-C


3. Set the LSR ID and enable MPLS and MPLS TE globally on each node and each interface.
4. Set the maximum bandwidth and the maximum reservable bandwidth of the link on each
outgoing interface of each node along the tunnel.
5. Create a tunnel interface, and specify the IP address, protocol, destination IP address, tunnel
ID of the tunnel, and signaling type used for setting up the tunnel on the ingress node.
6. Configure the static LSP bound to the tunnel, specify the next hop address and outgoing
label on the ingress node, specify the incoming interface, next hop address, and outgoing
label on the transit node, and specify the incoming label and incoming interface on the
egress node.
NOTE
l The value of the outgoing label of each node is the value of the incoming label of its next node.
l When running the static-cr-lsp ingress {tunnel-interface tunnel tunnel-number | tunnel-name }
destination destination-address { nexthop next-hop-address | outgoing-interface interface-type
interface-number } out-label out-label-value [ bandwidth [ bc0 | bc1 ] bandwidth ] command to
configure the ingress node of a CR-LSP, note that tunnel-name must be the same as the tunnel name
created by using the interface tunnel tunnel-number command. tunnel-name is a string of case-
sensitive characters without spaces. For example, the name of the tunnel created by using the interface
tunnel 2/0/0 command is Tunnel 2/0/0. In this case, the parameter of the ingress node of the static CR-
LSP is Tunnel 2/0/0; otherwise, the tunnel cannot be created. There is no such limit on the transit node
and egress node.
Data Preparation
l OSPF process ID and area ID of each node
l Numbers of tunnel interfaces, IP addresses of tunnel interfaces, destination IP addresses,
tunnel IDs, and signaling protocols (CR-static) on S9300-A and S9300-C
l Maximum bandwidth and maximum reservable bandwidth of each link
l Next hop address and outgoing label of the ingress node of the static CR-LSP
l Incoming interface, next hop address, and outgoing label of the transit node of the static
CR-LSP
l Incoming interface of the egress node of the static CR-LSP
Procedure
Step 1 Create VLANs and VLANIF interfaces, and assign IP addresses to the VLANIF interfaces.
Configure S9300-A.
[S9300-A] interface loopback1
[S9300-A-LoopBack1] ip address 1.1.1.1 32
[S9300-A-LoopBack1] quit
[S9300-A] vlan 10

[S9300-A-vlan10] port gigabitethernet1/0/0

Configure S9300-B.
[S9300-B] interface loopback1
[S9300-B-LoopBack1] ip address 2.2.2.2 32
[S9300-B-GigabitEthernet1/0/0] port link-type access
[S9300-B] vlan 10
[S9300-B-vlan10] port gigabitethernet1/0/0
[S9300-B-vlan10] quit
[S9300-B] vlan 20
Configure S9300-C.
[S9300-C] interface loopback1
[S9300-C-LoopBack1] ip address 3.3.3.3 32
[S9300-C-GigabitEthernet1/0/0] port link-type access
[S9300-C] vlan 20
[S9300-C-vlan20] port gigabitethernet1/0/0
[S9300-C-vlan20] quit
Step 2 Configure the IP address and mask of each interface and configure the routing protocol to connect
the LSRs at the network layer.
Step 3 Configure basic MPLS functions and enable MPLS TE.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] mpls te
[S9300-A-Vlanif10] mpls te
[S9300-A-mpls] quit

Step 4 Configure MPLS-TE bandwidth attributes of links.

# Configure the maximum bandwidth and the maximum reservable bandwidth of the link on
each outgoing interface of each LSR along the tunnel. The maximum reservable bandwidth of
links must be greater than the tunnel bandwidth (10 Mbit/s).
[S9300-A-Vlanif10] mpls te max-link-bandwidth 100000
[S9300-A-Vlanif10] mpls te max-reservable-bandwidth 100000
[S9300-B-Vlanif10] mpls te max-link-bandwidth 100000
[S9300-B-Vlanif10] mpls te max-reservable-bandwidth 100000
[S9300-C-Vlanif20] mpls te max-link-bandwidth 100000
[S9300-C-Vlanif20] mpls te max-reservable-bandwidth 100000
Step 5 Configure MPLS TE tunnels.

# Create an MPLS TE tunnel from S9300-A to S9300-C on S9300-A.
[S9300-A] interface tunnel 1/0/0
[S9300-A-Tunnel1/0/0] ip address unnumbered interface loopback 1
[S9300-A-Tunnel1/0/0] tunnel-protocol mpls te
[S9300-A-Tunnel1/0/0] destination 3.3.3.3
[S9300-A-Tunnel1/0/0] mpls te tunnel-id 100
[S9300-A-Tunnel1/0/0] mpls te signal-protocol cr-static
[S9300-A-Tunnel1/0/0] mpls te commit
[S9300-A-Tunnel1/0/0] quit
# Create an MPLS TE tunnel from S9300-C to S9300-A on S9300-C.

[S9300-C] interface tunnel 2/0/0
[S9300-C-Tunnel2/0/0] ip address unnumbered interface loopback 1
[S9300-C-Tunnel2/0/0] tunnel-protocol mpls te
[S9300-C-Tunnel2/0/0] destination 1.1.1.1
[S9300-C-Tunnel2/0/0] mpls te tunnel-id 200
[S9300-C-Tunnel2/0/0] mpls te signal-protocol cr-static
[S9300-C-Tunnel2/0/0] mpls te commit
[S9300-C-Tunnel2/0/0] quit
Step 6 Create a static CR-LSP from S9300-A to S9300-C.

# Configure S9300-A as the ingress node of the static CR-LSP.
[S9300-A] static-cr-lsp ingress tunnel-interface tunnel 1/0/0 destination 3.3.3.3
nexthop 2.1.1.2 out-label 20 bandwidth bc0 10000
# Configure S9300-B as the transit node of the static CR-LSP.

[S9300-B] static-cr-lsp transit tunnel1/0/0 incoming-interface vlanif 10 in-label
20 nexthop 3.2.1.2 out-label 30 bandwidth bc0 10000
# Configure S9300-C as the ingress node of the static CR-LSP.

[S9300-C] static-cr-lsp egress tunnel2/0/0 incoming-interface vlanif 20 in-label 30
Step 7 Create a static CR-LSP from S9300-C to S9300-A.

[S9300-C] static-cr-lsp ingress tunnel-interface tunnel 2/0/0 destination 1.1.1.1
# Configure S9300-B as the transit node of the static CR-LSP.

[S9300-B] static-cr-lsp transit tunnel2/0/0 incoming-interface vlanif 20 in-label
120 nexthop 2.1.1.1 out-label 130 bandwidth bc0 10000
# Configure S9300-A as the egress node of the static CR-LSP.

[S9300-A] static-cr-lsp egress tunnel2/0/0 incoming-interface vlanif 10 in-label
130

After the configuration, run the display interface tunnel command on S9300-A, and you can
view that the status of the tunnel interface is Up.
Run the display mpls te tunnel command on each node, and you can view the establishment of
MPLS TE tunnels.
[S9300-A] display mpls te tunnel
LSP-Id Destination In/Out-If
1.1.1.1:100:1 3.3.3.3 -/Vlanif10
- - Vlanif10/-
[S9300-B] display mpls te tunnel

- - Vlanif10/Vlanif20
- - Vlanif20/Vlanif10
[S9300-C] display mpls te tunnel

3.3.3.3:200:1 1.1.1.1 -/Vlanif20
- - Vlanif20/-
Run the display mpls lsp or display mpls static-cr-lsp command on each node, and you can
view the establishment of static CR-LSPs.
# Check the configuration on S9300-A.
[S9300-A] display mpls lsp
----------------------------------------------------------------------
LSP Information: STATIC CRLSP
----------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 NULL/20 -/Vlanif10
-/- 130/NULL Vlanif10/-
[S9300-A] display mpls static-cr-lsp

TOTAL : 2 STATIC CRLSP(S)
UP : 2 STATIC CRLSP(S)
DOWN : 0 STATIC CRLSP(S)
Tunnel1/0/0 3.3.3.3/32 NULL/20 -/Vlanif10 Up
tunnel2/0/0 -/- 130/NULL Vlanif10/- Up
# Check the configuration on S9300-B.

[S9300-B] display mpls lsp
----------------------------------------------------------------------

----------------------------------------------------------------------
-/- 20/30 Vlanif10/Vlanif20
[S9300-B] display mpls static-cr-lsp

tunnel1/0/0 -/- 20/30 Vlanif10/Vlanif20 Up
tunnel2/0/0 -/- 120/130 Vlanif20/Vlanif10 Up
# Check the configuration on S9300-C.

[S9300-C] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
1.1.1.1/32 NULL/120 -/Vlanif20
-/- 30/NULL Vlanif20/-
[S9300-C] display mpls static-cr-lsp

Tunnel2/0/0 1.1.1.1/32 NULL/120 -/Vlanif20 Up
tunnel1/0/0 -/- 30/NULL Vlanif20/- Up
When the static CR-LSP is used to establish the MPLS TE tunnel, the packets on the transit node
and the egress node are forwarded according to the specified incoming label and outgoing label.
Therefore, information such as FEC is null is shown in the display of S9300-B and S9300-C.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
mpls te
#
interface Vlanif10
ip address 2.1.1.1 255.255.255.0
mpls
mpls te
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3


mpls te signal-protocol cr-static
mpls te commit
#
ospf 1
area 0.0.0.0
network 2.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
static-cr-lsp ingress tunnel-interface Tunnel1/0/0 destination 3.3.3.3 nexthop
2.1.1.2 out-label 20 bandwidth bc0 10000
static-cr-lsp egress tunnel2/0/0 incoming-interface vlanif 10 in-label 130
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
mpls te
#
interface Vlanif10
ip address 2.1.1.2 255.255.255.0
mpls
mpls te
#
interface Vlanif20
ip address 3.2.1.1 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.1.1.0 0.0.0.255
network 3.2.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
static-cr-lsp transit tunnel1/0/0 incoming-interface Vlanif 10 in-label 20
static-cr-lsp transit tunnel2/0/0 incoming-interface Vlanif20 in-label 120
#
return
#
sysname S9300-C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3

mpls
mpls te
#
interface Vlanif20
ip address 3.2.1.2 255.255.255.0
mpls
mpls te
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
ospf 1
area 0.0.0.0
network 3.2.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
static-cr-lsp ingress tunnel-interface Tunnel2/0/0 destination 1.1.1.1 nexthop
3.2.1.1 out-label 120 bandwidth bc0 10000
static-cr-lsp egress tunnel1/0/0 incoming-interface vlanif 20 in-label 30
#
return
Example for Configuring an RSVP-TE Tunnel
As shown in Figure 5-180, IS-IS is run on S9300-A, S9300-B, S9300-C, and S9300-D. They
are all Level 2 devices.
RSVP-TE is used to establish a TE tunnel from S9300-A to S9300-D.
Figure 5-180 Networking diagram for configuring an RSVP-TE tunnel

Loopback1 Loopback1
1.1.1.9/32 4.4.4.9/32
S9300-A S9300-D
GE1/0/0
GE1/0/0
Vlanif30
Vlanif10
30.1.1.2/24
10.1.1.1/24
GE1/0/0 GE1/0/0
Vlanif10
Vlanif30
10.1.1.2/24 GE2/0/0 GE2/0/0
30.1.1.1/24
Vlanif20 Vlanif20
Loopback1 20.1.1.1/24 20.1.1.2/24 Loopback1
2.2.2.9/32 3.3.3.9/32
S9300-B S9300-C

2. Configure the IP address of each interface and configure the loopback address as the LSR
ID.
3. Enable global ISIS, set the NET, change the cost type to enable ISIS TE, and enable ISIS
on each interface, including the loopback interface.
4. Set the LSR ID and enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF globally.
5. Enable MPLS, MPLS TE, and MPLS RSVP-TE on each interface.
6. Create a tunnel interface and specify the IP address, tunneling protocol, destination IP
address, tunnel ID, dynamic signaling protocol RSVP-TE and bandwidth for the tunnel on
the ingress node.
Data Preparation
l IS-IS area ID, originating system ID, and IS-IS level of each node
l Maximum bandwidth and maximum reservable bandwidth of the link along the tunnel
l Number of the tunnel interface, IP address, destination IP address, tunnel ID, signaling
protocol (RSVP-TE), and tunnel bandwidth
Procedure
Configure S9300-A.
[S9300-A] interface loopback1
[S9300-A-LoopBack1] ip address 1.1.1.9 32
[S9300-A] interface gigabitethernet1/0/0
[S9300-A] vlan 10
[S9300-A-vlan10] port gigabitethernet1/0/0
Configure S9300-B.
[S9300-B] interface loopback1
[S9300-B-LoopBack1] ip address 2.2.2.9 32
[S9300-B] interface gigabitethernet1/0/0
[S9300-B] vlan 10


[S9300-B] interface gigabitethernet2/0/0
[S9300-B] vlan 20
Configure S9300-C.
[S9300-C] interface loopback1
[S9300-C-LoopBack1] ip address 3.3.3.9 32
[S9300-C] vlan 20
[S9300-C] interface gigabitethernet2/0/0
[S9300-C] interface gigabitethernet1/0/0
[S9300-C] vlan 30
Configure S9300-D.
[S9300-D] interface loopback1
[S9300-D-LoopBack1] ip address 4.4.4.9 32
[S9300-D] vlan 30
[S9300-D] interface gigabitethernet1/0/0
[S9300-D-GigabitEthernet1/0/0] port link-type access
[S9300-D-GigabitEthernet1/0/0] quit
[S9300-D-vlan30] port gigabitethernet1/0/0
[S9300-D-vlan30] quit
[S9300-D-Vlanif30] ip address 30.1.1.2 24
Step 2 Configure IS-IS to advertise routes.

[S9300-A] isis 1
[S9300-A-isis-1] network-entity 00.0005.0000.0000.0001.00
[S9300-A] interface loopback 1

[S9300-A-LoopBack1] isis enable 1

[S9300-B] isis 1
[S9300-B-isis-1] network-entity 00.0005.0000.0000.0002.00
[S9300-B-LoopBack1] isis enable 1
[S9300-C] isis 1
[S9300-C-isis-1] network-entity 00.0005.0000.0000.0003.00
[S9300-C-LoopBack1] isis enable 1
[S9300-D] isis 1
[S9300-D-isis-1] network-entity 00.0005.0000.0000.0004.00
[S9300-D] interface loopback 1
[S9300-D-LoopBack1] isis enable 1
view that the nodes learn the routes from each other. Take the display on S9300-A as an example.
------------------------------------------------------------------------------
2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Vlanif10
3.3.3.9/32 ISIS 15 20 D 10.1.1.2 Vlanif10
4.4.4.9/32 ISIS 15 30 D 10.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
20.1.1.0/24 ISIS 15 20 D 10.1.1.2 Vlanif10
30.1.1.0/24 ISIS 15 30 D 10.1.1.2 Vlanif10
Step 3 Configure basic MPLS functions and enable MPLS TE, RSVP-TE, and CSPF.

# Enable MPLS, MPLS TE, and RSVP-TE globally on each node, enable MPLS, MPLS TE,
and RSVP-TE on all tunnel interfaces, and enable CSPF in the system view on the ingress node.
[S9300-A] mpls lsr-id 1.1.1.9
[S9300-A] mpls
[S9300-A-mpls] mpls rsvp-te
[S9300-A-mpls] mpls te cspf
[S9300-A-mpls] quit
[S9300-A-Vlanif10] mpls rsvp-te
[S9300-B] mpls lsr-id 2.2.2.9
[S9300-B] mpls
[S9300-B-mpls] mpls te
[S9300-B-mpls] mpls rsvp-te
[S9300-B-mpls] mpls te cspf
[S9300-B-mpls] quit
[S9300-B-Vlanif10] mpls te
[S9300-B-Vlanif10] mpls rsvp-te
[S9300-C] mpls lsr-id 3.3.3.9
[S9300-C] mpls
[S9300-C-mpls] mpls te
[S9300-C-mpls] mpls te cspf
[S9300-C-mpls] mpls rsvp-te
[S9300-C-mpls] quit
[S9300-C-Vlanif20] mpls te
[S9300-C-Vlanif20] mpls rsvp-te
[S9300-D] mpls lsr-id 4.4.4.9
[S9300-D] mpls
[S9300-D-mpls] mpls te
[S9300-D-mpls] mpls te cspf[S9300-D-mpls] mpls rsvp-te
[S9300-D-mpls] quit
[S9300-D-Vlanif30] mpls
[S9300-D-Vlanif30] mpls te
[S9300-D-Vlanif30] mpls rsvp-te
Step 4 Configure IS-IS TE.

[S9300-A] isis 1
[S9300-A-isis-1] cost-style wide
[S9300-A-isis-1] traffic-eng level-2
[S9300-B] isis 1
[S9300-B-isis-1] cost-style wide
[S9300-B-isis-1] traffic-eng level-2
[S9300-C] isis 1
[S9300-C-isis-1] cost-style wide
[S9300-C-isis-1] traffic-eng level-2
[S9300-D] isis 1
[S9300-D-isis-1] cost-style wide
[S9300-D-isis-1] traffic-eng level-2
Step 5 Configure an MPLS TE tunnel interface.

# Create tunnel interfaces on the ingress node, and configure IP addresses for the tunnel
interfaces, tunneling protocol, destination IP address, tunnel ID, dynamic signaling protocol,
and tunnel bandwidth, and make the configurations take effect by using the mpls te commit
command.
[S9300-A-Tunnel1/0/0] mpls te signal-protocol rsvp-te

[S9300-A] display interface tunnel
Tunnel1/0/0 current state : UP
Last up time: 2009-05-30, 02:39:24
Description:HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack10(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 4.4.4.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x10001, secondary tunnel id is 0x0
300 seconds output rate 0 bits/sec, 0 packets/sec
0 packets output, 0 bytes
0 output error
Run the display mpls te tunnel-interface command on S9300-A, and you can view detailed
information about the tunnel.

[S9300-A] display mpls te tunnel-interface

Tunnel Name : Tunnel1/0/0
Tunnel State Desc : CR-LSP is Up
Tunnel Attributes :
LSP ID : 1.1.1.9:0
Session ID : 100
Admin State : UP Oper State : UP
Ingress LSR ID : 1.1.1.9 Egress LSR ID: 4.4.4.9
Signaling Protocol : RSVP Resv Style : SE
Class Type : CLASS 0 Tunnel BW : 0 kbps
Reserved BW : 0 kbps
Setup Priority : 7 Hold Priority: 7
Hop Limit : -
Secondary Hop Limit : -
BestEffort Hop Limit: -
Affinity Prop/Mask : 0x0/0x0
Explicit Path Name : -
Secondary Affinity Prop/Mask: 0x0/0x0
Secondary Explicit Path Name: -
BestEffort Affinity Prop/Mask: 0x0/0x0
Tie-Breaking Policy : None
Metric Type : None
Record Route : Disabled Record Label : Disabled
FRR Flag : Disabled BackUpBW Flag: Not Supported
BackUpBW Type : - BackUpBW : -
Route Pinning : Disabled
Retry Limit : 5 Retry Interval: 10 sec
Reopt : Disabled Reopt Freq : -
Back Up Type : None
Back Up LSPID : -
Auto BW : Disabled Auto BW Freq : -
Min BW : - Max BW : -
Current Collected BW: -
Interfaces Protected: -
Car Policy : Disabled
Tunnel Group : Primary
Primary Tunnel Sum : -
Primary Tunnel : -
Backup Tunnel : -
IPTN InLabel : -
Group Status : Up
Oam Status : -
Bfd Capability : Disabled
BestEffort : Disabled IsBestEffortPath: Non-existent
Run the display mpls te cspf tedb all command on S9300-A, and you can view link information
in the TEDB.
[S9300-A] display mpls te cspf tedb all
Maximum Node Supported: 128 Maximum Link Supported: 256
Current Total Node Number: 4 Current Total Link Number: 6
Id Router-Id IGP Process-Id Area Link-Count
1 3.3.3.9 ISIS 1 Level-2 2
2 2.2.2.9 ISIS 1 Level-2 2
3 4.4.4.9 ISIS 1 Level-2 1
4 1.1.1.9 ISIS 1 Level-2 1
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.9

mpls
mpls te
mpls rsvp-te
mpls te cspf
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0001.00
traffic-eng level-2
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
destination 4.4.4.9
mpls te commit
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0002.00
traffic-eng level-2
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#

#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return
#
sysname S9300-C
#
vlan batch 20 30
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0003.00
traffic-eng level-2
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
return
#
sysname S9300-D
#
vlan batch 30
#
mpls lsr-id 4.4.4.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
isis 1

is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0004.00
traffic-eng level-2
#
interface Vlanif30
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return
Example for Configuring RSVP Authentication
As shown in Figure 5-181, the VLANIF member interface between S9300-A and S9300-B is
GE 1/0/0. An MPLS TE tunnel from S9300-A to S9300-C is set up by using RSVP.
The handshake function is required to be configured so that RSVP authentication is performed
between S9300-A and S9300-B. This prevents pseudo RSVP requests for reserving resources
from causing resource exhaustion. In addition, the message window function is required to be
configured to prevent the RSVP messages that are out of sequence.
Figure 5-181 Networking diagram for configuring RSVP authentication

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32

10.1.1.1/24 10.1.1.2/24 20.1.1.1/24 20.1.1.2/24
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0

S9300-A S9300-B S9300-C
1. Configure the MPLS network and set up an RSVP-TE tunnel.
2. Configure authentication on the interface to authenticate RSVP messages.
3. Configure the handshake function on the interface.
4. Set the side of the sliding window on the interface so that the interface can save 32 sequence
numbers.

NOTE
It is recommended that you set the value of window-size to be greater than 32. If the value of window-
size is set to be very small, certain received RSVP messages may be beyond the window and are discarded,
which can close the RSVP neighbor relation.
Data Preparation
l OSPF process ID and OSPF area ID of each node
l Authentication password of the local interface and authentication key
l Size of the sliding window for RSVP authentication
Procedure
Configure IP addresses and masks for the interfaces according to Figure 5-181. The
configuration details are not mentioned here, see the configuration files in this example.
Step 2 Configure OSPF.
Configure OSPF to advertise the routes of network segments and the host routes of the LSR IDs.
For detailed configuration, see the configuration files in this example.
view that the nodes learn the routes from each other.
Step 3 Configure basic MPLS functions and enable MPLS TE, MPLS RSVP-TE, and CSPF.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
NOTE
The configurations on S9300-B and S9300-C are similar to the configuration on S9300-A, and are not
mentioned here.
Step 4 Configure OSPF TE.

[S9300-A] ospf 1
[S9300-A-ospf-1-area-0.0.0.0] mpls-te enable
[S9300-B] ospf 1

[S9300-B-ospf-1-area-0.0.0.0] mpls-te enable
[S9300-C] ospf 1
[S9300-C-ospf-1-area-0.0.0.0] mpls-te enable
Step 5 Configure an MPLS TE tunnel.
# Create an MPLS TE tunnel on S9300-A.

[S9300-A] display interface tunnel 1/0/0
Last line protocol up time: 2008-11-16, 12:26:17
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
The Maximum Transmit Unit is 1500 bytes
Tunnel protocol/transport MPLS/MPLS, ILM disabled
0 packets output, 0 bits
0 output error
Step 6 On S9300-A and S9300-B, configure RSVP authentication on the interfaces that are connected
to the MPLS TE link.
[S9300-A-Vlanif10] mpls rsvp-te authentication plain 123456789
[S9300-A-Vlanif10] mpls rsvp-te authentication handshake 12345678
[S9300-A-Vlanif10] mpls rsvp-te authentication window-size 32
[S9300-B-Vlanif10] mpls rsvp-te authentication plain 123456789
[S9300-B-Vlanif10] mpls rsvp-te authentication handshake 12345678
[S9300-B-Vlanif10] mpls rsvp-te authentication window-size 32
Run the reset mpls rsvp-te command, and then run the display interface tunnel command on
S9300-A. You can view that the tunnel interface is Up.
Run the display mpls rsvp-te interface command on S9300-A or S9300-B, and you can view
information about RSVP authentication.

[S9300-A] display mpls rsvp-te interface

Interface: Vlanif10
Interface Address: 10.1.1.1
Interface state: UP Interface Index: 0x406
Total-BW: 0 Used-BW: 0
Hello configured: NO Num of Neighbors: 1
SRefresh feature: DISABLE SRefresh Interval: 30 sec
Mpls Mtu: 1500 Retransmit Interval: 500 msec
Increment Value: 1 Authentication: ENABLE
Challenge: ENABLE WindowSize: 32
Next Seq # to be sent:3957701863 40 Key ID: ee9f61f80000
Bfd Enabled: DISABLE Bfd Min-Tx: 10
Bfd Min-Rx: 10 Bfd Detect-Multi: 3
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te authentication plain 123456789
mpls rsvp-te authentication handshake 12345678
mpls rsvp-te authentication window-size 32
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3
mpls te tunnel-id 1
mpls te commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
mpls-te enable
#
return

#
sysname S9300-B
#
vlan batch 10 20
#

mpls lsr-id 2.2.2.2

mpls
mpls te
mpls rsvp-te
mpls te cspf
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te authentication plain 123456789
mpls rsvp-te authentication handshake 12345678
mpls rsvp-te authentication window-size 32
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
port defalt vlan 10
#
port defalt vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0

network 20.1.1.0 0.0.0.255

network 3.3.3.3 0.0.0.0
mpls-te enable
#
return
Example for Setting Attributes on the MPLS TE Tunnel
Figure 5-182 Networking diagram for setting attributes on the MPLS TE tunnel
1.1.1.1/32 2.2.2.2/32 GE2/0/0 3.3.3.3/32
GE1/0/0 GE1/0/0 GE2/0/0
Vlanif10 Vlanif20 Vlanif20
Vlanif10
192.168.2.1/24 192.168.2.2/24
192.168.1.1/24 192.168.1.2/24
S9300-A S9300-B GE3/0/0 GE3/0/0

S9300-C
Vlanif30 Vlanif30
192.168.3.1/24 192.168.3.2/24
As shown in Figure 5-182, the maximum link bandwidth is 100 Mbit/s and the maximum
reservable bandwidth is 50 Mbit/s.
On S9300-A, there are two tunnels to S9300-C, namely, Tunnel 1/0/0 and Tunnel 1/0/1, both of
which require the bandwidth of 40 Mbit/s. The total bandwidth (80 Mbit/s) of these two tunnels
is greater than the bandwidth (50 Mbit/s) of the link between S9300-A and S9300-B. In addition,
Tunnel 1/0/0 has a higher priority than Tunnel 1/0/0 and preemption is allowed.
The affinity property and mask is required to be used according to the administrative group
property. In this manner, Tunnel 1/0/0 on S9300-A uses one physical link from S9300-B to
S9300-C and Tunnel 1/0/1 uses another physical link.
1. Configure the RSVP-TE tunnel. See Configuration Roadmap in Example for Configuring
an RSVP-TE Tunnel.
2. Configure the administrative group property of the outgoing interface of the tunnel on each
node.
3. Configure the affinity property and mask of each tunnel according to the administrative
group property and networking requirements.
4. Set the priority of each tunnel as required.
Data Preparation

l Maximum bandwidth and maximum reservable bandwidth for the link along the tunnel

l Administrative group property of the link between S9300-A and S9300-B and
administrative group property of the link between S9300-B and S9300-C
l Affinity property and mask of each tunnel
l Number of the tunnel interface, IP address, destination IP address, tunnel ID, tunnel
bandwidth, tunnel priority, and signaling protocol (RSVP-TE by default)
Procedure
Configure IP addresses and masks for the interfaces including loopback interfaces according to
Figure 5-182.
Step 2 Configure an IGP.
Configure OSPF on all the nodes to advertise the routes of network segments and the host routes
of LSR IDs.
Step 3 Configure basic MPLS functions, enable MPLS TE, RSVP-TE, and OSPF TE, and enable CSPF
on the ingress node.
# Configure basic MPLS functions and enable MPLS TE and RSVP-TE on S9300-A, S9300-B,
and S9300-C.
Take the display on S9300-A as an example.

[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
# Enable OSPF TE on S9300-A, S9300-B, and S9300-C. Take the display on S9300-A as an
example.
[S9300-A] ospf
# Enable CSPF TE on S9300-A that is the ingress node of the tunnel.

[S9300-A] mpls
[S9300-A-mpls] quit
Step 4 Set MPLS TE attributes of the outgoing interface of each node.

# On S9300-A, set the maximum link bandwidth to 100 Mbit/s and the maximum reservable
bandwidth to 50 Mbit/s.
# On S9300-A, set the administrative group property of the link to 0x10001.

[S9300-A-Vlanif10] mpls te link administrative group 10001
# Set MPLS TE attributes of the link on S9300-B.

[S9300-B-Vlanif20] mpls te link administrative group 10101
After the configuration, you can view the TEDB on S9300-A, including the maximum reservable
bandwidth and the Color field that is the administrative group property of the link.
[S9300-A] display mpls te cspf tedb node
Router ID: 1.1.1.1
IGP Type: OSPF Process Id: 1
MPLS-TE Link Count: 1
Link[1]:
Interface IP Address: 192.168.1.1
Peer IP Address: 192.168.1.2
Peer Router Id: 2.2.2.2
Peer OSPF Router Id: 2.2.2.2
IGP Area: 0
Link Type: multi-access Link Status: Active
IGP Metric: 1 TE Metric: 1 Color: 0x10001
Maximum Bandwidth: 100000 (kbps)
Maximum Reservable Bandwidth: 50000 (kbps)
Bandwidth Constraints: Local Overbooking Multiplier:
BC[0]: 50000 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
BW Unreserved for Class type 0:
[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 (kbps)
[4]: 50000 (kbps), [5]: 50000 (kbps)
[6]: 50000 (kbps), [7]: 50000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Router ID: 2.2.2.2
Link[1]:
IGP Area: 0
BC[0]: 50000 (kbps) LOM[0]: 1

BC[1]: 0 (kbps) LOM[1]: 1

[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 100000 (kbps)
[4]: 50000 (kbps), [5]: 50000 100000 (kbps)
[6]: 50000 (kbps), [7]: 50000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[2]:
IGP Area: 0
Maximum Reservable Bandwidth: 0 (kbps)$#10$ Bandwidth Constraints:
Local Overbooking Multiplier:
BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[3]:
IGP Area: 0
BC[0]: 50000 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 (kbps)
[4]: 50000 (kbps), [5]: 50000 (kbps)
[6]: 50000 (kbps), [7]: 50000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Router ID: 3.3.3.3
Link[1]:
IGP Area: 0


BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[2]:
IGP Area: 0
BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Step 5 Create an MPLS TE tunnel.

# Create Tunnel 1/0/0 on S9300-A.
[S9300-A-Tunnel1/0/0] mpls te affinity property 10101 mask 11011
Here, the default setup priority and holding priority are used, that is, the lowest priority with the
value of 7.
The affinity property of the tunnel is 0x10101 and the mask is 0x11011, both of which can match
the administrative group property of the links along the tunnel.
After the configuration, check the status of the tunnel on S9300-A:
Tunnel Attributes :
LSP ID : 1.1.1.1:1
Session ID : 100


Hop Limit : -
Metric Type : None
Record Route : Disabled Record Label : Disabled
Back Up Type : None
Back Up LSPID : -
Primary Tunnel : -
Backup Tunnel : -
IPTN InLabel : -
Group Status : Up
Oam Status : Up
Bfd Capability : Up
Check the TEDB, and you can view the change of bandwidth used by the links:
[S9300-A] display mpls te cspf tedb node
Router ID: 1.1.1.1
Link[1]:
IGP Area: 0
BC[0]: 50000 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 (kbps)
[4]: 50000 (kbps), [5]: 50000 (kbps)
[6]: 50000 (kbps), [7]: 10000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Router ID: 2.2.2.2
Link[1]:

IGP Area: 0
BC[0]: 50000 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 (kbps)
[4]: 50000 (kbps), [5]: 50000 (kbps)
[6]: 50000 (kbps), [7]: 10000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[2]:
IGP Area: 0
BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[3]:
IGP Area: 0
BC[0]: (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 50000 (kbps), [1]: 50000 (kbps)
[2]: 50000 (kbps), [3]: 50000 (kbps)
[4]: 50000 (kbps), [5]: 50000 (kbps)
[6]: 50000 (kbps), [7]: 50000 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Router ID: 3.3.3.3
Link[1]:


IGP Area: 0
BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
Link[2]:
IGP Area: 0
BC[0]: 0 (kbps) LOM[0]: 1
BC[1]: 0 (kbps) LOM[1]: 1
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
[0]: 0 (kbps), [1]: 0 (kbps)
[2]: 0 (kbps), [3]: 0 (kbps)
[4]: 0 (kbps), [5]: 0 (kbps)
[6]: 0 (kbps), [7]: 0 (kbps)
The BW Unreserved for Class type 0 field indicates the available bandwidth from the maximum
reservable bandwidth for various priorities. The display shows that the unreserved bandwidth
changes for class type 7 on the outgoing interfaces on each node along the tunnel. This indicates
that certain tunnels succeed in reserving 40 Mbit/s bandwidth with the priority of 7. According
to bandwidth allocation , you can view the path that the tunnel takes. This indicates that the
affinity property and the mask of the tunnel must match the administrative group property of the
links.
You can also run the display mpls te tunnel command on S9300-B to view the outgoing interface
of the tunnel.
1.1.1.1:100:1 3.3.3.3 Vlanif10/Vlanif20
# Create Tunnel 1/0/1 on S9300-A.

[S9300-A-Tunnel1/0/1] mpls te affinity property 10011 mask 11101

[S9300-A-Tunnel1/0/1] mpls te priority 6


After the configuration, run the display interface Tunnel or display mpls te tunnel-
interface command on S9300-A, and you can view the status of the tunnel on S9300-A. You
can view that the status of Tunnel 1/0/0 is Down. This is because the maximum reservable
bandwidth of the physical link between S9300-A and S9300-B is insufficient, and the bandwidth
of Tunnel 1/0/0 is preempted by Tunnel 1/0/1 with a higher priority.
Run the display mpls te cspf tedb node command to check the TEDB and the changes of
bandwidth used on the links. It indicates that Tunnel 1/0/1 passes through VLANIF 30 of
S9300-B.
Or run the display mpls te tunnel command on S9300-B, and you can view the outgoing
interface of the tunnel.
1.1.1.1:101:4 3.3.3.3 Vlanif10/Vlanif30
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
mpls
mpls te
mpls te link administrative group 10001
mpls rsvp-te
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3
mpls te affinity property 10101 mask 11011
mpls te commit
#

destination 3.3.3.3
mpls te priority 6
mpls te affinity property 10011 mask 11101
mpls te commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.1.0 0.0.0.255
mpls-te enable
#
return
#
sysname S9300-B
#
vlan batch 10 20 30
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

network 192.168.3.0 0.0.0.255
mpls-te enable
#
return

#
sysname S9300-C
#
vlan batch 20 30
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
mpls-te enable
#
return
Example for Configuring MPLS TE FRR
As shown in Figure 5-183, the primary LSP is S9300-A → S9300-B → S9300-C → S9300-D,
and the link from S9300-B to S9300-C requires link protection through FRR.
Establish a bypass LSP, and use the path S9300-B → S9300-E → S9300-C. Here, S9300-B is
the PLR and S9300-C is the MP.
Use the explicit path to establish the primary tunnel and the bypass tunnel of MPLS TE. RSVP-
TE is used.

Figure 5-183 Networking diagram for configuring MPLS TE FRR

Loopback1
4.4.4.4/32
S9300-D
GE1/0/0
Vlanif50
4.1.1.2/24
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 Loopback1
3.3.3.3/32 GE1/0/0
Vlanif50
S9300-A S9300-B 4.1.1.1/24
S9300-C
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
2.1.1.1/24 2.1.1.2/24 3.1.1.1/24 3.1.1.2/24 GE3/0/0
GE3/0/0 Vlanif40
Vlanif30 5.5.5.5/32
3.2.1.1/24
Primary LSP GE2/0/0
GE1/0/0 Vlanif40
Vlanif30 3.3.1.1/24
Bypass LSP 3.2.1.2/24
S9300-E
1. Set up a primary tunnel and enable FRR on the tunnel interface.

2. Configure a bypass tunnel on the ingress node of the protected link, that is, PLR, and specify
the bandwidth that the bypass tunnel can protect and the interface of the protected link in
the tunnel interface view.
Data Preparation
l IS-IS area ID, originating system ID, and IS-IS level of each node
l Maximum bandwidth and maximum reservable bandwidth for the link along the tunnel
l Explicit paths of the primary tunnel and the bypass tunnel
l Interface names, IP addresses, destination IP addresses, tunnel IDs, signaling protocol
(RSVP-TE) of the primary tunnel and the bypass tunnel
l Interface protected by the bypass tunnel
Procedure

loopback interfaces. The configuration details are not mentioned here.
Configure IS-IS on all the nodes to advertise the host routes of the LSR IDs. The configuration
Step 3 Configure basic MPLS functions and enable MPLS TE, RSVP-TE, CSPF, and IS-IS TE.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
[S9300-A] isis
NOTE
The configurations on S9300-B, S9300-C, S9300-D, and S9300-E are similar to the configuration on
S9300-A, and are not mentioned here. CSPF needs to be enabled only on the ingress node of the primary
tunnel (S9300-A) and the ingress node of the bypass tunnel (S9300-B); CSPF does not need to be enabled
on S9300-C, S9300-D, and S9300-E.
Step 4 Configure the MPLS TE attributes of the link.

# Set the maximum link bandwidth to 100 Mbit/s and maximum reservable bandwidth to 100
Mbit/s on S9300-A, S9300-B, S9300-C, S9300-D, and S9300-E.
[S9300-A] interface gigabitethernet vlanif 10

[S9300-E] interface vlanif 40

[S9300-E-Vlanif40] mpls te max-link-bandwidth 100000
[S9300-E-Vlanif40] mpls te max-reservable-bandwidth 100000
[S9300-E-Vlanif40] quit
Step 5 # Establish an MPLS TE tunnel on S9300-A that is the ingress node of the primary LSP.
# Configure the explicit path of the primary LSP.
[S9300-A] explicit-path pri-path
[S9300-A-explicit-path-pri-path] next hop 2.1.1.2
[S9300-A-explicit-path-pri-path] quit
# Configure the MPLS TE tunnel of the primary LSP.

[S9300-A-Tunnel1/0/0] mpls te path explicit-path pri-path
# Enable FRR.
[S9300-A-Tunnel1/0/0] mpls te fast-reroute
view that the status of Tunnel 1/0/0 is Up.
Last line protocol up time: 2008-11-16, 12:26:17
0 output error
Run the display mpls te tunnel-interface command on S9300-A, and you can view detailed
information about the tunnel.
Tunnel Attributes :
LSP ID : 1.1.1.1:1
Session ID : 100
Signaling Prot : RSVP Resv Style : SE
Hop Limit : -

Explicit Path Name : pri-path

Metric Type : None
Record Route : Enabled Record Label : Enabled
FRR Flag : Enabled BackUpBW Flag: Not Supported
Back Up Type : None
Back Up LSPID : -
Primary Tunnel : -
Backup Tunnel : -
IPTN InLabel : -
Group Status : Up
Oam Status : Up
Bfd Capability : Disable
Step 6 Configure a bypass tunnel on S9300-B that functions as the PLR.

# Configure the explicit path of the bypass LSP.
[S9300-B] explicit-path by-path
[S9300-B-explicit-path-by-path] next hop 3.2.1.2
[S9300-B-explicit-path-by-path] quit
# Configure the bypass tunnel.

[S9300-B] interface tunnel 3/0/0
[S9300-B-Tunnel3/0/0] ip address unnumbered interface loopback 1
[S9300-B-Tunnel3/0/0] tunnel-protocol mpls te
[S9300-B-Tunnel3/0/0] destination 3.3.3.3
[S9300-B-Tunnel3/0/0] mpls te tunnel-id 300
[S9300-B-Tunnel3/0/0] mpls te signal-protocol rsvp-te
[S9300-B-Tunnel3/0/0] mpls te path explicit-path by-path
# Configure the bandwidth that can be protected by the bypass tunnel.

[S9300-B-Tunnel3/0/0] mpls te bypass-tunnel bandwidth 100000
# Bind the bypass tunnel to the protected interface.

[S9300-B-Tunnel3/0/0] mpls te protected-interface vlanif 20
[S9300-B-Tunnel3/0/0] mpls te commit
[S9300-B-Tunnel3/0/0] quit
After the configuration, run the display interface tunnel command on S9300-B, and you can
Run the display mpls lsp command on all the nodes, and you can view the LSP entry and that
two LSPs pass through S9300-B and S9300-C.
----------------------------------------------------------------------
LSP Information: RSVP LSP
----------------------------------------------------------------------


4.4.4.4/32 NULL/13312 -/Vlanif10

----------------------------------------------------------------------
----------------------------------------------------------------------
4.4.4.4/32 13312/13312 Vlanif10/Vlanif20
3.3.3.3/32 NULL/13312 -/Vlanif30
[S9300-C] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
4.4.4.4/32 13312/3 Vlanif20/Vlanif50
3.3.3.3/32 3/NULL Vlanif40/-
[S9300-D] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
4.4.4.4/32 3/NULL Vlanif50/-
[S9300-E] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
3.3.3.3/32 13312/3 Vlanif30/Vlanif40
Run the display mpls te tunnel command on all the nodes, and you can view the establishment
of the tunnel and that two tunnels pass through S9300-B and S9300-C.
[S9300-A] display mpls te tunnel
1.1.1.1:100:1 4.4.4.4 -/Vlanif10
1.1.1.1:100:1 4.4.4.4 Vlanif10/Vlanif20
2.2.2.2:300:2 3.3.3.3 -/Vlanif30
[S9300-C] display mpls te tunnel
1.1.1.1:100:1 4.4.4.4 Vlanif20/Vlanif50
2.2.2.2:300:2 3.3.3.3 Vlanif40/-
[S9300-D] display mpls te tunnel
1.1.1.1:100:1 4.4.4.4 Vlanif50/-
[S9300-E] display mpls te tunnel

2.2.2.2:300:1 3.3.3.3 Vlanif20/Vlanif40
Run the display mpls lsp verbose command on S9300-B, and you can view that the bypass
tunnel is bound to the outgoing interface VLANIF 20 and is not in use currently.
[S9300-B] display mpls lsp verbose
----------------------------------------------------------------------
----------------------------------------------------------------------
No : 1
SessionID : 100
IngressLsrID : 1.1.1.1
LocalLspID : 1
Tunnel-Interface : Tunnel1/0/0
Fec : 4.4.4.4/32
Nexthop : 3.1.1.2
In-Label : 13312
Out-Label : 13312

LspIndex : 4104
Token : 0x10000
LsrType : Transit
Bypass In Use : Not Used
BypassTunnel : Tunnel Index[Tunnel3/0/0], InnerLabel[13312]
Mpls-Mtu : 1500
TimeStamp : 1265sec
No : 2
SessionID : 300
LocalLspID : 2
Fec : 3.3.3.3/32
Nexthop : 3.2.1.2
In-Label : NULL
Out-Label : 13313
In-Interface : ----------
LspIndex : 4106
Token : 0x10000
LsrType : Ingress
Bypass In Use : Not Exists
BypassTunnel : Tunnel Index[---]
Mpls-Mtu : 1500
TimeStamp : 528sec

# Make the protected outgoing interface on the PLR invalid.
Run the display interface tunnel 1/0/0 command on S9300-A, and you can view the status of
the primary LSP and that the status of the tunnel interface is still Up.
Run the tracert lsp te tunnel 1/0/0 command on S9300-A, and you can view the path passed
by the tunnel.
[S9300-A] tracert lsp te tunnel 1/0/0
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel1/0/0 , press CTRL_C to
break.
TTL Replier Time Type Downstream
0 Ingress 2.1.1.2/[13312 ]
1 2.1.1.2 1 ms Transit
2 3.2.1.2 16 ms Transit
3 3.3.1.2 1 ms Transit
4 4.1.1.2 1 ms Egress
The preceding information shows that services on the link are already switched to the bypass
tunnel.
NOTE
After the FRR switchover, run the display mpls te tunnel-interface command immediately, and you can
view that two CR-LSPs are in Up state. This is because FRR establishes a new LSP by using the make-
before-break mechanism. The previous LSP is deleted only after the new LSP is established successfully.
Run the display mpls lsp verbose command on S9300-B, and you can view that the bypass
tunnel is used.
[S9300-B] display mpls lsp verbose
----------------------------------------------------------------------
----------------------------------------------------------------------
No : 1

SessionID : 100
LocalLspID : 1
Fec : 4.4.4.4/32
Nexthop : 3.1.1.2
In-Label : 13312
Out-Label : 13312
LspIndex : 4104
Token : 0x10000
LsrType : Transit
Bypass In Use : In Use
Bypass Tunnel Id : 0x0
Mpls-Mtu : 1500
TimeStamp : 3782sec
No : 2
SessionID : 300
LocalLspID : 2
Fec : 3.3.3.3/32
Nexthop : 3.2.1.2
In-Label : NULL
Out-Label : 13313
LspIndex : 4106
Token : 0x10000
LsrType : Ingress
Mpls-Mtu : 1500
TimeStamp : 1379sec
# Set the scanning timer of FRR on the PLR to 5 seconds.

[S9300-B] mpls
[S9300-B-mpls] mpls te timer fast-reroute 5
[S9300-B-mpls] quit
# Re-enable the protected outgoing interface on the PLR.

[S9300-B] intrface vlanif 20
[S9300-B-Vlanif20] undo shutdown
Run the display interface tunnel 1/0/0 command, and you can view the status of the primary
LSP on S9300-A. The tunnel interface is in Up state.
After a period of time, run the display mpls lsp verbose command on S9300-B, and you can
view that Tunnel 1/0/0 is bound to VLANIF 20 and remains unused.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1

mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path pri-path
next hop 2.1.1.2
next hop 3.1.1.2
next hop 4.1.1.2
next hop 4.4.4.4
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0001.00
traffic-eng level-2
#
interface Vlanif10
ip address 2.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
destination 4.4.4.4
mpls te record-route label
mpls te path explicit-path pri-path
mpls te fast-reroute
mpls te commit
#
return
#
sysname S9300-B
#
vlan batch 10 20 30
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls te timer fast-reroute 5
mpls rsvp-te
mpls te cspf
#
explicit-path by-path
next hop 3.2.1.2
next hop 3.3.1.2
next hop 3.3.3.3
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0002.00
traffic-eng level-2
#

interface Vlanif10
ip address 2.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 3.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 3.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
destination 3.3.3.3
mpls te record-route
mpls te bypass-tunnel bandwidth 100000
mpls te path explicit-path by-path
mpls te protected-interface Vlanif20
mpls te commit
#
return
#
sysname S9300-C
#
vlan batch 20 40 50
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0003.00
traffic-eng level-2

#
interface Vlanif20
ip address 3.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 3.3.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 4.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
#
sysname S9300-D
#
vlan batch 50
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0004.00
traffic-eng level-2
#
interface Vlanif50
ip address 4.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#

interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
return

#
sysname S9300-E
#
vlan batch 30 40
#
mpls lsr-id 5.5.5.5
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 00.0005.0000.0000.0005.00
traffic-eng level-2
#
interface Vlanif30
ip address 3.2.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 3.3.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
return
Example for Configuring MPLS TE Auto FRR
As shown in Figure 5-184, a primary tunnel is set up using the explicit path of S9300-A→
S9300-B→ S9300-C. A bypass tunnel is set up on the ingress node S9300-A for node protection
and a bypass tunnel is set up on the transit node S9300-B for link protection, and both of them
provide bandwidth protection.

Figure 5-184 Networking diagram for configuring MPLS TE auto FRR

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE3/0/0
S9300-A S9300-B GE3/0/0 S9300-C
Vlanif20 Vlanif40
2.1.1.2/24 3.1.1.2/24
GE2/0/0 GE2/0/0 GE1/0/0
GE1/0/0 GE2/0/0 Vlanif10
Vlanif20 GE1/0/0 Vlanif40 Vlanif50
Vlanif10 Vlanif30 3.1.1.1/24 10.1.1.1/24
2.1.1.1/24 Loopback1 4.1.1.2/24
10.1.1.2/24 3.2.1.1/24
4.4.4.4/32
GE3/0/0 GE2/0/0
Vlanif30 Vlanif50
3.2.1.2/24 4.1.1.1/24
S9300-D
1. Set up a primary tunnel, enable TE FRR in the tunnel interface view, and enable MPLS
auto FRR in the MPLS view.
2. Specify the bandwidth that the bypass tunnel can protect and the setup priority and holding
priority of the bypass tunnel.
Data Preparation
l Maximum bandwidth and maximum reservable bandwidth of the link
l Path that the primary tunnel passes through
l Number of the primary tunnel interface, IP address, destination IP address, tunnel ID,
signaling protocol (RSVP-TE), and tunnel bandwidth
Procedure
Step 2 Configure OSPF to advertise the routes of network segments and the host routes of the LSR IDs.
Configure OSPF on all the nodes to advertise the host routes of the LSR IDs. The configuration
view that the nodes learn the LSR ID from each other.

Step 3 Configure basic MPLS functions and enable MPLS TE, RSVP-TE, and CSPF.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
NOTE
The configurations on S9300-B, S9300-C, and S9300-D are similar to the configuration on S9300-A, and
are not mentioned here. You need to enable CSPF only on the ingress nodes of the primary tunnel and the
bypass tunnel. That is, you need to enable CSPF only on S9300-A and S9300-B. You do not need to enable
CSPF on S9300-C and S9300-D.
Step 4 Configure OSPF TE.

[S9300-A] ospf
[S9300-B] ospf
[S9300-B-ospf-1-area-0.0.0.0] mpls-te enable
[S9300-C] ospf
[S9300-C-ospf-1-area-0.0.0.0] mpls-te enable
[S9300-D] ospf
[S9300-D-ospf-1] opaque-capability enable
[S9300-D-ospf-1-area-0.0.0.0] mpls-te enable
Step 5 Configure the MPLS TE link bandwidth.

Set the maximum reservable bandwidth of the link to 10 Mbit/s and the BC1 bandwidth to 3
Mbit/s.

[S9300-A-Vlanif20] mpls te max-link-bandwidth 10000 bc1 3000
[S9300-A-Vlanif20] mpls te max-reservable-bandwidth 10000 bc1 3000
For convenience, these configurations are used on the outgoing interfaces on the link that the
primary tunnel and bypass tunnel pass through, and the details are not mentioned here.
Step 6 Configure the explicit path for the primary tunnel.
[S9300-A] explicit-path master
[S9300-A-explicit-path-master] next hop 2.1.1.2
[S9300-A-explicit-path-master] next hop 3.1.1.2
Step 7 Enable MPLS TE auto FRR.

[S9300-A] mpls
[S9300-A-mpls] mpls te auto-frr
[S9300-B] mpls
[S9300-B-mpls] mpls te auto-frr
Step 8 Configure the primary tunnel.

[S9300-A] interface tunnel2/0/0
[S9300-A-Tunnel2/0/0] ip address unnumbered interface loopback1
[S9300-A-Tunnel2/0/0] mpls te record-route label
[S9300-A-Tunnel2/0/0] mpls te path explicit-path master
[S9300-A-Tunnel2/0/0] mpls te priority 4 3
[S9300-A-Tunnel2/0/0] mpls te fast-reroute bandwidth
[S9300-A-Tunnel2/0/0] mpls te bypass-attributes bandwidth 200 priority 5 4

Run the display mpls lsp verbose command on the ingress node S9300-A. You can view the
LSP information about the primary tunnel and the bypass tunnel, and the primary tunnel is bound
to the bypass tunnel.
[S9300-A] display mpls lsp verbose
No : 1
SessionID : 200
LocalLspID : 1
Fec : 3.3.3.3/32
Nexthop : 2.1.1.2
In-Label : NULL
Out-Label : 106497
LspIndex : 6148
Token : 0x10000
LsrType : Ingress
Bypass In Use : Not Used
Mpls-Mtu : 1500
TimeStamp : 324sec
Bfd-State : ---

No : 2
SessionID : 5097
LocalLspID : 2
Fec : 3.3.3.3/32
Nexthop : 10.1.1.1
In-Label : 13312
Out-Label : 3
LspIndex : 6149
Token : 0x10000
LsrType : Transit
Mpls-Mtu : ------
TimeStamp : 324sec
Bfd-State : ---
No : 3
SessionID : 5097
LocalLspID : 3
Fec : 3.3.3.3/32
Nexthop : 10.1.1.1
In-Label : NULL
Out-Label : 3
LspIndex : 6150
Token : 0x10000
LsrType : Ingress
Mpls-Mtu : 1500
TimeStamp : 324sec
Bfd-State : ---
You can view that the primary tunnel is bound to the auto bypass tunnel, that is, Tunnel7/0/2048.
Run the display mpls te tunnel-interface auto-bypass-tunnel command, and you can view
detailed information about the auto bypass tunnel. The bandwidth, setup priority, and holding
priority of the auto bypass tunnel are the same as the bypass-attributes of the primary tunnel.
[S9300-A] display mpls te tunnel-interface auto-bypass-tunnel Tunnel0/0/2048
Tunnel Attributes :
LSP ID : 1.1.1.1:3
Session ID : 5097
Admin State : UP
Oper State : UP
Ingress LSR ID: 1.1.1.1
Egress LSR ID: 3.3.3.3
Signaling Prot: RSVP
Resv Style : SE
Class Type : CLASS 0
Tunnel BW : 200 kbps
Setup Priority: 5
Hold Priority: 4
Hop Limit : -
Secondary Hop Limit: -


Metric Type : None
Record Route : Enabled
Record Label : Disabled
FRR Flag: Disabled
BackUpBW Flag: Not Supported
BackUpBW Type : -
BackUpBW : -
Retry Limit : 5
Retry Interval: 10 sec
Reopt : Disabled
Reopt Freq : -
Back Up Type : None
Back Up LSPID : -
Auto BW : Disabled
Auto BW Freq : -
Interfaces Protected: GE2/0/0
Excluded IP Address : 2.1.1.1, 2.2.2.2, 3.1.1.2
Primary Tunnel: -
Backup Tunnel: -
IPTN InLabel : -
Group Status: Up
Oam Status: -
Bfd Capability : None
BestEffort : Disabled
IsBestEffortPath: Non-existent
You can view that the auto bypass tunnel protects the primary tunnel through VLANIF 20 rather
than through other three interfaces on the primary tunnel. The bandwidth of the auto bypass
tunnel is 200 kbit/s, and its setup priority and the holding priority is 5 and 4 respectively.
Run the display mpls te tunnel path command on S9300-A, and you can view the path
information about the primary tunnel and the auto bypass tunnel, and node protection and
bandwidth protection are provided for the outgoing interface on the primary tunnel.
[S9300-A] display mpls te tunnel path
Tunnel Interface Name : Tunnel2/0/0
Lsp ID : 1.1.1.1 :200:1
Hop Information
Hop 0 2.1.1.1 Local-Protection available | bandwidth | node
Hop 1 2.1.1.2 Label 106497
Hop 2 2.2.2.2
Hop 3 3.1.1.1 Local-Protection available | bandwidth
Hop 4 3.1.1.2 Label 3
Hop 5 3.3.3.3

Lsp ID : 2.2.2.2 :5097 :2
Hop Information
Hop 0 2.2.2.2
Hop 1 2.1.1.2
Hop 2 2.1.1.1
Hop 3 1.1.1.1
Hop 4 10.1.1.2
Hop 5 10.1.1.1
Hop 6 3.3.3.3

Lsp ID : 1.1.1.1 :5097:3
Hop Information

Hop 0 10.1.1.2
Hop 1 10.1.1.1
Hop 2 3.3.3.3
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls te auto-frr
mpls rsvp-te
mpls te cspf
#
explicit-path master
next hop 2.1.1.2
next hop 3.1.1.2
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 10000 bc1 3000
mpls te max-reservable-bandwidth 10000 bc1 3000
mpls rsvp-te
#
interface Vlanif20
ip address 2.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3
mpls te record-route label
mpls te path explicit-path master
mpls te priority 4 3
mpls te fast-reroute bandwidth
mpls te bypass-attributes bandwidth 200 priority 5 4
mpls te commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255

network 2.1.1.0 0.0.0.255

network 1.1.1.1 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-B
#
vlan batch 20 30 40
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls te auto-frr
mpls rsvp-te
mpls te cspf
#
interface Vlanif20
ip address 2.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 3.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 3.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.1.1.0 0.0.0.255
network 3.2.1.0 0.0.0.255
network 2.1.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-C

#
vlan batch 10 40 50
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 3.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 4.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 3.1.1.0 0.0.0.255
network 4.1.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-D
#
vlan batch 30 50
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 3.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50

ip address 4.1.1.1 255.255.255.0

mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.2.1.0 0.0.0.255
network 4.1.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
mpls-te enable
#
return
Example for Configuring Board Removing Protection
Figure 5-185 shows the networking diagram of MPLS TE FRR. The primary tunnel is along
PLR → S9300-A → MP → S9300-C, and its bypass tunnel is along PLR → S9300-C → MP.
It is required that the TE traffic of the primary tunnel be switched to the bypass tunnel after the
LPU where GE 1/0/0 of the PLR is located is removed, and the traffic be switched back to the
primary tunnel after the removed LPU is re-installed.
Both the PLR and the MP are S9300s.

Figure 5-185 Networking diagram for configuring MPLS TE FRR

Loopback 1
2.2.2.2/32
GE
0
Loopback 1 1 /0/ 0 Vla 2/0/
1
GE lanif /24 30 ni f 0 Loopback 1 Loopback 1
1.1.1.1/32 .1. 30
V .1.2 1.1 GE 4.4.4.4/32 5.5.5.5/32
/ 0 . 1 /24 Vla 1/0/
E 1/0if 10 10 S9300-A 3 n 0
G lan 1/2 4 0 i
.1. f30
V .1. 1.2 GE3/0/0 GE1/0/0
0 .1 /24 Vlanif50 Vlanif50
1
50.1.1.1/24 50.1.1.2/24
PLR MP
GE S9300-C
/0
V 2/0 2/0 f40
20 lanif /0 E i
G lan /24
.1. 20
1.1 S9300-B V .1.2
/24 .1
GE 40
V 1/0 /0
20 lanif /0 2/0 0
.1. 20 GE anif4 /24
1.2
/24 Vl .1.1 : primary LSP
.1
40
: bypass LSP
Loopback 1
3.3.3.3/32
1. Configure the tunnel interfaces of the primary tunnel and the bypass tunnel of the PLR on
the main control board.
2. Specify the explicit paths of the primary tunnel and the bypass tunnel when you configure
MPLS TE FRR. The explicit paths of the primary tunnel and the bypass tunnel must pass
through different LPUs of the PLR; otherwise, board removing protection cannot be
implemented.
Data Preparation
l Slot number of the main control board on the PLR

l Tunnel interfaces of the primary tunnel and the bypass tunnel
l Outgoing interfaces of the primary tunnel and the bypass tunnel on the PLR
l Explicit paths of the primary tunnel and the bypass tunnel
Procedure
Step 2 Configure OSPF to advertise the routes of network segments and the host routes of the LSR IDs.

Configure OSPF on all the nodes to advertise the host routes of the LSR IDs. The configuration
view that the nodes learn the LSR ID from each other.
Step 3 Configure basic MPLS functions and enable MPLS TE and RSVP-TE.
# Configure the PLR.

[PLR] mpls lsr-id 1.1.1.1
[PLR] mpls
[PLR-mpls] mpls te
[PLR-mpls] mpls rsvp-te
[PLR-mpls] quit
[PLR] interface vlanif 10
[PLR-Vlanif10] mpls
[PLR-Vlanif10] mpls te
[PLR-Vlanif10] mpls rsvp-te
[PLR-Vlanif10] quit
[PLR-Vlanif20] mpls
[PLR-Vlanif20] mpls te
[PLR-Vlanif20] mpls rsvp-te
[PLR-Vlanif20] quit
NOTE
The configurations on S9300-A, S9300-B, MP, and S9300-C are similar to the configuration on the PLR,
and are not mentioned here.
Step 4 Configure OSPF TE and enable CSPF on the ingress node of the tunnel.
# Configure OSPF TE.

[PLR] ospf
[PLR-ospf-1] opaque-capability enable
[PLR-ospf-1] area 0
[PLR-ospf-1-area-0.0.0.0] mpls-te enable
[PLR-ospf-1-area-0.0.0.0] quit
[PLR-ospf-1] quit
NOTE
The configurations on S9300-B, S9300-C, and S9300-D are similar to the configuration on the PLR, and
# Enable CSPF on the ingress node of the primary tunnel.

[PLR] mpls
[PLR-mpls] mpls te cspf
Step 5 Configure the bandwidth for the interfaces on the link.
Set the maximum reservable bandwidth of the link to 10 Mbit/s, the BC0 bandwidth to 10 Mbit/
s, and the BC1 bandwidth to 3 Mbit/s.
# Configure the PLR.

[PLR-Vlanif10] mpls te max-link-bandwidth 10000 bc1 3000
[PLR-Vlanif10] mpls te max-reservable-bandwidth 10000 bc1 3000
[PLR-Vlanif10] quit
[PLR-Vlanif20] mpls te max-link-bandwidth 10000 bc1 3000
[PLR-Vlanif20] mpls te max-reservable-bandwidth 10000 bc1 3000
[PLR-Vlanif20] quit

# Configure link bandwidth on all the outgoing interfaces of the link along the primary tunnel
and the bypass tunnel, and the details are not mentioned here.
# Configure the explicit path for the primary tunnel on the PLR.
[PLR] explicit-path master
[PLR-explicit-path-master] next hop 10.1.1.2
[PLR-explicit-path-master] quit
# Configure the tunnel interface of the primary tunnel.

[PLR] interface tunnel0/0/1
[PLR-Tunnel0/0/1] ip address unnumbered interface loopback1
[PLR-Tunnel0/0/1] tunnel-protocol mpls te
[PLR-Tunnel0/0/1] destination 5.5.5.5
[PLR-Tunnel0/0/1] mpls te tunnel-id 100
[PLR-Tunnel0/0/1] mpls te signal-protocol rsvp-te
[PLR-Tunnel0/0/1] mpls te path explicit-path master
# Enable TE FRR.
[PLR-Tunnel0/0/1] mpls te fast-reroute
[PLR-Tunnel0/0/1] mpls te commit
[PLR-Tunnel0/0/1] quit
After the configuration, run the display interface tunnel command on the PLR, and you can
[PLR] display interface tunnel 0/0/1
0 output error
Step 7 Configure the bypass tunnel.
# Configure the explicit path for the bypass tunnel on the PLR.
[PLR] explicit-path by-path
[PLR-explicit-path-by-path] next hop 20.1.1.2
# Configure the tunnel interface of the bypass tunnel.

[PLR] interface tunnel 0/0/2
[PLR-Tunnel0/0/2] ip address unnumbered interface loopback 1
[PLR-Tunnel0/0/2] tunnel-protocol mpls te
[PLR-Tunnel0/0/2] destination 4.4.4.4
[PLR-Tunnel0/0/2] mpls te tunnel-id 200
[PLR-Tunnel0/0/2] mpls te signal-protocol rsvp-te
[PLR-Tunnel0/0/2] mpls te path explicit-path by-path
[PLR-Tunnel0/0/2] mpls te bypass-tunnel bandwidth 400
# Specify the interface protected by the bypass tunnel.

[PLR-Tunnel0/0/2] mpls te protected-interface vlanif 10

[PLR-Tunnel0/0/2] mpls te commit
After the configuration, run the display interface tunnel command on the PLR, and you can
<PLR> display interface tunnel 0/0/2
0 output error

# Run the tracert lsp te tunnel command on the PLR, and you can view that the TE traffic is
transmitted through the primary tunnel.
<PLR> tracert lsp te tunnel 0/0/1
break.
0 Ingress 10.1.1.2/[13312 ]
1 10.1.1.2 50 ms Transit 30.1.1.2/[13312 ]
2 30.1.1.2 40 ms Transit 50.1.1.2/[3 ]
3 5.5.5.5 70 ms Egress
# After the LPU where the outgoing interface of the primary tunnel (GE 1/0/0) is located is
removed, run the display interface tunnel command, and you can view that the tunnel interface
of the primary tunnel remains Up.
# Run the display mpls te tunnel stale-interface and display mpls te tunnel stale-interface
interface-index verbose commands on the PLR, and you can view that the outgoing interface
of the primary tunnel is in Stale state.
<PLR> display mpls stale-interface
Stale-interface Status TE Attri LSP Count CRLSP Count Effective MTU
0x018000106 Up Dis 0 1 -
<PLR> display mpls te tunnel stale-interface 18000106 verbose

No : 1
LSP-Id : 1.1.1.1:100:1
Tunnel-Name : Tunnel0/0/1
Destination : 5.5.5.5
In-Interface : 0x18000186
Out-Interface : 0x18000106
Tunnel BW : 400 kbps
Class Type : bc0
Ingress LSR-Id : 1.1.1.1
Egress LSR-Id : 5.5.5.5
Setup-Priority : 7
Hold-Priority : 7
Sign-Protocol : RSVP TE
Resv Style : SE
IncludeAnyAff : 0x0
ExcludeAnyAff : 0x0
IncludeAllAff : 0x0
Created Time : 2007/10/18 18:35:38
# Run the display mpls te tunnel path command on the PLR, and you can view that the path
of the primary tunnel passes through S9300-B.

<PLR> display mpls te tunnel path Tunnel0/0/1

Lsp ID : 1.1.1.1 :100 :1
Hop Information
Hop 0 20.1.1.1
Hop 1 20.1.1.2
Hop 2 3.3.3.3
Hop 3 40.1.1.1
Hop 4 40.1.1.2
Hop 5 4.4.4.4
Hop 3 50.1.1.1
Hop 4 50.1.1.2
Hop 5 5.5.5.5
# Run the tracert lsp te tunnel command on the PLR, and you can view that the TE traffic is
transmitted through the bypass tunnel.
break.
0 Ingress 20.1.1.2/[13312 13312 ]
1 20.1.1.2 50 ms Transit 40.1.1.2/[3 ]
2 40.1.1.2 50 ms Transit
3 5.5.5.5 60 ms Egress
# After the removed LPU where the outgoing interface of the primary tunnel is located is re-
installed, run the tracert lsp te tunnel command, and you can view that the traffic is switched
back to the primary tunnel.
break.
0 Ingress 10.1.1.2/[13312 ]
1 10.1.1.2 40 ms Transit 30.1.1.2/[13312 ]
2 30.1.1.2 50 ms Transit 50.1.1.2/[3 ]
3 5.5.5.5 60 ms Egress
----End
Configuration Files
l Configuration file of the PLR
#
sysname PLR
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path master
next hop 10.1.1.2
next hop 30.1.1.2
next hop 50.1.1.2
next hop 5.5.5.5
#
explicit-path by-path
next hop 20.1.1.2
next hop 40.1.1.2
next hop 4.4.4.4
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0

mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface GigabitEhernet1/0/0
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 5.5.5.5
mpls te path explicit-path master
mpls te commit
#
destination 4.4.4.4
mpls te path explicit-path by-path
mpls te bypass-tunnel bandwidth 400
mpls te commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 20.1.1.0 0.0.0.3
network 1.1.1.1 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-A
#
vlan batch 10 30
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te

mpls rsvp-te
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 30.1.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-B
#
vlan batch 20 40
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0

network 20.1.1.0 0.0.0.3

network 30.1.1.0 0.0.0.3
network 3.3.3.3 0.0.0.0
mpls-te enable
#
return
l Configuration file of the MP
#
sysname MP
#
vlan batch 30 40 50
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 30.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 50.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.3
network 40.1.1.0 0.0.0.3
network 50.1.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
mpls-te enable
#
return
#
sysname S9300-C
#
vlan batch 50
#
mpls lsr-id 5.5.5.5

mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 50.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
ospf 1
area 0.0.0.0
network 50.1.1.0 0.0.0.3
network 5.5.5.5 0.0.0.0
mpls-te enable
#
return
Example for Configuring CR-LSP Hot Standby
Figure 5-186 shows an MPLS VPN. P and PE devices are S9300s. A TE tunnel with PE1 as the
ingress node and PE2 as the egress node needs to be established on PE1. CR-LSP hot standby
and best-effort path also need to be configured.
l The primary CR-LSP is PE1 → P1 → PE2.
l The backup CR-LSP is PE1 → P2 → PE2.
l The best-effort path is PE1 → P2 → P1 → PE2.
If the primary CR-LSP fails, traffic can be switched to the backup CR-LSP. After the faulty
primary CR-LSP is recovered, the traffic can be switched back to the primary CR-LSP after 15
seconds. If both the primary and backup CR-LSPs fail, traffic can be switched to the best-effort
path.

Figure 5-186 Networking diagram for configuring CR-LSP hot standby

Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
GE1/0/0 GE1/0/0
Vlanif10 Vlanif10
P1 10.1.1.1/24 10.1.1.2/24 P2
GE3/0/0 GE3/0/0
GE2/0/0
Vlanif20 Vlanif30 GE2/0/0
Vlanif40 10.3.1.2/24
10.2.1.1/24 Vlanif50
10.4.1.2/24
10.5.1.1/24
GE2/0/0 GE2/0/0
Vlanif40 Vlanif50
10.4.1.1/24 10.5.1.2 /24
GE1/0/0
GE1/0/0
PE1 Vlanif20 PE2
Vlanif30
10.2.1.2/24
10.3.1.1/24
Loopback1 Loopback1
4.4.4.4/32 3.3.3.3/32
: Primary path
: Backup path
: Best-effort path
1. Configure an IP address for each interface and enable an IGP on each node to implement
interworking.
2. Configure MPLS and basic MPLS TE functions.
3. Configure explicit paths for the primary and backup CR-LSPs on PE1.
4. Create the tunnel interface with PE2 as the egress node on PE1 and specify the explicit
path; enable hot standby and configure the best-effort path; set the WTR time to 15 seconds.
Data Preparation
l Type of an IGP and data required for configuring an IGP

l MPLS LSR ID
l Bandwidth attributes of links along the tunnel
l Tunnel interface number and bandwidth occupied by the tunnel
l Explicit paths of the primary CR-LSP and the backup CR-LSP

Procedure
As shown in Figure 5-186, configure an IP address for each interface, create loopback interfaces
on the nodes, and then configure the IP addresses of the loopback interfaces as MPLS LSR IDs.
Configure OSPF or IS-IS on each node to implement interworking between the nodes. In this
example, IS-IS is configured. For detailed configuration, see the configuration files in this
example.
Step 3 Configure basic MPLS functions.
On each node, enable MPLS TE and MPLS RSVP-TE in the MPLS view and in the view of the
physical interface. Set the maximum MPLS TE bandwidth and maximum reservable bandwidth
for each interface to 100 Mbit/s and 100 Mbit/s respectively. For detailed configuration, see the
configuration files in this example.
Step 4 Configure IS-IS TE and CSPF.
Configure IS-IS TE on each node and configure CSPF on PE1. For the configuration procedure,
see "Configuring an RSVP-TE Tunnel".
Step 5 Configure the explicit paths for the primary CR-LSP and the backup CR-LSP.
# Configure the explicit path for the primary CR-LSP on PE1.
<PE1> system-view
[PE1] explicit-path main
[PE1-explicit-path-main] next hop 10.4.1.2
[PE1-explicit-path-main] quit
# Configure the explicit path for the backup CR-LSP on PE1.

[PE1] explicit-path backup
[PE1-explicit-path-backup] next hop 10.3.1.2
[PE1-explicit-path-backup] quit
# View information about the explicit paths on PE1.

[PE1] display explicit-path main
Path Name : main Path Status : Enabled
1 10.4.1.2 Strict Include
[PE1] display explicit-path backup

Path Name : backup Path Status : Enabled
Step 6 Configure the tunnel interface.

[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] ip address unnumbered interface loopback 1
[PE1-Tunnel1/0/0] tunnel-protocol mpls te
[PE1-Tunnel1/0/0] destination 3.3.3.3
[PE1-Tunnel1/0/0] mpls te tunnel-id 100
[PE1-Tunnel1/0/0] mpls te path explicit-path main

# Configure hot standby on the tunnel interface, set the WTR time to 15 seconds, specify the
backup explicit path, and configure the best-effort path.
[PE1-Tunnel1/0/0] mpls te backup hot-standby wtr 15
[PE1-Tunnel1/0/0] mpls te path explicit-path backup secondary
[PE1-Tunnel1/0/0] mpls te backup ordinary best-effort
[PE1-Tunnel1/0/0] mpls te commit
[PE1-Tunnel1/0/0] quit
After the configuration, run the display mpls te tunnel-interface tunnel 1/0/0 command on
PE1, and you can find that the primary CR-LSP and the backup CR-LSP are established.
[PE1] display mpls te tunnel-interface tunnel 1/0/0
Tunnel State Desc : Primary CR-LSP Up and HotBackup CR-LSP Up
Tunnel Attributes :
LSP ID : 4.4.4.4:2
Session ID : 100
Hop Limit : -
Metric Type : None
Record Route : Enabled Record Label : Disabled
Back Up Type : HotStandBy
Back Up LSPID : 4.4.4.4:32770
Primary Tunnel : -
Backup Tunnel : -
IPTN InLabel : -
Group Status : Up
Oam Status : Up
BestEffort : Enabled IsBestEffortPath: Non-existent

Connect two interfaces, namely, Port 1 and Port 2 on a tester, to PE1 and PE2 respectively. On
Port 1, send MPLS traffic to Port 2. After the cable of GE 2/0/0 on PE1 or P1 is removed, the
fault recovers at the millisecond level. Run the display mpls te hot-standby state interface
tunnel 1/0/0 command on PE1, and you can find that traffic is switched to the backup CR-LSP.
[PE1] display mpls te hot-standby state interface tunnel 1/0/0
----------------------------------------------------------------
Verbose information about the Tunnel1/0/0 hot-standby state
----------------------------------------------------------------
tunnel name : Tunnel1/0/0
session id : 100

main LSP token : 0x0

hot-standby LSP token : 0x100201b
HSB switch result : hot-standby LSP
WTR : 15s
After installing the cable into GE 2/0/0, you can view that traffic is switched back to the primary
CR-LSP after 15 minutes.
If you remove the cable from GE 2/0/0 on PE1 or P1 and then remove the cable from GE 2/0/0
on PE2 and P2, the tunnel interface changes from Down to Up and traffic is switched to the best-
effort path.
[PE1] display mpls te tunnel-interface tunnel 1/0/0

Tunnel State Desc : Backup CR-LSP In use and Primary CR-LSP setting Up
Tunnel Attributes :
LSP ID : 4.4.4.4:3
Session ID : 100
Hop Limit : -
Explicit Path Name : main
Secondary Explicit Path Name: backup
Metric Type : None
Record Route : Enabled Record Label : Disabled
Back Up Type : HotStandBy
Back Up LSPID : 4.4.4.4:32776
Primary Tunnel : -
Backup Tunnel : -
IPTN InLabel : -
Group Status : Up
Oam Status : Up
BestEffort : Enabled IsBestEffortPath: Up
[PE1] display mpls te tunnel path

Lsp ID : 4.4.4.4 :100 :32776
Hop Information
Hop 0 10.3.1.1
Hop 1 10.3.1.2
Hop 2 2.2.2.2
Hop 3 10.1.1.2
Hop 4 10.1.1.1
Hop 5 1.1.1.1
Hop 6 10.2.1.1

Hop 7 10.2.1.2
Hop 8 3.3.3.3
----End
Configuration Files
#
sysname PE1
#
vlan batch 30 40
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path backup
next hop 10.3.1.2
next hop 10.5.1.2
next hop 3.3.3.3
#
explicit-path main
next hop 10.4.1.2
next hop 10.2.1.2
next hop 3.3.3.3
#
isis 1
cost-style wide
network-entity 10.0000.0000.0004.00
traffic-eng level-1-2
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
destination 3.3.3.3


mpls te path explicit-path main
mpls te path explicit-path backup secondary
mpls te backup hot-standby wtr 15
mpls te backup ordinary best-effort
mpls te commit
#
return
#
sysname P1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
return
#
sysname P2

#
vlan batch 10 30 50
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return
#
sysname PE2
#
vlan batch 20 50
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0003.00

#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
Example for Configuring RSVP GR
As shown in Figure 5-187, S9300-A, S9300-B, and S9300-C are configured with dual main
control boards. Three S9300s learn routes from each other through the IS-IS protocol, and then
use the RSVP protocol to set up a TE tunnel from S9300-A to S9300-C. RSVP GR is required
to ensure that MPLS forwarding is continuous when the switchover between the main control
board and the LPU occurs on S9300-A, S9300-B, or S9300-C.
Figure 5-187 Networking diagram for configuring RSVP GR

Loopback1
Loopback1 Loopback1
2.2.2.2/32
1.1.1.1/32 3.3.3.3/32
GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0
10.1.1.1/24 10.1.1.2/24 20.1.1.1/24 20.1.1.2/24
S9300-A S9300-B S9300-C
1. Configure the IP addresses for the interfaces of the devices and the address of the loopback
interface that is used as the LSR ID.

2. Configure the IS-IS protocol to implement interworking and enable IS-IS TE.
3. Set the LSR ID.
4. Enable global MPLS, MPLS TE, and MPLS RSVP-TE.
5. Enable MPLS, MPLS TE, and MPLS RSVP-TE on each interface, and configure bandwidth
attributes of the MPLS TE link.
6. On the ingress node S9300-A, enable CSPF and create a tunnel interface, and specify the
IP address, tunneling protocol, destination IP address, tunnel ID, and dynamic signaling
protocol RSVP-TE.
7. Enable IS-IS GR on each node.
8. Enable RSVP GR on each node.
Data Preparation
l IS-IS NET and IS-IS level that each node belongs to
l Bandwidth attributes of links along the tunnel
l Tunnel interface number of the ingress node, tunnel ID, and tunnel bandwidth
Procedure
Configure IP addresses as shown in Figure 5-187 and create loopback interfaces on the nodes.
Step 2 Configure basic IS-IS functions.
[S9300-A] isis 1
[S9300-A-isis-1] network-entity 00.0005.0000.0000.0001.00
[S9300-A] interface loopback 1
[S9300-A-LoopBack1] isis enable 1
[S9300-B] isis 1
[S9300-B-isis-1] network-entity 00.0005.0000.0000.0002.00
[S9300-B-LoopBack1] isis enable 1

[S9300-C] isis 1
[S9300-C-isis-1] network-entity 00.0005.0000.0000.0003.00
[S9300-C-LoopBack1] isis enable 1
Step 3 Configure basic MPLS functions, enable MPLS TE, RSVP-TE, and CSPF, and configure
bandwidth attributes of the link.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
[S9300-B] mpls lsr-id 2.2.2.2
[S9300-B] mpls
[S9300-B-mpls] quit
[S9300-C] mpls lsr-id 3.3.3.3
[S9300-C] mpls
[S9300-C-mpls] quit

Step 4 Configure IS-IS TE and enable IS-IS GR.

[S9300-A] isis 1
[S9300-A-isis-1] is-name S9300-A
[S9300-A-isis-1] graceful-restart
[S9300-B] isis 1
[S9300-B-isis-1] cost-style wide
[S9300-B-isis-1] is-name S9300-B
[S9300-B-isis-1] traffic-eng level-2
[S9300-B-isis-1] graceful-restart
[S9300-C] isis 1
[S9300-C-isis-1] cost-style wide
[S9300-C-isis-1] is-name S9300-C
[S9300-C-isis-1] traffic-eng level-2
[S9300-C-isis-1] graceful-restart
Step 5 Configure the MPLS TE tunnel.

# Create an MPLS TE tunnel on S9300-A.
0 output error
Step 6 Enable RSVP GR.

[S9300-A] mpls
[S9300-A-mpls] mpls rsvp-te hello
[S9300-A-mpls] mpls rsvp-te hello full-gr
[S9300-A-mpls] quit
[S9300-A-Vlanif10] mpls rsvp-te hello

[S9300-B] mpls
[S9300-B-mpls] mpls rsvp-te hello
[S9300-B-mpls] mpls rsvp-te hello full-gr
[S9300-B-mpls] quit
[S9300-B-Vlanif10] mpls rsvp-te hello
[S9300-B-Vlanif20] mpls rsvp-te hello
[S9300-C] mpls
[S9300-C-mpls] mpls rsvp-te hello
[S9300-C-mpls] mpls rsvp-te hello full-gr
[S9300-C-mpls] quit
[S9300-C-Vlanif20] mpls rsvp-te hello

After the configuration, run the display mpls rsvp-te graceful-restart command on S9300-B,
and you can view the local GR status, restart time, and recovery time.
[S9300-B] display mpls rsvp-te graceful-restart
Display Mpls Rsvp te graceful restart information
LSR ID: 2.2.2.2
Graceful-Restart Capability: GR-Self GR-Support
Restart Time: 90060 Milli Second
Recovery Time: 0 Milli Second
GR Status: Restart time Not going on
Number of Restarting neighbors: 2
Received Gr Path message count: 2
Send Gr Path message count: 0
Received RecoveryPath message count: 2
Send RecoveryPath message count: 0.
Run the display mpls rsvp-te graceful-restart peer command on S9300-B, and you can view
the GR status of the neighboring node.
[S9300-B] display mpls rsvp-te graceful-restart peer
Neighbor on Interface Vlanif10
Neighbor Addr: 10.1.1.1
SrcInstance: 47860 NbrSrcInstance: 49409
Neighbor Capability:
Can Do Self GR
Can Support GR
GR Status: Normal
Restart Time: 90060 Milli Second
Recovery Time: 0 Milli Second
Stored GR message number: 0
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf

mpls rsvp-te hello

mpls rsvp-te hello full-gr
#
isis 1
graceful-restart
is-level level-2
cost-style wide
is-name S9300-A
network-entity 00.0005.0000.0000.0001.00
traffic-eng level-2
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
destination 3.3.3.3
mpls te commit
#
return
#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
isis 1
graceful-restart
is-level level-2
cost-style wide
is-name S9300-B
network-entity 00.0005.0000.0000.0002.00
traffic-eng level-2
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
isis enable 1

mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return

#
sysname S9300-C
#
vlan batch 20
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
isis 1
graceful-restart
is-level level-2
cost-style wide
is-name S9300-C
network-entity 00.0005.0000.0000.0003.00
traffic-eng level-2
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
Example for Configuring Static BFD for CR-LSPs
Figure 5-188 shows a network where CR-LSP hot standby is configured. A TE tunnel is
established between PE1 and PE2. The tunnel is enabled with hot standby and configured with

the best-effort path. If the primary CR-LSP fails, traffic is switched to the backup CR-LSP. After
the faulty primary CR-LSP is recovered, the traffic is switched back to the primary CR-LSP
after 15 seconds. If both the primary and backup CR-LSPs fail, traffic is switched to the best-
effort path.
You are required to create two static BFD sessions to detect the primary and backup CR-LSPs.
After the configuration, the following should be achieved:
l If the primary CR-LSP fails, traffic is rapidly switched to the backup CR-LSP.
l After the primary CR-LSP is recovered less than 15 seconds, traffic is switched back to the
primary CR-LSP if the backup CR-LSP fails.

Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
GE1/0/0 GE1/0/0
Vlanif10 Vlanif10
P1 10.1.1.1/24 10.1.1.2/24 P2
GE3/0/0 GE3/0/0
GE2/0/0
Vlanif40 10.3.1.2/24
10.2.1.1/24 Vlanif50
10.4.1.2/24
10.5.1.1/24
GE2/0/0 GE2/0/0
Vlanif40 Vlanif50
10.4.1.1/24 10.5.1.2/24
GE1/0/0
GE1/0/0
PE1 Vlanif20 PE2
Vlanif30
10.2.1.2/24
10.3.1.1/24
Loopback1 Loopback1
4.4.4.4/32 3.3.3.3/32
: Primary path
: Backup path
: Best-effort path
P to PE devices are the S9300s in this example.
1. Configure CR-LSP hot standby according to Example for Configuring CR-LSP Hot
Standby.
2. On PE1, create two BFD sessions and bind the two sessions to the primary CR-LSP and
the backup CR-LSP; on PE2, create two BFD sessions and bind the two sessions to the IP
link (PE2 → PE1).

Data Preparation
l Minimum intervals for receiving and sending BFD packets
l Local detection multiplier of BFD
l For other data, see Example for Configuring CR-LSP Hot Standby.
Procedure
Step 1 Configure CR-LSP hot standby.
Configure the primary CR-LSP, backup CR-LSP, and best-effort path according to Example
for Configuring CR-LSP Hot Standby.
Step 2 Configure BFD for CR-LSPs.
# Create BFD sessions between PE1 and PE2 to detect faults on the primary CR-LSP and the
backup CR-LSP. Bind the BFD sessions on PE1 to the primary CR-LSP and the backup CR-
LSP respectively; bind the BFD session on PE2 to the IP link. Set the minimum intervals for
sending and receiving BFD packets to 100 milliseconds and the local detection multiplier of
BFD to 3.
# Configure PE1.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd mainlsptope2 bind mpls-te interface tunnel1/0/0 te-lsp
[PE1-bfd-lsp-session-mainlsptope2] discriminator local 413
[PE1-bfd-lsp-session-mainlsptope2] discriminator remote 314
[PE1-bfd-lsp-session-mainlsptope2] min-tx-interval 100
[PE1-bfd-lsp-session-mainlsptope2] min-rx-interval 100
[PE1-bfd-lsp-session-mainlsptope2] detect-multiplier 3
[PE1-bfd-lsp-session-mainlsptope2] process-pst
[PE1-bfd-lsp-session-mainlsptope2] commit
[PE1-bfd-lsp-session-mainlsptope2] quit
[PE1] bfd backuplsptope2 bind mpls-te interface tunnel1/0/0 te-lsp backup
[PE1-bfd-lsp-session-backuplsptope2] discriminator local 423
[PE1-bfd-lsp-session-backuplsptope2] discriminator remote 324
[PE1-bfd-lsp-session-backuplsptope2] min-tx-interval 100
[PE1-bfd-lsp-session-backuplsptope2] min-rx-interval 100
[PE1-bfd-lsp-session-backuplsptope2] detect-multiplier 3
[PE1-bfd-lsp-session-backuplsptope2] process-pst
[PE1-bfd-lsp-session-backuplsptope2] commit
[PE1-bfd-lsp-session-backuplsptope2] quit
Configure PE2.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd mainlsptope2 bind peer-ip 4.4.4.4
[PE2-bfd-lsp-session-mainlsptope2] discriminator local 314
[PE2-bfd-lsp-session-mainlsptope2] discriminator remote 413
[PE2-bfd-lsp-session-mainlsptope2] min-tx-interval 100
[PE2-bfd-lsp-session-mainlsptope2] min-rx-interval 100
[PE2-bfd-lsp-session-mainlsptope2] detect-multiplier 3
[PE2-bfd-lsp-session-mainlsptope2] commit
[PE2-bfd-lsp-session-mainlsptope2] quit
[PE2] bfd backuplsptope2 bind peer-ip 4.4.4.4
[PE2-bfd-lsp-session-backuplsptope2] discriminator local 324
[PE2-bfd-lsp-session-backuplsptope2] discriminator remote 423
[PE2-bfd-lsp-session-backuplsptope2] min-tx-interval 100

[PE2-bfd-lsp-session-backuplsptope2] min-rx-interval 100

[PE2-bfd-lsp-session-backuplsptope2] detect-multiplier 3
[PE2-bfd-lsp-session-backuplsptope2] commit
[PE2-bfd-lsp-session-backuplsptope2] quit
# After the configuration, run the display bfd session discriminator local-discriminator-
value command on PE1 and PE2, and you can find that the status of the BFD sessions is Up.
Take the display on PE1 as an example:
[PE1] display bfd session discriminator 413
--------------------------------------------------------------------------------
Local Remote PeerIpAddr InterfaceName State Type
--------------------------------------------------------------------------------
413 314 3.3.3.3 Tunnel1/0/0 Up S_TE_LSP
--------------------------------------------------------------------------------
[PE1] display bfd session discriminator 423

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
423 324 3.3.3.3 Tunnel1/0/0 Up S_TE_LSP
--------------------------------------------------------------------------------

fault recovers at the millisecond level.
After installing the cable into GE 2/0/0 and then removing the cable from GE 1/0/0 on PE1 in
15 seconds, you can find that the fault recovers at the millisecond level.
----End
Configuration Files
#
sysname PE1
#
vlan batch 30 40
#
bfd
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
next hop 10.3.1.2
next hop 10.5.1.2
next hop 3.3.3.3
#
explicit-path main
next hop 10.4.1.2
next hop 10.2.1.2
next hop 3.3.3.3
#
isis 1
cost-style wide
network-entity 10.0000.0000.0004.00
#
interface Vlanif30

ip address 10.3.1.1 255.255.255.252

isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.252
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
destination 3.3.3.3
mpls te commit
#
bfd backuplsptope2 bind mpls-te interface Tunnel1/0/0 te-lsp backup
min-tx-interval 100
min-rx-interval 100
process-pst
commit
#
bfd mainlsptope2 bind mpls-te interface Tunnel1/0/0 te-lsp
min-tx-interval 100
min-rx-interval 100
process-pst
commit
#
return
#
sysname P1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
#

isis 1
cost-style wide
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
return
#
sysname P2
#
vlan batch 10 30 50
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te

#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return
#
sysname PE2
#
vlan batch 20 50
#
bfd
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0003.00
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#

#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bfd backuplsptope2 bind peer-ip 4.4.4.4
min-tx-interval 100
min-rx-interval 100
commit
#
bfd mainlsptope2 bind peer-ip 4.4.4.4
min-tx-interval 100
min-rx-interval 100
commit
#
return
Example for Configuring Static BFD for TE Tunnels
Figure 5-189 shows an MPLS network where PE and CE devices are S9300s. PE1 is configured
with VPN FRR and the MPLS TE tunnel. The primary path of VPN FRR is PE1 → PE2; the
backup path of VPN FRR is PE1 → PE3. Normally, VPN traffic is transmitted over the primary
path. If the primary path fails, VPN traffic switches to the backup path. You are required to
configure BFD for TE tunnels to detect faults on the TE tunnel over the primary path and enable
VPN to rapidly detect the faults. Thus, traffic can be switched between the primary path and
backup path in case of faults, and fault recovery is shortened.
Figure 5-189 Networking diagram for configuring static BFD for TE tunnels
Loopback1
2.2.2.2/32
/0/0
GE1 if10
Vla n
/24
.1.2
10.1
/0/0 l PE3
GE1 if10 nne
n dary t u
Vla /24 on
.1.1 Sec
CE1 PE1 10.1
CE2
GE2 Prim
/0 ary t
Vlan /0 unne
l
10.2. if20 PE2
1.1/2
4
Loopback1
GE2
1.1.1.1/32 /0
Vlan /0
10.2. if20
1.2/2
4
Loopback1
3.3.3.3/32

NOTE
For ease of description, the IP addresses of the interfaces connecting the PEs and the CEs are not described
in Figure 5-189.
1. Configure basic MPLS functions, and establish bi-directional TE tunnels between PE1 and
PE2, and between PE1 and PE3.
2. Configure VPN FRR.
3. Enable global BFD on PE1, PE2, and PE3.
4. Configure a BFD session on PE1 to detect faults on the TE tunnel over the primary path.
5. Configure a BFD session on PE2 and PE3 and specify the TE tunnel as the BFD backward
tunnel.
Data Preparation

l BGP AS number and interfaces of BGP sessions
l MPLS LSR ID
l Maximum bandwidth and maximum reservable bandwidth for the link of the outgoing
interface along the tunnel
l Tunnel interface number, bandwidth occupied by the tunnel, and explicit paths
l VPN instance name, RD, and route target (RT)
l Name of the tunnel policy
l Data required for configuring VPN FRR such as the names of the IP prefix and the routing
policy
Procedure
Configure an IP address for each interface according to the networking diagram, create loopback
interfaces on nodes, and then configure the IP addresses of the loopback interfaces as MPLS
LSR IDs. For detailed configuration, see the configuration files in this example.
Configure OSPF or IS-IS on each node to implement interworking between PE1 and PE2, and
between PE1 and PE3. OSPF is configured in this example. For detailed configuration, see the
configuration file of this example.
On each node, configure an LSR ID and enable MPLS in the system view and enable MPLS on
each physical interface. For detailed configuration, see the configuration files in this example.

Step 4 Configure basic MPLS TE functions.

physical interface. Set the maximum MPLS TE bandwidth and maximum reservable bandwidth
for each interface to 100 Mbit/s and 100 Mbit/s respectively. For detailed configuration, see the
configuration files in this example.
Step 5 Configure OSPF TE and CSPF.
Configure OSPF TE on each node and configure CSPF on PE1. For the configuration procedure,
see "Configuring an RSVP-TE Tunnel".
Step 6 Configure tunnel interfaces.
# Configure explicit paths on PE1, PE2, and PE3. For PE1, two explicit paths must be created.
# Configure PE1.
<PE1>system-view
[PE1] explicit-path tope2
[PE1-explicit-path-tope2] next hop 10.2.1.2
[PE1-explicit-path-tope2] quit
# Configure PE2.
<PE2>system-view
# Configure PE3.
<PE3> system-view
# Create tunnel interfaces on PE1, PE2, and PE3, configure explicit paths, and set the bandwidth
to 10 Mbit/s. Bind the tunnel to the specified VPN. For PE1, two tunnel interfaces must be
created.
# Configure PE1.
[PE1-Tunnel2/0/0] mpls te path explicit-path tope2
[PE1-Tunnel2/0/0] mpls te bandwidth bc0 10000
[PE1-Tunnel2/0/0] mpls te reserved-for-binding


# Configure PE2.
# Configure PE3.
# After the configuration, run the display mpls-te tunnel-interface tunnel interface-number
command on the PEs, and you can find that the status of Tunnel 1/0/0 and Tunnel 2/0/0 on PE1,
Tunnel 2/0/0 on PE2, and Tunnel 1/0/0 on PE3 is displayed as CR-LSP is Up.
Step 7 Configure VPN FRR.
# Create VPN instances on PE1, PE2, and PE3 respectively. Set all VPN instance names to
vpn1, RDs to 100:1, 100:2, and 100:3 respectively, and all RTs to 100:1. Connect the CEs to
the PEs. The configuration details are not mentioned here.
# Establish MP IBGP peer relations between PE1 and PE2, and between PE1 and PE3. The BGP
AS number of PE1, PE2, and PE3 are 100. The loopback interface Loopback1 on PE1, PE2, and
PE3 is used as the interface for creating BGP sessions. The configuration details are not
mentioned here.
# Configure tunnel policies for PE1, PE2, and PE3 and bind the policies to the VPN instances.
# Configure PE1.
[PE1] tunnel-policy policy1
[PE1-tunnel-policy-policy1] tunnel binding destination 3.3.3.3 te tunnel 2/0/0
[PE1-tunnel-policy-policy1] quit
[PE1] ip vpn-instance vpn1
[PE1-ip-vpn-instance-vpn1] tnl-policy policy1
[PE1-ip-vpn-instance-vpn1] quit
# Configure PE2.
# Configure PE3.

# Configure VPN FRR on PE1.

[PE1] ip ip-prefix vpn_frr_list permit 3.3.3.3 32
[PE1] route-policy vpn_frr_rp permit node 10
[PE1-route-policy] if-match ip next-hop ip-prefix vpn_frr_list
[PE1-route-policy] apply backup-nexthop 2.2.2.2
[PE1-route-policy] quit
[PE1-vpn-instance-vpn1] vpn frr route-policy vpn_frr_rp
[PE1-vpn-instance-vpn1] quit
# After the configuration, the CEs can communicate, and traffic flows through PE1 and PE2.
After the cable of any interface connecting PE1 and PE2 is removed, or Switch fails, or PE2
fails, VPN traffic is switched to the backup path PE1 → PE3. Time taken in fault recovery is
close to the IGP convergence time.
Step 8 Configure BFD for TE tunnels.
# Configure a BFD session on PE1 to detect faults on the TE tunnel over the primary path. Set
the minimum intervals for sending and receiving BFD packets and the local detection multiplier
of BFD.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd test bind mpls-te interface tunnel2/0/0
[PE1-bfd-lsp-session-test] discriminator local 12
[PE1-bfd-lsp-session-test] discriminator remote 21
[PE1-bfd-lsp-session-test] min-tx-interval 100
[PE1-bfd-lsp-session-test] min-rx-interval 100
[PE1-bfd-lsp-session-test] detect-multiplier 3
[PE1-bfd-lsp-session-test] process-pst
[PE1-bfd-lsp-session-test] commit
# Configure a BFD session on PE2 and specify the TE tunnel as the backward tunnel. Set the
minimum intervals for sending and receiving BFD packets and the local detection multiplier of
BFD.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd test bind mpls-te interface tunnel2/0/0
[PE2-bfd-lsp-session-test] discriminator local 21
[PE2-bfd-lsp-session-test] discriminator remote 12
[PE2-bfd-lsp-session-test] min-tx-interval 100
[PE2-bfd-lsp-session-test] min-rx-interval 100
[PE2-bfd-lsp-session-test] detect-multiplier 3
[PE2-bfd-lsp-session-test] commit
# After the configuration, run the display bfd session { all | discriminator discr-value | mpls-
te | [ slot slot-id ] [ verbose ] command on PE1 and PE2, and you can view that the status of the
BFD sessions is Up.
Connect two interfaces, namely, Port 1 and Port 2 on a tester, to CE1 and CE2 respectively. Send
traffic from Port 1 to Port 2, and you can find that a fault can be recovered at the millisecond
level when the cable of any interface between PE1 and PE2 is removed.
----End

Configuration Files
NOTE
The configuration files of CE1 and CE2 are not mentioned here. The configurations related to the CE
accessing the PE are also not mentioned.
#
sysname PE1
#
vlan batch 10 20
#
vpn frr route-policy vpn_frr_rp
tnl-policy policy1
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path tope2
next hop 10.2.1.2
next hop 3.3.3.3
#
explicit-path tope3
next hop 10.1.1.2
next hop 2.2.2.2
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 2.2.2.2

mpls te path explicit-path tope3

mpls te reserved-for-binding
mpls te commit
#
destination 3.3.3.3
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpn1
import-route direct
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
mpls-te enable
#
route-policy vpn_frr_rp permit node 10
if-match ip next-hop ip-prefix vpn_frr_list
#
ip ip-prefix vpn_frr_list permit 3.3.3.3 32
#
tunnel-policy policy1
tunnel binding destination 3.3.3.3 te Tunnel2/0/0
#
bfd test bind mpls-te interface Tunnel2/0/0
min-tx-interval 100
min-rx-interval 100
process-pst
commit
#
return
#
sysname PE2
#
vlan batch 20
#
tnl-policy policy1


#
bfd
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path tope1
next hop 10.2.1.1
next hop 1.1.1.1
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 10.2.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
mpls-te enable
#
#
bfd test bind mpls-te interface Tunnel2/0/0
min-tx-interval 100
min-rx-interval 100

commit
#
return
#
sysname PE3
#
vlan batch 10
#
tnl-policy policy1
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path tope1
next hop 10.1.1.1
next hop 1.1.1.1
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0

mpls-te enable
#
#
return
Example for Configuring Dynamic BFD for CR-LSPs
Figure 5-190 shows a network where CR-LSP hot standby is configured. A TE tunnel is
established between PE1 and PE2. The tunnel is enabled with hot standby and configured with
the best-effort path. If the primary CR-LSP fails, traffic is switched to the backup CR-LSP. After
the faulty primary CR-LSP is recovered, the traffic is switched back to the primary CR-LSP
after 15 seconds. If both the primary and backup CR-LSPs fail, traffic is switched to the best-
effort path.
You are required to configure dynamic BFD for CR-LSPs to detect faults on the primary and
backup CR-LSPs. After the configuration, the following should be achieved:
l If the primary CR-LSP fails, traffic is rapidly switched to the backup CR-LSP.
l After the primary CR-LSP is recovered in less than 15 seconds, traffic is switched back to
the primary CR-LSP if the backup CR-LSP fails.

Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
GE1/0/0 GE1/0/0
Vlanif10 Vlanif10
P1 10.1.1.1/24 10.1.1.2/24 P2
GE3/0/0 GE3/0/0
GE2/0/0
Vlanif40 10.3.1.2/24
10.2.1.1/24 Vlanif50
10.4.1.2/24
10.5.1.1/24
GE2/0/0 GE2/0/0
Vlanif40 Vlanif50
10.4.1.1/24 10.5.1.2/24
GE1/0/0
GE1/0/0
PE1 Vlanif20 PE2
Vlanif30
10.2.1.2/24
10.3.1.1/24
Loopback1 Loopback1
4.4.4.4/32 3.3.3.3/32
: Primary path
: Backup path
: Best-effort path

NOTE
Compared with static BFD, dynamic BFD is configured easier. In addition, by using dynamic BFD, the
number of BFD sessions to be created is reduced. That is, the number of BFD packets transmitted on a
network is reduced and less network resources is thus occupied. This is because only one BFD session is
created on a tunnel interface when you use dynamic BFD.
1. Configure CR-LSP hot standby according to Example for Configuring CR-LSP Hot
Standby.
2. Enable BFD on the ingress node of the tunnel; configure MPLS TE BFD; set the minimum
intervals for sending and receiving BFD packets and the local detection multiplier of BFD.
3. Enable the capability of passively creating BFD sessions on the egress node.
Data Preparation
l Minimum intervals for sending and receiving BFD packets on the ingress node (The default
values are specified in the license.)
l Local detection multiplier of BFD on the ingress node (The default value is specified in
the license.)
l For other data, see Example for Configuring CR-LSP Hot Standby.
Procedure
Step 1 Configure CR-LSP hot standby.
Configure the primary CR-LSP, backup CR-LSP, and best-effort path according to Example
for Configuring CR-LSP Hot Standby.
Step 2 Enable BFD on the ingress node of the tunnel and configure MPLS TE BFD.
# Enable MPLS TE BFD on the tunnel interface on PE1. Set the minimum intervals for sending
and receiving BFD packets to 100 milliseconds and the local detection multiplier of BFD to 3.
<PE1> system-view
[PE1] bfd
[PE1-bfd] quit
[PE1-Tunnel1/0/0] mpls te bfd enable
[PE1-Tunenl1/0/0] mpls te bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 3
[PE1-Tunenl1/0/0] mpls te commit
Step 3 Enable the capability of passively creating BFD sessions on the egress node of the tunnel.
<PE2> system-view
[PE2] bfd
[PE2-bfd] mpls-passive
[PE2-bfd] quit
# After the configuration, run the display bfd session discriminator local-discriminator-
value command on PE1 and PE2, and you can find that the status of the BFD sessions is Up.
[PE1] display bfd se mpls-te interface Tunnel 1/0/0 te-lsp
--------------------------------------------------------------------------------


--------------------------------------------------------------------------------
8208 8217 3.3.3.3 Tunnel1/0/0 Up D_TE_LSP
--------------------------------------------------------------------------------

fault recovers at the millisecond level.
After installing the cable into GE 2/0/0 and then removing the cable from GE 1/0/0 on PE1 in
15 seconds, you can find that the fault recovers at the millisecond level.
----End
Configuration Files
#
sysname PE1
#
vlan batch 30 40
#
bfd
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
next hop 10.3.1.2
next hop 10.5.1.2
next hop 3.3.3.3
#
explicit-path main
next hop 10.4.1.2
next hop 10.2.1.2
next hop 3.3.3.3
#
isis 1
cost-style wide
network-entity 10.0000.0000.0004.00
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.252
isis enable 1
mpls
mpls te
mpls rsvp-te
#


#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
destination 3.3.3.3
mpls te bfd enable
mpls te bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 3
mpls te commit
#
return
#
sysname P1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#

#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
return
#
sysname P2
#
vlan batch 10 30 50
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1

#
return

#
sysname PE2
#
bfd
mpls-passive
#
vlan batch 20 50
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
isis 1
cost-style wide
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.2.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif50
ip address 10.5.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
Example for Configuring Dynamic BFD for RSVP
Figure 5-191 shows an MPLS network where P and PE devices are S9300s. An MPLS TE tunnel
is established between PE1 and PE2. TE FRR with P1 as the PLR and PE1 as the MP is
configured. The primary CR-LSP is PE1 → P1 → Switch → P2 → PE2; the backup CR-LSP
is P1 → P3 → PE2. In addition, each node is configured with RSVP GR.
P1 cannot determine whether a fault occurs on the link or its neighbor is performing RSVP GR;
therefore, P1 cannot determine whether to perform TE FRR switchover in either of the following
situations:
l P2 is performing RSVP GR.

l The link between P1 and P2 fails.
By default, the interval for sending Hello packets of RSVP is 3 seconds; the interval for declaring
that a neighbor is Down is three times as long as the interval for sending Hello packets. That is,
a node can detect a fault on an RSVP neighbor at the second level. BFD, however, can detect a
fault at the millisecond level.
If BFD for RSVP is used on the network, P1 can rapidly detect the fault and perform TE FRR
after the link between P1 and P2 fails.
Figure 5-191 Networking diagram for configuring dynamic BFD for RSVP
Loopback1
4.4.4.4/32
GE
1/ 0
/0 Vla 2/0/0
GE nif30 24 n
10. if50
Vla 3.1.2/ 5. 1
.1/2
10. 4
GE
/0 P3 Vla 2/0/0
Loopback1 3/ 0
1.1.1.1/32 GE nif30 24 10. nif50
/ 5. 1
GE1/0/0 Vla 3.1.1 .2/2
10. 4
Vlanif10
10.1.1.1/24 P1 PE2
GE2
GE1/0/0 Vlan /0/0 /0
PE1 1/ 0
Vlanif10 10.2 if20 P2 GE nif40 24
10.1.1.2/24 .1.1
/24 GE2 /0 Vla 4.1.2/
Loopback1 1/ 0 10.
Vlan /0/0 GE nif40 Loopback1
2.2.2.2/32 10.2 if2 4
.1.2 0 Vla .1.1/2 5.5.5.5/32
/24 .4
10
Loopback1
3.3.3.3/32
: Primary CR-LSP
: Bypass CR-LSP
1. Configure an IP address for each interface and enable an IGP on each node to implement
interworking. Enable IGP GR. To support RSVP GR, IGP GR needs to be configured.
2. Configure basic MPLS and MPLS TE functions.
3. Configure explicit paths for the primary CR-LSP and the backup CR-LSP.
4. Create a TE primary tunnel interface and enable TE FRR on PE1, and configure the bypass
tunnel on P1.
5. Configure RSVP GR on all LSRs and establish Hello sessions between P1 and PE2.
NOTE
On a network where TE FRR is configured, you need to create a Hello session between a PLR and
an MP of the bypass tunnel if you want to configure RSVP GR. Otherwise, after traffic is switched
to the bypass tunnel because the primary tunnel fails, the primary tunnel turns Down if the PLR or
MP performs RSVP GR.

6. Configure BFD for RSVP on P1 and P2.
Data Preparation
l MPLS LSR ID
l Bandwidth attributes of the outgoing interfaces of the links along the tunnel
l Primary tunnel interface number, bandwidth occupied by the primary tunnel, and explicit
path
l Bypass tunnel interface number, bandwidth occupied by the bypass tunnel, and explicit
path
l Interfaces to be protected by the bypass tunnel
l Minimum intervals for sending and receiving BFD packets (The default values are specified
in the license.)
l Local detection multiplier of BFD (The default value is specified in the license.)
Procedure
Configure an IP address for each interface according to the networking diagram, create loopback
interfaces on nodes, and then configure the IP addresses of the loopback interfaces as MPLS
LSR IDs. For detailed configuration, see the configuration files in this example.
Step 2 Configure an IGP and IGP GR.
Configure OSPF or IS-IS on each node to implement interworking between nodes and configure
IGP GR to support RSVP GR. In this example, OSPF is used. For detailed configuration, see
the configuration files in this example.
On each node, configure an LSR ID and enable MPLS in the system view and enable MPLS on
each physical interface. For detailed configuration, see the configuration files in this example.
Step 4 Configure basic MPLS TE functions.
physical interface. Set the maximum bandwidth and the maximum reservable bandwidth of the
link on each outgoing interface along the tunnel to 100 Mbit/s. For detailed configuration, see
the configuration files in this example.
Step 5 Configure OSPF TE and CSPF.
Configure OSPF TE on each node and CSPF on PE1 and P1. For the configuration procedure,
see Example for Configuring an RSVP-TE Tunnel.
# Configure an explicit path for the primary tunnel on PE1.
<PE1> system-view


# Create a tunnel interface on PE1, specify an explicit path, set the tunnel bandwidth to 10 Mbit/
s, and enable TE FRR.
[PE1-Tunnel1/0/0] mpls te fast-reroute
# After the configuration, run the display mpls-te tunnel-interface tunnel interface-number
command on PE1, and you can find that the status of Tunnel 1/0/0 on PE1 is displayed as CR-
LSP is Up.
Step 7 Configure the bypass tunnel.
# Configure the explicit path for the bypass tunnel on P1.
<P1> system-view
[P1] explicit-path tope2
[P1-explicit-path-tope2] next hop 10.3.1.2
[P1-explicit-path-tope2] quit
# Configure the tunnel interface of the bypass tunnel on P1. Specify an explicit path for the
bypass tunne1, set the tunnel bandwidth to 20 Mbit/s and the protected bandwidth to 10 Mbit/
s, and specify the physical interface to be protected by the bypass tunnel.
[P1] interface tunnel 3/0/0
[P1-Tunnel3/0/0] ip address unnumbered interface loopback 1
[P1-Tunnel3/0/0] tunnel-protocol mpls te
[P1-Tunnel3/0/0] destination 5.5.5.5
[P1-Tunnel3/0/0] mpls te tunnel-id 300
[P1-Tunnel3/0/0] mpls te path explicit-path tope2
[P1-Tunnel3/0/0] mpls te bandwidth bc0 20000
[P1-Tunnel3/0/0] mpls te bypass-tunnel bandwidth bc0 10000
[P1-Tunnel3/0/0] mpls te protected-interface vlanif 20
[P1-Tunnel3/0/0] mpls te commit
[P1-Tunnel3/0/0] quit
Step 8 Configure RSVP GR on all LSRs and establish Hello sessions between P1 and PE2.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls rsvp-te hello
[PE1-mpls] mpls rsvp-te hello full-gr
[PE1-mpls] quit
[PE1-Vlanif10] mpls rsvp-te hello
# Configure P1.
[P1] mpls
[P1-mpls] mpls rsvp-te hello
[P1-mpls] mpls rsvp-te hello full-gr
[P1-mpls] mpls rsvp-te hello nodeid-session 5.5.5.5
[P1-mpls] quit

[P1-Vlanif10] mpls rsvp-te hello

[P1-Vlanif10] quit
[P1-Vlanif20] quit
[P1-Vlanif30] quit
# Configure P2.
[P2] mpls
[P2-mpls] quit
[P2] vlanif 40
[P2-Vlanif40] quit
[P2-Vlanif20] quit
# Configure P3.
[P3] mpls
[P3-mpls] quit
[P3-Vlanif30] quit
[P3-Vlanif50] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls rsvp-te hello
[PE2-mpls] mpls rsvp-te hello full-gr
[PE2-mpls] mpls rsvp-te hello nodeid-session 2.2.2.2
[PE2-mpls] quit
[PE2-Vlanif40] quit
[PE2-Vlanif50] quit
Step 9 Configure BFD for RSVP.

# Enable BFD for RSVP on VLANIF 20 on P1 and P2, and set the minimum interval for sending
and receiving BFD packets and the local detection multiplier of BFD.
# Configure P1.
[P1] bfd
[P1-bfd] quit
[P1-Vlanif20] mpls rsvp-te bfd enable
[P1-Vlanif20] mpls rsvp-te bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 3
[P1-Vlanif20] quit
# Configure P2.
[P2] bfd
[P2-bfd] quit

[P2-Vlanif20] mpls rsvp-te bfd enable

[P2-Vlanif20] mpls rsvp-te bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 3
[P2-Vlanif2] quit
# After the configuration, run the display mpls rsvp-te bfd session { all | interface interface-
name | peer ip-addr } command on PE1 and PE2, and you can view that the status of the BFD
sessions is Up.
Port 1, send MPLS traffic to Port 2. After the cable of any interface on P1 and P2 is removed,
you can find that the fault recovers at the millisecond level.
----End
Configuration Files
#
sysname PE1
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls te cspf
#
explicit-path tope2
next hop 10.1.1.2
next hop 10.2.1.2
next hop 10.4.1.2
next hop 5.5.5.5
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 5.5.5.5
mpls te commit
#
ospf 1

graceful-restart
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
mpls-te enable
#
return
#
sysname P1
#
vlan batch 10 20 30
#
bfd
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te hello nodeid-session 5.5.5.5
mpls te cspf
#
explicit-path tope2
next hop 10.3.1.2
next hop 10.5.1.2
next hop 5.5.5.5
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te bfd enable
mpls rsvp-te bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 3
#
interface Vlanif30
ip address 10.3.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
#
#
interface LoopBack1

ip address 2.2.2.2 255.255.255.255

#
destination 5.5.5.5
mpls te bypass-tunnel bandwidth bc0 10000
mpls te commit
#
ospf 1
graceful-restart
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
mpls-te enable
#
return
#
sysname P2
#
vlan batch 20 40
#
bfd
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te bfd enable
mpls rsvp-te bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 3
#
interface Vlanif40
ip address 10.4.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1

graceful-restart
area 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
mpls-te enable
#
return
#
sysname P3
#
vlan batch 30 50
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif30
ip address 10.3.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif50
ip address 10.5.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
graceful-restart
area 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.5.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
mpls-te enable
#
return
#
sysname PE2
#
mpls lsr-id 5.5.5.5
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello


mpls rsvp-te hello nodeid-session 2.2.2.2
#
interface Vlanif40
ip address 10.4.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
interface Vlanif50
ip address 10.5.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
#
#
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
ospf 1
graceful-restart
area 0.0.0.0
network 10.4.1.0 0.0.0.255
network 10.5.1.0 0.0.0.255
network 5.5.5.5 0.0.0.0
mpls-te enable
#
return
Example for Configuring LDP over TE
As shown in Figure 5-192, LDP is run between S9300-A and S9300-B, and between S9300-D
and S9300-E. LDP is not run between S9300-B and S9300-C, and S9300-D. An RSVP tunnel
is configured on S9300-B, with S9300-D as its egress node. On S9300-D, an RSVP tunnel is
configured, with the egress node as S9300-B. It is required that the traffic between S9300-A and
S9300-E should pass through the tunnel.

Figure 5-192 Networking diagram for configuring LDP over TE

2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
GE2/0/0 GE2/0/0
Vlanif20 Vlanif30
20.1.1.1/24 30.1.1.1/24
S9300-B S9300-D
GE1/0/0 GE1/0/0
GE1/0/0 GE2/0/0
Vlanif20 Vlanif30
Vlanif40
Vlanif10 20.1.1.2/24 S9300-C 30.1.1.2/24 40.1.1.2/24
10.1.1.2/24
GE1/0/0 GE1/0/0
Vlanif10 Vlanif40
10.1.1.1/24 40.1.1.1/24
Loopback1 Loopback1
1.1.1.1/32 5.5.5.5/32
S9300-A S9300-E
1. Configure the IP addresses for the interfaces of the nodes and the addresses of the loopback
interfaces that are used as the LSR IDs, and configure an IGP.
2. Enable OSPF TE or IS-IS TE in the area that TE can be used and create the MPLS TE
tunnel.
3. Enable MPLS LDP in the area that TE cannot be used and configure the LDP remote peer
on the border of TE.
4. Configure forwarding adjacency of TE.
Data Preparation
l IS-IS area ID and IS-IS level of each node

l Policy for triggering the establishement of LSPs (in this example the policy is all)
l Names and IP addresses of the remote peers on S9300-B and S9300-D
l Bandwidth attributes of the links along the tunnel
l Tunnel interface numbers, IP addresses, destination IP addresses, tunnel IDs, signaling
protocol (RSVP-TE by default), tunnel bandwidth, TE metric, and link cost of S9300-B
and S9300-D
Procedure
Step 2 Configure IS-IS on all the nodes to advertise the host routes of the LSR IDs.

The configuration procedure is not mentioned here. For details, see the configuration files in
this example.
Step 3 Configure basic MPLS functions, enable LDP between S9300-A and S9300-B, and between
S9300-D and S9300-E, and enable RSVP between S9300-B, S9300-C, and S9300-D.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] lsp-trigger all
[S9300-A-mpls] quit
[S9300-A] mpls ldp
[S9300-B] mpls lsr-id 2.2.2.2
[S9300-B] mpls
[S9300-B-mpls] lsp-trigger all
[S9300-B-mpls] mpls te cspf
[S9300-B-mpls] quit
[S9300-B] mpls ldp
[S9300-C] mpls lsr-id 3.3.3.3
[S9300-C] mpls
[S9300-C-mpls] lsp-trigger all
[S9300-C-mpls] quit
[S9300-D] mpls lsr-id 4.4.4.4
[S9300-D] mpls
[S9300-D-mpls] lsp-trigger all
[S9300-D-mpls] mpls te
[S9300-D-mpls] mpls rsvp-te
[S9300-D-mpls] mpls te cspf
[S9300-D-mpls] quit
[S9300-D] mpls ldp

[S9300-D-mpls-ldp] quit
[S9300-D-Vlanif30] mpls te
[S9300-D-Vlanif30] mpls rsvp-te
[S9300-D-Vlanif40] mpls ldp
[S9300-E] mpls lsr-id 5.5.5.5
[S9300-E] mpls
[S9300-E-mpls] lsp-trigger all
[S9300-E-mpls] quit
[S9300-E] mpls ldp
[S9300-E-mpls-ldp] quit
[S9300-E] interface vlanif 40
[S9300-E-Vlanif40] mpls
[S9300-E-Vlanif40] mpls ldp
[S9300-E-Vlanif40] quit
After the configuration, the local LDP sessions between S9300-A and S9300-B, and between
S9300-D and S9300-E are established.
Run the display mpls ldp session command on S9300-A, S9300-B, S9300-D, and S9300-E,
and you can view the establishment of LDP sessions.
Run the display mpls ldp peer command, and you can view whether LDP sessions are set up.
Run the display mpls ldp command, and you can view information about the LDP LSP and that
the RSVP LSP is not set up. Take the display on S9300-A as an example:
[S9300-A] display mpls ldp session
---------------------------------------------------------------------
----------------------------------------------------------------------
-----------------------------------------------------------------------
TOTAL: 1 Session(s) Found.
[S9300-A] display mpls ldp peer

-----------------------------------------------------------------------
Peer-ID Transport-Address Discovery-Source
-----------------------------------------------------------------------
2.2.2.2:0 2.2.2.2 Vlanif10
-----------------------------------------------------------------------
TOTAL:1 Peer(s) Found.

----------------------------------------------------------------------
----------------------------------------------------------------------
2.2.2.2/32 NULL/3 -/Vlanif10
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 1024/3 -/Vlanif10
20.1.1.0/24 NULL/3 -/Vlanif10
20.1.1.0/24 1025/3 -/Vlanif10
30.1.1.0/24 NULL/1025 -/Vlanif10
30.1.1.0/24 1026/1025 -/Vlanif10
4.4.4.4/32 NULL/1026 -/Vlanif10
4.4.4.4/32 1027/1026 -/Vlanif10

40.1.1.0/24 NULL/1027 -/Vlanif10

40.1.1.0/24 1028/1027 -/Vlanif10
3.3.3.3/32 NULL/1028 -/Vlanif10
3.3.3.3/32 1029/1028 -/Vlanif10
5.5.5.5/32 NULL/1029 -/Vlanif10
5.5.5.5/32 1030/1029 -/Vlanif10
Step 4 Configure the LDP remote session between S9300-B and S9300-D.
[S9300-B] mpls ldp remote-peer S9300-D
[S9300-B-mpls-ldp-remote-S9300-D] remote-ip 4.4.4.4
[S9300-B-mpls-ldp-remote-S9300-D] quit
[S9300-D] mpls ldp remote-peer S9300-B
[S9300-D-mpls-ldp-remote-S9300-B] remote-ip 2.2.2.2
[S9300-D-mpls-ldp-remote-S9300-B] quit
After the configuration, run the display mpls ldp remote-peer command on S9300-B and
S9300-D, and you can view that the remote session is set up successfully between S9300-B and
S9300-D. Take the display on S9300-B as an example:
[S9300-B] display mpls ldp remote-peer
LDP Remote Entity Information
------------------------------------------------------------------------
Remote Peer Name: S9300-D
Remote Peer IP: 4.4.4.4 LDP ID: 2.2.2.2:0
Transport Address: 2.2.2.2 Entity Status: Active
Configured Keepalive Timer: 45 Sec Configured Hello Timer: 45 Sec
Negotiated Hello Timer: 45 Sec Hello Packet sent/received: 19/16
Step 5 Configure the bandwidth attributes for the outgoing interfaces of links along the TE tunnel.
[S9300-C-Pos2/0/0] quit
[S9300-D-Vlanif30] mpls te max-link-bandwidth 20000
[S9300-D-Vlanif30] mpls te max-reservable-bandwidth 20000
Step 6 Configure a tunnel from S9300-B to S9300-D.

# Configure S9300-B. Enable forwarding adjacency on the tunnel interface and adjust the metric
of forwarding adjacency so that the traffic of S9300-D or S9300-E passes through the tunnel.
[S9300-B-Tunnel1/0/0] ip address unnumbered interface loopback 1
[S9300-B-Tunnel1/0/0] tunnel-protocol mpls te
[S9300-B-Tunnel1/0/0] mpls te tunnel-id 100

[S9300-B-Tunnel1/0/0] tunnel bandwidth 10000

[S9300-B-Tunnel1/0/0] mpls te igp advertise
[S9300-B-Tunnel1/0/0] mpls te igp metric absolute 1
[S9300-B-Tunnel1/0/0] mpls te commit
[S9300-B-Tunnel1/0/0] isis enable 1
Step 7 Configure a tunnel from S9300-D to S9300-B.

# Configure S9300-D. Enable forwarding adjacency on the tunnel interface and adjust the metric
of forwarding adjacency so that the traffic of S9300-A or S9300-B passes through the tunnel.
[S9300-D] interface tunnel 1/0/0
[S9300-D-Tunnel1/0/0] ip address unnumbered interface loopback 1
[S9300-D-Tunnel1/0/0] tunnel-protocol mpls te
[S9300-D-Tunnel1/0/0] destination 2.2.2.2
[S9300-D-Tunnel1/0/0] mpls te tunnel-id 100
[S9300-D-Tunnel1/0/0] tunnel bandwidth 10000
[S9300-D-Tunnel1/0/0] mpls te igp advertise
[S9300-D-Tunnel1/0/0] mpls te igp metric absolute 1
[S9300-D-Tunnel1/0/0] mpls te commit
[S9300-D-Tunnel1/0/0] isis enable 1

# After the configuration, run the display interface tunnel command on S9300-B, and you can
view that the tunnel is set up.
[S9300-B] display interface tunnel
Tunnel1/0/0current state : UP
Description : HUAWEI, Quidway Series, Tunnel1/0/0Interface
Tunnel protocol/transport MPLS/MPLS, ILM is available
0 output error
Run the display ip routing-table command on S9300-B, and you can view that the outgoing
interface destined for S9300-D and S9300-E is a tunnel interface.
------------------------------------------------------------------------------
1.1.1.1/32 ISIS 15 10 D 10.1.1.1 Vlanif20

3.3.3.3/32 ISIS 15 10 D 20.1.1.2 Vlanif30
4.4.4.4/32 ISIS 15 1 D 2.2.2.2 Tunnel1/0/0
5.5.5.5/32 ISIS 15 11 D 2.2.2.2 Tunnel1/0/0
# Run the display mpls lsp command on S9300-B, S9300-C, and S9300-D, and you can view
that the RSVP LSP is set up between them. Take the display on S9300-B as an example:
-------------------------------------------------------------------------
-------------------------------------------------------------------------
4.4.4.4/32 NULL/1024 -/Vlanif30
2.2.2.2/32 3/NULL Vlanif30/-
-------------------------------------------------------------------------

-------------------------------------------------------------------------
2.2.2.2/32 3/NULL -/-
20.1.1.0/24 3/NULL -/-
3.3.3.3/32 1024/NULL -/-
1.1.1.1/32 NULL/3 -/Vlanif20
1.1.1.1/32 1028/3 -/Vlanif20
4.4.4.4/32 NULL/3 -/Tun1/0/0
4.4.4.4/32 1025/3 -/Tun1/0/0
5.5.5.5/32 NULL/1029 -/Tun1/0/0
5.5.5.5/32 1026/1029 -/Tun1/0/0
30.1.1.0/24 NULL/3 -/Tun1/0/0
30.1.1.0/24 1027/3 -/Tun1/0/0
# Check the routing table of S9300-A and you can view that the cost in the routing table changes
after forwarding adjacency is configured.
------------------------------------------------------------------------------
2.2.2.2/32 ISIS 15 10 D 10.1.1.2 Vlanif10
3.3.3.3/32 ISIS 15 20 D 10.1.1.2 Vlanif10
4.4.4.4/32 ISIS 15 11 D 10.1.1.2 Vlanif10
5.5.5.5/32 ISIS 15 21 D 10.1.1.2 Vlanif10
20.1.1.0/24 ISIS 15 20 D 10.1.1.2 Vlanif10
30.1.1.0/24 ISIS 15 21 D 10.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
40.1.1.0/24 ISIS 15 21 D 10.1.1.2 Vlanif10
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
mpls lsr-id 1.1.1.1
mpls
lsp-trigger all
#
mpls ldp
#
isis 1
is-level level-2
cost-style wide
network-entity 86.1111.1111.1111.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
interface LoopBack1

ip address 1.1.1.1 255.255.255.255

isis enable 1
#
return

#
sysname S9300-B
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
mpls te
lsp-trigger all
mpls rsvp-te
mpls te cspf
#
mpls ldp
#
mpls ldp remote-peer S9300-D
remote-ip 4.4.4.4
#
isis 1
is-level level-2
cost-style wide
network-entity 86.2222.2222.2222.00
traffic-eng level-2
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
destination 4.4.4.4
mpls te igp advertise
mpls te igp metric absolute 1
mpls te commit
isis enable 1
#
return

#
sysname S9300-C
#
vlan batch 20 30
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 86.3333.3333.3333.00
traffic-eng level-2
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
#
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
#
sysname S9300-D
#
vlan batch 30 40
#
mpls lsr-id 4.4.4.4
mpls
mpls te
lsp-trigger all
mpls rsvp-te
mpls te cspf
#
mpls ldp
#
mpls ldp remote-peer S9300-B
remote-ip 2.2.2.2
#
isis 1
is-level level-2
cost-style wide

network-entity 86.4444.4444.4444.00
traffic-eng level-2
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
destination 2.2.2.2
mpls te igp advertise
mpls te igp metric absolute 1
mpls te commit
isis enable 1
#
return
#
sysname S9300-E
#
vlan batch 40
#
mpls lsr-id 5.5.5.5
mpls
lsp-trigger all
#
mpls ldp
#
isis 1
is-level level-2
cost-style wide
network-entity 86.5555.5555.5555.00
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#

interface LoopBack1
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
return
5.9.4 MPLS Common Configuration

This chapter describes the principle and applications of Multiprotocol Label Switching (MPLS)
common features, and provides configuration procedures and configuration examples of
processing modes of MPLS TTL, load balancing of MPLS Layer 3 forwarding, Policy-based
Routing (PBR) to the Link Switched Path (LSP) on a public network, and MPLS optimization.
Example for Configuring PBR to an LSP for Public Network Packets
As shown in Figure 5-193, there are four nodes on the MPLS backbone network: PE1, PE2, P1
and P2. The path PE1 → P1 → PE2 is the primary LSP and the path PE1 → P2 → PE2 is the
backup LSP. P to PE devices are the S9300s.
Configure LDP FRR and PBR on PE1 so that the packets sent from PE1 to PE2 are forwarded
through the backup LSP that is generated by LDP FRR.
Figure 5-193 Networking diagram for configuring PBR to an LSP for public network packets
Loopback1
2.2.2.9/32 G
E
/0 Vla 2/0/0
E1 /0 0 17 nif20
G nif1 /24 2.2
GE
.1 .
/ 0 / 0 Vla 1.1.2 1/2 Vla 1/0/0
1 2. 4
Loopback1 GE nif10 17 P1 17 nif
2.2 20 Loopback1
4
1.1.1.9/32 Vla 1.1/2 .1 .
2/2 3.3.3.9/32
.
2.1 4
17
MPLS backbone
GE 0
PE1 lan 2/0/0
V 0/
17 E 2/ f40 PE2
2.3 if30 G ani /24
.1 . P2 Vl .1.2
1/2
4 GE 0 2.4
1
17 Vlan /0/0 /0 / 0 4 17
2 4 2
2.3 if3
.1 . 0 GE anif 1.1/
2/2 l
V 2.4.
4
17
Loopback1
4.4.4.9/32

2. Establish two or more LSPs on the PE where PBR to an LSP is configured.
3. Create the policy and node on the PE where PBR to an LSP is configured, set the matching
rule of IP packets in the policy-based-route view, and specify the LSP for filtering public
network packets that meet the matching rule.
4. Enable local PBR on the PEs.
Data Preparation
OSPF area ID
l Name of the policy, mode of the policy, and number of the node
l Destination address of the backup LSP generated by LDP FRR
Procedure
Step 1 Configure basic MPLS functions and establish the LSP.
For details, see MPLS Basic Configuration.
For details on the application of PBR to an LSP and LDP FRR and LDP FRR configuration, see
MPLS Basic Configuration.
In this example, the default policy for triggering the establishment of LSPs is used. Run the
display mpls lsp command on PE1, and you can view the two LSPs to PE2 and the backup LSP
passing through P2.
[PE1] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
1.1.1.9/32 3/NULL -/-
2.2.2.9/32 NULL/3 -/Vlanif10
2.2.2.9/32 1024/3 -/Vlanif10
3.3.3.9/32 NULL/1025 -/Vlanif10
**LDP FRR** /1025 /Vlanif30
4.4.4.9/32 NULL/1026 -/Vlanif10
4.4.4.9/32 1025/1026 -/Vlanif10
3.3.3.9/32 1026/1025 -/Vlanif10
To verify the configuration, perform the traceroute operation between PE1 and PE2 before PBR
to an LSP is configured.
[PE1] tracert 172.2.1.2
1 172.1.1.2 2 ms 1 ms 1 ms
2 172.2.1.2 3 ms 3 ms 3 ms
The preceding information indicates that the packets are routed according to the routing table.
Step 2 Configure an ACL on PE1 to permit the packets destined for VLANIF 10 on PE2 to pass through.

[PE1] acl 3000

[PE-acl-adv-3000] rule permit ip destination 172.2.1.2 0.0.0.0
[PE-acl-adv-3000] quit
Step 3 Configure PBR to an LSP on PE1.

[PE1] policy-based-route policy1 permit node 10
[PE1-policy-based-route-policy1-10] if-match acl 3000
[PE1-policy-based-route-policy1-10] apply lsp public 3.3.3.9 secondary
[PE1-policy-based-route-policy1-10] quit
Step 4 Enable local PBR on PE1.

[PE1] ip local policy-based-route policy1

After the configuration, perform the traceroute operation on PE1, and you can view that the
packets are transmitted through the specified LSP.
[PE1] tracert 172.2.1.2
1 * * *
2 172.3.1.2 3 ms 1 ms 1 ms
3 172.4.1.2 16 ms 5 ms 2 ms
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 30
#
ip local policy-based-route policy1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
acl number 3000
rule 5 permit ip destination 172.2.1.2 0
#
interface Vlanif10
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
mpls ldp frr nexthop 172.3.1.2
#
interface Vlanif30
ip address 172.3.1.1 255.255.255.0
ospf cost 2500
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#

ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.3.1.0 0.0.0.255
network 172.1.1.0 0.0.0.255
#
policy-based-route policy1 permit node 10
if-match acl 3000
apply lsp public 3.3.3.9 secondary
#
return
#
sysname P1
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 20 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.4.1.2 255.255.255.0

mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
network 172.4.1.0 0.0.0.255
#
return
#
sysname P2
#
vlan batch 30 40
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 172.3.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.4.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 172.3.1.0 0.0.0.255
network 172.4.1.0 0.0.0.255
#
return
5.9.5 MPLS OAM Configuration

This chapter describes the principle of Multiprotocol Label Switching (MPLS) Operation,
Administration, and Maintenance (OAM), and provides configuration procedures and
configuration examples of protection switching and remote link state advertisement.

Example for Configuring MPLS OAM to Detect the Connectivity of the Static LSP
On an MPLS network shown in Figure 5-194, a static LSP is set up along S9300-A → S9300-
B → S9300-C.
It is required that MPLS OAM be used to detect the connectivity of the static LSP. Egress node
PE2 can notify the defect to the ingress node PE1 when a connectivity defect occurs.
Figure 5-194 Networking diagram for configuring basic MPLS OAM functions
Loopback1
4.4.4.4/32
GE1/0/0
GE2/0/0
Vlanif10
Vlanif40
10.1.1.2/24
10.1.4.1/24
S9300-D
Tunnel 1/0/0
Tunnel-id 100

1.1.1.1/32 GE1/0/0 2.2.2.2/32 GE1/0/0 3.3.3.3/32
Vlanif10 GE1/0/0 GE2/0/0 Vlanif40
10.1.1.1/24 Vlanif20 Vlanif30 10.1.4.2/24
10.1.2.2/24 10.1.3.1/24
GE2/0/0 GE2/0/0
S9300-A Vlanif20 S9300-B Vlanif30
S9300-C
10.1.2.1/24 10.1.3.2/24
Tunnel 2/0/0
Tunnel-id 200
1. Create a TE tunnel that is based on the static LSP between S9300-A and S9300-C.
2. Create a static CR-LSP along S9300-C → S9300-D → S9300-A as the backward tunnel to
notify the ingress node of the defect.
3. Set OAM parameters on ingress node S9300-A and enable MPLS OAM.
4. Set OAM parameters on egress node S9300-C and enable the MPLS OAM auto protocol.
Data Preparation
l IP address of the interface on each node, name of each tunnel interface, and tunnel ID
l Type of detection packets
l Mode of the backward tunnel

Procedure
Step 1 Create VLANs and VLANIF interfaces, and assign IP addresses to the VLANIF interfaces, and
configure routing protocols for the VLANIF interfaces.
Configure IP addresses and masks for the interfaces including loopback interfaces according to
Figure 5-194.
Configure OSPF on all the nodes and advertise the routes on the loopback interfaces. The
Take the display on PE1 as an example:
------------------------------------------------------------------------------
2.2.2.2/32 OSPF 10 2 D 10.1.2.2 Vlanif20
3.3.3.3/32 OSPF 10 3 D 10.1.1.2 Vlanif10
OSPF 10 3 D 10.1.2.2 Vlanif20
4.4.4.4/32 OSPF 10 2 D 10.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
10.1.2.2/32 Direct 0 0 D 10.1.2.2 Vlanif20
10.1.3.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
10.1.4.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
Step 2 Set up a static LSP to be detected.

# Configure basic MPLS functions and enable MPLS TE on S9300-A.
[S9300-A] mpls lsr-id 1.1.1.1
[S9300-A] mpls
[S9300-A-mpls] quit
The configurations on S9300-B, S9300-C, and S9300-D are similar to the configuration on
# On S9300-A, configure a static LSP (MPLS TE tunnel) destined for S9300-C.
[S9300-A-tunnel2/0/0] ip address unnumbered interface loopback 1
[S9300-A-tunnel2/0/0] tunnel-protocol mpls te
[S9300-A-tunnel2/0/0] destination 3.3.3.3
[S9300-A-tunnel2/0/0] mpls te tunnel-id 200

[S9300-A-tunnel2/0/0] mpls te signal-protocol static

[S9300-A-tunnel2/0/0] mpls te commit
[S9300-A-tunnel2/0/0] quit
# Configure S9300-A as the ingress node of the static LSP and use the TE tunnel.
[S9300-A] static-lsp ingress tunnel-interface tunnel 2/0/0 destination 3.3.3.3
# Configure S9300-B as the transit node of the static LSP.

[S9300-B] static-lsp transit oamlsp incoming-interface vlanif 20 in-label 20
# Configure S9300-C as the egress node of the static LSP and specify lsr-id and tunnel-id.
[S9300-C] static-lsp egress oamlsp incoming-interface vlanif 30 in-label 30 lsrid
1.1.1.1 tunnel-id 200
After the configuration, run the display mpls te tunnel-interface command on S9300-A. You
can view that the TE tunnel is Up and uses the static signaling protocol. Note the following
information:
<S9300-A> display mpls te tunnel-interface
tunnel Name : tunnel2/0/0
tunnel State Desc : CR-LSP is Up
tunnel Attributes :
LSP ID : 1.1.1.1:1
Session ID : 200
Signaling Prot : STATIC
Run the display mpls static-lsp command on S9300-A, and you can view that the static LSP
corresponding to Tunnel 2/0/0 is Up.
<S9300-A> display mpls static-lsp
tunnel2/0/0 3.3.3.3/32 NULL/20 -/Vlanif20 Up
Step 3 Set up a backward tunnel.

# On S9300-C, configure a static LSP (MPLS TE tunnel) destined for S9300-A.
[S9300-C] interface tunnel1/0/0
[S9300-C-tunnel1/0/0] ip address unnumbered interface loopback 1
[S9300-C-tunnel1/0/0] tunnel-protocol mpls te
[S9300-C-tunnel1/0/0] destination 1.1.1.1
[S9300-C-tunnel1/0/0] mpls te tunnel-id 100
[S9300-C-tunnel1/0/0] mpls te signal-protocol cr-static
[S9300-C-tunnel1/0/0] mpls te commit
[S9300-C-tunnel1/0/0] quit

[S9300-C] static-cr-lsp ingress tunnel1/0/0 destination 1.1.1.1 nexthop 10.1.4.1
out-label 70
# Configure S9300-D as the transit node of the static CR-LSP.

<S9300-D> system-view
[S9300-D] static-cr-lsp transit tunnel1/0/0 incoming-interface vlanif 40 in-label
70 nexthop 10.1.1.1 out-label 80

# Configure S9300-A as the egress node of the static LSP and specify lsr-id and tunnel-id.
[S9300-A] static-cr-lsp egress tunnel1/0/0 incoming-interface vlanif 10 in-label 80
lsrid 3.3.3.3 tunnel-id 100
After the configuration, run the display mpls te tunnel-interface command on S9300-C. You
can view that the backward TE tunnel is Up. Note the following information:
<S9300-C> display mpls te tunnel-interface
tunnel Name : tunnel1/0/0
tunnel State Desc : CR-LSP is Up
tunnel Attributes :
LSP ID : 3.3.3.3:1
Session ID : 100
Signaling Prot : STATIC-CR
Run the display mpls static-cr-lsp command on S9300-C, and you can view that the static CR-
LSP is Up.
<S9300-C> display mpls static-cr-lsp
tunnel1/0/0 1.1.1.1/32 NULL/70 -/Vlanif40 Up
Step 4 Configure MPLS OAM functions.

# On S9300-A, configure MPLS OAM functions on the ingress node. Use the default
configurations, that is, send CV packets. The parameters of the backward tunnel depend on the
configuration on the egress node.
[S9300-A] mpls
[S9300-A-mpls] mpls oam
[S9300-A-mpls] quit
[S9300-A] mpls oam ingress tunnel1/0/0
[S9300-A] mpls oam ingress enable all
# On S9300-C, configure MPLS OAM functions on the egress node.

[S9300-C] mpls
[S9300-C-mpls] mpls oam
[S9300-C-mpls] quit
# Enable the MPLS OAM auto protocol on the egress node. Detect the LSP named oamlsp. The
backward LSP that is configured on tunnel 0/0/1 is in private mode.
[S9300-C] mpls oam egress lsp-name oamlsp auto-protocol backward-lsp tunnel 1/0/0
private
After the MPLS OAM auto protocol is configured on the egress node, the egress node starts
OAM when receiving the first correct detection packet.
After the previous configuration, check the MPLS OAM parameters and status of the LSP on
ingress node S9300-A and on egress node S9300-C. You can view that the ingress and egress
nodes are in normal detection state and no defects occur.
<S9300-A> display mpls oam ingress all verbose
-------------------------------------------------------------------------
Verbose information about the NO.1 oam at the ingress
-------------------------------------------------------------------------
lsp basic information: oam basic information:

----------------------------------- -----------------------------------
tunnel-name : tunnel2/0/0 Oam-Index : 256
Lsp signal status : Up Oam select board : 1
Lsp establish type : Static lsp Enable-state : Manual enable
Lsp ingress lsr-id : 1.1.1.1 Ttsi/lsr-id : 1.1.1.1
Lsp tnl-id/Lsp-id : 200/1 Ttsi/tunnel-id : 200
oam detect information: oam backward information:
----------------------------------- -----------------------------------
Type : CV Share attribute : Private
Frequency : 1 s Lsp-name : tunnel1/0/0
Detect-state : Start Lsp ingress lsr-id : 3.3.3.3
Defect-state : Non-defect Lsp tnl-id/lsp id : 100/1
Available-state : Available Lsp-inLabel : 80
Unavailable time (s): 0 Lsp signal status : Up
-------------------------------------------------------------------------
Total Oam Num: 1
Total Start Oam Num: 1
Total Defect Oam Num: 0
Total Unavaliable Oam Num: 0
<S9300-C> display mpls oam egress all verbose

-------------------------------------------------------------------------
Verbose information about the NO.1 oam at the egress
-------------------------------------------------------------------------
----------------------------------- -----------------------------------
Lsp name : oamlsp Oam-Index : 256
Lsp establish type : Static lsp Enable-state : --
Lsp incoming Label : 30 Auto-protocol : Enable
Lsp ingress lsr-id : 1.1.1.1 Auto-overtime (s) : 300
Lsp tnl-id/lsp-id : 200/1 Ttsi/lsr-id : 1.1.1.1
Lsp Incoming-int Vlanif40 Ttsi/tunnel-id : 200

----------------------------------- -----------------------------------
Type : CV tunnel name : tunnel1/0/0
Frequency : 1 s Share attribute : Private
Detect-state : Start Lsp signal status : Up
Defect-state : Non-defect Bdi-frequency : Detect frequency
Available-state : Available
Unavailable time (s): 0
-------------------------------------------------------------------------
Total Oam Num: 1

# Run the shutdown command on GE 2/0/0 of S9300-B and simulate a defect on the link.
# Run the display mpls oam egress all verbose command on S9300-C, and you can view that
S9300-C detects the defect with the status as dLocv.
<S9300-C> display mpls oam egress all verbose
-------------------------------------------------------------------------
Verbose information about the NO.1 oam at the egress
-------------------------------------------------------------------------

---------------------------------- ------------------------------------
Lsp name : oamlsp Oam-Index : 256
Lsp establish type : Static lsp Enable-state : --
Lsp incoming Label : 30 Auto-protocol : Enable

Lsp ingress lsr-id : 1.1.1.1 Auto-overtime (s) : 300

Lsp tnl-id/lsp-id : 200/1 Ttsi/lsr-id : 1.1.1.1
Lsp Incoming-int Vlanif30 Ttsi/tunnel-id : 200

----------------------------------- -----------------------------------
Type : CV tunnel name : tunnel1/0/0
Frequency : 1 s Share attribute : Private
Detect-state : Start Lsp signal status : Up
Defect-type : dLocv Bdi-frequency : Detect frequency
Available-state : Unavailable
Unavailable time (s): 0
-------------------------------------------------------------------------
Total Oam Num: 1
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls oam
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
interface tunnel2/0/0
destination 3.3.3.3
mpls te signal-protocol static
mpls te commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#

static-lsp ingress tunnel-interface tunnel2/0/0 destination 3.3.3.3 nexthop

10.1.2.2 out-label 20
static-cr-lsp egress tunnel1/0/0 incoming-interface Vlanif10 in-label 80
#
mpls oam ingress tunnel2/0/0
mpls oam ingress enable tunnel2/0/0
#
return
#
sysname S9300-B
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
mpls te
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
mpls
mpls te
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
static-lsp transit oamlsp incoming-interface vlanif20 in-label 20 nexthop
10.1.3.2 out-label 30
#
return
#
sysname S9300-C
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls oam
#
interface Vlanif30
ip address 10.1.3.2 255.255.255.0
mpls
mpls te
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0

mpls
mpls te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
interface tunnel1/0/0
destination 1.1.1.1
mpls te commit
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
static-lsp egress oam lsp incoming-interface vlanif30 in-label 30 lsrid
1.1.1.1 tunnel-id 200
static-cr-lsp ingress tunnel1/0/0 destination 1.1.1.1 nexthop 10.1.4.1 out-
label 70 bandwidth bc0 0
#
mpls oam egress lsp-name oamlsp backward-lsp tunnel1/0/0 private
#
return
#
sysname S9300-D
#
vlan batch 10 40
#
mpls lsr-id 4.4.4.4
mpls
mpls te
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 10.1.1.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
static-cr-lsp transit tunnel1/0/0 incoming-interface vlanif40 in-label 70
#
return
Example for Configuring MPLS OAM Protection Switching
On an MPLS network shown in Figure 5-195, there are three bidirectional LSPs bound to three
tunnel interfaces, namely, Tunnel 1/0/10, Tunnel 1/0/11, and Tunnel 1/0/12, from PE1 to PE2.
Tunnel 1/0/10 and Tunnel 1/0/11 function as working tunnels; Tunnel 1/0/12 functions as the
protection tunnel.
It is required that MPLS OAM protection switching be configured. Tunnel 1/0/12 protects
Tunnel 1/0/10 and Tunnel 1/0/11. When one of the working tunnels fails, the traffic on the faulty
working tunnel is switched to the protection tunnel.
NOTE
P to PE devices are the S9300s.
Figure 5-195 Networking diagram of configuring MPLS OAM protection group

Loopback1 Loopback1
2.2.2.2 5.5.5.5
GE1/0/0
GE2/0/0
P2 PE2
/0
2/0
k1 GE /0 GE4/0/0
GE1/0/0
p bac E 3/0
o G
Lo .3.3.3
3 / 0
4/0
GE /0
1/0
/0 GE
2/0
GE
/ 0 P1
3/0
GE
/ 0
2/0
GE1/0/0 GE GE2/0/0
/0
3/0
GE
PE1 P3
GE4/0/0 GE1/0/0
Loopback1 Loopback1
1.1.1.1/32 4.4.4.4/32
Working tunnel-1
Reverse working tunnel-1
Working tunnel-2
Reverse working tunnel-2
Protection
tunnel
Reverse protection tunnel


PE1 GE 1/0/0 VLANIF 10 10.1.1.1/24
GE 2/0/0 VLANIF 20 10.1.2.1/24
GE 3/0/0 VLANIF 30 10.1.3.1/24
GE 4/0/0 VLANIF 40 10.1.4.1/24
P1 GE 1/0/0 VLANIF 80 10.1.8.1/24
GE 2/0/0 VLANIF 20 10.1.2.2/24
GE 3/0/0 VLANIF 30 10.1.3.2/24
GE 4/0/0 VLANIF 70 10.1.7.2/24
P2 GE 1/0/0 VLANIF 10 10.1.1.2/24
GE 2/0/0 VLANIF 50 10.1.5.2/24
P3 GE 1/0/0 VLANIF 40 10.1.4.2/24
GE 2/0/0 VLANIF 60 10.1.6.2/24
PE2 GE 1/0/0 VLANIF 50 10.1.5.1/24
GE 2/0/0 VLANIF 70 10.1.7.1/24
GE 3/0/0 VLANIF 80 10.1.8.2/24
GE 4/0/0 VLANIF 60 10.1.6.1/24
1. Create VLANs and VLANIF interfaces on the nodes, assign IP addresses to the VLANIF
interfaces, and configure OSPF on the VLANIF interfaces.
2. Enable MPLS, MPLS TE, and MPLS OAM on the nodes.
3. Create three TE tunnel interfaces, that is, Tunnel 1/0/10, Tunnel 1/0/11, and Tunnel 1/0/12,
on PE1 and PE2, two of which function as working tunnels and the third one functions as
the protection tunnel.
4. Configure two static CR-LSPs on PE1 and bind the two static CR-LSPs to Tunnel1/0/10
and Tunnel1/0/12 respectively.
5. On PE1, configure an RSVP-TE tunnel to PE2.
6. On PE2, configure three static CR-LSP as the backward LSPs to PE1 and bind the three
static CR-LSPs to Tunnel 1/0/10, Tunnel 1/0/11, and Tunnel 1/0/12 respectively.
7. Set MPLS OAM parameters and enable MPLS OAM to detect bidirectional LSPs.
Data Preparation

l IP address of the interface on each node, name of the tunnel interface, and tunnel ID
l Type of MPLS OAM detection packets
l Parameters of the protection group including delay in protection switching, revertive mode,
and WTR time
Procedure
Step 1 Create VLANs and VLANIF interfaces on the nodes, assign IP addresses to the VLANIF
interfaces, and configure OSPF on the VLANIF interfaces.
Configure IP addresses and masks for the interfaces, including loopback interfaces.
Configure OSPF on all the nodes and advertise the routes on the loopback interfaces. The
configuration details are not mentioned here. For details on the interfaces and IP addresses of
the nodes, see Figure 5-195.
Step 2 Enable MPLS and MPLS TE globally and on the physical interfaces.
Step 3 Configure tunnel interfaces.
# On PE1 and PE2, configure Tunnel 1/0/10 and Tunnel 1/0/11 as working tunnels and Tunnel
1/0/12 as the protection tunnel. Tunnel 1/0/12 protects both Tunnel 1/0/10 and Tunnel 1/0/11.
RSVP-TE is used on Tunnel1/0/11 and cr-static is used on Tunnel 1/0/10 and Tunnel 1/0/11.
# Configure PE1.
<PE1> system-view
[PE1] interface tunnel1/0/10
[PE1-Tunnel1/0/10] description Working tunnel-1 to PE2
[PE1-Tunnel1/0/10] mpls te signal-protocol cr-static
[PE1-Tunnel1/0/11] mpls te signal-protocol rsvp-te
[PE1-Tunnel1/0/12] description Protection tunnel to PE2
# Configure PE2.
<PE2> system-view


[PE2-Tunnel1/0/12] description Protection tunnel to PE1
Step 4 Configure two static CR-LSPs from PE1 to PE2, and bind them to the tunnel interfaces on PE1.
# Configure PE1.
[PE1] static-cr-lsp ingress Tunnel1/0/10 destination 5.5.5.5 nexthop 10.1.2.2 out-
label 19
label 30
# Configure P1.
<P1> system-view
[P1] static-cr-lsp transit PE1toPE2-2 incoming-interface vlanif 20 in-label 19
# Configure P3.
<P3> system-view
# Configure PE2.
<PE2> system-view
[PE2] static-cr-lsp egress PE1toPE2-2 incoming-interface vlanif 70 in-label 21
After the configuration, run the display mpls te tunnel command on PE1 and PE2, and you can
view the created TE tunnel.
Take the display on PE1 as an example.
[PE1] display mpls te tunnel
1.1.1.1:1012:1 5.5.5.5 -/Vlanif40
1.1.1.1:1010:1 5.5.5.5 -/Vlanif20
Step 5 Configure an RSVP-TE tunnel.

# Configure PE1.

[PE1] mpls
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1-Vlanif30] mpls rsvp-te
[PE1-Vlanif30] quit
[PE1] ospf 1
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1] quit
# Configure P1.
[P1] mpls
[P1-mpls] mpls rsvp-te
[P1-mpls] mpls te cspf
[P1-mpls] quit
[P1-Vlanif30] mpls rsvp-te
[P1-Vlanif30] quit
[P1-Vlanif80] mpls rsvp-te
[P1-Vlanif80] quit
[P1] ospf 1
[P1-ospf-1] opaque-capability enable
[P1-ospf-1] area 0
[P1-ospf-1-area-0.0.0.0] mpls-te enable
[P1-ospf-1] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2-Vlanif80] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
Run the display mpls te tunnel-interface tunnel1/0/11 command on PE1, and you can view
information about Tunnel1/0/11.
[PE1] display mpls te tunnel-interface tunnel1/0/11
Tunnel Attributes :
LSP ID : 1.1.1.1:0
Session ID : 1011
NOTE
The display mpls te tunnel-interface tunnel1/0/11 command displays the information that needs to be
noted. Information marked in "..." is omitted.
Step 6 Configure three static CR-LSPs from PE2 to PE1, and bind them to the tunnel interfaces.
# Configure PE2.


label 21
label 21
label 31
# Configure P1.
[P1] static-cr-lsp transit PE2toPE1-1 incoming-interface vlanif30 in-label 21
# Configure P2.
<P2> system-view
# Configure PE1.
[PE1] static-cr-lsp egress PE2toPE1-1 incoming-interface vlanif30 in-label 20 lsrid
1.1.1.1 tunnel-id 1011
[PE1] static-cr-lsp egress PE2toPE1-3 incoming-interface vlanif10 in-label 30 lsrid
1.1.1.1 tunnel-id 1012
Step 7 Enable MPLS OAM and configure MPLS OAM to detect the LSP.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls oam
[PE1-mpls] quit
[PE1] mpls oam ingress Tunnel1/0/10
[PE1] mpls oam ingress enable all
[PE1] mpls oam egress lsp-name PE2toPE1-1
[PE1] mpls oam egress enable all
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls oam
[PE2-mpls] quit
[PE2] mpls oam ingress enable all
[PE2] mpls oam egress lsr-id 1.1.1.1 tunnel-id 1011
[PE2] mpls oam egress enable all
# After the configuration, run the display mpls oam ingress all verbose command to check the
MPLS OAM parameters and the status of the LSP, and you can view that the detected LSP is in
Non-defect state.
[PE1] display mpls oam ingress all verbose
--------------------------------------------------------------------------------

Verbose information about NO.1 oam at the ingress

--------------------------------------------------------------------------------

--------------------------------------- --------------------------------------
Tunnel-name : Tunnel1/0/10 Oam-Index : 512
Lsp establish type : Static lsp Enable-state : Manual disable

--------------------------------------- --------------------------------------
Type : CV Share attribute : Share
Frequency : 1 s Lsp-name : --
Detect-state : Start Lsp ingress lsr-id : --
Defect-state : Non-defect Lsp tnl-id/lsp id : --/--
Available-state : Available Lsp-inLabel : --
Unavailable time (s): 0 Lsp signal status : --
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------------------- --------------------------------------
Lsp establish type : RSVP-TE Enable-state : Manual disable

--------------------------------------- --------------------------------------
Defect-type : Non-defect Lsp tnl-id/lsp id : --/--
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------------------- --------------------------------------
Lsp establish type : Static lsp Enable-state : Manual disable

--------------------------------------- --------------------------------------
Defect-type : Non-defect Lsp tnl-id/lsp id : --/--
--------------------------------------------------------------------------------

Total Oam Num: 3

Total Unavailable Oam Num: 0
Step 8 Configure the protection group.

# On PE1, configure Tunnel 1/0/10 and Tunnel 1/0/11 as working tunnels and Tunnel 1/0/12 as
the protection tunnel, use the revertive mode, and set WTR time to 2 minutes.
[PE1-Tunnel1/0/10] mpls te protection tunnel 12 mode revertive wtr 4
[PE1-Tunnel1/0/11] mpls te protection tunnel 12 mode revertive wtr 4
# After this step, run the display mpls te protection tunnel all commands on PE devices, and
you can view that all tunnels are in Non-defect state and the working tunnels forward traffic.
[PE1] display mpls te protection tunnel all
------------------------------------------------------------------------
No. Work-tunnel status /id Protect-tunnel status /id Switch-Result
------------------------------------------------------------------------
1 non-defect /1010 non-defect /1012 work-tunnel
# Run the display mpls te protection binding protect-tunnel commands on PE devices, and
you can view that Tunnel 1/0/12 protects Tunnel 1/0/10 and Tunnel 1/0/10.
[PE1] display mpls te protection binding protect-tunnel 12
------------------------------------------------------------------------
Binding information of( tunnel id: 1012 )
------------------------------------------------------------------------
Protect-tunnel id :1012
Protect-tunnel name :Tunnel1/0/12
Maximum number of bound work-tunnels :8
Currently bound work-tunnels :Total( 2 )
:Tunnel1/0/10
:Tunnel1/0/11

Run the display mpls te protection tunnel interface tunnel interface-number verbose
commands on PE devices, and you can view detailed information about the protection group.
Take the display of Tunnel 1/0/10 on PE1 as an example.
[PE1] display mpls te protection tunnel interface tunnel 1/0/10 verbose
----------------------------------------------------------------
Verbose information about the 1th proteciton-group
----------------------------------------------------------------
Work-tunnel id : 1010
Protect-tunnel id : 1012
Work-tunnel name : Tunnel1/0/10
Protect-tunnel name : Tunnel1/0/12
Work-tunnel reverse-lsp name : PE2toPE1-1
Protect-tunnel reverse-lsp name : PE2toPE1-3
switch result : work-tunnel
work-tunnel defect state : non-defect
protect-tunnel defect state : non-defect
work-tunnel reverse-lsp defect state : non-defect
protect-tunnel reverse-lsp defect state : non-defect
HoldOff : 0ms

WTR : 120s
Mode : revertive
# Run the mpls te protect-switch manual work-lsp command on Tunnel 1/0/10 of PE1 to
manually trigger protection switching.
[PE1] mpls te protect-switch manual work-lsp
# Run the display mpls te protection tunnel all command on PE1, and you can view that the
"Switch-Result" field on Tunnel 1/0/10 is displayed as protect-tunnel.
------------------------------------------------------------------------
------------------------------------------------------------------------
1 non-defect /1010 non-defect /1012 protect-tunnel
# Run the shutdown command on VLANIF 40 of PE1 to simulate defects on a physical link of
the protection tunnel.
[PE1-Vlanif40] shutdown
[PE1-Vlanif400] quit
# Run the display mpls te protection tunnel all command on PE1, and you can view that the
"Protect-tunnel status" field on Tunnel 1/0/10 is displayed as in-defect and the "Switch-Result"
field is displayed as work-tunnel.
------------------------------------------------------------------------
------------------------------------------------------------------------
1 non-defect /1010 in-defect /1012 work-tunnel
NOTE
When no defects occur on all the tunnels, and the mpls te protect-switch manual work-lsp command is
used in the tunnel interface view of the working tunnel, the traffic is switched to the protection tunnel. In
this case, if the link of the protection tunnel fails, the traffic then is switched back to the working tunnel
and the mpls te protect-switch manual work-lsp command in the tunnel interface view of the working
tunnel is deleted. This is because the link defect triggers the switching request in Signaling Failure node
and Signaling Failure takes precedence over Manual Switch.
----End
Configuration Files
#
sysname PE1
#
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
mpls oam
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te

#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
mpls
mpls te
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
mpls
mpls te
#
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
description Working tunnel-1 to PE2
destination 5.5.5.5
mpls te protection tunnel 12 mode revertive wtr 4
mpls te commit
#
destination 5.5.5.5
mpls te commit
#
description Protection tunnel to PE2
destination 5.5.5.5
mpls te commit
#
ospf 100
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255

network 10.1.2.0 0.0.0.255

network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
mpls-te enable
#
static-cr-lsp ingress Tunnel1/0/10 destination 5.5.5.5 nexthop 10.1.2.2 out-
label 19
label 30
static-cr-lsp egress PE2toPE1-2 incoming-interface vlanif20 in-label 19 lsrid
1.1.1.1 tunnel-id 1010
1.1.1.1 tunnel-id 1011
1.1.1.1 tunnel-id 1012
#
mpls oam ingress Tunnel1/0/10
mpls oam ingress enable all
mpls oam egress lsp-name PE2toPE1-1
mpls oam egress enable all
#
return
#
sysname P2
#
vlan batch 10 50
#
mpls lsr-id 2.2.2.2
mpls
mpls te
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls te
#
interface Vlanif50
ip address 10.1.5.2 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 100
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.5.0 0.0.0.255
#
static-cr-lsp transit PE2toPE1-3 incoming-interface vlanif 50 in-label 31
#
return

#
sysname P1
#
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
mpls
mpls te
#
interface Vlanif30
ip address 10.1.3.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif70
ip address 10.1.7.2 255.255.255.0
mpls
mpls te
#
interface Vlanif80
ip address 10.1.8.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 100
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.7.0 0.0.0.255
network 10.1.8.0 0.0.0.255
mpls-te enable
#
static-cr-lsp transit PE1toPE2-2 incoming-interface vlanif20 in-label 19

#
return
#
sysname P3
#
vlan batch 40 60
#
mpls lsr-id 4.4.4.4
mpls
mpls te
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0
mpls
mpls te
#
interface Vlanif60
ip address 10.1.6.2 255.255.255.0
mpls
mpls te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 100
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.1.4.0 0.0.0.255
network 10.1.6.0 0.0.0.255
#
#
return
#
sysname PE2
#
#
mpls lsr-id 5.5.5.5
mpls
mpls te
mpls rsvp-te
mpls te cspf
mpls oam
#
interface Vlanif50
ip address 10.1.5.1 255.255.255.0
mpls
mpls te
#
interface Vlanif60
ip address 10.1.6.1 255.255.255.0
mpls
mpls te
#
interface Vlanif70
ip address 10.1.7.1 255.255.255.0

mpls
mpls te
#
interface Vlanif80
ip address 10.1.8.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
#
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
destination 1.1.1.1
mpls te commit
#
description Protection tunnel to PE1
destination 1.1.1.1
mpls te commit
#
ospf 100
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.1.5.0 0.0.0.255
network 10.1.6.0 0.0.0.255
network 10.1.7.0 0.0.0.255
network 10.1.8.0 0.0.0.255
mpls-te enable
#
label 21


label 21
label 31
1.1.1.1 tunnel-id 1010
1.1.1.1 tunnel-id 1012
#
mpls oam ingress enable all
mpls oam egress lsr-id 1.1.1.1 tunnel-id 1011
mpls oam egress enable all
#
return
5.10 Configuration Guide - VPN

This document describes the principles, configuration procedures, and configuration examples
of VPN tunnel management, GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3,
VPLS, VPLS Convergence.
NOTE
MPLS is controlled by the license. By default, the MPLS function is disabled on the S9300. To use the
MPLS function of the S9300, buy the license from the Huawei local office.
The G24SA, G24CA and X24SA boards do not support the MPLS VPN function.
5.10.1 VPN Tunnel Management

This chapter describes the configuration procedures of tunnel interfaces and tunnel policies.
5.10.2 GRE Configuration
This chapter describes the basic knowledge, configuration procedures, and configuration
examples for the Generic Routing Encapsulation (GRE) protocol.
5.10.3 BGP/MPLS IP VPN Configuration
This chapter describes the principle, application, and configuration of the BGP/MPLS IP VPN.
5.10.4 VLL Configuration
This chapter describes the principle, configuration procedure, and configuration examples of the
VLL.
5.10.5 PWE3 Configuration
This chapter describes the principle, configuration procedures, and configuration examples of
PWE3.
5.10.6 VPLS Configuration
This chapter describes the basic principle, configuration procedures, and configuration examples
for VPLS.
5.10.1 VPN Tunnel Management

This chapter describes the configuration procedures of tunnel interfaces and tunnel policies.

Example for Configuring Tunnel Policies for the L3VPN
Figure 5-196 shows the networking diagram of the MPLS L3VPN. CE1 and CE3 belong to
VPNA, and CE2 and CE4 belongs to VPNB. Two MPLS TE tunnels and an LSP are set up
between PE1 and PE2. The bandwidth of one tunnel is 5 Mbit/s and the bandwidth of the other
tunnel is 10 Mbit/s. The CEs in VPNA require 10-Mibt/s constant bandwidth for communication;
therefore, the tunnel with 10-Mbit/s bandwidth is used by VPNA exclusively to ensure the
bandwidth. To use the tunnels more efficiently, VPNB prefers the TE tunnels.
Figure 5-196 Networking diagram for configuring the tunnel policy for the L3VPN
VPNA VPNA
CE1 CE3
GE1/0/3 GE1/0/3
Loopback1 Loopback1
1.1.1.1/32 MPLS TE tunnel 1/0/1 2.2.2.2/32
GE1/0/3
MPLS TE tunnel 1/0/2 ( binding) GE1/0/3
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
PE1 PE2
LSP
GE1/0/2 GE1/0/2
VPNB VPNB
CE2 CE4
PE1 GigabitEthernet1/0/1 VLANIF 10 100.1.1.1/30
GigabitEthernet1/0/2 VLANIF 20 10.2.1.2/30
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
CE1 GigabitEthernet1/0/3 VLANIF 30 10.1.1.1/30

1. Enable the routing protocol to ensure communication between the PEs.
2. Configure the basic MPLS capability on the S9300s on the backbone network and set up
an LSP and two MPLS TE tunnels between the PEs.
3. Configure VPN instances on the PEs and connect the CEs to the PEs.
4. Configure tunnel policies and apply the tunnel policies to the VPN instances.
5. Configure MP-IBGP for exchanging routing information between the VPNs.
Data Preparation
l MPLS LSR IDs of the PEs
l Names, RDs, and VPN targets of the two VPN instances
l Names of the two tunnel policies
Procedure
Step 1 Enable the IGP protocol on the MPLS backbone network to ensure IP interworking between the
PEs.
# Configure PE1.
[PE1] interface loopback 1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitEthernet 1/0/1
[PE1-Vlanif10] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure PE2.
[PE2] vlan 10
[PE2-vlan10] quit


[PE2-Vlanif10] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
# By running the display ip routing-table command on the PEs, you can see that the PEs can
learn the routes of each other's Loopback1 interface.
# Take the display on PE1 as an example:
[PE1] display ip routing-table
------------------------------------------------------------------------------
2.2.2.2/32 OSPF 10 2 D 100.1.1.2 vlanif10
100.1.1.0/30 Direct 0 0 D 172.1.1.1 vlanif10
100.1.1.2/32 Direct 0 0 D 172.1.1.2 vlanif10
Step 2 Enable the basic MPLS capability on the MPLS backbone and establish an LDP LSP.
NOTE
The PE devices are directly connected In this example, you need to run label advertise command to enables
the egress node to assign labels normally to the penultimate hop.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif10] mpls
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif10] mpls
[PE2-Vlanif10] quit
# After the configuration, an LDP LSP can be set up between PE1 and PE2. By running the
display tunnel-info all command, you can see the LSP destined for the address 2.2.2.2. By
running the display mpls ldp lsp command, you can view the LSP information.
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token

----------------------------------------------------------------------
0x1001c lsp 2.2.2.2 0

LDP LSP Information
------------------------------------------------------------------
------------------------------------------------------------------
2 2.2.2.2/32 NULL/3 172.1.1.2 -------/Vlanif10
------------------------------------------------------------------
Step 3 Set up an MPLS TE tunnel between the PEs.

# Configure the maximum link bandwidth and maximum reservable bandwidth for the MPLS
TE tunnel.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] quit
[PE1-Vlanif10] mpls te
[PE1-Vlanif10] mpls te max-link-bandwidth 20000
[PE1-Vlanif10] mpls te max-reservable-bandwidth 15000
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] quit
[PE2-Vlanif10] mpls
[PE2-Vlanif10] quit
# Enable OSPF on the devices along the TE tunnel so that the devices can transmit TE attributes.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit

# Configure an MPLS TE tunnel with a bandwidth of 5 Mbit/s.
# Configure PE1.
[PE1-Tunnel1/0/1] ip address unnumbered interface loopback1
[PE1-Tunnel1/0/1] mpls te bandwidth 5000
# Configure PE2.
# Configure an MPLS TE tunnel with a bandwidth of 10 Mbit/s and bind the tunnel with the
VPN.
# Configure PE1.
# Configure PE2.
# By running the display interface tunnel interface-number command on the PEs, you can see
that Tunnel1/0/1 and Tunnel1/0/2 are both Up. Take Tunnel1/0/2 on PE1 for example.
[PE1] display interface tunnel 1/0/2
Description : HUAWEI, Quidway Series, Tunnel1/0/2 Interface, Route Port
primary tunnel id is 0x1003d, secondary tunnel id is 0x0
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets output dropped

# By running the display tunnel-info all command on the PEs, you can see that Tunnel1/0/1
and Tunnel1/0/2 are both Up. Take the display on PE1 as an example:
[PE1] display tunnel-info all
----------------------------------------------------------------------
0x1003c cr lsp 2.2.2.2 2
0x1003d cr lsp 2.2.2.2 3
0x1001b lsp 2.2.2.2 0
0x1001c lsp -- 1
Step 4 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance VPNA
[PE1-vpn-instance-VPNA] route-distinguisher 100:1
[PE1-vpn-instance-VPNA] vpn-target 111:1 both
[PE1-vpn-instance-VPNA] quit
[PE1] ip vpn-instance VPNB
[PE1-vpn-instance-VPNB] route-distinguisher 100:2
[PE1-vpn-instance-VPNB] vpn-target 222:2 both
[PE1-vpn-instance-VPNB] quit
[PE1-Vlanif30] ip binding vpn-instance VPNA
[PE1-Vlanif30] quit
[PE1-Vlanif20] ip binding vpn-instance VPNB
[PE1-Vlanif20] quit
# Configure PE2.
[PE2-vpn-instance-VPNA] route-distinguisher 100:3
[PE2-vpn-instance-VPNA] vpn-target 111:1 both
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-VPNB] route-distinguisher 100:4
[PE2-vpn-instance-VPNB] vpn-target 222:2 both
[PE2-Vlanif50] ip binding vpn-instance VPNA
[PE2-Vlanif50] quit
[PE2-Vlanif40] ip binding vpn-instance VPNB
[PE2-Vlanif40] quit
# Configure the interface addresses of the VLAN where the CE interface resides and configure
the IP addresses of the VLANIF interfaces according to Figure 5-196. The configuration
procedure is not given.
# By running the display ip vpn-instance verbose command on the PEs, you can see the
configuration of the VPN instances. The PEs can ping the connected CEs successfully.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source address when you
run the ping command to ping the connected CE. That is, specify -a source-ip-address in the ping -a
source-ip-address -vpn-instance vpn-instance-name destination-address command; otherwise, the ping
operation may fail.
Step 5 Configure and apply a tunnel policy on the PE.

# Configure the tunnel policy for binding primary tunnel and apply the tunnel policy to VPNA.
# Configure PE1.
[PE1]tunnel-policy policy1
[PE1-tunnel-policy-policy1]tunnel binding destination 2.2.2.2 te tunnel1/0/2
[PE1-vpn-instance-VPNA] tnl-policy policy1
# Configure PE2.
[PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te tunnel1/0/2
[PE2-vpn-instance-VPNA] tnl-policy policy1
# Configure the tunnel policy that specifies the tunnel selection sequence and apply the tunnel
policy to VPNB.
# Configure PE1.
[PE1-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 1
[PE1-vpn-instance-VPNB] tnl-policy policy2
# Configure PE2.
[PE2-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 1
[PE2-vpn-instance-VPNB] tnl-policy policy2
Step 6 Set up MP-IBGP adjacency between the PEs.

# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.2 as-number 100
[PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp] quit
# After the configuration, run the display bgp peer or display bgp vpnv4 all peer command.
You can see that the BGP peers between the PEs are established.
Step 7 Set up EBGP adjacency between PEs and CEs.
Configure PE1

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance VPNA
[PE1-bgp-af-VPNA] peer 10.1.1.1 as-number 65410
[PE1-bgp-af-VPNA] quit
[PE1-bgp] ipv4-family vpn-instance VPNB
[PE1-bgp-af-VPNB] peer 10.2.1.1 as-number 65410
[PE1-bgp-af-VPNB] quit
[PE1-bgp] quit
Configure CE1
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
Configure CE2
[CE2] bgp 65410
[CE2-bgp] quit
Configure PE1
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance VPNA
[PE2-bgp-af-VPNA] peer 10.3.1.1 as-number 65420
[PE2-bgp-af-VPNA] quit
[PE2-bgp] ipv4-family vpn-instance VPNB
[PE2-bgp-af-VPNB] peer 10.4.1.1 as-number 65420
[PE2-bgp-af-VPNB] quit
[PE2-bgp] quit
Configure CE3
[CE3] bgp 65420
[CE3-bgp] quit
Configure CE4
[CE4] bgp 65420
[CE4-bgp] quit

# Run the display ip routing-table vpn-instance command on the PE. You can view the routes
to the remote CE.
[PE1] display ip routing-table vpn-instance VPNA
------------------------------------------------------------------------------
Routing Tables: VPNA
10.1.1.0/30 Direct 0 0 D 10.1.1.2 Vlanif30
10.3.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/2
[PE1] display ip routing-table vpn-instance VPNB
------------------------------------------------------------------------------
Routing Tables: VPNB

10.2.1.0/30 Direct 0 0 D 10.2.1.2 Vlanif20

10.4.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/1
BGP 255 0 RD 2.2.2.2 Vlanif10
# Run the display ip routing-table vpn-instance verbose command on the PEs, and you can
see the tunnels used by the VPN routes.
[PE1] display ip routing-table vpn-instance VPNA 10.3.1.0 verbose
Routing Table : VPNA
Summary Count : 1
Protocol: BGP Process ID: 0
NextHop: 2.2.2.2 Neighbour: 2.2.2.2
State: Active Adv GotQ Age: 00h00m08s
Tag: 0 Priority: 0
Label: 109568 QoSInfo: 0x0
RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2
Tunnel ID: 0x1003d
[PE1] display ip routing-table vpn-instance VPNB 10.4.1.0 verbose
Routing Table : VPNB
Summary Count : 2
Tag: 0 Priority: 0
Label: 107520 QoSInfo:0x0
RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1
Tunnel ID: 0x1001c
# The CEs in the same VPN can ping each other, and the CEs in different VPNs cannot ping
each other.
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance VPNA
tnl-policy policy1
#
ip vpn-instance VPNB
tnl-policy policy2
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls ldp

#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface Vlanif30
ip binding vpn-instance VPNA
ip address 10.1.1.2 255.255.255.252
#
interface Vlanif20
ip binding vpn-instance VPNB
ip address 10.2.1.2 255.255.255.252
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ip address unnumbered interface loopback1
destination 2.2.2.2
mpls te commit
#
destination 2.2.2.2
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance VPNA
#
ipv4-family vpn-instance VPNB
#
ospf 1

area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 1.1.1.1 0.0.0.0
mpls-te enable
#
#
tunnel select-seq cr-lsp lsp load-balance-number 1
#
return
#
sysname PE2
#
vlan batch 10 30 50
#
ip vpn-instance VPNA
tnl-policy policy1
#
ip vpn-instance VPNB
tnl-policy policy2
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface Vlanif50
ip binding vpn-instance VPNA
ip address 10.3.1.2 255.255.255.252
#
interface Vlanif40
ip binding vpn-instance VPNB
ip address 10.4.1.2 255.255.255.252
#
#
#
#

interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
destination 1.1.1.1
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance VPNA
#
ipv4-family vpn-instance VPNB
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0
mpls-te enable
#
#
tunnel select-seq cr-lsp lsp load-balance-number 1
#
return
#
sysname CE1
#
vlan batch 30
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.252
#
#
bgp 65410
#
ipv4-family unicast

import-route direct
#
return
#
sysname CE2
#
vlan batch 20
#
interface vlanif 20
ip address 10.2.1.1 255.255.255.252
#
#
bgp 65410
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE3
#
vlan batch 50
#
interface Vlanif50
ip address 10.3.1.1 255.255.255.252
#
#
bgp 65420
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE4
#
vlan batch 40
#
interface Vlanif 40
ip address 10.4.1.1 255.255.255.252
#
#
bgp 65420
#
ipv4-family unicast

import-route direct
#
return
Example for Binding a Tunnel to the Martini L2VPN
As shown in Figure 5-197, Site 1, Site 2, and Site 3 belong to VPNA. The networking
requirements are as follows:
l Configuring a Martini L2VPN

l Guarantee a bandwidth of 10 Mbit/s for communication between Site 1 and Site 2 and a
bandwidth of 20 Mbit/s for communication between Site 1 and Site 3.
l The communication between Site 1 and Site 2 is independent of that between Site 1 and
Site 3.
Figure 5-197 Networking diagram for configuring the L2VPN tunnel binding
Loopback1
2.2.2.9/32
VPNA
VLAN2
GE 1/0/1
GE 1/0/2 GE 1/0/1
Loopback1 Loopback1 PE2 CE2
Site2
1.1.1.9/32 4.4.4.9/32
GE 1/0/1 GE 1/0/2
PE1 GE 1/0/1 GE 1/0/3
GE 1/0/2 P
GE 1/0/3 PE3
GE 1/0/3 GE 1/0/1
VLAN1 VLAN4
GE 1/0/1
GE 1/0/2 GE 1/0/3 VLAN3 CE3
Loopback1 Site3
3.3.3.9/32
Site1 CE1
VPNA VPNA
GigabitEthernet1/0/2 VLANIF 1 -
Loopback1 - 1.1.1.9/32
PE2 GigabitEthernet1/0/1 VLANIF 2 -

Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
P GigabitEthernet1/0/1 VLANIF 7 100.1.1.1/24
1. Configure a TE tunnel.
2. Configure a tunnel policy to bind the IP address of the remote end to the tunnel.
3. Apply the tunnel policy to the L2VC.
4. Connect the CEs to the backbone network.
Data Preparation
l Tunnel policy
l VC ID
l Parameters for the MPLS TE tunnel
NOTE
For different L2VPN services from a PE to the same destination, different tunnel policies and TE tunnels
are required.
Procedure
Step 1 Enable PEs to communicate with each other.
# Configure an Interior Gateway Protocol (IGP) on the MPLS backbone network to implement
interworking between the PEs. IS-IS is used in this example, and the IS-IS process ID is 1.
# Configure PE1.
[PE1] vlan 7

[PE1-vlan7] quit
[PE1-GigabitEthernet1/0/1] port hybrid tagged vlan 7
[PE1-Vlanif7] quit
[PE1]isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] is-level level-2
[PE1-isis-1] quit
[PE1-Vlanif7] isis enable 1
[PE1-Vlanif7] quit
[PE1-LoopBack1] isis enable 1
# The configuration procedures of PE2 and PE3 are similar to the configuration procedure of
PE1.
# Configure the P.
[Quidway] sysname P
[P] vlan batch 5 6 7
[P]interface GigabitEthernet 1/0/1
[P-GigabitEthernet1/0/1] port hybrid pvid vlan 7
[P-GigabitEthernet1/0/1] port hybrid tagged vlan 7
[P] interface vlanif 7
[P-Vlanif7] ip address 100.1.1.1 24
[P-Vlanif7] quit
[P-Vlanif5] quit
[P-Vlanif6] quit
[P]isis 1
[P-isis-1] network-entity 10.0000.0000.0000.0002.00
[P-isis-1] is-level level-2
[P-isis-1] quit
[P-Vlanif5] isis enable 1
[P-Vlanif5] quit
[P-Vlanif6] quit
[P-Vlanif7] quit
[P] interface loopback 1
[P-LoopBack1] ip address 1.1.1.9 32
[P-LoopBack1] isis enable 1
[P-LoopBack1] quit
# Run the display ip routing-table command in any view of the PEs, and you can see that the
PEs can learn the loopback address of each other.


------------------------------------------------------------------------------
2.2.2.9/32 ISIS 15 20 D 100.1.1.2 Vlanif7
3.3.3.9/32 ISIS 15 20 D 100.1.1.2 Vlanif7
4.4.4.9/32 ISIS 15 10 D 100.1.1.2 Vlanif7
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif7
100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif7
100.2.1.0/24 ISIS 15 20 D 100.1.1.2 Vlanif7
100.3.1.0/24 ISIS 15 20 D 100.1.1.2 Vlanif7
Step 2 Configure the basic MPLS capability, set up the LDP peers, and enable MPLS TE, Resource
Reservation Protocol-TE (RSVP-TE), and Constraint Shortest Path First (CSPF).
# In this example, RSVP-TE is used as the signaling protocol. Enable global MPLS TE and
RSVP-TE on the PEs and P along the TE tunnel. Configure CSPF on the tunnel ingress. Enable
MPLS TE and RSVP-TE on the interfaces along the tunnel. Configure the LDP remote peers
on PEs to transmit the private network routes.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] quit
[PE1-Vlanif7] mpls
[PE1-Vlanif7] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] mpls ldp remote-peer 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] quit
PE1.
# Configure the P.
[P] mpls lsr-id 4.4.4.9
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P-Vlanif7] mpls
[P-Vlanif7] mpls te
[P-Vlanif7] mpls rsvp-te
[P-Vlanif7] quit
[P-Vlanif5] mpls
[P-Vlanif5] mpls te


[P-Vlanif5] quit
[P-Vlanif6] mpls
[P-Vlanif6] mpls te
[P-Vlanif6] quit
# Run the display mpls ldp session command on the PEs, and you can see that LDP peers are
set up between PE1 and PE2 and between PE1 and PE3.
[PE1] display mpls ldp session
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Step 3 Configure IS-IS TE.

# Configure PE1.
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] traffic-eng level-2
[PE1-isis-1] quit
# The configuration procedures of P, PE2, and PE3 are similar to the configuration procedure
of PE1.
NOTE
When IS-IS TE is configured on only the local end, the session set up on the local end turns Down. When
IS-IS TE is configured on the remote end, the LDP session becomes Up again.
Step 4 Configure the MPLS TE attributes of the links.

# Ensure that the maximum reservable bandwidth of each link along the TE tunnel is not less
than the total bandwidth of all the TE tunnels through the link. Configure the maximum link
bandwidth to be not less than the maximum reservable bandwidth.
# Configure PE1.
[PE1-Vlanif7] quit
PE1.
# Configure the P.
[P-Vlanif7] mpls te max-link-bandwidth 100000
[P-Vlanif7] mpls te max-reservable-bandwidth 80000
[P-Vlanif7] quit
[P-Vlanif5]quit


Step 5 Configure the explicit path of MPLS TE.
# You can manually specify a path for MPLS TE, that is, configure an explicit path for MPLS
TE. Take the configuration of explicit path on PE1 for example.
# Configure PE1.
[PE1] explicit-path PE1toPE2
[PE1-explicit-path-PE1toPE2] next hop 100.1.1.2
[PE1-explicit-path-PE1toPE2] quit
[PE1] explicit-path PE1toPE3
[PE1-explicit-path-PE1toPE3] quit
Step 6 Configure the MPLS TE tunnel.

NOTE
An MPLS TE tunnel is unidirectional. To guarantee bidirectional QoS on the TE tunnel, you must configure
an MPLS TE tunnel on PEs.
# Create two tunnel interfaces on PE1; create a tunnel interface on each of PE2 and PE3.
# Configure PE1.
[PE1-Tunnel1/0/0] mpls te path explicit-path PE1toPE2
[PE1-Tunnel2/0/0] mpls te path explicit-path PE1toPE3
[PE1-Tunnel2/0/0] mpls te bc0 bandwidth 20000
# Configure PE2.
# Configure PE3.


# Run the display this interface command in the tunnel interface view of the PEs, and you can
see that the TE tunnel is Up. Take Tunnel1/0/0 of PE1 for example.
[PE1-Tunnel1/0/0] display this interface
The Maximum Transmit Unit is 1500
primary tunnel id is 0x1003c, secondary tunnel id is 0x0
The tunnelIfIndex is 0x40020
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
300 seconds output rate 0 bytes/sec, 0 packets/sec
0 output error
Step 7 Configure the VPN tunnel binding.

# Configure PE1. Bind PE1 to Tunnel1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1-tunnel-policy-policy1] tunnel binding destination 2.2.2.9 te Tunnel1/0/0
[PE1-Vlanif1] mpls l2vc 2.2.2.9 100 tunnel-policy policy1
[PE1-Vlanif1] quit
# Configure PE1. Bind PE1 to Tunnel2.

[PE1-Vlanif4] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

[PE2-Vlanif2] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3-Vlanif3] quit
Step 8 Connect the CEs to the backbone network.
# The following takes the configuration of CE1 as an example. The configuration procedures of
CE2 and CE3 are the same as the configuration procedure of CE1, and are not mentioned here.
[CE1] vlan 1
[CE1] quit
[CE1] vlan 4
[CE1] quit
[CE1] interface GigabitEthernet1/0/2
[CE1] interface vlanif 1
[CE1-Vlanif1] ip address 10.1.1.1 24
[CE1-Vlanif1] quit
[CE1-Vlanif4] quit
# Check the VC status on PE1. All the VCs on PE1 are Up.
[PE1] display mpls l2vc
Total ldp vc : 2 2 up 0 down
*Client Interface : Vlanif1
Session State : up
AC Status : up
VC State : up
VC ID : 100
VC Type : VLAN
local VC Label : 17408 remote VC Label : 17409
Control Word : disable
local VC MTU : 1500 remote VC MTU : 1500
Tunnel Policy Name : policy1
Traffic Behavior Name: --
PW Template Name : --
Create time : 0 days, 0 hours, 7 minutes, 18 seconds

UP time : 0 days, 0 hours, 7 minutes, 18 seconds

Last change time : 0 days, 0 hours, 7 minutes, 18 seconds
*Client Interface : vlanif4
Session State : up
AC Status : up
VC State : up
VC ID : 200
VC Type : VLAN
local VC Label : 17409 remote VC Label : 17408
Control Word : Disable
Tunnel Policy Name : policy2
Traffic Behavior Name: --
# Check information about the interfaces on the bound tunnel.

# Take Tunnel1/0/0 of PE1 as an example.
[PE1] display interface Tunnel 1/0/0
QoS max-bandwidth : 64 Kbps
300 Seconds output rate 0 bits/sec, 0 packets/sec
# CE1 can ping CE2 and CE3.

# Display information about Tunnel1/0/0 on PE1.
[PE1] display interface Tunnel 1/0/0
QoS max-bandwidth : 64 Kbps
300 Seconds output rate 2952 bits/sec, 2 packets/sec
# You can see that the number of datagrams passing through Tunnel1/0/0 increases.

# Run the ping 20.1.1.2 command on CE1 to check information about Tunnel 1/0/0 of PE1. You
can see that the statistics of packets on Tunnel 1/0/0 remain unchanged because Tunnel 1/0/0
on PE1 transmits only the data between PE1 and PE2.
----End
Configuration Files
#
sysname PE1
#
vlan batch 1 4 7
#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
mpls l2vpn default martini
#
explicit-path pe1tope2
next hop 100.1.1.1
next hop 100.2.1.2
next hop 2.2.2.9
#
explicit-path PE1toPE3
next hop 100.1.1.1
next hop 100.3.1.2
next hop 3.3.3.9
#
mpls ldp
#
remote-ip 2.2.2.9
#
remote-ip 3.3.3.9
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0001.00
traffic-eng level-2
#
interface Vlanif7
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif1
mpls l2vc 2.2.2.9 100 tunnel-policy policy1
#
interface Vlanif4
#
#


#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
destination 2.2.2.9
mpls te path explicit-path pe1tope2
mpls te commit
#
destination 3.3.3.9
mpls te path explicit-path pe1tope3
mpls te commit
#
tunnel binding destination 2.2.2.9 te tunnel1/0/0
#
#
return
#
sysname P
#
vlan batch 5 6 7
#
mpls lsr-id 4.4.4.9
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0002.00
traffic-eng level-2
#
interface Vlanif7
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif5
ip address 100.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te


mpls rsvp-te
#
interface Vlanif6
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return

#
sysname PE2
#
vlan batch 2 5
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.9
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0003.00
traffic-eng level-2
#
interface Vlanif5
ip address 100.2.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif2
#


#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
destination 1.1.1.9
mpls te commit
#
#
return

#
sysname PE3
#
vlan batch 3 6
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.9
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0004.00
traffic-eng level-2
#
interface Vlanif6
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif3
#
#
#

interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
destination 1.1.1.9
mpls te commit
#
#
return

#
sysname CE1
#
vlan batch 1 4
#
interface Vlanif1
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif4
ip address 20.1.1.1 255.255.255.0
#
#
#
return

#
sysname CE2
#
vlan batch 2
#
interface Vlanif2
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname CE3
#
vlan batch 3
#
interface Vlanif2
ip address 20.1.1.2 255.255.255.0
#
#
return

5.10.2 GRE Configuration

This chapter describes the basic knowledge, configuration procedures, and configuration
examples for the Generic Routing Encapsulation (GRE) protocol.
Example for Configuring Static Routes on the GRE Tunnel
As shown in Figure 5-198, S9300-A, S9300-B, and S9300-C are on the VPN backbone network.
OSPF runs among the S9300s.
GRE is used between S9300-A and S9300-C to implement the interworking between PC1 and
PC2.
PC1 and PC2 use S9300-A and S9300-C as their default gateways.
Figure 5-198 Networking diagram for configuring static routes

S9300-B
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
S9300-A S9300-C
Tunnel7/0/0 Tunnel7/0/0
GE2/0/0 40.1.1.1/24 40.1.1.2/24 GE2/0/0
PC1 PC2
10.1.1.1/24 10.2.1.1/24

1. Run the dynamic routing protocol on the S9300s to implement interconnection.

2. Create tunnel interfaces on S9300-A and S9300-C and specify the source and destination
addresses of the tunnel. The source address is the IP address of the interface sending packets,
and the destination address is the IP address of the interface receiving packets.
3. Configure the IP address of the tunnel so that the tunnel supports the dynamic routing
protocol.
4. Configure the static route between S9300-A and its connected PCs, and between S9300-C
and its connected PCs to make the traffic between PC1 and PC2 transmitted through the
GRE tunnel.
5. Configure the egress of the static route as the local tunnel interface.
Data Preparation
l IP address of VLANIF interfaces, as shown in Figure 5-198
l Data for configuring OSPF
l Source address and destination address of the GRE tunnel, and IP addresses of tunnel
interfaces
Procedure
Step 1 Assign the IP address to each interface.
[S9300-A] vlan 10
[S9300-A] vlan 30
Step 2 Configure IGP on the VPN backbone network.
[S9300-A] ospf 1

# Run the display ip routing-table command on S9300-A and S9300-C. You can find that they
learn the OSPF routes destined for the network segment of the peer.
# Take S9300-A for example. The information is displayed as follows:
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif10
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif10
30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Vlanif10

[S9300A] interface tunnel 1/0/1
[S9300-A-Tunnel1/0/1] tunnel-protocol gre
[S9300-A-Tunnel1/0/1] ip address 40.1.1.1 255.255.255.0
[S9300-A-Tunnel1/0/1] source 20.1.1.1
[S9300-C] interface tunnel 1/0/1
[S9300-C-Tunnel1/0/1] tunnel-protocol gre
[S9300-C-Tunnel1/0/1] ip address 40.1.1.2 255.255.255.0
[S9300-C-Tunnel1/0/1] source 30.1.1.2
[S9300-C-Tunnel1/0/1] destination 20.1.1.1
[S9300-C-Tunnel1/0/1] quit
# After the configuration, the status of tunnel interfaces is Up, and the tunnel interfaces can ping
each other.
[S9300-A] ping -a 40.1.1.1 40.1.1.2
0.00% packet loss


[S9300-A] ip route-static 10.2.1.0 255.255.255.0 tunnel 1/0/1
[S9300-C] ip route-static 10.1.1.0 255.255.255.0 tunnel 1/0/1
# Run the display ip routing-table command on S9300-A and S9300-C. You can see the static
route from the tunnel interface to the use-side network segment of the peer.
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel1/0/1
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif10
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif10
30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Vlanif10
40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel1/0/1
PC1 and PC2 can ping each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.2 255.255.255.0
#
#
#
ip address 40.1.1.1 255.255.255.0
tunnel-protocol gre
source 20.1.1.1
destination 30.1.1.2
#
ospf 1
area 0.0.0.0

network 20.1.1.0 0.0.0.255

#
ip route-static 10.2.1.0 255.255.255.0 Tunnel1/0/1
#
return

#
sysname S9300-B
#
vlan batch 10 20
#
interface Vlanif10
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 30.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return

#
sysname S9300-C
#
vlan batch 20 40
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 10.2.1.2 255.255.255.0
#
#
#
ip address 40.1.1.2 255.255.255.0
tunnel-protocol gre
source 30.1.1.2
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
ip route-static 10.1.1.0 255.255.255.0 Tunnel1/0/1
#
return

Example for Configuring the Dynamic Routing Protocol on the GRE Tunnel
As shown in Figure 5-199, OSPF runs among the S9300-A, S9300-B, and S9300-C.
GRE is used between S9300-A and S9300-C to implement the interworking between PC1 and
PC2.
PC1 and PC2 use S9300-A and S9300-C as their default gateways.
Figure 5-199 Networking diagram for configuring dynamic routing protocol
S9300-B
GE1/0/0 GE2/0/0
OSPF 1
GE1/0/0 GE1/0/0
S9300-A S9300-C
Tunnel
GE2/0/0 GE2/0/0
OSPF 2 OSPF 2
PC1 PC2
1. Run IGP on the S9300s(OSPF process 1 is used here).

2. Create GRE tunnels between the S9300s connected with PCs so that data between any two
PCs is transmitted through GRE tunnels.

Data Preparation
l IP address of the VLANIF interfaces , as shown in Figure 5-199
l Source addresses and destination addresses on the two ends of the GRE tunnel
l IP addresses of the interfaces on the two ends of the GRE tunnel
Procedure
Step 1 Assign the IP address to each interface.
Step 2 Configure IGP on the VPN backbone network.
The configuration procedure is the same as that in Example for Configuring Static Routes on
the GRE Tunnel.
The configuration procedure is the same as that in Example for Configuring Static Routes on
the GRE Tunnel.
Step 4 Configure the OSPF protocol on the tunnel interfaces.
[S9300-A] ospf 1
[S9300-C] ospf 1


# Run the display ip routing-table command on S9300-A and S9300-C. You can see the OSPF
route from the tunnel interface to the user-side network segment of the peer. In addition, the next
hop on the route to the destination physical address (30.1.1.0/24) of the tunnel is not a tunnel
interface.
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
10.2.1.0/24 OSPF 10 2 D 40.1.1.2 Tunnel1/0/1
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif10
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif10
30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Vlanif10
40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel1/0/1
# PC1 and PC2 can ping each other.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10 30
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.2 255.255.255.0
#
#
#
ip address 40.1.1.1 255.255.255.0
tunnel-protocol gre
source 20.1.1.1
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255

network 40.1.1.0 0.0.0.255

network 10.1.1.0 0.0.0.255
#
return

#
sysname S9300-B
#
vlan batch 10 20
#
interface Vlanif10
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 30.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return

#
sysname S9300-C
#
vlan batch 20 40
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 10.2.1.2 255.255.255.0
#
#
#
ip address 40.1.1.2 255.255.255.0
tunnel-protocol gre
source 30.1.1.2
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return

Example for Configuring the CE to Access a VPN Through a GRE Tunnel of the
Public Network
l PE1 and PE2 are located in the MPLS backbone network.

l CE1 is connected to PE1 through S9300-A.
l CE2 is connected to PE2 directly.
l CE1 and CE2 belong to the same VPN.
CE1 and CE2 are required to interwork with each other.
Figure 5-200 Networking diagram in which CEs access a VPN through the GRE tunnel of the
public network
Loopback1
Loopback1
PE1
S9300-A GE2/0/0 GE2/0/0 PE2
GE1/0/0 GE1/0/0
GE1/0/0 GE2/0/0
el Tunnel1/0/0
nn
GE2/0/0 Tu
GE1/0/0
CE1 Tunnel2/0/0 CE2
GE2/0/0
GE1/0/0
PC1 PC1
Tunnel2/0/0 - 2.2.2.1/24
PE1 Loopback1 - 1.1.1.9/32
Tunnel1/0/0 - 2.2.2.2/24

PE2 Loopback1 - 3.3.3.9/32
PE1 and CE1 are indirectly connected. So the VPN instance on PE1 cannot be bound to the
physical interface on PE1. In such a situation, a GRE tunnel is required between CE1 and PE1.
vpn1 on PE1 can then be bound to the GRE tunnel, and CE1 can access the VPN through the
GRE tunnel.
1. Configure OSPF 10 on PE1 and PE2 to implement the interworking between the two
devices, and then enable MPLS.
2. Configure OSPF 20 on CE1, S9300-A, and PE1 to implement the interworking between
the three devices.
3. Establish a GRE tunnel between CE1 and PE1.
4. Create VPN instances vpn1 on PE1 and PE2. Then bind the VPN instance on PE1 to the
GRE tunnel interface, and bind the VPN instance on PE2 to the connected physical interface
of CE2.
5. Configure IS-IS routes between CE1 and PE1, and between CE2 and PE2 to implement
the interworking between the CEs and PEs.
6. Configure BGP on PEs to implement the interworking between CE1 and CE2.
Data Preparation
l IP addresses of the interfaces, process ID of the routing protocol, and AS number

l Source address and destination address of the GRE tunnel
l VPN instance names, RDs, and VPN targets on PEs
Procedure
Step 1 Configure the IP address for each VLANIF interface and the routing protocol for the MPLS
backbone network.
Configure OSPF10 on PE1 and PE2, and then configure MPLS and LDP. The detailed
configurations are not mentioned here.
Step 2 Configure a routing protocol between CE1, S9300-A, and PE1.
Configure OSPF 20 on CE1, S9300-A, and PE1. The detailed configurations are not mentioned
here.

Step 3 Establish a GRE tunnel between CE1 and PE1.

# Configure CE1.
[CE1] interface tunnel 2/0/0
[CE1-Tunnel2/0/0] ip address 2.2.2.1 255.255.255.0
[CE1-Tunnel2/0/0] tunnel-protocol gre
[CE1-Tunnel2/0/0] source 30.1.1.1
[CE1-Tunnel2/0/0] destination 50.1.1.2
[CE1-Tunnel2/0/0] quit
# Configure PE1.
[PE1-Tunnel1/0/0] ip address 2.2.2.2 255.255.255.0
[PE1-Tunnel1/0/0] tunnel-protocol gre
[PE1-Tunnel1/0/0] source 50.1.1.2
# After the configuration, a GRE tunnel is established between CE1 and PE1.
Step 4 Create a VPN instance named vpn1 on PE1 and bind the VPN instance to the GRE tunnel.
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[PE1-Tunnel1/0/0] ip binding vpn-instance vpn1
[PE1-Tunnel1/0/0] ip address 2.2.2.2 255.255.255.0
Step 5 Create a VPN instance named vpn1 on PE2 and bind the VPN instance to the VLANIF interface.
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[PE2-Vlanif60] ip binding vpn-instance vpn1
[PE2-Vlanif60] ip address 11.1.1.2 255.255.255.0
[PE2-Vlanif60] quit
Step 6 Configure the IS-IS route between CE1 and PE1.

# Configure CE1.
[CE1] isis 50
[CE1-isis-50] network-entity 50.0000.0000.0001.00
[CE1-isis-50] quit
[CE1-Vlanif10] isis enable 50
[CE1-Vlanif10] quit
[CE1] interface tunnel2/0/0
[CE1-Tunnel2/0/0] isis enable 50
[CE1-Tunnel2/0/0] quit
# Configure PE1.
[PE1] isis 50 vpn-instance vpn1
[PE1-isis-50] network-entity 50.0000.0000.0002.00
[PE1-isis-50] quit
[PE1-Tunnel1/0/0] isis enable 50
Step 7 Configure the IS-IS route between CE2 and PE2.

# Configure CE2.
[CE2] isis 50
[CE2-isis-50] network-entity 50.0000.0000.0004.00
[CE2-isis-50] quit
[CE2-Vlanif50] quit
[CE2-Vlanif60] quit
# Configure PE2.
[PE2] isis 50 vpn-instance vpn1
[PE2-isis-50] network-entity 50.0000.0000.0003.00
[PE2-isis-50] quit
[PE2] interface vlanif50
[PE2-Vlanif50] isis enable 50
[PE2-Vlanif50] quit
Step 8 Set up the MP-BGP peer relationship between PE1 and PE2.
# On PE1, specify PE2 as an IBGP peer, set up the IBGP connection by using the loopback
interface, and enable the capability of exchanging VPN IPv4 routing information between PE1
and PE2.
[PE1] bgp 100
# Enter the view of the BGP VPN instance vpn1 and import the direct routes and IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] import-route isis 50
# On PE2, specify PE1 as an IBGP peer, set up the IBGP connection by using the loopback
interface, and enable the capability of exchanging VPN IPv4 routing information between PE2
and PE1.
[PE2] bgp 100
# Enter the view of the BGP VPN instance vpn1 and import the direct routes and IS-IS routes.
[PE2-bgp-vpn1] import-route isis 50
Step 9 Import BGP routes into IS-IS.

# Configure PE1.
[PE1] isis 50
[PE1-isis-50] import-route bgp
# Configure PE2.
[PE2] isis 50
[PE2-isis-50] import-route bgp


# After the configuration, CE1 and CE2 can successfully ping each other.
<CE1> ping 41.1.1.2

0.00% packet loss
<CE2> ping 21.1.1.2


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10 20
#
isis 50
network-entity 50.0000.0000.0001.00
#
interface Vlanif10
ip address 21.1.1.2 255.255.255.0
isis enable 50
#
interface Vlanif20
ip address 30.1.1.1 255.255.255.0
#
port hybrid ubtagged vlan 10
#
#
ip address 2.2.2.1 255.255.255.0
tunnel-protocol gre
source 30.1.1.1
isis enable 50
#
ospf 20

area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
return
#
sysname S9300-A
#
vlan batch 20 30
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 50.1.1.1 255.255.255.0
#
#
#
ospf 20
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
return
#
sysname PE1
#
vlan batch 30 40
#
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0002.00
import-route bgp
#
interface Vlanif30
ip address 50.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 110.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#

interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ip address 2.2.2.2 255.255.255.0
tunnel-protocol gre
source 50.1.1.2
isis enable 50
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
import-route direct
import-route isis 50
#
ospf 10
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 110.1.1.0 0.0.0.255
#
ospf 20
area 0.0.0.0
network 50.1.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 40 50
#
#
mpls lsr-id 3.3.3.9
mpls
lsp-trigger all
#
mpls ldp
#
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0003.00
import-route bgp
#
interface Vlanif40
ip address 110.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 11.1.1.2 255.255.255.0
isis enable 50
#


#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
import-route direct
import-route isis 50
#
ospf 10
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 110.1.1.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 50 60
#
isis 50
network-entity 50.0000.0000.0004.00
#
interface Vlanif50
ip address 11.1.1.1 255.255.255.0
isis enable 50
#
interface Vlanif60
ip address 41.1.1.2 255.255.255.0
isis enable 50
#
#
#
return
Example for Configuring the Keepalive Function for GRE
As shown in Figure 5-201, S9300 A and S9300 B are configured with the GRE protocol. The
two ends of the GRE tunnel need be configured with the Keepalive function.

Figure 5-201 Networking diagram of configuring the Keepalive function on two ends of a GRE
tunnel
GE1/0/0 Internet GE1/0/0

GRE tunnel
S9300- A S9300- B
40.1.1.1/24 40.1.1.2/24
S9300 Interface VLANIF Interface IP Address
Tunnel1/0/0 - 40.1.1.1/24
Tunnel1/0/0 - 40.1.1.2/24
To enable the Keepalive function on one end of the GRE tunnel, run the keepalive command in
the tunnel interface view on the end.
TIP
If the Keepalive function is enabled on the source end, the forwarding function is obligatory, and the
Keepalive function is optional for the destination end.
Data Preparation
l Data for configuring the routing protocol for the backbone network
l Source address and destination address of the GRE tunnel
l Interval for sending Keepalive messages
l Parameters of unreachable timer
Procedure
Step 1 Configure S9300-A and S9300-B to implement the interworking between the two devices.
The detailed procedures are not mentioned here.
Step 2 Configure a tunnel on S9300-A and enable the Keepalive function.
[S9300-A-Tunnel1/0/0] ip address 40.1.1.1 255.255.255.0
[S9300-A-Tunnel1/0/0] tunnel-protocol gre
[S9300-A-Tunnel1/0/0] source 20.1.1.1
[S9300-A-Tunnel1/0/0] keepalive period 20 retry-times 3
Step 3 Configure a tunnel on S9300-B and enable the Keepalive function.

[S9300-B-Tunnel1/0/0] ip address 40.1.1.2 255.255.255.0
[S9300-B-Tunnel1/0/0] tunnel-protocol gre
[S9300-B-Tunnel1/0/0] source 30.1.1.2
[S9300-B-Tunnel1/0/0] keepalive period 20 retry-times 3
[S9300-B-Tunnel1/0/0] quit

# The tunnel interface on S9300-A can successfully ping the tunnel interface on S9300-B.
<S9300-A> ping -a 40.1.1.1 40.1.1.2

0.00% packet loss
# Enable the debugging of the Keepalive messages on S9300-A and view information about the
Keepalive messages.
<S9300A> debugging tunnel keepalive
*0.21628063 S9300A TUNNEL/7/debug:GRE_KEEP:Judge keepalive finished. Keepalive
packet from peer router.
*0.21628064 S9300A TUNNEL/7/debug:GRE_FWD: Receive peer keepalive on mainboard
successfully. Put into decapsulation.
*0.21628064 S9300A TUNNEL/7/debug:Slot=1;GRE_KEEP:Judge keepalive finished. Ke
epalive packet from peer router.
*0.21628064 S9300A TUNNEL/7/debug:Slot=1;GRE_FWD: IO board received keepalive
packet, resend to mainboard.
----End
Configuration Files
#
sysname S9300-A
#
vlan batch 10
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
#
ip address 40.1.1.1 255.255.255.0
source 20.1.1.1
keepalive period 20
#
return

#
sysname S9300-B

#
vlan batch 20
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
#
ip address 40.1.1.2 255.255.255.0
source 30.1.1.2
keepalive period 20
#
return
5.10.3 BGP/MPLS IP VPN Configuration

This chapter describes the principle, application, and configuration of the BGP/MPLS IP VPN.
Example for Configuring the BGP/MPLS IP VPN
As shown in Figure 5-202, CE1 and CE3 belong to VPN-A and CE2 and CE4 belong to VPN-
B. The VPN target of VPN-A is 111:1, and VPN target of VPN-B is 222:2. The users in different
VPNs cannot access each other.

Figure 5-202 Networking diagram for configuring BGP/MPLS IP VPN
AS: 65410 AS: 65430

VPN-A VPN-A
CE1 CE3
GE1/0/0 GE1/0/0
Loopback1
2.2.2.9/32
GE1/0/0 GE1/0/0
PE1 PE2
GE1/0/0 GE2/0/0
Loopback1 Loopback1
1.1.1.9/32 GE3/0/0 GE3/0/0 3.3.3.9/32
GE2/0/0 P GE2/0/0
MPLS backbone
AS: 100
GE1/0/0 GE1/0/0
CE2 CE4
VPN-B VPN-B
AS: 65420 AS: 65440

1. Configure VPN instances on the PEs connected to CEs on the backbone network and bind
related VPNs to the interfaces connected to the CEs.
2. Configure OSPF on the PEs to implement interconnection between PEs.
3. Configure the basic MPLS capabilities and LDP and create an MPLS LSP.
4. Configure MP-IBGP for exchanging routing information between the VPNs.
5. Configure EBGP for exchanging VPN routing information between the CE and PE.
Data Preparation
l IP address of each VLAN interface, as shown in Figure 5-202
l MPLS LSR-IDs of PE and P
l RDs of VPN-A and VPN-B
l VPN targets of received and sent routes of VPN-A and VPN-B
Procedure
Step 1 Configure IGP on the MPLS backbone network so that PEs and P can interwork.
# Configure PE1.
[PE1] vlan batch 10 20 30
[PE1-GigabitEthernet1/0/0]port hybrid pvid vlan 10
[PE1-GigabitEthernet1/0/0]port hybrid untagged vlan 10
[PE1-Vlanif30] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure the P.
[Quidway] sysname P
[P-LoopBack1] quit
[P] vlan 30 60
[P] interface GigabitEthernet 1/0/0


[P-GigabitEthernet1/0/0] port hybrid untagged vlan 30
[P-Vlanif30] quit
[P-Vlanif60] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] vlan 40
[PE2-vlan40] port GigabitEthernet 1/0/0
[PE2-vlan40] quit
[PE2] vlan 50
[PE2-vlan50] quit
[PE2] vlan 60
[PE2-vlan60] quit
[PE2-Vlanif20] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
After the configuration, OSPF adjacencies are established between PE1, P, and PE2. By running
the display ospf peer command, you can see that the status of the OSPF adjacency is Full. By
running the display ip routing-table command, you can see that the PEs can learn the routes
of each other's Loopback1 interface.
Take PE1 for example.
------------------------------------------------------------------------------

2.2.2.9/32 OSPF 10 1 D 172.1.1.2 Vlanif30
3.3.3.9/32 OSPF 10 2 D 172.1.1.2 Vlanif30
172.1.1.0/24 Direct 0 0 D 172.1.1.1 Vlanif30


172.1.1.2/32 Direct 0 0 D 172.1.1.2 Vlanif30
172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Vlanif30
[PE1] display ospf peer

Neighbors

Router ID: 172.1.1.2 Address: 172.1.1.2
DR: None BDR: None MTU: 1500
Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up
LDP LSPs.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif30] mpls
[PE1-Vlanif30] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P-Vlanif60] mpls
[P-Vlanif60] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif60] mpls
[PE2-Vlanif60] quit
After the configuration, LDP sessions are established between PE1 and P, and between P and
PE2. By running the display mpls ldp session command, you can see that the status of the LSP
sessions is Operational. By running the display mpls ldp lsp command, you can see the
establishment status of the LDP LSP.


------------------------------------------------------------------------------
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Active 000:00:01 6/6
------------------------------------------------------------------------------
[PE1] display mpls ldp lsp
LDP LSP Information

------------------------------------------------------------------------------
------------------------------------------------------------------------------

2 2.2.2.9/32 NULL/3 172.1.1.2 -------/Vlanif30
3 3.3.3.9/32 NULL/1025 172.1.1.2 -------/Vlanif30
------------------------------------------------------------------------------
TOTAL: - Liberal LSP(s) Found.
# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 111:1 both
[PE1-vpn-instance-vpna] quit
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 222:2 both
[PE1-vpn-instance-vpnb] quit
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] quit
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] quit
# Configure PE2.
[PE2-Vlanif40] quit
[PE2-Vlanif50] quit

# Configure IP addresses of the interfaces on the CEs according to Figure 5-202. The
configuration procedure is not given here.
After the configuration, run the display ip vpn-instance verbose command on the PEs, and you
can see the configuration of the VPN instances. The PEs can ping the connected CEs
successfully.
NOTE
run the ping -vpn-instance command to ping the CE connected to the peer PE. That is, specify -a source-
ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address destination-address
command. Otherwise, the ping operation may fail.
Take PE1 and CE1 for example.

[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
VPN-Instance Name and ID : vpna, 1

Create date : 2008/11/24 16:28:27
Up time : 0 days, 00 hours, 11 minutes and 25 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Interfaces : Vlanif10
VPN-Instance Name and ID : vpnb, 2

Create date : 2008/11/24 16:30:37
Up time : 0 days, 00 hours, 09 minutes and 15 seconds
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Interfaces : Vlanif20
[PE1] ping -vpn-instance vpna 10.1.1.1


0.00% packet loss
Step 4 Set up EBGP peer relation between the PE and the CE and import VPN routes.
# Configure CE1.
[CE1] bgp 65410
NOTE
The configuration procedures of CE2, CE3 and CE4 are similar to the configuration procedure of CE1 and
# Configure PE1.

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
NOTE
The configuration procedure of PE2 is similar to the configuration procedure of PE1 and is not mentioned
here.
After the configuration, run the display bgp vpnv4 vpn-instance peer command on a PE, and
you can find that the BGP peer relation between the PE and CE is in Established state.
Take the peer relation between PE1 and CE1 for example:
[PE1] display bgp vpnv4 vpn-instance vpna peer


PrefRcv
118.118.118.2 4 65410 11 9 0 00:07:25 Established

1
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command, and
you can see that the BGP peer relation between the PEs is in Established state.
[PE1] display bgp peer


PrefRcv
3.3.3.9 4 100 12 6 0 00:02:21 Established

0
[PE1] display bgp vpnv4 all peer



PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Established 0

Peer of vpn instance:
vpn instance vpna :

10.1.1.1 4 65410 25 25 0 00:17:57 Established 1
vpn instance vpnb :
10.2.1.1 4 65420 21 22 0 00:17:10 Established 1

Run the display ip routing-table vpn-instance command on the PE, and you can view the routes
to the remote CE.
[PE1] display ip routing-table vpn-instance vpna
------------------------------------------------------------------------------
Routing Tables: vpna

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.3.1.0/24 BGP 255 0 RD 3.3.3.9 Vlanif30
[PE1] display ip routing-table vpn-instance vpnb
------------------------------------------------------------------------------
Routing Tables: vpnb

10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif20
10.4.1.0/24 BGP 255 0 RD 3.3.3.9 Vlanif30
The CEs in the same VPN can ping each other, but the CEs in different VPNs cannot ping each
other.
For example, CE1 can ping CE3 (10.3.1.1) but cannot ping CE4 (10.4.1.1).
[CE1] ping 10.3.1.1
0.00% packet loss
[CE1] ping 10.4.1.1
Request time out
Request time out
Request time out
Request time out
Request time out


100.00% packet loss
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
ip vpn-instance vpnb
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable

#
ipv4-family vpn-instance vpna
import-route direct
#
ipv4-family vpn-instance vpnb
import-route direct
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
#
sysname P
#
vlan batch 30 60
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname PE2
#
vlan batch 40 50 60
#
#


#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif50
ip address 10.4.1.2 255.255.255.0
#
interface Vlanif60
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
import-route direct
#
import-route direct
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
#
sysname CE1
#
vlan batch 10
#

interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
bgp 65410
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE3
#
vlan batch 40
#
interface Vlanif40
ip address 10.3.1.1 255.255.255.0
#
#
bgp 65430
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE4
#
vlan batch 50
#
interface Vlanif50

ip address 10.4.1.1 255.255.255.0

#
#
bgp 65440
#
ipv4-family unicast
import-route direct
#
return
Example for Configuring BGP ASN Substitution
As shown in Figure 5-203, CE1 and CE2 belong to the same VPN and access PE1 and PE2
respectively.
CE1 and CE2 use the same ASN, namely, 600.
Figure 5-203 Networking diagram for configuring BGP ASN substitution

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE2/0/0
PE1 PE2
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0
P
Backbone
GE1/0/0 GE1/0/0
AS 100
CE1 CE2
GE2/0/0 GE2/0/0
VPN1 VPN1
AS 600 AS 600

1. Enable IGP on the backbone network to implement interworking between PEs, and between
PE and P so that they can learn loopback address of each other.
2. Create an MPLS LDP LSP between the PEs, create VPN instances on PEs, and connect
PEs to CEs.
3. Establish EBGP adjacencies between the PEs and CEs to import routes of the CEs to the
PEs.
4. Configure BGP ASN substitution on PEs.
Data Preparation
l VPN instances on PE1 and PE2
l ASN used by CE1 and CE2, which is different from the ASN of the backbone network
Procedure
Step 1 Configure basic BGP/MPLS IP VPN.
The configurations are as follows:
l Configure OSPF on the MPLS backbone so that the PE and P can learn routes of the loopback
interface from each other.
l Enable MPLS capability and MPLS LDP on the MPLS backbone and establish an LDP LSP.
l Establish an MP-IBGP adjacency between PEs and advertise VPNv4 routes.
l Configure VPN instance of VPN1 on PE2 and connect PE2 to CE2.
l Configure VPN instance of VPN1 on PE1 and connect PE1 to CE1.
l Configure BGP between PE1 and CE1, and between PE2 and CE2. Import routes of the CEs
to PEs.
After the configuration, run the display ip routing-table command on CE2. You can see that
CE2 can learn the route of the network segment (10.1.1.0/24) of the interface connecting PE1
to CE1, but there is no route to VPN (100.1.1.0/24) of CE1. When you run the display ip routing-
table command on CE1, you can see the similar information.

[CE2] display ip routing-table

------------------------------------------------------------------------------
10.1.1.0/24 BGP 255 0 D 10.2.1.2 Vlanif40
10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40
10.2.1.2/32 Direct 0 0 D 10.2.1.2 Vlanif40
200.1.1.0/24 Direct 0 0 D 200.1.1.1 Vlanif60
Run the display ip routing-table vpn-instance command on PEs, and you can see the routes
to the VPNs of the peer CEs.

[PE2] display ip routing-table vpn-instance vpn1
------------------------------------------------------------------------------
Routing Tables: vpn1
10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Vlanif30
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif40
10.2.1.1/32 Direct 0 0 D 10.2.1.1 Vlanif40
100.1.1.0/24 BGP 255 0 RD 1.1.1.9 Vlanif30
200.1.1.0/24 BGP 255 0 D 10.2.1.1 Vlanif40
Enable debugging of the BGP Update packets on PE2. The debugging information shows that
PE2 advertises the route to 100.1.1.0/24 and the AS path information is "100 600".
<PE2> terminal monitor
<PE2> terminal debugging
<PE2> debugging bgp update vpn-instance vpn1 peer 10.2.1.1 verbose
<PE2> refresh bgp vpn-instance vpn1 all export
*0.4402392 PE2 RM/7/RMDEBUG:
BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :
Origin : Incomplete
AS Path : 100 600
Next Hop : 10.2.1.2
100.1.1.0/24,
Run the display bgp routing-table peer received-routes command on CE2, and you can see
that CE2 does not accept the route to 100.1.1.0/24.
[CE2] display bgp routing-table peer 10.2.1.2 received-routes
*> 10.1.1.0/24 10.2.1.2 0 100?
* 10.2.1.0/24 10.2.1.2 0 0 100?
* 10.2.1.1/32 10.2.1.2 0 0 100?
Step 2 Configure BGP ASN substitution.
Configure BGP ASN substitution on PEs.
# Take PE2 for example.

[PE2] bgp 100

[PE2-bgp-vpn1] peer 10.2.1.1 substitute-as
In the route advertised to CE2 by PE2, you can see that the AS path information of 100.1.1.0/24
changes from "100 600" to "100 100".
*0.13498737 PE2 RM/7/RMDEBUG:
BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :
Origin : Incomplete
AS Path : 100 100
Next Hop : 10.2.1.2
100.1.1.0/24
Display the routing information and routing table received by CE2.

[CE2] display bgp routing-table peer 10.2.1.2 received-routes
*> 10.1.1.0/24 10.2.1.2 0 100?
* 10.2.1.0/24 10.2.1.2 0 0 100?
* 10.2.1.1/32 10.2.1.2 0 0 100?
*> 100.1.1.0/24 10.2.1.2 0 100 100!

------------------------------------------------------------------------------
10.1.1.0/24 BGP 255 0 D 10.2.1.2 Vlanif40
10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40
10.2.1.2/32 Direct 0 0 D 10.2.1.2 Vlanif40
100.1.1.1/24 BGP 255 0 D 10.2.1.2 Vlanif40
200.1.1.0/24 Direct 0 0 D 127.0.0.1 Vlanif60
After BGP ASN substitution is configured on PE1, the GE interfaces of CE1 and CE2 can ping
each other.
[CE1] ping -a 100.1.1.1 200.1.1.1
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#

vlan batch 10 50
#
interface Vanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
#
#
bgp 600
#
ipv4-family unicast
import-route direct
#
return
#
sysname PE1
#
vlan batch 10 20
#
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast

peer 3.3.3.9 enable

#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
peer 10.1.1.1 substitute-as
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 20.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface VLanif 20
ip address ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface VLanif 30
ip address ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 30 40
#
#
mpls lsr-id 3.3.3.9

mpls
#
mpls ldp
#
interface Vlanif30
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.2.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
peer 10.2.1.1 substitute-as
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 30.1.1.0 0.0.0.255
#
return
#
sysname CE2
#
interface Vlanif 40
ip address 10.2.1.1 255.255.255.0
#
interface Vlanif 60
ip address 200.1.1.1 255.255.255.0
#
#
#
bgp 600
#
ipv4-family unicast

import-route direct
#
return
Example for Configuring Hub&Spoke
As shown in Figure 5-204, the communication between Spoke-CEs is controlled by the Hub-
CE in the central site. That is, the traffic between Spoke-CEs is forwarded by the Hub-CE, and
not only by the Hub-PE.
Figure 5-204 Networking diagram for configuring Hub&Spoke
AS: 65430
Hub-CE
GE1/0/0 GE2/0/0
GE3/0/0 GE3/0/1
Hub-PE
GE1/0/0 GE2/0/0

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE2/0/0 GE2/0/0
GE1/0/0 Spoke-PE1 Spoke-PE2 GE1/0/0

Backbone
AS100
GE1/0/0 GE1/0/0
Spoke-CE1 Spoke-CE2
AS: 65410 AS: 65420
Hub-PE GigabitEthernet1/0/0 VLANIF 10 10.1.1.2/24
Loopback1 - 2.2.2.9/32
Spoke-PE1 GigabitEthernet1/0/0 VLANIF 50 100.1.1.2/24

Loopback1 - 1.1.1.9/32
Spoke-PE2 GigabitEthernet1/0/0 VLANIF 60 120.1.1.2/24
Loopback1 - 3.3.3.9/32
Hub-CE GigabitEthernet1/0/0 VLANIF 30 110.1.1.1/24
Spoke-CE1 GigabitEthernet1/0/0 VLANIF 50 100.1.1.1/24
Spoke-CE2 GigabitEthernet1/0/0 VLANIF 60 120.1.1.1/24
1. Set up MP-IBGP peer relation between the Hub-PE and the Spoke-PE. Do not set up MP-
IBGP peer relation between Spoke-PEs.
2. Create two VPN instances on the Hub-PE. The import targets are the export targets of the
two Spoke-PEs the export targets are different from the import targets.
3. Create a VPN instance on the Spoke-PE. The import target is the export target of the Hub-
PE.
4. Run BGP between the CE and PE.
5. Configure the Hub-PE to accept the routes with two repeated ASNs.
Data Preparation
l MPLS LSR IDs of the PEs
l VPN instance names, RDs, and VPN targets of the Hub-PE and Spoke-PE
Procedure
Step 1 Configure IGP on the backbone network to make the Hub-PE and the Spoke-PE communicate
with each other.
In this example, OSPF is used as IGP and the configuration procedure is not mentioned.
After the configuration, an OSPF adjacency can be established between the Hub-PE and the
Spoke-PEs. Run the display ospf peer command, and you can see that the status of the adjacency
is Full. Run the display ip routing-table command, and you can see that the Hub-PE and the
Spoke-PEs can learn the loopback routes of each other.
Step 2 Configure the basic MPLS capability on the backbone network and set up an LDP LSP.

NOTE
The Hub-PE and Spoke-PE devices are directly connected In this example, you need to run label
advertise command to enables the egress node to assign labels normally to the penultimate hop.
# Configure the Hub-PE.

[Hub-PE] mpls lsr-id 2.2.2.9
[Hub-PE] mpls
[Hub-PE-mpls] label advertise non-null
[Hub-PE-mpls] quit
[Hub-PE] mpls ldp
[Hub-PE-mpls-ldp] quit
[Hub-PE] interface vlanif 10
[Hub-PE-Vlanif10] mpls
[Hub-PE-Vlanif10] mpls ldp
[Hub-PE-Vlanif10] quit
[Hub-PE-Vlanif20] mpls
[Hub-PE-Vlanif20] mpls ldp
After the configuration, LDP peer relation can be set up between the Hub-PE and the Spoke-
PEs. Run the display mpls ldp session command on each S9300, and you can see that the session
status is Operational.
The configuration procedure of the Spoke-PE is similar to the configuration procedure of the
Hub-PE and is not mentioned here.
NOTE
The VPN targets of the two VPNs on the Hub-PE are advertised by the two Spoke-PE, and the advertised
VPN target is different from the received VPN target. The import VPN target on the Spoke-PE is the export
VPN target on the Hub-PE.
# Configure Spoke-PE1.
<Spoke-PE1> system-view
[Spoke-PE1] ip vpn-instance vpna
[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpna] quit
[Spoke-PE1] interface vlanif 50
[Spoke-PE1-Vlanif50] ip binding vpn-instance vpna
[Spoke-PE1-Vlanif50] ip address 100.1.1.2 24
[Spoke-PE1-Vlanif50] quit
<Spoke-PE2> system-view
[Spoke-PE2] ip vpn-instance vpna
[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpna] quit
[Spoke-PE2] interface vlanif 60
[Spoke-PE2-Vlanif60] ip binding vpn-instance vpna
[Spoke-PE2-Vlanif60] ip address 120.1.1.2 24
[Spoke-PE2-Vlanif60] quit

<Hub-PE> system-view
[Hub-PE] ip vpn-instance vpn_in
[Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21
[Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity

[Hub-PE-vpn-instance-vpn_in] quit
[Hub-PE] ip vpn-instance vpn_out
[Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22
[Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity
[Hub-PE-vpn-instance-vpn_out] quit
[Hub-PE-Vlanif30] ip binding vpn-instance vpn_in
[Hub-PE-Vlanif30] ip address 110.1.1.2 24
[Hub-PE-Vlanif40] ip binding vpn-instance vpn_out
[Hub-PE-Vlanif40] ip address 110.2.1.2 24
# Configure the IP addresses of the interfaces on the CEs. The configuration procedure is not
given here.
After the configuration, run the display ip vpn-instance verbose command on the PEs, and you
can see the configuration of the VPN instances. Each PE can ping the connected CEs by using
the ping -vpn-instancevpn-name ip-address command.
NOTE
Step 4 Set up EBGP peer relation between the PE and the CE and import VPN routes.
NOTE
To receive the routes advertised by the Hub-CE, configure the Hub-PE to allow the ASN to be repeated
once.
# Configure Spoke-CE1.
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100
[Spoke-CE1-bgp] import-route direct
[Spoke-CE1-bgp] quit
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv4-family vpn-instance vpna
[Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410
[Spoke-PE1-bgp-vpna] import-route direct
[Spoke-PE1-bgp-vpna] quit
[Spoke-PE1-bgp] quit
# Configure Spoke-CE2.
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100
[Spoke-CE2-bgp] import-route direct
[Spoke-CE2-bgp] quit
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv4-family vpn-instance vpna
[Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420
[Spoke-PE2-bgp-vpna] import-route direct
[Spoke-PE2-bgp-vpna] quit
[Spoke-PE2-bgp] quit
# Configure the Hub-CE.

[Hub-CE] bgp 65430

[Hub-CE-bgp] peer 110.1.1.2 as-number 100
[Hub-CE-bgp] peer 110.2.1.2 as-number 100
[Hub-CE-bgp] import-route direct
[Hub-CE-bgp] quit

[Hub-PE] bgp 100
[Hub-PE-bgp] ipv4-family vpn-instance vpn_in
[Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430
[Hub-PE-bgp-vpn_in] import-route direct
[Hub-PE-bgp-vpn_in] quit
[Hub-PE-bgp] ipv4-family vpn-instance vpn_out
[Hub-PE-bgp-vpn_out] peer 110.2.1.1 as-number 65430
[Hub-PE-bgp-vpn_out] peer 110.2.1.1 allow-as-loop 1
[Hub-PE-bgp-vpn_out] import-route direct
[Hub-PE-bgp-vpn_out] quit
[Hub-PE-bgp] quit
After the configuration, run the display bgp vpnv4 all peer command on a PE, and you can
find that the BGP peer relation between the PE and CE is in Established state.
NOTE
The Spoke-PE need not allow the repeated ASN, because the S9300 does not check the AS path attribute
in the routing information advertised by the IBGP peers.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE1-bgp] ipv4-family vpnv4
[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE1-bgp-af-vpnv4] quit
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv4-family vpnv4
[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv4] quit

[Hub-PE] bgp 100
[Hub-PE-bgp] peer 1.1.1.9 as-number 100
[Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1
[Hub-PE-bgp] peer 3.3.3.9 as-number 100
[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1
[Hub-PE-bgp] ipv4-family vpnv4
[Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable
[Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable
[Hub-PE-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command, and
you can see that the BGP peer relation between the PEs is in Established state.
After the configuration, the Spoke-CEs can ping each other. Run the tracert command, and you
can see that the traffic between the Spoke-CEs is forwarded through the Hub-CE. You can also
deduce the number of forwarding devices between the Spoke-CEs based on the TTL in the ping
result.

Take Spoke-CE1 for example.

[Spoke-CE1] ping 120.1.1.1
0.00% packet loss
[Spoke-CE1] tracert 120.1.1.1
1 100.1.1.2 24 ms 19 ms 11 ms
2 110.2.1.2 87 ms 60 ms 58 ms
3 110.2.1.1 59 ms 27 ms 53 ms
4 110.1.1.2 41 ms 34 ms 56 ms
5 120.1.1.2 90 ms 66 ms 75 ms
6 120.1.1.1 143 ms 96 ms 90 ms
Run the display bgp routing-table command on the Spoke-CE, and you can see the repeated
ASNs in AS paths of the BGP routes to the remote Spoke-CE.
Take Spoke-CE1 for example.

[Spoke-CE1] display bgp routing-table
*> 100.1.1.0/24 0.0.0.0 0 0 ?

* 100.1.1.2 0 0 100?
*> 100.1.1.1/32 0.0.0.0 0 0 ?
*> 110.1.1.0/24 100.1.1.2 0 100 65430?
*> 110.2.1.0/24 100.1.1.2 0 100?
*> 120.1.1.0/24 100.1.1.2 0 100 65430 100?
----End
Configuration Files
l Configuration file of Spoke-CE1
#
sysname Spoke-CE1
#
vlan batch 50
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
#
bgp 65410
#
ipv4-family unicast
import-route direct

#
return
l Configuration file of Spoke-PE1
#
sysname Spoke-PE1
#
vlan batch 10 50
#
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.1.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of Spoke-PE2
#
sysname Spoke-PE2
#
vlan batch 20 60
#

#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 11.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip address 120.1.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 11.1.1.0 0.0.0.255
#
return
l Configuration file of Spoke-CE2
#
sysname Spoke-CE2
#
vlan batch 60
#
interface Vlanif60
ip address 120.1.1.1 255.255.255.0
#
#
bgp 65420

#
ipv4-family unicast
import-route direct
#
return
l Configuration file of Hub-CE
#
sysname Hub-CE
#
vlan batch 30 40
#
interface Vlanif30
ip address 110.1.1.1 255.255.255.0
#
interface Vlanif40
ip address 110.2.1.1 255.255.255.0
#
#
#
bgp 65430
#
ipv4-family unicast
import-route direct
#
return
l Configuration file of Hub-PE
#
sysname Hub-PE
#
#
ip vpn-instance vpn_in
#
ip vpn-instance vpn_out
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 11.1.1.2 255.255.255.0
mpls
mpls ldp

#
interface Vlanif30
ip binding vpn-instance vpn_in
ip address 110.1.1.2 255.255.255.0
#
interface Vlanif40
ip binding vpn-instance vpn_out
ip address 110.2.1.2 255.255.255.0
#
#
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn_in
import-route direct
#
ipv4-family vpn-instance vpn_out
peer 110.2.1.1 allow-as-loop
import-route direct
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 11.1.1.0 0.0.0.255
#
return

Example for Configuring the HoVPN
As shown in Figure 5-205, CE1 and CE2 belong to the same VPN and have the same VPN
target. CE1 connects to the backbone network through UPE, and CE2 connects to the network
through PE. UPE, SPE and PE are interconnected through OSPF.
Figure 5-205 Networking diagram for configuring the HoVPN
Loopback1 Loopback1
2.2.2.9./32 3.3.3.9./32
GE2/0/0 PE
Loopback1
1.1.1.9./32 GE1/0/0 GE2/0/0
SPE GE1/0/0
GE2/0/0
UPE GE1/0/0 AS: 100
GE1/0/0 GE1/0/0
CE1 CE2
VPN-A AS: 65410 AS: 65420 VPN-A
UPE GigabitEthernet1/0/0 VLANIF 30 10.1.1.1/24
SPE GigabitEthernet1/0/0 VLANIF 10 172.1.1.2/24
PE GigabitEthernet1/0/0 VLANIF 40 10.2.1.2/24

1. Configure IGP on the backbone network so that PEs can learn the loopback address of each
other. Create MPLS LSPs between the PEs.
2. Create a VPN instance on UPE and set up an EBGP adjacency between UPE and CE1.
Create a VPN instance on PE and set up an EBGP adjacency between PE and CE2.
3. Set up an MP-IBGP adjacency between UPE and SPE, and between PE and SPE.
4. Create a VPN instance on the SPE and set the UPE as its under layer PE. Configure the
UPE to advertise the default route of the VPN instance.
Data Preparation
l IDs of the VLANs that the interfaces of PE and CE belong to, as shown in Figure 5-205
l MPLS LSR-IDs of UPE, SPE, and PE
l VPN instances on UPE, SPE, and PE
Procedure
Step 1 Configure OSPF on the MPLS backbone network to implement network connectivity.
After the configuration, an OSPF adjacency is set up among UPE, SPE, and PE. Run the display
ospf peer command, and you can see that the adjacency is in Full state. Run the display ip
routing-table command on the PEs, and you can see the PEs can learn the loopback routes of
each other.
LDP LSPs.
NOTE
After the configuration, LDP sessions are established between UPE and SPE, and between SPE
and PE. By running the display mpls ldp session command, you can see that the session status
is Operational. By running the display mpls ldp lsp command, you can see the establishment
status of the LDP LSP.
Step 3 Connect PEs to CEs and run BGP between them.
# Configure the UPE.
<UPE> system-view
[UPE] ip vpn-instance vpna
[UPE-vpn-instance-vpna] route-distinguisher 100:1
[UPE-vpn-instance-vpna] vpn-target 1:1
[UPE-vpn-instance-vpna] quit
[UPE] interface vlanif 20
[UPE-Vlanif20] ip binding vpn-instance vpna
[UPE-Vlanif20] ip address 10.1.1.2 24
[UPE-Vlanif20] quit
[UPE] bgp 100
[UPE-bgp] ipv4-family vpn-instance vpna

[UPE-bgp-vpna] peer 10.1.1.1 as-number 65410

[UPE-bgp-vpna] import-route direct
[UPE-bgp-vpna] quit
[UPE-bgp] quit
# Configure CE1.
[Quidway] sysname CE1
[CE1-Vlanif30] quit
[CE1] bgp 65410
[CE1-bgp] quit
# Configure PE.
<PE> system-view
[PE] ip vpn-instance vpna
[PE-vpn-instance-vpna] route-distinguisher 100:2
[PE-vpn-instance-vpna] vpn-target 1:1
[PE-vpn-instance-vpna] quit
[PE] interface vlanif 40
[PE-Vlanif40] ip binding vpn-instance vpna
[PE-Vlanif40] ip address 10.2.1.2 24
[PE-Vlanif40] quit
[PE] bgp 100
[PE-bgp] ipv4-family vpn-instance vpna
[PE-bgp-vpna] peer 10.2.1.1 as-number 65420
[PE-bgp-vpna] import-route direct
[PE-bgp-vpna] quit
[PE-bgp] quit
# Configure CE2.
[CE2-Vlanif40] quit
[CE2] bgp 65420
[CE2-bgp] quit
After the configuration, run the display ip vpn-instance verbose command on the UPE and the
PE, and you can see the configuration of the VPN instances. By running the ping -vpn-
instance, you can see that the UPE and the PE can ping the connected CEs.
NOTE
Step 4 Set up an MP-IBGP adjacency between UPE and SPE, and between PE and SPE.

<UPE> system-view
[UPE] bgp 100
[UPE-bgp] peer 2.2.2.9 as-number 100
[UPE-bgp] peer 2.2.2.9 connect-interface loopback 1
[UPE-bgp] ipv4-family vpnv4
[UPE-bgp-af-vpnv4] peer 2.2.2.9 enable

[UPE-bgp-af-vpnv4] quit
[UPE-bgp] quit
# Configure the SPE.

<SPE> system-view
[SPE] bgp 100
[SPE-bgp] peer 1.1.1.9 as-number 100
[SPE-bgp] peer 1.1.1.9 connect-interface loopback 1
[SPE-bgp] peer 3.3.3.9 as-number 100
[SPE-bgp] peer 3.3.3.9 connect-interface loopback 1
[SPE-bgp] ipv4-family vpnv4
[SPE-bgp-af-vpnv4] peer 1.1.1.9 enable
[SPE-bgp-af-vpnv4] peer 3.3.3.9 enable
[SPE-bgp-af-vpnv4] quit
[SPE-bgp] quit
# Configure the PE.

<PE> system-view
[PE] bgp 100
[PE-bgp] peer 2.2.2.9 as-number 100
[PE-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE-bgp] ipv4-family vpnv4
[PE-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE-bgp-af-vpnv4] quit
[PE-bgp] quit
Step 5 Configure the SPE.

# Configure the VPN instance.
[SPE] ip vpn-instance vpna
[SPE-vpn-instance-vpna] route-distinguisher 200:1
[SPE-vpn-instance-vpna] vpn-target 1:1
[SPE-vpn-instance-vpna] quit
# Specify the UPE for the SPE.

[SPE] bgp 100
[SPE-bgp] ipv4-family vpnv4
[SPE-bgp-af-vpnv4] peer 1.1.1.9 upe
# Advertise the default route of the VPN instance to the UPE.

[SPE-bgp-af-vpnv4] peer 1.1.1.9 default-originate vpn-instance vpna
[SPE-bgp-af-vpnv4] quit

After the configuration, CE1 has no route to the network segment of the interface on CE2, but
it has a default route with the next hop being UPE. CE2 has a BGP route to the network segment
of the interface on CE1. CE1 and CE2 can ping each other.
<CE1> display ip routing-table
------------------------------------------------------------------------------
0.0.0.0/0 BGP 255 0 D 10.1.1.2 Vlanif30
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif30
[CE1] ping 10.2.1.1


0.00% packet loss

------------------------------------------------------------------------------
10.1.1.0/24 BGP 255 0 D 10.2.1.2 Vlanif40
10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40
10.2.1.1/32 Direct 0 0 D 127.0.0.1
InLoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1
InLoopBack0
Run the display bgp vpnv4 all routing-table command on the UPE, and you can see a default
route of the VPN instance vpna with the next hop being SPE.
[UPE] display bgp vpnv4 all routing-table
Total number of routes from all PE: 1
Route Distinguisher: 200:1
*>i 0.0.0.0 2.2.2.9 100 0 i
Total routes of vpn-instance vpna: 6
*>i 0.0.0.0 2.2.2.9 100 0 i
*> 10.1.1.0/24 0.0.0.0 0 0 ?
* 10.1.1.2 0 0 65410?
*> 10.1.1.1/32 0.0.0.0 0 0 ?
*> 10.1.1.2/32 0.0.0.0 0 0 ?
* 10.1.1.1 0 0 65410?
----End
Configuration Files
#
sysname CE1
#
vlan batch 30
#
interface VLanif30
ip address 10.1.1.1 255.255.255.0
#
#
bgp 65410

#
ipv4-family unicast
import-route direct
#
return
l Configuration file of UPE

#
sysname UPE
#
vlan batch 10 30
#
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.1.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of SPE

#
sysname SPE
#
vlan batch 10 20
#
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
peer 1.1.1.9 upe
peer 1.1.1.9 default-originate vpn-instance vpna
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 20 40
#

#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.2.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
return
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.2.1.1 255.255.255.0
#
#
bgp 65420
#

ipv4-family unicast
import-route direct
#
return
Example for Configuring the OSPF Sham Link
As shown in Figure 5-206, CE1 and CE2 belong to the same OSPF area of vpn1 and are
connected to PE1 and PE2 respectively. Assume that the cost of each link is 1.
A CE and a PE communicate through OSPF. VPN traffic is forwarded between CE1 and CE2
over the MPLS backbone, not through the OSPF intra-area routes.
Figure 5-206 Networking diagram for configuring the OSPF sham link
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
PE1 GE2/0/0 GE2/0/0

PE2
GE1/0/0 GE2/0/0
GE1/0/0 P GE1/0/0
Loopback10 Loopback10
5.5.5.5/32 sham link 6.6.6.6/32
GE1/0/0 GE1/0/0
GE2/0/0 GE1/0/0 GE2/0/0 GE2/0/0

S9300-A
CE1 CE2
backdoor

1. Set up an MP-IBGP adjacency between the PEs and enable OSPF between the PE and CEs.
2. Create VPN instances on the PEs and bind the instances to the interfaces connected to the
CEs.
3. Create an OSPF sham link between the PEs.
4. Adjust the cost value of the backdoor link of the VPN to be greater than that of the sham
link.
Data Preparation
l Name of the VPN instance, RD, and VPN target on the PE
l OSPF processes running on the interior of the backbone network and user networks, which
are different from that running on the PEs connected to CEs
l Cost of the sham link, which must be less than the cost for forwarding OSPF routes through
the user network
Procedure
Step 1 Configure OSPF on the user network.
Configure common OSPF on CE1, S9300-A and CE2 and advertise the segment address of each
interface.
# Configure CE1.
[CE1] vlan batch 20 50
[CE1-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[CE1-GigabitEthernet2/0/0] port hybrid untagged vlan 20
[CE1-Vlanif20] quit
[CE1-Vlanif50] quit
[CE1] ospf
[CE1-ospf-1] area 0
[CE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] quit
[CE1-ospf-1] quit

[S9300-A] vlan 20 30
[S9300-A] ospf
[CE2] vlan batch 30 60
[CE2-Vlanif30] quit
[CE2-Vlanif60] quit
[CE2] ospf
[CE2-ospf-1] area 0
[CE2-ospf-1-area-0.0.0.0] quit
[CE2-ospf-1] quit
Step 2 Configure basic BGP/MPLS IP VPN function on the backbone network, including IGP, MPLS
and LDP on the backbone network, and MP-IBGP adjacency between the PEs.
# Configure PE1.
[PE1] vlan batch 10 50

[PE1] mpls
[PE1-mpls] lsp-trigger all
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif10] mpls
[PE1-Vlanif10] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
[PE1] bgp 100
[PE1-bgp] quit
# Configure the P.
[Quidway] sysname P
[P] vlan batch 10 40
[P-LoopBack1] quit
[P] mpls
[P-mpls] lsp-trigger all
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif10] mpls
[P-Vlanif10] quit
[P-Vlanif40] mpls
[P-Vlanif40] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.


[PE2] mpls
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
[PE2] bgp 100
[PE2-bgp] quit
After the configuration, PE1 and PE2 can learn the loopback route of each other. The MP-IBGP
adjacency is set up between PE1 and PE2.
Step 3 Configure links between PE and CE. That is, running OSPF between PE and CE.
# Configure PE1.
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-Vlanif50] quit
[PE1] ospf 100 vpn-instance vpn1
[PE1-ospf-100] domain-id 10
[PE1-ospf-100] import-route bgp
[PE1-ospf-100] area 0
[PE1-ospf-100] quit
[PE1] bgp 100
[PE1-bgp-vpn1] import-route ospf 100
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# Configure PE2.

[PE2-Vlanif60] quit
[PE2] ospf 100 vpn-instance vpn1
[PE2-ospf-100] domain-id 10
[PE2-ospf-100] quit
[PE2] bgp 100
[PE2-bgp-vpn1] import-route ospf 100
[PE2-bgp-vpn1] quit
[PE2-bgp] quit
After the configuration, run the display ip routing-table vpn-instance command on the PEs,
and you can see that the routes to the peer CEs are OSPF routes through the backbone network,
not the BGP routes through the user network.

------------------------------------------------------------------------------
20.1.1.0/24 OSPF 10 2 D 100.1.1.1 Vlanif50
30.1.1.0/24 OSPF 10 3 D 100.1.1.1 Vlanif50
100.1.1.0/24 Direct 0 0 D 100.1.1.2 Vlanif50
100.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif50
120.1.1.0/24 OSPF 10 4 D 100.1.1.1 Vlanif50
Step 4 Configure a sham link.

NOTE
To forward VPN traffic through the MPLS backbone, you must configure the cost of the sham link to be
smaller than the cost of the OSPF route through the user network. A commonly used method is to set the
cost of the forwarding interface on the user network to be greater than the cost of the sham link.
# Configure CE1.
[CE1-Vlanif20] ospf cost 10
# Configure CE2.
[CE2-Vlanif30] ospf cost 10
# Configure PE1.
[PE1-LoopBack10] ip binding vpn-instance vpn1
[PE1] ospf 100
[PE1-ospf-100-area-0.0.0.0] sham-link 5.5.5.5 6.6.6.6 cost 1
[PE1-ospf-100] quit
# Configure PE2.


[PE2-LoopBack10] ip binding vpn-instance vpn1
[PE2] ospf 100
[PE2-ospf-100-area-0.0.0.0] sham-link 6.6.6.6 5.5.5.5 cost 1
[PE2-ospf-100] quit
After the configuration, run the display ip routing-table vpn-instance command on the PEs.
You can see that the routes to the peer CEs are BGP routes through the backbone network, and
there are routes to the destination of the sham link.

------------------------------------------------------------------------------
6.6.6.6/32 BGP 255 0 RD 3.3.3.9 Vlanif10
20.1.1.0/24 OSPF 10 11 D 100.1.1.1 Vlanif50
30.1.1.0/24 OSPF 100 12 RD 3.3.3.9 Vlanif10
100.1.1.0/24 Direct 0 0 D 100.1.1.2 Vlanif50
120.1.1.0/24 BGP 255 0 RD 3.3.3.9 Vlanif50
120.1.1.1/32 BGP 255 0 RD 3.3.3.9 Vlanif50
Run the display ip routing-table command on the CEs, and you can see that the cost of the
OSPF route to the peer CE is changed to 3, and the next hop is changed to the VLANIF interface
connected to PE. That is, the VPN traffic to the peer CE is forwarded through the backbone
network.
Take CE1 for example.

------------------------------------------------------------------------------
5.5.5.5/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
6.6.6.6/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif20
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif20
30.1.1.0/24 OSPF 10 11 D 100.1.1.2 Vlanif20
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif50
120.1.1.0/24 OSPF 10 3 D 100.1.1.2 Vlanif50
120.1.1.1/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
NOTE
The cost of the OSPF route from CE1 to CE2 is the sum of the cost from CE1 to PE1, the cost of sham
link, and the cost from PE2 to CE2, that is, 1 + 1 + 1 =3.
Run the tracert command, and you can see that the data from CE1 to CE2 passes through the
VLANIF interface connected to PE1. That is, VPN traffic is transmitted through the backbone
network.

[CE1] tracert 120.1.1.1

1 100.1.1.2 47 ms 31 ms 31 ms
2 120.1.1.2 94 ms 94 ms 94 ms
3 120.1.1.1 125 ms 156 ms 125 ms
[CE1] tracert 30.1.1.2
1 20.1.1.2 80 ms 60 ms 60 ms
2 30.1.1.2 100 ms 90 ms 130 ms
Run the display ospf sham-link command on the PEs, and you can see the information about
the sham link.
[PE1] display ospf sham-link
Sham Link:
Area NeighborId Source-IP Destination-IP State Cost
Sham Link:
Area NeighborId Source-IP Destination-IP State Cost
0.0.0.0 6.6.6.6 5.5.5.5 6.6.6.6 P-2-P 1
Run the display ospf sham-link area command, and you can see that the state of the peer is
Full.
[PE1] display ospf sham-link area 0
Sham-Link: 5.5.5.5 --> 6.6.6.6
NeighborID: 6.6.6.6, State: Full
Area: 0.0.0.0
Cost: 10 State: P-2-P, Type: Sham
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
Run the display ospf routing command on the CEs, and you can see that the route to the peer
CE is learned and considered as the intra-area route.
[CE1] display ospf routing
Routing Tables
Routing for Network
120.1.1.0/24 3 Transit 100.1.1.2 6.6.6.6 0.0.0.0
20.1.1.0/24 10 Stub 20.1.1.1 100.1.1.1 0.0.0.0
30.1.1.0/24 11 Stub 20.1.1.2 30.1.1.1 0.0.0.0
100.1.1.0/24 1 Transit 100.1.1.1 100.1.1.1 0.0.0.0
Routing for ASEs
120.1.1.1/32 1 Type2 3489661028 100.1.1.2 5.5.5.5
6.6.6.6/32 1 Type2 3489661028 100.1.1.2 5.5.5.5
5.5.5.5/32 1 Type2 3489661028 100.1.1.2 6.6.6.6
100.1.1.1/32 1 Type2 3489661028 100.1.1.2 6.6.6.6
Total Nets: 8
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 50

#
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
ip address 100.1.1.2 255.255.255.0
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ip address 5.5.5.5 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
import-route direct
import-route ospf 100
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
import-route bgp
domain-id 0.0.0.10
area 0.0.0.0
network 100.1.1.0 0.0.0.255
sham-link 5.5.5.5 6.6.6.6 cost 1
#
return
#
sysname P
#

vlan batch 10 40
#
mpls lsr-id 2.2.2.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 40 60
#
#
mpls lsr-id 3.3.3.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 40
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 60
ip address 120.1.1.2 255.255.255.0
#
#


#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ip address 6.6.6.6 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
import-route bgp
domain-id 0.0.0.10
area 0.0.0.0
network 120.1.1.0 0.0.0.255
sham-link 6.6.6.6 5.5.5.5 cost 1
#
return
#
sysname CE1
#
vlan batch 20 50
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
ospf cost 10
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
#
sysname CE2

#
vlan batch 30 60
#
interface vlanif 30
ip address 30.1.1.2 255.255.255.0
ospf cost 10
#
interface vlanif 60
ip address 120.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 120.1.1.0 0.0.0.255
#
return

#
sysname S9300-A
#
vlan batch 20 30
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
Example for Configuring the Multi-VPN-Instance CE
l CE1, CE2, CE3 and CE4 are customer edge devices. CE1 and CE2 belong to a LAN, and
CE3 and CE4 belong to another LAN.
l PE1 and PE2 are edge devices of the backbone network.
l The MCE is a multi-VPN-instance CE located on the user network.
l CE1 and CE3 belong to vpna; CE2 and CE4 belong to vpnb.

l vpna and vpnb use different VPN targets.
It is required that users on the same VPN can access each other, but users on different VPNs
cannot access each other. In this way, services of different VPNs on the LAN are separated from
each other.
Figure 5-207 Networking diagram for configuring multi-VPN-instance CE

vpna vpna
CE1 CE3
GE1/0/0 GE1/0/0
Loopback1
2.2.2.9./32
GE1/0/0 GE3/0/0
GE2/0/0 GE1/0/0 vpna
Loopback1 GE3/0/0
MCE
1.1.1.9./32 GE1/0/0
GE3/0/0 GE2/0/0 vpnb
PE1 PE2
GE2/0/0 GE3/0/1
GE1/0/0 GE1/0/0
vpnb CE2 CE4 vpnb
Loopback1 - 1.1.1.9/32
Loopback1 - 2.2.2.9/32
MCE GigabitEthernet1/0/0 VLANIF 50 192.1.1.2/24

1. Configure OSPF between PEs to implement interworking between PEs and configure MP-
IBGP to exchange VPN routing information.
2. Set up an EBGP adjacency between PE and the connected CE to import the VPN routes to
the VPN routing table of PE.
3. Configure OSPF multi-instance between MCE and PE2 to exchange VPN routing
information. Configure RIPv2 between MCE and CE3, and between MCE and CE4, to
exchange VPN routing information.
NOTE
When configuring OSPF multi-instance between MCE and PE2, you need to perform the following
operations.
In the OSPF view of PE2, import the BGP route and advertise the VPN route of PE1 to the MCE.
The OSPF process is used by the MCE and PE2 for the configuration of OSPF multi-instance.
In the BGP view of PE2, import the OSPF route and advertise the VPN route of MCE to PE1.
The OSPF process is used by the MCE and PE2 for the configuration of OSPF multi-instance.
Data Preparation
l A VPN instance for each isolated service is created on PE1, PE2 and MCE. Note that the
VPN targets of different VPN instances differ from each other and the VPN targets of the
same VPN instance are identical.
l The OSPF data needs to be configured. For different OSPF multi-instances, the OSPF
process IDs must be different.
l The RIP processes used to import VPN routes of CE3 and CE4 to MCE need to be
configured. The RIP processes use different process IDs.
Procedure
Step 1 Run OSPF on the PEs of the backbone network.
After the configuration, PEs can learn the Loopback1 address of each other.
<PE2> display ip routing-table
------------------------------------------------------------------------------
1.1.1.9/32 OSPF 10 2 D 172.1.1.1 Vlanif30

172.1.1.0/24 Direct 0 0 D 172.1.1.2 Vlanif30
172.1.1.1/32 Direct 0 0 D 172.1.1.1 Vlanif30


Step 2 Configure the basic MPLS capability and MPLS LDP on the backbone network and set up an
LDP LSP.
NOTE

After the configuration, run the display mpls ldp session command on the PEs, and you can see
that the MPLS LDP session between PEs is in Operational state.
<PE2> display mpls ldp session
--------------------------------------------------------------------------
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Step 3 Configure the VPN instance on PEs. Connect CE1 and CE2 to PE1 and connect MCE to PE2.
# Configure PE1.
<PE1> system-view
[PE1-Vlanif10] quit
[PE1-Vlanif20] quit
# Configure PE2.
<PE2> system-view


[PE2-Vlanif50] quit
[PE2]interface vlanif 40
[PE2-Vlnaif40] ip binding vpn-instance vpnb
[PE2-Vlnaif40] ip address 192.2.1.1 24
[PE2-Vlnaif40] quit
Step 4 Configure VPN instances on the MCE. Connect CE3, CE4, and PE2 to MCE.
[Quidway] sysname MCE
[MCE] vlan batch 40 50 60 70
[MCE] interface gigabitEthernet 2/0/0
[MEC-GigabitEthernet2/0/0] port hybrid pvid vlan 40
[MEC-GigabitEthernet2/0/0] port hybrid untagged vlan 40
[MCE-GigabitEthernet2/0/0] quit
[MCE] ip vpn-instance vpna
[MCE-vpn-instance-vpna] route-distinguisher 100:1
[MCE-vpn-instance-vpna] vpn-target 111:1 both
[MCE-vpn-instance-vpna] quit
[MCE] ip vpn-instance vpnb
[MCE-vpn-instance-vpnb] route-distinguisher 100:2
[MCE-vpn-instance-vpnb] vpn-target 222:2 both
[MCE-vpn-instance-vpnb] quit
[MCE] interface vlanif 60
[MCE-Vlanif60] ip binding vpn-instance vpna
[MCE-Vlanif60] ip address 10.3.1.2 24
[MCE-Vlanif6/0] quit
[MCE-Vlanif70] ip binding vpn-instance vpnb
[MCE-Vlanif70] quit
[MCE-Vlanif50] ip binding vpn-instance vpna
[MCE-Vlanif50] quit
[MCE-Vlanif40] ip binding vpn-instance vpnb
[MCE-Vlanif40] ipaddress 192.2.1.2 24
[MCE-Vlanif40] quit
Step 5 Set up an MP-IBGP adjacency between PEs, and between PE1 and CE1. Set up an EBGP
adjacency between PE1 and CE1, and between PE1 and CE2.

After the configuration, run the display bgp vpnv4 all peer command on PE1, and you can see
that the IBGP adjacency between PE1 and PE2 is in Established state. The EBGP adjacency
between PE1 and CE1 and the EBGP adjacency between PE1 and CE2 are in Established state.

2.2.2.9 4 100 288 287 0 01:19:16 Established 6
Peer of vpn instance :

vpn instance vpna :
10.1.1.1 4 65410 9 11 0 00:04:14 Established 2
vpn instance vpnb :
10.2.1.1 4 65420 9 12 0 00:04:09 Established 2
Step 6 Configure the OSPF multi-instance between the MCE and PE2.
# Configure PE2.
<PE2> system-view
[PE2] ospf 100 vpn-instance vpna
[PE2-ospf-100] quit
[PE2] ospf 200 vpn-instance vpnb
[PE2-ospf-200] quit
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpna
[PE2-bgp-vpna] import-route ospf 100
[PE2-bgp-vpna] quit
[PE2-bgp] ipv4-family vpn-instance vpnb
[PE2-bgp-vpnb] import-route ospf 200
[PE2-bgp-vpnb] quit
# Configure MCE.
<MCE> system-view
[MCE] ospf 100 vpn-instance vpna
[MCE-ospf-100] area 0
[MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] quit
[MCE-ospf-100] quit
[MCE] ospf 200 vpn-instance vpnb
[MCE-ospf-200] area 0
[MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] quit
[MCE-ospf-200] quit
Step 7 Run RIPv2 between the MCE and CE3, and between the MCE and CE4.
# Configure MCE.
[MCE] rip 100 vpn-instance vpna
[MCE-rip-100] version 2
[MCE-rip-100] network 10.0.0.0
[MCE-rip-100] import-route ospf 100
[MCE-rip-100] quit
[MCE] rip 200 vpn-instance vpnb

[MCE-rip-200] version 2
[MCE-rip-200] network 10.0.0.0
[MCE-rip-200] import-route ospf 200
# Configure CE3.
[CE3] vlan 60
[CE3] interface gigabitEthernet1/0/0
[CE3]interface vlanif 60
[CE3-Vlanif60]ip address 10.3.1.1 24
[CE3-Vlanif60] quit
[CE3] rip 100
[CE3-rip-100] version 2
[CE3-rip-100] network 10.0.0.0
[CE3-rip-100] import-route direct
# Configure CE4.
[CE4] vlan 70
[CE4] interface gigabitEthernet1/0/0
[CE4]interface vlanif 70
[CE4-Vlanif70]ip address 10.4.1.1 24
[CE4-Vlanif70] quit
[CE4] rip 200
[CE4-rip-200] version 2
[CE4-rip-200] network 10.0.0.0
[CE4-rip-200] import-route direct
Step 8 Disable loopback detection on MCE and import RIP routes.

<MCE> system-view
[MCE] ospf 100 vpn-instance vpna
[MCE-ospf-100] vpn-instance-capability simple
[MCE-ospf-100] import-route rip 100
[MCE] ospf 200 vpn-instance vpnb
[MCE-ospf-200] vpn-instance-capability simple
[MCE-ospf-200] import-route rip 200
After the configuration, run the displayiprouting-tablevpn-instance command on the MCE,

and you can see the route to the peer CE.
Take vpna for example.

[MCE] display ip routing-table vpn-instance vpna
------------------------------------------------------------------------------
10.1.1.0/24 O_ASE 150 1 D 192.1.1.1 vlanif50

10.1.1.1/32 O_ASE 150 1 D 192.1.1.1 vlanif50
10.3.1.0/24 Direct 0 0 D 10.3.1.2 vlanif60
10.3.1.1/32 Direct 0 0 D 10.3.1.1 vlanif60
192.1.1.0/24 Direct 0 0 D 192.1.1.2 vlanif50

192.1.1.1/32 Direct 0 0 D 192.1.1.1 vlanif50

Run the displayiprouting-tablevpn-instance command on the PE, and you can see the route
to the peer CE.
Take vpna on PE1 for example.
[PE1] display ip routing-table vpn-instance vpna
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 vlanif10

10.1.1.1/32 Direct 0 0 D 10.1.1.1 vlanif10
10.3.1.0/24 BGP 255 2 RD 2.2.2.9 vlanif30
192.1.1.0/24 BGP 255 0 RD 2.2.2.9 vlanif30
CE1 and CE3 can ping each other. CE2 and CE4 can ping each other.
[CE1] ping 10.3.1.1

0.00% packet loss
CE1 cannot ping CE2 or CE4. CE3 cannot ping CE2 or CE4.
For example, if you ping CE4 from CE1, the information is displayed as follows:
[CE1] ping 10.4.1.1
Request time out
Request time out
Request time out
Request time out
Request time out

100.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface vlanif10

ip address 10.1.1.1 255.255.255.0

#
#
bgp 65410
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE2
#
vlan batch 20
#
interface vlanif20
ip address 10.2.1.1 255.255.255.0
#
#
bgp 65420
#
ipv4-family unicast
import-route direct
#
return
#
sysname PE1
#
vlan batch 10 20 30
#
#
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface vlanif20
ip address 10.2.1.2 255.255.255.0
#
interface vlanif30

ip address 172.1.1.1 255.255.255.0

mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
import-route direct
#
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 30 40 50
#
#
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface vlanif30

ip address 172.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface vlanif50
ip address 192.1.1.1 255.255.255.0
#
interface vlanif40
ip address 192.2.1.1 255.255.255.0
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
#
#
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
#
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route bgp
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
return
l Configuration file of the MCE
#
sysname MCE
#
#


#
#
interface vlanif40
ip address 192.2.1.2 255.255.255.0
#
interface vlanif50
ip address 192.1.1.2 255.255.255.0
#
interface vlanif60
ip address 10.3.1.2 255.255.255.0
#
interface vlanif70
ip address 10.4.1.2 255.255.255.0
#
#
#
#
#
ospf 100 vpn-instance vpna
vpn-instance-capability simple
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
vpn-instance-capability simple
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
rip 100 vpn-instance vpna
version 2
network 10.0.0.0
#
rip 200 vpn-instance vpnb
version 2
network 10.0.0.0
#
return
#
sysname CE3
#
vlan batch 60
#

interface vlanif60
ip address 10.3.1.1 255.255.255.0
#
#
rip 100
version 2
network 10.0.0.0
import-route direct
#
return

#
sysname CE4
#
vlan batch 70
#
interface vlanif70
ip address 10.4.1.1 255.255.255.0
#
#
rip 200
version 2
network 10.0.0.0
import-route direct
#
return
Example for Configuring VPN FRR
As shown in Figure 5-208, you need to configure the backup next hop on PE1 to configure PE3
as a backup of PE2. When a fault occurs to PE2, traffic can be switched to PE3 quickly.

Figure 5-208 Networking diagram for configuring VPN FRR
Loopback1
VPN backbone 2.2.2.2/32
PE2
AS100 GE2/0/0
GE1/0/0 vpn1 site
GE2/0/0 GE1/0/0
Link_A
AS65410
PE1 CE1
Loopback1 Link_B GE3/0/0
1.1.1.1/32 GE3/0/0 GE2/0/0
GE1/0/0 GE2/0/0
PE3
Loopback1
3.3.3.3/32
1. Configure OSPF on the backbone routers (PE1, PE2, and PE3) to implement interworking
of these backbone routers.
2. Enable MPLS capability on the MPLS backbone and establish an LDP LSP.
3. Configure a VPN instance on PE1, PE2, and PE3 and connect CE1 to PE2 and PE3.
4. Establish EBGP adjacencies between the PEs and CE1 and import VPN routes. Establish
MP-IBGP adjacencies between the PEs.

5. On PE1, configure a routing policy for VPN FRR, configure the backup next hop, and
enable VPN FRR. If the VPN FRR is not required, run the undo vpn frr command to
disable this function.
Data Preparation
l Name of VPN instance, RD, and VPN target (111:1) on PE
l Name of the routing policy on PE1 and IP prefix
Procedure
Step 1 Configure the VLAN on each interface. The configuration procedure is not given here.
Step 2 Configure IP addresses of interfaces on the VPN backbone network and VPN sites. The
configuration procedure is not mentioned here.
Step 3 Configure OSPF on the MPLS backbone network to implement interworking of the PEs. The
configuration procedure is not mentioned here.
LDP LSPs.
NOTE
# Configure PE1.
<PE1> system-view
[PE1] mpls
[PE1-mpls] label advertise non-null
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif10] mpls
[PE1-Vlanif10] quit
[PE1-Vlanif30] mpls
[PE1-Vlanif30] quit
# Configure PE2.
<PE2> system-view
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif10] mpls
[PE2-Vlanif10] quit
# Configure PE3.
<PE3> system-view

[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3-Vlanif30] mpls
[PE3-Vlanif30] quit
Run the display mpls lsp command on the PEs, and you can see that LSPs are established
between PE1 and PE2 and between PE1 and PE3. Take PE1 for example.
[PE1] display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
3.3.3.3/32 NULL/3 -/Vlanif30
1.1.1.1/32 3/NULL -/-
100.1.1.0/30 3/NULL -/-
3.3.3.3/32 1024/3 -/Vlanif30
100.2.1.0/30 3/NULL -/-
2.2.2.2/32 NULL/3 -/Vlanif10
2.2.2.2/32 1025/3 -/Vlanif10
# Configure PE1.
# Configure PE2.
[PE2-Vlanif20] quit
# Configure PE3.
[PE3-Vlanif40] quit
Step 6 Import direct VPN routes to PE1. Create EBGP adjacencies between PE2 and CE and between
PE3 and CE to import VPN routes.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp-vpn1] quit
# Configure PE2.

[PE2] bgp 100

[PE2-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE2-bgp-vpn1] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp-vpn1] peer 10.2.1.1 as-number 65410
[PE3-bgp-vpn1] quit
# Configure CE.
<CE> system-view
[CE] bgp 65410
[CE-bgp] peer 10.1.1.2 as-number 100
[CE-bgp] peer 10.2.1.2 as-number 100
[CE-bgp] import-route direct
[CE-bgp] network 10.3.1.0 24
[CE-bgp] quit
Run the display bgp vpnv4 all peer command on PE2 and PE3, and you can see that EBGP
adjacencies are established between PEs and CE.


vpn instance vpn1 :
10.1.1.1 4 65410 46 46 0 00:37:41 Established 5
Step 7 Set up an MP-IBGP adjacency between the PEs.

# Configure PE1.
[PE1] bgp 100
# Configure PE2.
[PE2] bgp 100
# Configure PE3.
[PE3] bgp 100


Run the display bgp vpnv4 all peer command on the PEs, and you can see that MP-IBGP
adjacencies are established between PEs.


2.2.2.2 4 100 20 17 0 00:13:26 Established 5

3.3.3.3 4 100 24 19 0 00:17:18 Established 5
Step 8 Configure routing policy for VPN FRR.

[PE1] ip ip-prefix vpn_frr_list permit 2.2.2.2 32
[PE1] route-policy vpn_frr_rp permit node 10
[PE1-route-policy] if-match ip next-hop ip-prefix vpn_frr_list
[PE1-route-policy] apply backup-nexthop 3.3.3.3
[PE1-route-policy] quit
Step 9 Enable VPN FRR.

[PE1-vpn-instance-vpn1] vpn frr route-policy vpn_frr_rp
# View the backup next hop, backup label, and backup tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose
Routing Table : vpn1
Summary Count : 2
State: Inactive Adv GotQ Age: 00h17m56s
Tag: 0 Priority: 0
RelayNextHop: 0.0.0.0 Interface: Vlanif30
TunnelID: 0x10001
Tag: 0 Priority: 0
TunnelID: 0x10002
BkLabel: 15362 SecTunnelID: 0x0
BkPETunnelID: 0x10001 BkPESecTunnelID: 0x0
Step 10 To disable VPN FRR, run the undo vpn frr command.
[PE1-vpn-instance-vpn1] undo vpn frr
# After disabling VPN FRR, view the backup next hop, backup label, and backup tunnel ID.

<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose

Routing Table : vpn1
Summary Count : 2
State: Inactive Adv GotQ Age: 00h19m05s
Tag: 0 Priority: 0
TunnelID: 0x10001
Tag: 0 Priority: 0
TunnelID: 0x10002
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 30
#
vpn frr route-policy vpn_frr_rp
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface Vlanif30
ip address 100.2.1.1 255.255.255.252
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#

bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 100.2.1.0 0.0.0.3
network 1.1.1.1 0.0.0.0
#
ip ip-prefix vpn_frr_list permit 2.2.2.2 32
#
route-policy vpn_frr_rp permit node 10
if-match ip next-hop ip-prefix vpn_frr_list
#
return
#
sysname PE2
#
vlan batch 10 20
#
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface vlanif 10
ip address 100.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface vlanif 20
ip address 10.1.1.2 255.255.255.252
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#

bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0
#
return
#
sysname PE3
#
vlan batch 30 40
#
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface Vlanif 30
ip address 100.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif 40
ip address 10.2.1.2 255.255.255.252
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target

peer 1.1.1.1 enable

#
import-route direct
#
ospf 1
area 0.0.0.0
network 100.2.1.0 0.0.0.3
network 3.3.3.3 0.0.0.0
#
Return
l Configuration file of CE
#
sysname CE
#
vlan batch 20 40 50
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.252
#
interface Vlanif40
ip address 10.2.1.1 255.255.255.252
#
interface Vlanif50
ip address 10.3.1.1 255.255.255.0
#
#
#
#
bgp 65410
#
ipv4-family unicast
network 10.3.1.0 255.255.255.0
import-route direct
#
return
Example for Configuring Double RRs to Optimize VPN Backbone Layer
In VPN deployment, to improve the reliability, you can configure VPN instances with double
RRs. That is, select two Ps in the same AS as two RRs. They are backup devices of each other,
reflecting routes of the public network and VPNv4.

Figure 5-209 Networking diagram for configuring double reflectors to optimize VPN backbone
layer
Loopback1 Loopback1
2.2.2.9/32 3.3.3.9/32
P1 GE2/0/0 GE1/0/0 P2
GE1/0/0 AS100 GE2/0/0

GE3/0/0 GE3/0/0
GE1/0/0 GE1/0/0
Loopback1 Loopback1
1.1.1.9/32 GE3/0/0 GE3/0/0 4.4.4.9/32
PE1 GE2/0/0 GE2/0/0 PE2
GE1/0/0 GE1/0/0
AS65410 AS65420
CE1 CE2
P1 GigabitEthernet1/0/0 VLANIF 10 100.1.2.2/24

As shown in Figure 5-209, PE1, PE2, P1, and P2 are on the backbone network AS100. CE1 and
CE2 belong to VPNA. Select P1 and P2 as the RRs of the VPN.
1. Set up MP-IBGP adjacencies between the PEs and RRs.
2. Set up EBGP adjacencies between the PE and CEs.
3. Enable MPLS LSP on the public tunnel and enable MPLS LDP on the devices and interfaces
along the tunnel.
4. Configure P1 and P2 to be the backup of each other and configure the same RR ID for them.
5. P1 and P2 need to store all VPNv4 routing information and advertise the routing information
to PEs, so configure P1 and P2 to accept all the VPNv4 routing information without filtering
the routing information based on VPN targets.
NOTE
At least two paths that do not use the same network segment and node must exist between the RR and PE;
otherwise, the double RRs are unnecessary.
Data Preparation
l ID of the VLAN that each interface belongs to and IP address of each interface, as shown
in Figure 5-209
l MPLS LSR-IDs of PE and ASBR-PEs
l Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2
l Routing protocol used to exchange routing information between the PE and CEs (EBGP is
used in this example)
l Convergence priorities of the routes in the VPN instances
l Name of the RD and name of the routing policy
Procedure
1. Configure the VLAN on each interface. The configuration procedure is not given here.
2. Configure an IGP protocol on the MPLS backbone network to implement interworking of
devices along the LSP.
OSPF is used as the IGP protocol in this example. The configuration procedure is not given
here.
NOTE
The address of the loopback interface, which functions as the LSR ID, must be advertised.
After the configuration, devices along the LSP can learn the address of the loopback
interface of each other.
------------------------------------------------------------------------------

1.1.1.9/32 Direct 0 0 D 127.0.0.1

InLoopBack0
2.2.2.9/32 OSPF 10 2 D 100.1.2.2 Vlanif10
3.3.3.9/32 OSPF 10 2 D 100.1.3.2 Vlanif40
4.4.4.9/32 OSPF 10 3 D 100.1.3.2 Vlanif10
OSPF 10 3 D 100.1.2.2 Vlanif40
100.1.2.0/24 Direct 0 0 D 100.1.2.1 Vlanif10
100.1.2.1/32 Direct 0 0 D 127.0.0.1
InLoopBack0
100.1.2.2/32 Direct 0 0 D 100.1.2.2 Vlanif10
100.1.3.0/24 Direct 0 0 D 100.1.3.1 Vlanif40
100.1.3.1/32 Direct 0 0 D 127.0.0.1
InLoopBack0
100.1.3.2/32 Direct 0 0 D 100.1.3.2 Vlanif40
100.2.3.0/24 OSPF 10 2 D 100.1.3.2 Vlanif40
OSPF 10 2 D 100.1.2.2 Vlanif10
100.2.4.0/24 OSPF 10 2 D 100.1.2.2 Vlanif10
100.3.4.0/24 OSPF 10 2 D 100.1.3.2 Vlanif40
127.0.0.0/8 Direct 0 0 D 127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1
InLoopBack0
3. Set up LSPs on the MPLS backbone network.

Enable MPLS and MPLS LDP on the devices and interfaces along the LSP. The
configuration procedure is not given here.
After the configuration, run the display mpls ldp session command, and you can see in
the display that the Session State item is Operational.
Take the display on PE1 and P1 for example.

----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------
[P1] display mpls ldp session

----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------
4. Configure a VPN instance on PE.

For the configuration procedure, see Example for Configuring the BGP/MPLS IP
VPN. The configuration details are not mentioned here.
5. Set up EBGP peer relation between the PE and the CE and import VPN routes.

For the configuration procedure, see Example for Configuring the BGP/MPLS IP
VPN. The configuration details are not mentioned here.
6. Set up the MP-IBGP peer relation between PEs and RRs.
# Configure PE1.
<PE1> system-view
[PE1] bgp 100
# Configure P1.
<P1> system-view
[P1] bgp 100
[P1-bgp] group P1 internal
[P1-bgp] peer P1 connect-interface loopback 1
[P1-bgp] peer 1.1.1.9 group P1
[P1-bgp] ipv4-family vpnv4
[P1-bgp-af-vpnv4] peer P1 enable
[P1-bgp-af-vpnv4] peer 1.1.1.9 group P1
[P1-bgp-af-vpnv4] quit
[P1-bgp] quit
# Configure P2.
<P2> system-view
[P2] bgp 100
[P2-bgp] group P2 internal
[P2-bgp] peer P2 connect-interface loopback 1
[P2-bgp-af-vpnv4] peer P2 enable
[P2-bgp] quit
# Configure PE2.
The configuration procedure of PE2 is similar to the configuration procedure of PE1 and
is not mentioned.
After the configuration, run the display bgp vpnv4 all peer command on the PEs, and you
can see that the BGP adjacencies are established between the PEs and RRs. The EBGP
adjacencies are established between the PE and CEs.
Take the display on PE1 and P1 for example.
<PE1> display bgp vpnv4 all peer

2.2.2.9 4 100 2 4 0 00:00:31 Established 0
3.3.3.9 4 100 3 5 0 00:01:23 Established 0

vpn instance vpna :

10.1.1.1 4 65410 79 82 0 01:13:29 Established 0
7. Configure the reflector function on P1 and P2.

# Configure P1.
[P1] bgp 100
[P1-bgp-af-vpnv4] reflector cluster-id 100
[P1-bgp-af-vpnv4] peer P1 reflect-client
[P1-bgp-af-vpnv4] undo policy vpn-target
# Configure P2.
[P2] bgp 100
[P2-bgp-af-vpnv4] reflector cluster-id 100
[P2-bgp-af-vpnv4] peer P2 reflect-client
[P2-bgp-af-vpnv4] undo policy vpn-target

Display the VPN routing table on PE, and you can see the route to the remote CE.
<PE1> display ip routing-table vpn-instance vpna
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif60

10.1.1.1/32 Direct 0 0 D 10.1.1.1 Vlanif60
10.1.1.2/32 Direct 0 0 D 127.0.0.1
InLoopBack0
10.2.1.0/24 BGP 255 0 RD 4.4.4.9 Vlanif40
10.2.1.1/32 BGP 255 0 RD 4.4.4.9 Vlanif40
If CE1 and CE2 can ping each other, it indicates that the RRs are successfully configured.
After running the shutdown command in the view of VLANIF 40 on PE1 and the view of
VLANIF 50 on PE2, you can see that CE1 can ping CE2. This indicates that the RRs are
successfully configured.
Configuration Files
#
sysname PE1
#
vlan batch 10 40 60
#
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif10
ip address 100.1.2.1 255.255.255.0
mpls

mpls ldp
#
interface Vlanif40
ip address 100.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 60
ip address 10.1.1.2 255.255.255.0
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
return
#
sysname P1
#
Vlan batch 10 20 50
#
mpls lsr-id 2.2.2.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif 10
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp

#
interface Vlanif 20
ip address 100.2.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
ip address 100.2.4.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
group P1 internal
peer P1 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 4.4.4.9 enable
peer P1 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer P1 enable
peer P1 reflect-client
peer 1.1.1.9 enable
peer 1.1.1.9 group P1
peer 3.3.3.9 enable
peer 4.4.4.9 enable
#
ospf 1
area 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.2.3.0 0.0.0.255
network 100.2.4.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname P2
#
vlan batch 20 30 40
#
mpls lsr-id 3.3.3.9
mpls
lsp-trigger all

#
mpls ldp
#
interface Vlanif20
ip address 100.2.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 100.3.4.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.3.2 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
group P2 internal
peer P2 connect-interface LoopBack1
#
ipv4-family unicast
peer P2 enable
#
ipv4-family vpnv4
peer P2 enable
peer P2 reflect-client
peer 1.1.1.9 enable
peer 2.2.2.9 enable
peer 4.4.4.9 enable
#
ospf 1
area 0.0.0.0
network 100.2.3.0 0.0.0.255
network 100.3.4.0 0.0.0.255
network 100.1.3.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return

#
sysname PE2
#
vlan batch 30 50 70
#
#
mpls lsr-id 4.4.4.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Vlanif30
ip address 100.3.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.2.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif70
ip address 10.2.1.2 255.255.255.0
#
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
peer 2.2.2.9 enable
#
import-route direct
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.3.4.0 0.0.0.255

network 100.2.4.0 0.0.0.255

#
return

#
sysname CE1
#
vlan batch 60
#
interface Vlanif60
ip address 10.1.1.1 255.255.255.0
#
#
bgp 65410
#
ipv4-family unicast
#
return

#
sysname CE2
#
vlan batch 70
#
interface Vlanif70
ip address 10.2.1.1 255.255.255.0
#
#
bgp 65420
#
ipv4-family unicast
#
return
5.10.4 VLL Configuration

This chapter describes the principle, configuration procedure, and configuration examples of the
VLL.
Example for Configuring a Local CCC Connection
As shown in Figure 5-210, the CE is connected to the PE through a GE interface.
A local CCC connection is created between CE1 and CE2.

Figure 5-210 Networking diagram for configuring local CCC connection

CE 2
GE1/0/0
CCC local connection
CE 1 GE 2/0/0
GE 1/0/0 GE 1/0/0
PE
Loopback1
1.1.1.9/32
PE GigabitEthernet1/0/0 VLANIF 10 -
Loopback1 - 1.1.1.9/32
1. Configure the basic MPLS capacity on the PE and enable the MPLS L2VPN.
2. Create a local connection between CE1 and CE2 on PE. The local CCC connection is
bidirectional, so only one connection is needed.
Data Preparation
IP addresses of the interfaces
Procedure
Step 1 Configure CEs.
# Configure CE1.
[CE1] vlan 10
[CE1-Vlan10] quit
[CE1]interface GigabitEthernet1/0/0
[CE1-GigabitEthernet1/0/0]port link-type trunk
[CE1-GigabitEthernet1/0/0]port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0]quit
[CE1-Vlanif10] quit
# Configure CE2.

[CE2] vlan 20
[CE2-vlan20] quit
[CE2-GigabitEthernet1/0/0]port link-type trunk
[CE2-GigabitEthernet1/0/0]port trunk allow-pass vlan 20
[CE2]quit
[CE2-Vlanif20] quit
Step 2 Configure PEs.
# Configure the LSR ID and enable MPLS and MPLS L2VPN.

[Quidway] sysname PE
[PE] interface loopback 1
[PE-LoopBack1] ip address 1.1.1.9 32
[PE-LoopBack1] quit
[PE] mpls lsr-id 1.1.1.9
[PE] mpls
[PE-mpls] quit
[PE] mpls l2vpn
[PE-l2vpn] quit
[PE] vlan batch 10 20
[PE] interface gigabitEthernet 1/0/0
[PE-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[PE-GigabitEthernet1/0/0] port hybrid tagged vlan 10
[PE-GigabitEthernet1/0/0] quit
[PE] interface gigabitEthernet 2/0/0
[PE-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[PE-GigabitEthernet2/0/0] port hybrid tagged vlan 20
[PE-GigabitEthernet2/0/0] quit
# Create a local connection between CE1 and CE2.

[PE-Vlanif10] quit
[PE-Vlanif20] quit
[PE] ccc ce1-ce2 interface Vlanif 10 out-interface Vlanif 20
After the configuration, display the CCC information on the PE. You can see that a local CCC
connection is set up and the status is Up.
<PE> display ccc
total ccc vc : 1
local ccc vc : 1, 1 up
remote ccc vc : 0, 0 up
name: ce1-ce2, type: local, state: up,

intf1: Vlanif10 (up), intf2: Vlanif20 (up)
Run the display l2vpn ccc-interface vc-type ccc command, and you can see that the VC type
is CCC and the status is Up.
<PE> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC : 2

up (2), down (0)
Interface Encap Type State VC Type
Vlanif10 vlan up ccc

Run the display ip routing-table command on the CE, and you can see that CE1 and CE2 can
learn the interface routes of each other. CE1 and CE2 can ping each other.
------------------------------------------------------------------------------
100.1.1.0/24 Direct 0 0 D 100.1.1.1 vlanif10

100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif10
<CE1> ping 100.1.1.2
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.1 255.255.255.0
#
#
return
#
sysname PE
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
interface Vlanif10
#
interface Vlanif20
#

#
interface GigabitEthernet/0/0
#
ccc ce1-ce2 interface Vlanif10 out-interface Vlanif20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return

#
sysname CE2
#
vlan batch 20
#
interface Vlanif 20
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Remote CCC Connection
The CE is connected to the PE through a GE interface.
To create a remote CCC connection between CE1 and CE2, you need to complete the following
tasks:
l Create the remote CCC connection between the two PEs.
l Configure two static LSPs on P to exchange packets.

Figure 5-211 Networking diagram for configuring remote CCC connection

CE 1 to CE 2 O-Label I-Label O-Label I-Label
200 200 201 201
I-Label O-Label I-Label O-Label

100 100 101 101 CE 2 to CE 1

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
P
PE 1 PE 2
GE 2/0/0 GE 2/0/0 GE1/0/0 GE 1/0/0
GE 1/0/0 GE 2/0/0
GE 1/0/0 CCC remote GE 1/0/0

connection
CE 1 CE 2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
1. Configure a bidirectional static LSP for the local CCC connection between PEs. The LSP
is exclusively used by the CCC connection.
2. Enable MPLS L2VPN on the PEs. MPLS L2VPN need not be enabled on P.
3. Set up two connections: one from CE1 to CE2 and the other from CE2 to CE1.

Data Preparation
l Out-label and in-label of the remote CCC connection
Pay attention to the mapping between the in-labels and out-labels on the PE and P. For the settings
of the out-label and the in-label, see Figure 5-211.
Procedure
Step 1 Configure the ID of the VLAN that each interface belongs to, as shown in Figure 5-211.
The configuration procedure is not mentioned here.
Step 2 Assign the IP addresses to the VLANIF interfaces on the CEs.
# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif40] quit
Step 3 Assign an IP address to each VLANIF interface of the S9300s.
# Configure PE1.
[PE1-Vlanif20] quit
# Configure the P.
[Quidway] sysname P
[P-LoopBack1] quit
[P-Vlanif30] quit
[P-Vlanif20] quit
# Configure PE2.
[PE2-Vlanif40] quit

Step 4 Configure the basic MPLS capabilities on the MPLS backbone network.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 5 Create the remote CCC connection between the two PEs.
# Configure PE1: Enable MPLS L2VPN globally and create the remote CCC connection from
CE1 to CE2. Connect the incoming interface of PE1 to CE1 and the outgoing interface of PE1
to the P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] quit
[PE1] ccc CE1-CE2 interface Vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2
# Configure PE2: Enable VLL globally and create the remote CCC connection from CE2 to
CE1. Connect the incoming interface of PE2 to CE2 and the outgoing interface of PE2 to the P.
Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif40] quit
[PE2] ccc CE2-CE1 interface vlanif 40 in-label 201 out-label 101 nexthop 10.2.2.2
Step 6 Configure static LSPs on P for forwarding packets.
# Configure P: Configure a static LSP for forwarding packets from PE1 to PE2, and configure
another static LSP for forwarding packets from PE2 to PE1.
[P] static-lsp transit PE1-PE2 incoming-interface Vlanif 20 in-label 200 nexthop
10.2.2.1 out-label 201
[P] static-lsp transit PE2-PE1 incoming-interface Vlanif 30 in-label 101 nexthop
10.1.1.1 out-label 100

After the configuration, display information about the CCC connection on the PEs. You can find
that a remote CCC connection is set up on each of PE1 and PE2 and the status of the connection
is Up.
<PE1> display ccc
total ccc vc : 1
name: CE1-CE2, type: remote, state: up,

intf: Vlanif10 (up), in-label: 100 , out-label: 200 , nexthop: 10.1.1.2
<PE2> display ccc
total ccc vc : 1
name: CE2-CE1, type: remote, state: up,

intf: Vlanif40 (up), in-label: 201 , out-label: 101 , nexthop : 10.2.2.2
Run the display l2vpn ccc-interface vc-type ccc command on PE, and you can see that the VC
type is CCC and the status is Up. Take PE1 for example.
<PE1> display l2vpn ccc-interface vc-type ccc
Total ccc-interface of CCC : 1

up (1), down (0)
Run the display mpls lsp command on the P, and you can view the label and interface
information of the two static LSPs.
<P> display mpls lsp
-------------------------------------------------------------------------------
LSP Information: STATIC LSP
-------------------------------------------------------------------------------
learn the interface routes of each other. CE1 and CE2 can ping each other.
------------------------------------------------------------------------------
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif10

100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif10
<CE1> ping 100.1.1.2

0.00% packet loss

----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
interface Vlanif10
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
#
#
#
#
ccc CE1-CE2 interface Vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
#

interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
static-lsp transit PE1-PE2 incoming-interface Vlanif 20 in-label 200 nexthop
10.2.2.1 out-label 201
static-lsp transit PE2-PE1 incoming-interface Vlanif 30 in-label 101 nexthop
10.1.1.1 out-label 100
#
return

#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
#
interface Vlanif40
#
#
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif 40
ip address 100.1.1.2 255.255.255.0
#
#
return

Example for Configuring an SVC VLL
The CE is connected to the PE through a GE interface.
An SVC VLL is set up between CE1 and CE2. The SVC connection is created on PEs and the
VC label is specified.
Figure 5-212 Networking diagram for configuring SVC VLL

Loopback 1 Loopback 1 Loopback 1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
PE 1 PE 2
GE 2/0/0 GE 2/0/0 GE 1/0/0 GE 1/0/0
GE 1/0/0 GE 2/0/0
P
SVC
connection
GE 1/0/0 GE 1/0/0
CE 1 CE 2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
1. Enable MPLS and MPLS L2VPN.

2. Create a static L2VC connection between PEs and manually configure the VC label.

Data Preparation
l Labels of the static L2VC connection
The out-label of PE1 is the same as the in-label of PE2; whereas the in-label of PE1 is the same
as the out-label of PE2.
Procedure
Step 1 Configure interface addresses for CE, PE and P according to Figure 5-212, including VLAN
interfaces and VLANIF interfaces.
NOTE
The S9300 only allows the CE to access the PE through a trunk.
Step 2 Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P.
The loopback interface addresses are the LSR IDs.
Step 3 Configure basic MPLS functions and LDP on the MPLS backbone network. That is, set up LDP
LSPs.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit

[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
After the configuration, LDP sessions are set up between PE1, P, and PE2. Run the display mpls
ldp session command, and you can see that the status of the LDP session is Operational.
Take the display on PE1 for example:


------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Run the display mpls ldp lsp command, and you can see the establishment status of the LDP
LSP.

LDP LSP Information

------------------------------------------------------------------------------
------------------------------------------------------------------------------
*1 1.1.1.1/32 Liberal
3 2.2.2.9/32 NULL/3 10.1.1.2 -------/Vlanif20
4 3.3.3.9/32 NULL/1025 10.1.1.2 -------/Vlanif20
------------------------------------------------------------------------------
Step 4 Enable MPLS L2VPN and create static VCs on PEs.
# Configure PE1: Create a static VC on VLANIF 10, which is connected to CE1.

[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-
vpn-label 200
[PE1-Vlanif10] quit
# Configure PE2: Create a static VC on VLANIF 40, which is connected to CE2.

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif40] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 200 receive-
vpn-label 100
[PE2-Vlanif40] quit
View the L2VPN connection information of the SVC on the PE, and you can see that a static
L2VC connection is established.

<PE1> display mpls static-l2vc interface Vlanif 10

*Client Interface : Vlanif10 is up
AC Status : up
VC State : up
VC ID : 0
VC Type : VLAN
Transmit VC Label : 100
Receive VC Label : 200
VCCV Capabilty : Disable
Tunnel Policy : --
Traffic Behavior : --
Main or Secondary : Main
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x2014
Run the display l2vpn ccc-interface vc-type static-vc up command, and you can see that the
VC type is static VC and the status is Up. Take the display on PE1 for example.
<PE1> display l2vpn ccc-interface vc-type static-vc up
Total ccc-interface of SVC VC: 1

up (1), down (0)
Vlanif10 vlan up static-vc
learn the interface routes of each other.
Take the display on CE1 for example.

------------------------------------------------------------------------------
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif10

100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif10
CE1 and CE2 can ping each other.

<CE1> ping 100.1.1.2
0.00% packet loss
----End

Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif 10
mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label
200
#
interface Vlanif 20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20

ip address 10.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return

#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
100
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Martini VLL
As shown in Figure 5-213, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is set up between CE1 and CE2.
Figure 5-213 Networking diagram for configuring the Martini VLL

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE 2/0/0 GE 1/0/0
PE 1 PE 2
GE 2/0/0 GE1/0/0
GE1/0/0 GE 2/0/0
P
GE1/0/0 GE 1/0/0
Martini
CE 1 CE 2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32

1. Configure the routing protocol on backbone devices (PE and P) and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
3. Enable MPLS L2VPN and create VC connections on the PEs.
Data Preparation
l Name of the remote peer of each PE
l VC ID
Procedure
Step 1 Configure interface addresses for CE, PE and P according to Figure 5-213, including VLAN
and VLANIF interfaces.
NOTE
Step 2 Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P.
The loopback interface addresses are the LSR IDs.
After the configuration, OSPF adjacencies are established between PE1, P, and PE2. By running
the display ospf peer command, you can see that the status of the OSPF adjacency is Full. Run
the display ip routing-table command, and you can see that the PEs can learn the routes of each
other's Loopback1 interface.
Step 3 Configure the basic MPLS capability and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure the P.


[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 4 Set up a remote LDP session between PEs.

# Configure PE1.
# Configure PE2.
After the configuration, run the display mpls ldp session command on PE1 to view the
establishment of the LDP session. You can find that an LDP session is set up between PE1 and
PE2.
Take the display on PE1 for example.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 5 Enable MPLS L2VPN on the PE and establish VCs.

# Configure PE1: Create a VC on VLANIF 10, which is connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] mpls l2vc 3.3.3.9 101
[PE1-Vlanif10] quit

# Configure PE2: Create a VC on VLANIF 40, which is connected to CE2.

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-vlanif40] quit
View the L2VPN connection information on the PEs, and you can see that an L2VC is set up
and is in Up state.

<PE1> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
session state : up
AC state : up
VC state : up
VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 21504 remote VC label : 21504
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : not exist
link state : up
local VCCV : Disable
remote VCCV : none
local control word : disable remote control word : none
tunnel policy name : --
traffic behavior name : --
PW template name : --
primary or secondary : primary
NO.0 TNL type : lsp , TNL ID : 0x10007
create time : 0 days, 0 hours, 4 minutes, 19 seconds
up time : 0 days, 0 hours, 3 minutes, 45 seconds
last change time : 0 days, 0 hours, 3 minutes, 45 seconds

<CE1> ping 100.1.1.2
0.00% packet loss
----End

Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc 3.3.3.9 101
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#

mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
mpls l2vc 1.1.1.9 101
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0

network 10.2.2.0 0.0.0.255

#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif 40
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Local Kompella VLL
As shown in Figure 5-214, CE1 and CE2 are connected to the same PE through GE interfaces.
A local Kompella VLL is set up between CE1 and CE2.
Figure 5-214 Networking diagram for configuring a local Kompella VLL

CE2
Kompella local connection GE1/0/0
GE2/0/0
GE1/0/0 GE1/0/0
PE
CE1
Loopback1
1.1.1.9/32
PE GigabitEthernet1/0/0 VLANIF 10 -
Loopback1 - 1.1.1.9/32

1. Enable MPLS on the PEs.

2. Enable the MPLS L2VPN.
3. Configure VLL instances and CE connections.
Data Preparation
l Names of VPN instances and RDs
l Names and IDs of the CEs (The CE IDs are globally unique.) CE range, namely, the label
block
Procedure
Step 1 Configure the addresses of the VLANIF interfaces of CE1 and CE2 according to Figure
5-214 and the IDs of the VLANs to which the interfaces belong.
NOTE
Step 2 Configure a local connection in Kompella mode.

# Configure basic MPLS functions.
[PE] interface loopback 1
[PE-LoopBack1] ip address 1.1.1.9 32
[PE-LoopBack1] quit
[PE] mpls lsr-id 1.1.1.9
[PE] mpls
[PE-mpls] quit
# Configure MPLS L2VPN and CE connections.

[PE] mpls l2vpn
[PE-l2vpn] quit
[PE] mpls l2vpn vpn1 encapsulation vlan
[PE-mpls-l2vpn-vpn1] route-distinguisher 100:1
[PE-mpls-l2vpn-vpn1] ce ce1 id 1 range 10
[PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface vlanif 10
[PE-mpls-l2vpn-ce-vpn1-ce1] quit
[PE-mpls-l2vpn-vpn1] ce ce2 id 2 range 10
[PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface vlanif 20
[PE-mpls-l2vpn-ce-vpn1-ce2] quit
[PE-mpls-l2vpn-vpn1] quit

After the configuration, run the display mpls l2vpn connection command on the PE. You can
see that two L2VPN connections are set up and they are in Up state.
<PE> display mpls l2vpn connection
2 total connections,
connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown
VPN name: vpn1,

CE name: ce1, id: 1,

Rid type status peer-id route-distinguisher interface

primary or not
----------------------------------------------------------------------------
2 loc up --- --- Vlanif20
primary

primary or not
----------------------------------------------------------------------------
1 loc up --- --- Vlanif10
primary

<CE1> ping 30.1.1.2
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 30.1.1.1 255.255.255.0
#
#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
interface Vlanif10
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
#
port hybrif tagged vlan 10
#

port hybrif tagged vlan 20
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Remote Kompella Connection
As shown in Figure 5-215, CE1 and CE2 are respectively connected to PE1 and PE2 through
GE interfaces.
A remote Kompella VLL is set up between CE1 and CE2.
Figure 5-215 Networking diagram for configuring a remote Kompella VLL

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE 2/0/0 GE 1/0/0
GE 1/0/0 GE 2/0/0
GE 1/0/0 PE 1 P PE 2 GE 2/0/0
Kompella
GE 1/0/0 Remote
GE 1/0/0
CE 1 CE 2
Loopback1 - 1.1.1.9/32

Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
1. Configure routing protocols on the PEs and P on the backbone network to implement
internetworking, and enable basic MPLS functions and LDP.
2. Enable MPLS L2VPN and configure BGP L2VPN on PEs.
3. Configure the VPN instance and CE connections.
Data Preparation
l ASN of BGP
l Names of VPN instances, RDs, and VPN targets
l Names and IDs of the CEs (The CE IDs are globally unique.), and CE range, namely, the
label block
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to
Figure 5-215.
NOTE
Step 2 Configure an IGP protocol on the MPLS backbone network.

In this example, OSPF is used as the IGP protocol. When configuring OSPF, advertise the 32-
bit addresses of loopback interfaces on PEs and P. The loopback interface addresses are the LSR
IDs. The configuration procedure is not mentioned here.
After the configuration, run the display ip routing-table command on each LSR. You can view
that the LSRs have learned the routes from each other.

------------------------------------------------------------------------------

2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Vlanif20
3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Vlanif20
168.1.1.0/24 Direct 0 0 D 168.1.1.1 Vlanif20
168.1.1.2/32 Direct 0 0 D 168.1.1.2 Vlanif20
169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Vlanif20
Run the display ospf peer command, and you can see that the OSPF neighbor relation is set up
and the neighbor status is Full.

<PE1> display ospf peer

Neighbors

Router ID: 2.2.2.9 Address: 168.1.1.2
DR: None BDR: None MTU: 0
Step 3 Configure basic MPLS functions and LDP, and set up LDP LSPs.
The configuration procedure is not mentioned here.
After the configuration, run the display mpls ldp session and display mpls ldp peer commands
on each LSR. You can see information about the LDP session and peers.


------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
<PE1> display mpls ldp peer

------------------------------------------------------------------------------
------------------------------------------------------------------------------
2.2.2.9:0 2.2.2.9 Vlanif20
------------------------------------------------------------------------------
Run the display mpls lsp command, and you can see the status of the LSP.

<PE1> display mpls lsp

----------------------------------------------------------------------
----------------------------------------------------------------------
2.2.2.9/32 NULL/3 -/Vlanif20
1.1.1.9/32 3/NULL -/-
3.3.3.9/32 NULL/1024 -/Vlanif20
Step 4 Configure the basic BGP L2VPN capability.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] bgp 100
[PE1-bgp] l2vpn-family
[PE1-bgp-af-l2vpn] peer 3.3.3.9 enable
[PE1-bgp-af-l2vpn] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] bgp 100
[PE2-bgp-af-l2vpn] quit
[PE2-bgp] quit
After the configuration, run the display bgp l2vpn peer command on PE1 and PE2, and you
can see that the peer relation between the PEs is in Established state.
<PE1> display bgp l2vpn peer

3.3.3.9 4 100 2 4 0 00:00:32 Established 0
Step 5 Configure the L2VPN and CE connections.

# Configure PE1.
[PE1] mpls l2vpn vpn1 encapsulation vlan
[PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1
[PE1-mpls-l2vpn-vpn1] vpn-target 1:1
[PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10
[PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface vlanif 10
[PE1-mpls-l2vpn-ce-vpn1-ce1] quit
[PE1-mpls-l2vpn-vpn1] quit
# Configure PE2.
[PE2-mpls-l2vpn-vpn1] vpn-target 1:1
[PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10


After the configuration, run the display mpls l2vpn connection command on PEs, and you can
see that an L2VPN connection is in Up state.
<PE1> display mpls l2vpn connection
VPN name: vpn1,


primary or not
----------------------------------------------------------------------------
1 rmt up 3.3.3.9 100:1 Vlanif10
primary

<CE1> ping 30.1.1.2
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 30.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#

mpls l2vpn
#
mpls ldp
#
interface Vlanif10
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
mpls l2vpn vpn1 encapsulation vlan
ce ce1 id 1 range 10 default-offset 0
connection ce-offset 2 interface Vlanif 10
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
l2vpn-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface VLanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#

#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif 30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
#
#
#
#
connection ce-offset 1 interface Vlanif40
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.9 enable

#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
#
#
return
Example for Configuring the Inter-AS Martini VLL Option A
As shown in Figure 5-216, the Option A scheme is used to establish the inter-AS Martini VLL.
The MPLS backbone in an AS uses IS-IS as the IGP protocol.
Figure 5-216 Networking diagram for configuring the inter-AS Martini VLL Option A
MPLS backbone MPLS backbone

AS 100 AS 200
Loopback0 Loopback0 Loopback0 Loopback0

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
GE2/0/0 GE2/0/0 GE2/0/0

GE1/0/0 GE1/0/0 GE1/0/0
PE1 ASBR -PE1 PE2
ASBR -PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32

Loopback0 - 4.4.4.9/32
ASBR-PE1 GigabitEthernet1/0/0 VLANIF 20 10.1.1.2/24
Loopback0 - 2.2.2.9/32
ASBR-PE2 GigabitEthernet1/0/0 VLANIF 30 -
Loopback0 - 3.3.3.9/32
1. Run an IGP protocol on the backbone network so that the devices in the same AS can
communicate with each other.
2. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs
between PEs and ASBR-PEs in the same AS. If PEs and ASBR-PEs are not directly
connected, establish a remote LDP session.
3. Establish MPLS L2VC connections between the PEs and ASBR-PEs in the same AS.
Data Preparation
l IS-IS data
l IP address of the peer
l L2VC ID
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces belong according to Figure 5-216.
NOTE

PEs and ASBR-PEs on the backbone network can communicate with each other by using IGP.
In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.

After the configuration, the ASBR and PE in the same AS can establish an IS-IS adjacency. Run
the display isis peer command, and you can see that the IS-IS adjacency is in Up state, and the
PEs can learn each other's loopback address.
<PE1> display isis peer

----------------------------
0000.0000.0002 Vlanif20 0000000001 Up 21s L1L2 --
The ASBR and PE in the same AS can ping each other.

<PE1> ping 2.2.2.9

0.00% packet loss
Step 3 Enable MPLS and configure dynamic LSPs.

Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP
LSP between the PE and ASBR-PE in the same AS.
After this step, an LSP is established between the PE and ASBR-PE in the same AS.
Take the display on ASBR-PE1 for example.
<ASBR-PE1> display mpls ldp session

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 4 Configure the MPLS L2VC connection.

Configure the L2VC connection on the PE and ASBR-PE and connect the PE to the CE.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] quit
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
[ASBR-PE1-l2vpn] mpls l2vpn default martini

[ASBR-PE1-l2vpn] quit
[ASBR-PE1] interface vlanif 30
[ASBR-PE1-Vlanif30] mpls l2vc 1.1.1.9 100
[ASBR-PE1-Vlanif30] quit
[ASBR-PE2-l2vpn] mpls l2vpn default martini
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif50] quit
# Configure CE1.
[CE1-Vlanif10] ip address 100.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif50] quit

Display information about the L2VPN connection on PE1. You can see that an L2VC is set up
and the VC status is Up.
<PE1> display mpls l2vc interface Vlanif 10
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
BFD for PW : disable
forwarding entry : exist
link state : up
remote VCCV : Disable
local control word : disable remote control word : disable
tunnel policy : --
traffic behavior : --

<ASBR-PE2> display mpls l2vc interface Vlanif 30

session state : up
AC state : up
VC state :up
VC ID : 100
VC type : VLAN
BFD for PW : disable
link state : up
tunnel policy : --

<CE1> ping 100.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1

#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
mpls l2vc 2.2.2.9 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20

ip address 10.1.1.2 255.255.255.0

isis enable 1
mpls
mpls ldp
#
interface Vlanif30
mpls l2vc 1.1.1.9 100
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return
#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
mpls l2vc 4.4.4.9 100
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls

#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc 3.3.3.9 100
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif 50
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring the Inter-AS Kompella VLL Option A
As shown in Figure 5-217, the devices on the MPLS backbone network use OSPF as IGP to
realize the communication between the devices in the same AS. The Option A scheme is used
to establish the inter-AS Kompella VLL. The peer ASBR is regarded as the CE.

Figure 5-217 Networking diagram for configuring the inter-AS Kompella VLL Option A
BGP/MPLS Backbone BGP/MPLS Backbone

AS 100 AS 200

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
GE2/0/0 GE2/0/0 GE2/0/0

GE1/0/0 GE1/0/0 GE1/0/0
PE1 GE1/0/0 ASBR -PE1 GE2/0/0 PE2
ASBR -PE2
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.9/32
Loopback1 - 4.4.4.9/32
Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
2. Enable MPLS on the backbone and establish a dynamic LSP between the PE and the ASBR-
PE.

3. Establish an IBGP adjacency between the PE and the ASBR-PE in an AS.

4. Set up a Kompella VLL connection between the PE and the ASBR-PE in an AS.
Data Preparation
l OSPF data
l L2VPN instance name, RD, and VPN target on the PE and the ASBR-PE
l CE connection name, CE ID, CE range (10 by default), and default offset (1 or 0, the default
is 0) on the PE and ASBR-PEs
Procedure
NOTE
Step 2 Configure an IGP protocol on the backbone network.

PEs and ASBR-PEs on the MPLS backbone network can communicate with each other by using
IGP. OSPF is used as the IGP protocol in this example.
The configuration procedure is not mentioned. Note that the address of Loopback1 must be
advertised to the IBGP peer.
After the configuration, the ASBR-PE and the PEs in the same AS can learn the Loopback1
addresses of each other. Run the display ip routing-table command, and you can see that the
ASBR and the PEs in the same AS can learn the Loopback1 addresses of each other.
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 2 D 20.1.1.2 Vlanif20
20.1.1.0/30 Direct 0 0 D 20.1.1.1 Vlanif20
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif20
The ASBR-PE and the PEs in the same AS can ping each other's Loopback1 address.
<PE1> ping 2.2.2.2


0.00% packet loss
Step 3 Enable MPLS and establish the LSP.

Enable MPLS and establish LDP LSP on the ASBR-PE and the PEs in the same AS.
After the configuration, the LDP adjacencies are established between the PE and the ASBR-PEs
in the same AS. Run the display mpls ldp session command on each S9300, and you can find
that the session status is Operational.

---------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------
Step 4 Configure IBGP.

Configure MP-IBGP connections between PE1 and ASBR-PE1, and between PE2 and ASBR-
PE2.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.2 connect-interface LoopBack 1
[PE1-bgp] quit
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] peer 1.1.1.1 as-number 100
[ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1
[ASBR-PE1-bgp] quit
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] quit
After the configuration, run the display bgp peer command, and you can see that the IBGP peer
relation between PE1 and the ASBR-PE in the same AS is in Established state. Take the display
on PE1 for example.
[PE1] display bgp peer


2.2.2.2 4 100 2 3 0 00:00:03 Established 0
Step 5 Enable BGP peers in the BGP L2VPN address family view.
After BGP peers are enabled on the PEs and ASBR-PEs in the BGP L2VPN address family
view, L2VPN instance information can be exchanged between the PEs and ASBR-PEs.
# Configure PE1.
[PE1] bgp 100
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] l2vpn-family
[ASBR-PE1-bgp-af-l2vpn] peer 1.1.1.1 enable
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp] l2vpn-family
[ASBR-PE2-bgp-af-l2vpn] peer 4.4.4.4 enable
# Configure PE2.
[PE2] bgp 200
Step 6 Set up the Kompella L2VPN connection between PEs.

The major steps are as follows:
l Enable MPLS L2VPN on the PEs and ASBR-PEs.
l Create VPN instances and CE connections on PE1 and PE2.
l Configure IP addresses in the same network segment for the interfaces through which CE1
and CE2 access the PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-mpls-l2vpn-vpn1] mtu 1500
[PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both
[PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 default-offset 0
[ASBR-PE1] mpls l2vpn vpn1 encapsulation vlan
[ASBR-PE1-mpls-l2vpn-vpn1] route-distinguisher 100:2
[ASBR-PE1-mpls-l2vpn-vpn1] mtu 1500
[ASBR-PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both

[ASBR-PE1-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 default-offset 0

[ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 1 interface vlanif 30
[ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] quit
[ASBR-PE1-mpls-l2vpn-vpn1] quit
[ASBR-PE2] mpls l2vpn vpn1 encapsulation vlan
[ASBR-PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1
[ASBR-PE2-mpls-l2vpn-vpn1] mtu 1500
[ASBR-PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both
[ASBR-PE2-mpls-l2vpn-vpn1] ce ce3 id 3 range 10 default-offset 0
[ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 4 interface vlanif 30
[ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] quit
[ASBR-PE2-mpls-l2vpn-vpn1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-mpls-l2vpn-vpn1] mtu 1500
[PE2-mpls-l2vpn-vpn1] ce ce4 id 4 range 10 default-offset 0
# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif50] quit

Display information about the L2VPN connection on PE1. You can see that an L2VC is set up
Take the display on PE1 and ASBR-PE2 for example.
# The display on PE1 is as follows:
<PE1> display mpls l2vpn connection interface vlanif 10
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 2
intf(state,encap): Vlanif50(up,vlan)
peer id: 2.2.2.2
route-distinguisher: 100:2
local vc label: 25602
remote vc label: 25601
tunnel policy: default
primary or secondary: primary
forwardEntry exist or not: true
forward entry active or not:true
manual fault set or not: not set

AC OAM state: up
BFD for PW session index: --
BFD for PW state: invalid
BFD for LSP state: true
Local C bit is not set, Remote C bit is not set
tunnel type: lsp , id: 0x2002000
# The display on ASBR-PE2 is as follows:

<ASBR-PE2> display mpls l2vpn connection interface vlanif 30
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 3
local ce name: ce3
remote ce-id: 4
peer id: 4.4.4.4
AC OAM state: up
Local C bit is not set, Remote C bit is not set
You can find that reachable routes between CE1 and CE2 exist. Take the display on CE1 for
example.
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10

10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10

<CE1> ping 10.1.1.2

0.00% packet loss
----End

Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif10
#
interface Vlanif 20
ip address 20.1.1.1 255.255.255.252
mpls
mpls ldp
#
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
l2vpn-family
policy vpn-target
peer 2.2.2.2 enable
#
#

ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif30
#
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.1 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
#
sysname ASBR-PE2
#
vlan batch 30 40
#

mpls lsr-id 3.3.3.3

mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif30
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.252
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 200
#
ipv4-family unicast
peer 4.4.4.4 enable
#
l2vpn-family
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 40.1.1.0 0.0.0.3
#
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif50

#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bgp 200
#
ipv4-family unicast
peer 3.3.3.3 enable
#
l2vpn-family
policy vpn-target
peer 3.3.3.3 enable
#
ospf 1
area 0.0.0.0
network 40.1.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
#
#
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif 50
ip address 10.1.1.2 255.255.255.0
#
#
return
Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)
As shown in Figure 5-218, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3.
The networking requirements are as follows:
l A PW is set up between PE1 and PE3. This PW is the master PW, and uses the MPLS TE
tunnel.
l A PW is set up between PE1 and PE2. This PW is the backup PW, and uses the MPLS LSP
tunnel.

l If the master link (CE2 → PE3 → PE1) becomes faulty, the L2VPN traffic can be rapidly
switched to the backup link (CE2 → PE2 → PE1).
l After the master link (CE2 → PE3 → PE1) recovers from the fault, the L2VPN traffic is
switched back.
Figure 5-218 Networking diagram for configuring Martini VLL FRR (asymmetrically
connected CEs)
P
1 P GE
2 /0/ 2 /0/
GE 2
1.1.1.1/32 3.3.3.3/32
4.4.4.4/32
1 GE
2 /0/ 2 /0/
GE 1
MPLS TE
PE1 PE3
Loopback1
GE2 MP
GE1/0/0 /0/2 LS 2.2.2.2/32
LSP GE1/0/0
GE2
/0/1 GE1/0/0
PE2
GE1/0/0 GE1/0/0
CE1 GE1/0/1 CE2
GE1/0/1
Client1 Client2
10.1.1.1/24 10.1.1.2/24
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32

Loopback1 - 4.4.4.4/32
1. Configure OSPF on the backbone network.
2. Set up an MPLS TE tunnel between PE1 and PE3, and an LSP between PE1 and PE2.
3. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3.
4. Set up an MPLS LDP session between PE1 and PE3.
5. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure
the master PW because the master PW uses the MPLS TE tunnel.
Data Preparation
l Tunnel policies
l Bandwidth for MPLS TE tunnels
l Name of the remote peer of MPLS LDP
l VC IDs of the master PW and the backup PW
l Name of the PW template
Procedure
NOTE
The packets sent from CE to PE must have VLAN tags when a VLANIF interface or a sub-interface used
as an AC interface.
Step 2 Configure IGP on the MPLS backbone network so that PEs and P can interwork.
# Configure PE1.
[PE1-Vlanif20] quit
[PE1-Vlanif40] quit
[PE1] ospf 1
[PE1-ospf-1] area 0

# Configure the P.
[P-LoopBack1] quit
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] area 0
# Configure PE3.
[PE3-Vlanif30] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
# Configure PE2.
[PE2-Vlanif40] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
After the configuration, run the display ip routing-table command on the PEs, and you can see
that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each
other.
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Vlanif40
3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Vlanif20
4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Vlanif20
100.12.1.0/30 Direct 0 0 D 100.12.1.2 Vlanif40
100.13.1.0/30 Direct 0 0 D 100.13.1.2 Vlanif20
100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Vlanif20

# Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS
on the interfaces of the backbone network.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
[PE1-Vlanif40] mpls
[PE1-Vlanif40] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P] interface Vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit
# Configure PE3.
[PE3] mpls
[PE3-mpls] quit
[PE3-Vlanif30] mpls
[PE3-Vlanif30] quit
Step 4 Set up an MPLS TE tunnel between PE1 and PE3, and an LSP between PE1 and PE2.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] quit
[PE1-Vlanif20] quit
[PE1] ospf 1

[PE1-ospf-1] area 0
# Configure the P.
[P] mpls
[P-mpls] mpls te
[P-mpls] quit
[P-Vlanif20] mpls te
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] opaque-capability enable
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE3.
[PE3] mpls
[PE3-mpls] mpls te
[PE3-mpls] quit
[PE3-Vlanif30] quit
[PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1
[PE3] ospf 1
[PE3-ospf-1] area 0
# Configure PE1.
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif40] quit
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif50] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that an
MPLS TE tunnel is set up between PE1 and PE3, and an MPLS LSP is set up between PE1 and
PE2.
<PE1> display tunnel-info all


----------------------------------------------------------------------
0x10001 cr lsp 3.3.3.3 0
0x10002 lsp 2.2.2.2 1

# Configure remote LDP sessions and set their IP addresses as the addresses of the loopback
interfaces on LDP remote peers.
NOTE
In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote
LDP sessions between them.
# Configure PE1.
# Configure PE3.
[PE3] mpls ldp
[PE3-mpls-ldp] quit
After the configuration, run the display mpls ldp session command on PEs. You can see that
the LDP peer relation is in Operational state. This indicates that the LDP sessions are set up.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

Step 6 Configure tunnel policies on PEs.

# Configure PE1.
[PE1] tunnel-policy p1
[PE1-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1
[PE1-tunnel-policy-p1] quit
# Configure PE3.
Step 7 Configure PWs on PEs by using PW templates.

# Configure a master PW and a backup PW on PE1. Configure a PW on each of PE2 and PE3.
The two PWs are both master PWs.
# Configure PE1.
[PE1] mpls l2vpn

[PE1-l2vpn] quit
[PE1] pw-template 1to2
[PE1-pw-template-1to2] peer-address 2.2.2.2
[PE1-pw-template-1to2] control-word
[PE1-pw-template-1to2] vccv cc cw cv lsp-ping
[PE1-pw-template-1to2] quit
[PE1-Vlanif10] mpls l2vc pw-template 1to3 100 tunnel-policy p1
[PE1-Vlanif10] mpls l2vc pw-template 1to2 200 secondary
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif10] mpls l2vc pw-template 2to1 200
[PE2-Vlanif10] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3-Vlanif10] quit
After the configuration, view information about L2VPN connections on the PEs. Run the display
mpls l2vc command on the PEs. You can see that the master and backup PWs are established
and the PW status is Up. The master PW is in Active state; the backup PW is in Inactive state.
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN


link state : up
local VCCV : cw lsp-ping
remote VCCV : cw lsp-ping
local control word : enable remote control word : enable
tunnel policy : p1
PW template name : 1to3
NO.0 TNL type : cr lsp, TNL ID : 0x10001

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : VLAN
local AC OAM state : up
local PSN state : up
active state : inactive
forwarding entry : existent
link state : up
tunnel policy : --
primary or secondary : secondary
reroute policy : delay 30 s, resume 10 s

reason of last reroute : New LDP mapping message was received
time of last reroute : 0 days, 0 hours, 0 minutes, 50 seconds
delay timer ID : -- rest time :--
resume timer ID : -- rest time :--
Client1 can ping the address 10.1.1.2 on Client2.

<CE1> ping 10.1.1.2


0.00% packet loss


Run the display mpls l2vc interface command on PE1. If the configuration is successful, you
can see that the master PW is in Active state, the backup PW is in InActive state.
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up
tunnel policy : p1

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : VLAN
link state : up
tunnel policy : --



Simulate a fault on VLANIF 20 of PE1.

Run the display mpls 12vc interface command on PE1. You can see that the status of the master
PW becomes Inactive and the status of the backup PW becomes Active.
session state : Down
AC state : up
VC state : Down
VC ID : 100
VC type : VLAN
local forwarding state : not forwarding
Dynamic BFD for PW : enable
Detect Multipier : 3
Min Transit Interval : 100
Max Receive Interval : 100
Dynamic BFD Session : built
forwarding entry : not exist
link state : down

tunnel policy : p1

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : VLAN


link state : up
tunnel policy : --

Client2 can ping the address 10.1.1.1 on Client1.

<CE2> ping 10.1.1.1

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
#
#

#
return
#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
#
#
#
#
return
#
sysname PE1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
pw-template 1to2
peer-address 2.2.2.2
control-word
vccv cc cw cv lsp-ping
#
pw-template 1to3
control-word
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.252
mpls l2vc pw-template 1to3 100 tunnel-policy p1
mpls l2vc pw-template 1to2 200 secondary
#
interface Vlanif20
ip address 100.13.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
ip address 100.12.1.1 255.255.255.252

mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3
mpls te commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.12.1.0 0.0.0.3
mpls-te enable
#
tunnel-policy p1
tunnel select-seq cr-lsp load-balance-number 1
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 100.13.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.34.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1

ip address 4.4.4.4 255.255.255.255

#
ospf 1
area 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.34.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
mpls-te enable
#
return
#
sysname PE3
#
vlan batch 10 30
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
pw-template 3to1
control-word
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif10
#
interface Vlanif30
ip address 100.34.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 100.34.1.0 0.0.0.3
mpls-te enable

#
tunnel-policy p1
#
return

#
sysname PE2
#
vlan batch 10 40
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
pw-template 2to1
control-word
#
mpls ldp
#
interface Vlanif10
mpls l2vc pw-template 2to1 200
#
interface Vlanif40
ip address 100.12.1.2 255.255.255.252
mpls
mpls ldp
#
port trunk allow pass vlan 10
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 100.12.1.0 0.0.0.3
#
return
Example for Configuring Kompella VLL FRR (Asymmetrically Connected CEs)
l A Kompella L2VPN connection using an MPLS TE tunnel is established between PE1 and
PE3.
l A Kompella L2VPN connection using an MPLS LSP is established between PE1 and PE2.
l If the master link (CE2 → PE3 → P → PE1) becomes faulty, the L2VPN traffic can be
rapidly switched to the backup link (CE2 → PE2 → PE1).

l After the master link (CE2 → PE3 → P → PE1) recovers from the fault, the L2VPN traffic
is switched back.
Figure 5-219 Networking diagram for configuring Kompella VLL FRR (asymmetrically
connected CEs)
P
1 P GE
2 /0/ 2 /0/
GE 2
1.1.1.1/32 3.3.3.3/32
4.4.4.4/32 GE
/1 2/ 0
2/0 / 1
GE
MPLS TE
PE1 PE3
Loopback1
GE1/0/0 GE2 MP GE1/0/0
/0/2 LS 2.2.2.2/32
L SP
GE2 GE1/0/0
/0/1
PE2
GE1/0/0
GE1/0/0
CE1 GE1/0/1 CE2
GE1/0/1
Client1 Client2
10.1.1.1/24 10.1.1.2/24
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32

1. Configure OSPF on the backbone network.
2. Set up an MPLS TE tunnel between PE1 and PE3, and an LSP between PE1 and PE2.
3. Set up Kompella active VLL connections on the PEs. When configuring the active VLL
connections, configure the tunnel policy because the active VLL connections are
established through MPLS TE tunnels.
Data Preparation
l Tunnel policy
l ASN of BGP
l Names of VPN instances, RDs, and VPN targets
l Names and IDs of the CEs (The CE IDs are globally unique.) CE range, namely, the label
block
Procedure
NOTE
Step 2 Assign an IP address to the interface connecting CE to PE.

# Configure CE1.
[CE1-Vlanif10] ip address 10.1.2.1 30 sub
[CE1-Vlanif10] quit
[CE1-Vlanif70] quit
# Configure CE2.
[CE2-Vlanif60] quit


[CE2-Vlanif50] quit
Step 3 Configure an IGP protocol on the MPLS backbone network so that PEs and P can interwork.
# Configure PE1.
[PE1-Vlanif20] quit
[PE1-Vlanif40] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
# Configure the P.
[Quidway] sysname P
[P] interface loopback1
[P-LoopBack1] quit
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] area 0
# Configure PE3.
[PE3-Vlanif30] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
# Configure PE2.
[PE2-Vlanif40] quit
[PE2] ospf 1

[PE2-ospf-1] area 0
other.
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Vlanif40
3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Vlanif20
4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Vlanif20
100.12.1.0/30 Direct 0 0 D 100.12.1.1 Vlanif40
100.12.1.2/32 Direct 0 0 D 100.12.1.2 Vlanif40
100.13.1.0/30 Direct 0 0 D 100.13.1.1 Vlanif20
100.13.1.2/32 Direct 0 0 D 100.13.1.2 Vlanif20
100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Vlanif20
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1-Vlanif20]mpls
[PE1-Vlanif20] quit
[PE1-Vlanif40]mpls
[PE1-Vlanif40] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit

# Configure PE3.
[PE3] mpls
[PE3-mpls] quit
[PE3-Vlanif30] mpls
[PE3-Vlanif30] quit
# Configure the MPLS TE tunnel.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-Vlanif20] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
# Configure the P.
[P] mpls
[P-mpls] mpls te
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] area 0
# Configure PE3.
[PE3] mpls
[PE3-mpls] mpls te
[PE3-Vlanif30] quit

[PE3] ospf 1
[PE3-ospf-1] area 0
# Use MPLS LDP to establish LSPs.

# Configure PE1.
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif40] quit
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif40] quit
PE2.
----------------------------------------------------------------------
0x1003d cr lsp 3.3.3.3 0
0x10027 lsp -- 1
0x10028 lsp 2.2.2.2 2
Step 6 Establish BGP L2VPN connections between PE1 and PE2, and between PE1 and PE3.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.2 connect-interface loopback1
# Configure PE3.
[PE3] bgp 100
# Configure PE2.
[PE2] bgp 100
After the configuration, run the display bgp l2vpn peer command on the PEs. You can see that
BGP L2VPN peers are in Established state.


<PE1> display bgp l2vpn peer

2.2.2.2 4 100 25 25 0 00:18:36 Established 0

3.3.3.3 4 100 26 29 0 00:23:27 Established 0
# Configure PE1.
# Configure PE3.
Step 8 Confiugre Kompella L2VPN connections on the PEs.
# Configure PE1.
[PE1-Vlanif10] quit
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] mpls l2vpn vpn1 encapsulation vlan control-word
[PE1-mpls-l2vpn-vpn1] ce ce1 id 1
[PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface Vlanif 10 tunnel-
policy p1
[PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 3 interface Vlanif 10 secondary
# Configure PE3.
[PE3-Vlanif60] quit
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface Vlanif 60 tunnel-
policy p1
# Configure PE2.
[PE2-Vlanif50] quit
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-mpls-l2vpn-ce-vpn1-ce3] connection ce-offset 1 Vlanif 50

After the configuration, view information about L2VPN connections on the PEs. Run the display
mpls l2vpn connection interface command on the PEs. You can see that the master and backup
PWs are established and the PW status is Up. The forwarding state of the master PW is True,
and that of the backup PW is False.

conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 2
peer id: 3.3.3.3
tunnel policy: p1
forward entry exist or not: true
AC OAM state: up
Local C bit is set, Remote C bit is set
tunnel type: cr lsp, id: 0x1003d
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 3
peer id: 2.2.2.2
primary or secondary: secondary
forward entry active or not:false
AC OAM state: up
Reroute policy : delay 30 s, resume 0 s

Reason of last reroute : --
Time of last reroute : -- days, -- hours, -- minutes, -- seconds
Step 9 Run OSPF on CE1 and CE2; advertise the route to 10.1.3.0/24 to CE2.
# Configure CE1.
[CE1] ospf 1
[CE1-ospf-1] area 0

# Configure CE2.
[CE2] ospf 1
[CE2-ospf-1] area 0
Run the display ip routing-table command on CE2. You can see that on CE2, the outgoing
interface of the routes to 10.1.3.0/24 is VLANIF 60. That is, the traffic is transmitted through
the primary path.
------------------------------------------------------------------------------
10.1.1.0/30 Direct 0 0 D 10.1.1.2 Vlanif60

10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Vlanif60
CE2 can ping 10.1.3.1 successfully.

<CE2> ping 10.1.3.1

0.00% packet loss

Run the display mpls l2vpn connection interface command, and you can see that the local VC
status and remote VC status of the master PW and the backup PW are both Up, the forwarding
state of the master PW is True, and the forwarding state of the backup PW is False.
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 2
peer id: 3.3.3.3
tunnel policy: p1
AC OAM state: up


conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 3
peer id: 2.2.2.2
AC OAM state: up

Remove the fault manually set on VLANIF 30 of PE3.

The status of the primary VC becomes Down. The forwarding state of the master PW becomes
False, and that of the backup PW becomes True. Take the display on PE1 for example.
conn-type: remote
local vc state: up
remote vc state: down
local ce-id: 1
local ce name: ce1
remote ce-id: 2
peer id: 3.3.3.3
tunnel policy: p1
forwardEntry exist or not: false
AC OAM state: up
BFD for PW state: down
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1

local ce name: ce1

remote ce-id: 3
peer id: 2.2.2.2
AC OAM state: up

Check the routing table on CE2, and you can see that the outgoing interface of the routes destined
for 10.1.3.0 changes to VLANIF 50. That is, L2VPN traffic is switched to the backup path.
------------------------------------------------------------------------------
10.1.1.0/30 OSPF 10 2 D 10.1.2.1 Vlanif50

10.1.3.1/32 OSPF 10 2 D 10.1.2.1 Vlanif50
Remove the fault manually set on VLANIF 30 of PE3.

[PE3-Vlanif30] undo shutdown
The status of the primary VC becomes Up. The forwarding state of the master PW becomes
True, and that of the backup PW becomes False. Take the display on PE1 for example.
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 2
peer id: 3.3.3.3
tunnel policy: p1
AC OAM state: up


conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 3
peer id: 2.2.2.2
AC OAM state: up

Time of last reroute : 0 days, 0 hours, 48 minutes, 52 seconds
Check the routing table on CE2, and you can see that the outgoing interface of the routes destined
for 10.1.3.0 changes to VLANIF 60. That is, the L2VPN traffic is switched back to the primary
path.
------------------------------------------------------------------------------
10.1.1.0/30 Direct 0 0 D 10.1.1.2 Vlanif60

10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Vlanif60
----End
Configuration Files
#
sysname CE1
#
vlan batch 10 70
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
ip address 10.1.2.1 255.255.255.0 sub
#
interface Vlanif70
ip address 10.1.3.1 255.255.255.0

#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
network 10.1.3.0 0.0.0.255
#
return
#
sysname CE2
#
vlan batch 50 60
#
interface Vlanif50
ip address 10.1.2.2 255.255.255.252
#
interface Vlanif60
ip address 10.1.1.2 255.255.255.252
#
#
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
#
return
#
sysname PE1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.252
#
interface Vlanif20
ip address 100.13.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40

ip address 100.12.1.1 255.255.255.252

mpls
mpls ldp
#
#
#
#
mpls l2vpn vpn1 encapsulation vlan control-word
connection ce-offset 2 interface Vlanif10 tunnel-policy p1
connection ce-offset 3 interface Vlanif10 secondary
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
l2vpn-family
policy vpn-target
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.12.1.0 0.0.0.3
mpls-te enable
#
tunnel-policy p1
#
return
#
sysname P
#
vlan batch 20 30
#

mpls lsr-id 4.4.4.4

mpls
mpls te
mpls rsvp-te
#
interface Vlanif 20
ip address 100.13.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.34.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.34.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
#
return
#
sysname PE3
#
vlan batch 30 60
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
interface Vlanif 30
ip address 100.34.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif60
ip address 10.1.1.1 255.255.255.252
#
#
#


#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.1 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 100.34.1.0 0.0.0.3
mpls-te enable
#
tunnel-policy p1
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif40
ip address 100.12.1.2 255.255.255.252
ospf cost 1
mpls
mpls ldp
#
interface Vlanif50
ip address 10.1.1.1 255.255.255.252
#
#
#

#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.1 enable
#
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 100.12.1.0 0.0.0.3
#
return
5.10.5 PWE3 Configuration

This chapter describes the principle, configuration procedures, and configuration examples of
PWE3.
Example for Configuring a Dynamic SH-PW
As shown in Figure 5-220, PE1 and PE2 are connected through an MPLS backbone network.
An LSP needs to be used to set a dynamic PW between PE1 and PE2.

Figure 5-220 Networking diagram for configuring a dynamic SH-PW (using LSP)
MPLS Backbone

192.2.2.2/32 192.4.4.4/32 192.3.3.3/32
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
PE1 GE1/0/0 P GE1/0/0 PE2
PW
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 192.2.2.2/32
Loopback1 - 192.3.3.3/32
Loopback1 - 192.4.4.4/32
1. Run an IGP protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP. Set up
the MPLS LDP peer relation between the two PEs on the two ends of the PW.
3. Create an MPLS L2VC connection between the two PEs.
Data Preparation

l Identical L2VC IDs of PEs on the two ends of a PW

l MPLS LSR ID of each PE and P
l Peer address of PE
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to
Figure 5-220.
NOTE
Step 2 Assign an IP address to the VLANIF interface connecting the CE to the PE.
The OSPF protocol is used in this example.
After the configuration, run the display ip routing-table command. You can see that PE1 and
PE2 can learn the loopback 0 address of each other that is discovered by the OSPF protocol, and
can ping each other.
------------------------------------------------------------------------------
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20

10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
192.3.3.3/32 OSPF 10 3 D 10.1.1.2 Vlanif20
192.4.4.4/32 OSPF 10 2 D 10.1.1.2 Vlanif20
<PE1> ping 192.3.3.3


0.00% packet loss
Step 4 Enable MPLS and set up tunnels and LDP sessions.
Enable MPLS on the backbone network, set up LSPs and LDP remote sessions between the PEs.

After the configuration, run the related command, and you can see that LDP sessions are set up
between PEs, and between each pair of PE and P, and the session status is Operational.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 5 Create a VC connection.

Enable MPLS L2VPN on PE1 and PE2; create a VC on each PE.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif30] quit

View information about the L2VPN connection on the PEs, and you can see that an L2VC is set
up and is in Up state.
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up

tunnel policy : --

<CE1> ping 100.1.1.2
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 192.3.3.3
#
interface Vlanif10
mpls l2vc 192.3.3.3 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls

mpls ldp
#
#
#
interface LoopBack0
ip address 192.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 40
#
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls
#
mpls l2vpn

#
mpls ldp
#
remote-ip 192.2.2.2
#
interface Vlanif30
mpls l2vc 192.2.2.2 100
#
interface Vlanif40
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 192.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 30
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Static MH-PW
You need to set up a static MH-PW between U-PE1 and U-PE2. The S-PE is the switching node,
which sets up a two-hop static PW.

Figure 5-221 Networking diagram for configuring a static MH-PW

2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
P1 P2
GE1/0/0 GE1/0/0
GE2/0/0 GE2/0/0
GE1/0/0 S-PE GE2/0/0
Loopback0 Loopback0
1.1.1.9/32 PW Sta 5.5.5.9/32
tic tic
Sta PW
GE2/0/0 GE1/0/0
U-PE1 U-PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
U-PE1 GigabitEthernet1/0/0 VLANIF 10 -
Loopback0 - 1.1.1.9/32
U-PE2 GigabitEthernet1/0/0 VLANIF 50 40.1.1.2/24
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
S-PE GigabitEthernet1/0/0 VLANIF 30 20.1.1.2/24
Loopback0 - 3.3.3.9/32

1. Run a routing protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP.
4. Create a switching PW on the S-PE.
Data Preparation
l L2VC IDs of U-PE1 and U-PE2
l Name of the PW template and attributes of the PW template used on the U-PEs
l VC labels of the PW (pay attention to the mapping between the VC labels on the two ends)
l Encapsulation type of the S-PE
Procedure
NOTE

Configure interface addresses of the U-PE, S-PE, and P according to Figure 5-221. When
configuring OSPF, note that the 32-bit loopback interfaces of U-PE1, S-PE, and U-PE2 must be
advertised.
Step 4 Configure basic MPLS functions and set up tunnels.
Configure the basic MPLS capability on the MPLS backbone network. Set up LSPs between U-
PE1 and S-PE, and between S-PE and U-PE2. The configuration procedure is not mentioned.
Enable MPLS L2VPN on U-PE1 and U-PE2. Create VC connections on two U-PEs.
# Configure U-PE1.
[U-PE1] pw-template pwt
[U-PE1-pw-template-pwt] peer-address 3.3.3.9
[U-PE1-pw-template-pwt] quit
[U-PE1] mpls l2vpn

[U-PE1-l2vpn] quit
[U-PE1] interface vlanif 10
[U-PE1-Vlanif10] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100
receive-vpn-label 100
[U-PE1-Vlanif10] quit
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans
100 recv 100 encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
NOTE
The transmit-vpn-label set on the U-PE must be consistent with the recv label on the S-PE; the receive-
vpn-label set on the U-PE must be consistent with the trans label on the S-PE. Otherwise, CEs cannot

View information about the L2VPN connection on the PEs, and you can see that an L2VC is set
up and is in Up state.
Take U-PE1 and S-PE for example.
<U-PE1> display mpls static-l2vc interface vlanif 10
AC Status : up
VC State : up
VC ID : 100
VC Type : VLAN
Tunnel Policy : --
PW Template Name : pwt
<S-PE> display mpls switch-l2vc

Total Switch VC : 1, 1 up, 0 down
*Switch-l2vc type : SVC<---->SVC

Peer IP Address : 5.5.5.9, 1.1.1.9
VC ID : 100, 100
VC Type : VLAN
VC State : up
In/Out Label : 200/200, 100/100
Control Word : Disable, Disable
VCCV Capability : Disable, Disable

Switch-l2vc tunnel info :

1 tunnels for peer 5.5.5.9

<CE1> ping 100.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname U-PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
pw-template pwt
#
mpls ldp
#
interface Vlanif10
mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label
100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0

mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#

mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100
recv 100 encapsulation vlan
#
mpls ldp
#
interfave Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interfave Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0

network 4.4.4.9 0.0.0.0

network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return

#
sysname U-PE2
#
vlan batvh 50 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
#
mpls ldp
#
interface Vlanif50
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
200
#
#
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return

#
sysname CE1
#
vlan batch 60
#
interface Vlanif60
ip address 100.1.1.2 255.255.255.0
#
#
return

Example for Configuring a Dynamic MH-PW
As shown in Figure 5-222, U-PE1 and U-PE2 are connected through the MPLS backbone
network. Use the LSP and set S-PE as the switching node to set up a dynamic MH-PW between
U-PE1 and U-PE2.
Figure 5-222 Networking diagram for configuring a dynamic MH-PW

2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
P1 P2
GE1/0/0 GE1/0/0
GE2/0/0 GE2/0/0
GE1/0/0 S-PE GE2/0/0
Loopback0 Loopback0
1.1.1.9/32 100 PW 5.5.5.9/32
PW 200
GE2/0/0 GE1/0/0
U-PE1 U-PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32

Loopback0 - 3.3.3.9/32
2. Configure the basic MPLS functions on the backbone network and set up an LSP. Set up
MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and S-PE.
3. Create a PW template. Enable the CW and LSP ping function.
Data Preparation
l L2VC IDs on U-PE1 and U-PE2 (the L2VC IDs should be different)
l IP addresses of the remote peers
l Name and parameters of the PW template on U-PEs
Procedure
NOTE
Step 2 Assign an IP address to the interface connecting CE to PE.

Configure an IGP protocol on the MPLS backbone network. OSPF is used as the IGP protocol
in this example.
Configure interface addresses of the U-PE, S-PE, and P. When configuring OSPF, note that the
32-bit loopback interfaces of U-PE1, S-PE, and U-PE2 must be advertised.
After the configuration, run the display ip routing-table command on U-PE, P, or S-PE, and
you can see that the devices can learn each other's routes. Take the display on S-PE for example.

<S-PE> display ip routing-table

------------------------------------------------------------------------------
1.1.1.9/32 OSPF 10 3 D 20.1.1.1 Vlanif30

2.2.2.9/32 OSPF 10 2 D 20.1.1.1 Vlanif30
4.4.4.9/32 OSPF 10 2 D 30.1.1.2 Vlanif40
5.5.5.9/32 OSPF 10 3 D 30.1.1.2 Vlanif40
10.1.1.0/24 OSPF 10 2 D 20.1.1.1 Vlanif30
20.1.1.0/24 Direct 0 0 D 20.1.1.2 Vlanif30
20.1.1.1/32 Direct 0 0 D 20.1.1.1 Vlanif30
30.1.1.0/24 Direct 0 0 D 30.1.1.1 Vlanif40
30.1.1.2/32 Direct 0 0 D 30.1.1.2 Vlanif40
40.1.1.0/24 OSPF 10 2 D 30.1.1.2 Vlanif40
The U-PEs can ping each other. Take the display on U-PE1 for example.
<U-PE1> ping 40.1.1.2

0.00% packet loss
Step 4 Enable MPLS and set up LSPs and LDP sessions.
Configure the basic MPLS capability on the MPLS backbone network. Set up tunnels and LDP
sessions between U-PE1 and S-PE, and between S-PE and U-PE2.
# Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9
[U-PE1] mpls
[U-PE1-mpls] quit
[U-PE1] mpls ldp
[U-PE1-mpls-ldp] quit
[U-PE1-Vlanif20] mpls
[U-PE1-Vlanif20] mpls ldp
[U-PE1] mpls ldp remote-peer 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure P1.
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1-Vlanif20] mpls


[P1-Vlanif20] quit
[P1-Vlanif30] mpls
[P1-Vlanif30] quit
# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9
[S-PE] mpls
[S-PE-mpls] quit
[S-PE] mpls ldp
[S-PE-mpls-ldp] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif30] mpls
[S-PE-Vlanif30] mpls ldp
[S-PE-Vlanif30] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif40] mpls
[S-PE-Vlanif40] mpls ldp
[S-PE-Vlanif40] quit
[S-PE] mpls ldp remote-peer 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] quit
[S-PE] mpls ldp remote-peer 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] quit
# Configure P2.
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2-Vlanif40] mpls
[P2-Vlanif40] quit
[P2-Vlanif50] mpls
[P2-Vlanif50] quit
# Configure U-PE2.
[U-PE2] mpls lsr-id 5.5.5.9
[U-PE2] mpls
[U-PE2-mpls] quit
[U-PE2] mpls ldp
[U-PE2-mpls-ldp] quit
[U-PE2-Vlanif50] mpls
[U-PE2-Vlanif50] mpls ldp
[U-PE2] mpls ldp remote-peer 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] quit
After the configuration, run thedisplay mpls ldp session command on U-PE, P, or S-PE, and
you can see that the session status is Operational. Run the display mpls ldp peer command, and
you can see the status of the LDP sessions and adjacencies. Run the display mpls lsp command,
and you can see the status of the LSP. Take the display on S-PE for example.
<S-PE> display mpls ldp session

------------------------------------------------------------------------------


------------------------------------------------------------------------------
------------------------------------------------------------------------------
<S-PE> display mpls ldp peer

------------------------------------------------------------------------------
------------------------------------------------------------------------------
1.1.1.9:0 1.1.1.9 Remote Peer : 1.1.1.9
2.2.2.9:0 2.2.2.9 Vlanif30
4.4.4.9:0 4.4.4.9 Vlanif40
5.5.5.9:0 5.5.5.9 Remote Peer : 5.5.5.9
------------------------------------------------------------------------------
<S-PE> display mpls lsp

----------------------------------------------------------------------
----------------------------------------------------------------------
3.3.3.9/32 3/NULL -/-
1.1.1.9/32 NULL/1024 -/Vlanif30
1.1.1.9/32 1024/1024 -/Vlanif30
2.2.2.9/32 NULL/3 -/Vlanif30
2.2.2.9/32 1025/3 -/Vlanif30
4.4.4.9/32 NULL/3 -/Vlanif40
4.4.4.9/32 1027/3 -/Vlanif40
5.5.5.9/32 NULL/1027 -/Vlanif40
5.5.5.9/32 1026/1027 -/Vlanif40
Step 5 Create and configure the PW template.
Create a PW template on each U-PE. Enable the CW and LSP ping function.
# Configure U-PE1.
[U-PE1-pw-template-pwt] control-word
[U-PE1-pw-template-pwt] vccv cc cw cv lsp-ping
# Configure U-PE2.
[U-PE2-pw-template-pwt] control-word
[U-PE2-pw-template-pwt] vccv cc cw cv lsp-ping
NOTE
You can configure a dynamic PW without using a PW template. If the PW template is not used, PW
connectivity cannot be verified and path information of the PW cannot be collected. That is, the ping vc
and tracert vc commands cannot be used.
Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE.
Configure the dynamic PW on the U-PE. Enable dynamic PW switching on the S-PE.

# Configure U-PE1.
[U-PE1] mpls l2vpn
[U-PE1-l2vpn] quit
[U-PE1-Vlanif10] mpls l2vc pw-template pwt 100
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2-Vlanif60] mpls l2vc pw-template pwt 200

1. Display information about the PWE3 connection.
Display information about the L2VPN connection on U-PE and S-PE. You can see that an
L2VC is set up and the VC status is Up.
Take the display on U-PE1 for example.
<U-PE1> display mpls l2vc interface vlanif 10
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up
PW template name : pwt
Display the status of the switching L2VC on S-PE.


*Switch-l2vc type : LDP<---->LDP

Peer IP Address : 5.5.5.9, 1.1.1.9
VC ID : 200, 100
VC Type : vlan
VC State : up
VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW |
-Local VC :| UP | UP | UP | | UP | UP | UP |
-Remote VC:| UP | UP | UP | | UP | UP | UP |
Session State : up, up
Local/Remote Label : 21504/21504, 21505/21504
Local/Remote MTU : 1500/1500, 1500/1500
Local/Remote Control Word : Enable/Enable, Enable/Enable
Local/Remote VCCV Capability : cw lsp-ping/cw lsp-ping, cw lsp-ping/cw lsp-
ping
NO.0 TNL Type : lsp , TNL ID : 0X20026
2. Verify the connectivity of the PW.

Run the ping vc command on the U-PE, and you can see that the connectivity of the PW
is normal. Take the display on U-PE1 for example.
<U-PE1> ping vc vlan 100 control-word remote 200
Reply: bytes=100 Sequence=1 time = 740 ms
--- FEC: FEC 128 PSEUDOWIRE (NEW). Type = vlan, ID = 100 ping statistics ---
0.00% packet loss
3. Collect path information about the PW.

Run the tracert vc command on the U-PE, and you can collect information about the LSRs
where the PW passes through and the egress PE. Take the display on U-PE1 for example.
<U-PE1> tracert vc vlan 100 control-word remote 200 full-lsp-path
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 100 ms Transit 20.1.1.2/[3 ]
2 20.1.1.2 60 ms Transit
3 30.1.1.2 80 ms Transit 40.1.1.2/[3 ]
4 40.1.1.2 150 ms Egress
<U-PE1> tracert vc vlan 100 control-word remote 200

0 Ingress 10.1.1.2/[1025 ]
2 20.1.1.2 60 ms Transit
4 40.1.1.2 110 ms Egress
If the S-PE is disabled from responding to an MPLS Echo Request packet, the configuration
on the S-PE is as follows:
[S-PE] undo lspv mpls-lsp-ping echo enable
Run the tracert vc command on the U-PE to collect information about LSRs and egress
PE, the U-PE displays the timeout information because it does not receive the reply packet.
0 Ingress 10.1.1.2/[1025 ]

1 10.1.1.2 130 ms Transit 20.1.1.2/[3 ]

2 Request time out
3 30.1.1.2 80 ms Transit 40.1.1.2/[3 ]
4 40.1.1.2 100 ms Egress

0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 40.1.1.2 130 ms Egress
To prevent PWE3 tracert attacks, you can configure the U-PE to filter the MPLS Echo
Request packets according to the MAC addresses. The filtering rules can be specified in
the ACL. For example, you can configure the ACL on U-PE2 that prevents U-PE1 from
obtaining the path information about U-PE2 through the tracert vc command. The
configuration is as follows:
[U-PE2] acl 3001
[U-PE2-acl-adv-3001] rule deny udp source 1.1.1.9 0
[U-PE2-acl-adv-3001] quit
[U-PE2] lspv packet-filter 3001
Run the tracert vc command on U-PE1, and then U-PE1 cannot collect information about
the egress PE of the PW. Take the display on U-PE1 for example.
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 110 ms Transit 20.1.1.2/[3 ]
2 Request time out
3 30.1.1.2 60 ms Transit 40.1.1.2/[3 ]
4 Request time out
5 Request time out
6 Request time out
7 Request time out

0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 Request time out
5 Request time out
6 Request time out
7 Request time out
By running the tracert vc command on U-PE2, however, you can collect information about
the LSRs where the PW passes through from U-PE2 to U-PE1 and information about the
egress PE.
[U-PE2] tracert vc vlan 200 control-word remote 100 full-lsp-path
0 Ingress 40.1.1.1/[1026 ]
1 40.1.1.1 120 ms Transit 30.1.1.1/[3 ]
2 Request time out
3 20.1.1.1 60 ms Transit 10.1.1.1/[3 ]
4 10.1.1.1 160 ms Egress
[U-PE2] tracert vc vlan 200 control-word remote 100

0 Ingress 40.1.1.1/[1026 ]
2 Request time out
4 10.1.1.1 120 ms Egress
Run the display lspv configuration command on U-PE2, and you can view the
configuration of PWE3 tracert.
<U-PE2> display lspv configuration
lspv packet filter 3001
Run the display lspv statistics command on U-PE, and you can view the statistics of PWE3
tracert. Take the display on U-PE2 for example.

<U-PE2> display lspv statistics

Total sent: 10 packet(s)
Total received: 10 packet(s)
MPLS echo request sent: 0 packet(s), received: 10 packet(s)
MPLS echo reply sent: 10 packet(s), received: 0 packet(s)
Run the reset lspv statistics command on U-PE, and you can clear the statistics of PWE3
<U-PE2> reset lspv statistics
4. Verify the connectivity between CEs and view path information between the CEs.
<CE1> ping 100.1.1.2

0.00% packet loss
Information about the path between CE1 and CE2 is as follows:

[CE1] tracert 100.1.1.2
1 100.1.1.2 250 ms 220 ms 130 ms
Step 8 Display information about the PWE3 connection.

Display information about the L2VPN connection on U-PE and S-PE. You can see that an L2VC
is set up and the VC status is Up.
<U-PE1> display mpls l2vc interface Vlanif 10
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up


PW template name : pwt
Display the status of the switching L2VC on S-PE.

*Switch-l2vc type : LDP<---->LDP

Peer IP Address : 5.5.5.9, 1.1.1.9
VC ID : 200, 100
VC Type : VLAN
VC State : up
VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW |
-Local VC :| UP | UP | UP | | UP | UP | UP |
-Remote VC:| UP | UP | UP | | UP | UP | UP |
Session State : up, up
Local/Remote Label : 21504/21504, 21505/21504
Local/Remote MTU : 1500/1500, 1500/1500
Local/Remote Control Word : Enable/Enable, Enable/Enable
Local/Remote VCCV Capability : cw lsp-ping/cw lsp-ping, cw lsp-ping/cw lsp-ping
NO.0 TNL Type : lsp , TNL ID : 0X20026
Step 9 Verify the connectivity of the PW.

Run the ping vc command on the U-PE, and you can see that the connectivity of the PW is
normal. Take the display on U-PE1 for example.
<U-PE1> ping vc vlan 100 control-word remote 200
--- FEC: FEC 128 PSEUDOWIRE (NEW). Type = vlan, ID = 100 ping statistics ---
0.00% packet loss
Step 10 Collect path information about the PW.

Run the tracert vc command on the U-PE, and you can collect information about the LSRs
where the PW passes through and the egress PE. Take the display on U-PE1 for example.
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 100 ms Transit 20.1.1.2/[3 ]
2 20.1.1.2 60 ms Transit
3 30.1.1.2 80 ms Transit 40.1.1.2/[3 ]
4 40.1.1.2 150 ms Egress


0 Ingress 10.1.1.2/[1025 ]
2 20.1.1.2 60 ms Transit
4 40.1.1.2 110 ms Egress
If the S-PE is disabled from responding to an MPLS Echo Request packet, the configuration on
the S-PE is as follows:
[S-PE] undo lspv mpls-lsp-ping echo enable
Run the tracert vc command on the U-PE to collect information about LSRs and egress PE, the
U-PE displays the timeout information because it does not receive the reply packet. Take the
display on U-PE1 for example.
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 130 ms Transit 20.1.1.2/[3 ]
2 Request time out
3 30.1.1.2 80 ms Transit 40.1.1.2/[3 ]
4 40.1.1.2 100 ms Egress

0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 40.1.1.2 130 ms Egress
To prevent PWE3 tracert attacks, you can configure the U-PE to filter the MPLS Echo Request
packets according to the MAC addresses. The filtering rules can be specified in the ACL. For
example, you can configure the ACL on U-PE2 that prevents U-PE1 from obtaining the path
information about U-PE2 by running the tracert vc command. The configuration is as follows:
[U-PE2] acl 3001
[U-PE2-acl-adv-3001] rule deny udp source 1.1.1.9 0
[U-PE2-acl-adv-3001] quit
[U-PE2] lspv packet-filter 3001
Run the tracert vc command on U-PE1, and then U-PE1 cannot collect information about the
egress PE of the PW. Take the display on U-PE1 for example.
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 110 ms Transit 20.1.1.2/[3 ]
2 Request time out
3 30.1.1.2 60 ms Transit 40.1.1.2/[3 ]
4 Request time out
5 Request time out
6 Request time out
7 Request time out

0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 Request time out
5 Request time out
6 Request time out
7 Request time out
By running the tracert vc command on U-PE2, however, you can collect information about the
LSRs where the PW passes through from U-PE2 to U-PE1 and information about the egress PE.
[U-PE2] tracert vc vlan 200 control-word remote 100 full-lsp-path
0 Ingress 40.1.1.1/[1026 ]
1 40.1.1.1 120 ms Transit 30.1.1.1/[3 ]

2 Request time out

3 20.1.1.1 60 ms Transit 10.1.1.1/[3 ]
4 10.1.1.1 160 ms Egress
[U-PE2] tracert vc vlan 200 control-word remote 100

0 Ingress 40.1.1.1/[1026 ]
2 Request time out
4 10.1.1.1 120 ms Egress
Run the display lspv configuration command on U-PE2, and you can view the configuration
of PWE3 tracert.
<U-PE2> display lspv configuration
lspv packet filter 3001
Run the display lspv statistics command on U-PE, and you can view the statistics of PWE3
Run the reset lspv statistics command on U-PE, and you can clear the statistics of PWE3 tracert.
<U-PE2> reset lspv statistics
Step 11 Verify the connectivity between CEs and view path information between the CEs.
<CE1> ping 100.1.1.2

0.00% packet loss
Information about the path between CE1 and CE2 is as follows:

[CE1] tracert 100.1.1.2
1 100.1.1.2 250 ms 220 ms 130 ms
----End
Configuration Files
#
sysname CE1
#

vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return
#
sysname U-PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
pw-template pwt
control-word
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc pw-template pwt 100
#
interface Vlanif 20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20

ip address 10.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation vlan
#
mpls ldp
#
remote-ip 1.1.1.9
#
remote-ip 5.5.5.9
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#

ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
#
sysname U-PE2
#
vlan batch 50 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
control-word
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif50

ip address 40.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface Vlanif60
mpls l2vc pw-template pwt 200
#
#
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 60
#
interface Vlanif60
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring a Mixed MH-PW
U-PE1 and U-PE2 are connected through the MPLS backbone network.
You need to create a mixed MH-PW between U-PE1 and U-PE2 with the S-PE as the switching
node.

Figure 5-223 Networking diagram for configuring a mixed MH-PW

2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
P1 S-PE P2
GE1/0/0 GE1/0/0
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
Loopback0 100 Sta Loopback0

c PW t ic P
1.1.1.9/32 m i 5.5.5.9/32
W2
D yna 00
GE2/0/0
GE1/0/0
U-PE1 GE1/0/0 GE2/0/0 U-PE2
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 3.3.3.9/32

2. Configure the basic MPLS functions on the backbone network and set up an LSP.
3. Set up a remote LDP session between the U-PE and S-PE.
4. Create a static or dynamic MPLS L2VC connection between the two U-PEs.
5. Create a switching PW on the S-PE.
Data Preparation
l L2VC IDs on U-PE1 and U-PE2 (the L2VC IDs should be different)
l VC label of the static PW on U-PE2 (pay attention to the mapping between the VC labels
on the two ends)
l Encapsulation type of the PW
l Name and attributes of the PW template used on U-PE2
Procedure
NOTE

Configure addresses of the VLANIF interfaces on the U-PE, S-PE, and P according to Figure
5-223. When configuring OSPF, note that the 32-bit loopback interfaces of U-PE1, S-PE, and
U-PE2 must be advertised.
Step 4 Enable MPLS on U-PE1 and S-PE. Set up a tunnel and a remote LDP session between U-PE1
and S-PE.
Configure basic MPLS functions and tunnels on the MPLS backbone network. In this example,
the LSPs are configured as tunnels.
You need to set up a remote LDP session between U-PE1 and S-PE.

Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE.

Create a dynamic VC connection U-PE1 and a static VC connection on U-PE2. Configure a
mixed switching PW on the S-PE.
# Configure U-PE1.
[U-PE1] mpls l2vpn
[U-PE1-Vlanif10] mpls l2vc 3.3.3.9 100
NOTE
When configuring mixed switching PW, note that ip-address vc-id on the left of between specifies the
dynamic PW, and ip-address vc-id on the right of between specifies the static PW. They cannot be
interchanged.
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100
encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit

Display information about the L2VPN connection on PE. You can see that an L2VC is set up
Take the display on U-PE1 and S-PE for example.
<U-PE1> display mpls l2vc interface vlanif 10
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up

tunnel policy : --

*Switch-l2vc type : LDP<---->SVC

Peer IP Address : 1.1.1.9, 5.5.5.9
VC ID : 100, 200
VC Type : VLAN
VC State : up
Session State : up, None
Local(In)/Remote(Out) Label : 21504/21504, 100/200
Local/Remote MTU : 1500/1500, 1500
Local/Remote Control Word : Disable/Disable, Disable
Local/Remote VCCV Capability : Disable/Disable, Disable

<CE1> ping 100.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return


#
sysname U-PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc 3.3.3.9 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
#


#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100
encapsulation vlan
#
mpls ldp
#
remote-ip 1.1.1.9
#
remote-ip 5.5.5.9
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
#
sysname P2
#
vlan batch 40 50
#

mpls lsr-id 4.4.4.9

mpls
#
mpls ldp
#
interface Vlanif 40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
#
sysname U-PE2
#
vlan batch 50 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif 50
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
200
#
#
#

interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 60
#
interface Vlanif 60
ip address 100.1.1.2 255.255.255.0
#
#
return
Example for Configuring PW FRR
l The CEs are connected to the PEs through Ethernet links.
l A PW is set up between PE1 and PE3. This PW is the master PW, and uses the MPLS TE
tunnel.
l A PW is set up between PE1 and PE2. This PW is the backup PW, and uses the MPLS
LSP.
l If the master link (CE2 → PE3 → P → PE1) becomes faulty, the L2VPN traffic can be
rapidly switched to the backup link (CE2 → PE2 → PE1).
l After the master link (CE2 → PE3 → P → PE1) recovers from the fault, the L2VPN traffic
is switched back.

Figure 5-224 Networking diagram for configuring PW FRR - CEs are asymmetrically connected
to PEs through Ethernet links
P
1 GE
2 /0/ 2 /0/
Loopback1 GE 2
Loopback1
1.1.1.1/32 3.3.3.3/32
Loopback1
1 4.4.4.4/32 GE
2 /0/ 2 /0/
GE MPLS TE 1
PE1 PE3
GE2 MP Loopback1
/0/2 LS 2.2.2.2/32
GE1/0/0 LSP GE1/0/0
GE2
/0 /1 GE1/0/0
PE2
GE1/0/0
GE1/0/0
GE1/0/1
CE1 CE2
GE1/0/1 GE1/0/2
Client1 Client2
10.1.1.1/24 10.1.1.2/24
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
CE1 GigabitEthernet1/0/0 VLANIF 10 -
CE2 GigabitEthernet1/0/0 VLANIF 60 -

1. Configure an IGP protocol on the backbone network.

2. Set up MPLS TE tunnels between PE1 and PE3, and LSPs between PE1 and PE2.
3. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3.
4. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure
the master PW because the master PW uses the MPLS TE tunnel.
Data Preparation
l Tunnel policy
l Bandwidth for MPLS TE tunnels
l Name of the remote peer of MPLS LDP
l VC IDs of the master PW and the backup PW
l Name of the PW template
Procedure
Step 1 Configure the VLAN that each interface belongs to.
NOTE
Step 2 Configure an IGP protocol on the MPLS backbone network so that PEs and P can interwork.
# Configure PE1.
[PE1-Vlanif20] quit
[PE1-Vlanif40] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure the P.


[P-LoopBack1] quit
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE3.
[PE3-Vlanif30] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
[PE3-ospf-1] quit
# Configure PE2.
[PE2-Vlanif40] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
other.
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Vlanif40
3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Vlanif20
4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Vlanif20
100.12.1.0/30 Direct 0 0 D 100.12.1.1 Vlanif40
100.12.1.2/32 Direct 0 0 D 100.12.1.2 Vlanif40
100.13.1.0/30 Direct 0 0 D 100.13.1.1 Vlanif20


100.13.1.2/32 Direct 0 0 D 100.13.1.2 Vlanif20
100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Vlanif20
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
[PE1-Vlanif40] mpls
[PE1-Vlanif40] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2-Vlanif40] mpls
[PE2-Vlanif40] quit
# Configure PE3.
[PE3] mpls
[PE3-mpls] quit
[PE3-Vlanif30] mpls
[PE3-Vlanif30] quit
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] quit
[PE1-Vlanif20] quit
[PE1] mpls ldp

[PE1-mpls-ldp] quit
[PE1-Vlanif40] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure the P.
[P] mpls
[P-mpls] mpls te
[P-mpls] quit
[P] interface Vlanif 20
[P-Vlanif20] quit
[P-Vlanif30] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE3.
[PE3] mpls
[PE3-mpls] mpls te
[PE3-mpls] quit
[PE3-Vlanif30] quit
[PE3] ospf 1
[PE3-ospf-1] area0

[PE3-ospf-1] quit
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif40] quit
PE2.

----------------------------------------------------------------------
0x42002 cr lsp 3.3.3.3 0
0x20021 lsp -- 1
0x20022 lsp 2.2.2.2 2
# Configure remote LDP sessions and set their IP addresses as the addresses of the loopback
interfaces on LDP remote peers.
NOTE
In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote
LDP sessions between them.
# Configure PE1.
# Configure PE3.
[PE3] mpls ldp
[PE3-mpls-ldp] quit
After the configuration, run the display mpls ldp session command on PEs. You can see that
the LDP peer relation is in Operational state. This indicates that the LDP sessions are set up.


------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
# Configure PE1.

# Configure PE3.
Step 7 Configure PWs on PEs by using PW templates.

# Configure a master PW and a backup PW on PE1. Configure a PW on each of PE2 and PE3.
The two PWs are both master PWs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd
[PE1-Vlanif10] mpls l2vc pw-template 1to2 200 secondary
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif50] mpls l2vc pw-template 2to1 200
[PE2-Vlanif50] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3-Vlanif60] quit
After the configuration, run the display pw-template command on PEs. You can view the
configurations of PW templates, and you can see that VCCV is enabled.
[PE1] display pw-template
Total PW template number : 2
PW Template Name : 1to2

PeerIP : 2.2.2.2
Tnl Policy Name : --
CtrlWord : Enable
VCCV Capability : cw lsp-ping bfd
Behavior Name : --
Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
PW Template Name : 1to3

PeerIP : 3.3.3.3
Tnl Policy Name : --
CtrlWord : Enable
VCCV Capability : cw lsp-ping bfd
Behavior Name : --
Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
After the configuration, run the display mpls l2vc interface command on PEs. You can see that
the master PW and backup PW are Up. The master PW is in Active state; the backup PW is in
Inactive state.

session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up
local VCCV : cw lsp-ping bfd
remote VCCV : cw lsp-ping bfd
tunnel policy : p1

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : vlan


link state : up
tunnel policy : --

Client1 can ping 10.1.1.2 on Client2.

[Client] ping 10.1.1.2
Reply from 10.1.3.110.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms

0.00% packet loss
Run the display mac-address dynamic command on CEs. Take the display on CE2 for example.
You can see that GE1/0/0 has learned the MAC address of Client1 (00e0-413f-8401) and
GE1/0/2 has learned the MAC address of Client2 (00e0-c279-e10a 10). This indicates that the
clients are using the master link CE2 → PE3 → P → PE1 to forward data.
[CE2] display mac-address dynamic 1
MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp
--------------------------------------------------------------------------------
00e0-413f-8401 10 - - GE1/0/0 dynamic 1/0
00e0-c279-e10a 10 - - GE1/0/2 dynamic 1/0
Total 2 ,2 printed

l View the status of PWs.
Run the display mpls l2vc interface command on PE1. If the configuration is successful, you
can see that the master PW is in Active state, the backup PW is in InActive state.
session state : up
AC state : up

VC state : up
VC ID : 100
VC type : VLAN
link state : up
tunnel policy : p1
*client interface : Vlanif10is up

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : VLAN
link state : up
tunnel policy : --



l Verify the switchover of PWs on PE1.
Run the shutdown command on VLANIF 30 of PE3.

[PE3-Vlanif30] quit
PW becomes Inactive and the status of the backup PW becomes Active.
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up
tunnel policy : p1

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : VLAN

link state : up
tunnel policy : --


[Client1] ping 10.1.1.2

0.00% packet loss
Run the display mac-address dynamic command again on CEs. Take the display on CE2 for
example. You can see that GE1/0/1 of CE2 has learned the MAC addresses of Client1
(00e0-413f-8401) and GE1/0/2 of CE2 has learned the MAC addresses of Client2 (00e0-c279-
e10a 10). This indicates that the clients are using the backup link CE2 → PE2 → PE1 to forward
data.
--------------------------------------------------------------------------------
00e0-413f-8401 10 - - GE1/0/1 dynamic 1/0
00e0-c279-e10a 10 - - GE1/0/2 dynamic 1/0
Total 2 ,2 printed
Perform undo shutdown on VLANIF 30 of PE3.

[PE3-Vlanif301] undo shutdown
[PE3-Vlanif30] quit
PW becomes Active and the status of the backup PW becomes Inactive.
[PE1] display mpls l2vc interface Vlanif10
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN

link state : up
tunnel policy : p1
*client interface : GigabitEthernet1/0/0.1 is up

session state : up
AC state : up
VC state : up
VC ID : 200
VC type : vlan
link state : up
tunnel policy : --



[Client1] ping 10.1.1.2

0.00% packet loss
Run the display mac-address dynamic command on CEs. Take the display on CE2 for example.
You can see that GE1/0/0 has learned the MAC address of Client1 (00e0-413f-8401) and
GE1/0/2 has learned the MAC address of Client2 (00e0-c279-e10a 10). This indicates that the
clients use the master link CE2 → PE3 → P → PE1 to forward data again.
--------------------------------------------------------------------------------
00e0-413f-8401 10 - - GE1/0/0 dynamic 1/0
00e0-c279-e10a 10 - - GE1/0/2 dynamic 1/0
Total 2 ,2 printed
----End
Configuration Files
#
sysname CE1
#
vlan batch 10 70
#
#
#
return

#
sysname CE2
#
vlan batch 50 60 80
#
#
#

#
return
#
sysname PE1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
pw-template 1to2
control-word
vccv cc cw cv lsp-ping bfd
#
pw-template 1to3
control-word
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif10
mpls l2vc pw-template 1to2 200 secondary
#
interface Vlanif20
ip address 100.13.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.12.1.1 255.255.255.252
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
destination 3.3.3.3

mpls te commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.12.1.0 0.0.0.3
mpls-te enable
#
tunnel-policy p1
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 100.13.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.34.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.13.1.0 0.0.0.3
network 100.34.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
mpls-te enable
#
return
#
sysname PE3
#
vlan batch 30 60
#
mpls lsr-id 3.3.3.3

mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
pw-template 3to1
control-word
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 100.34.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
#
interface Vlanif60
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
destination 1.1.1.1
mpls te commit
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 100.34.1.0 0.0.0.3
mpls-te enable
#
tunnel-policy p1
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#

pw-template 2to1
control-word
#
mpls ldp
#
interface Vlanif40
ip address 100.12.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc pw-template 2to1 200
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 100.12.1.0 0.0.0.3
#
return
Example for Configuring Inter-AS PWE3-Option A
As shown in Figure 5-225, the Option A scheme is used to establish the inter-AS PWE3.
Figure 5-225 Networking diagram for configuring inter-AS PWE3-Option A
MPLS backbone MPLS backbone

AS100 AS200
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
GE2/0/0 GE2/0/0 GE2/0/0

GE1/0/0 GE1/0/0 GE1/0/0
PE1 ASBR-PE1 ASBR-PE2 PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2

Loopback0 - 1.1.1.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 3.3.3.9/32
The MPLS backbone networks in an AS use IS-IS as the IGP protocol.
2. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs
between PEs and ASBR-PEs in the same AS. If PEs and ASBR-PEs are not directly
connected, establish a remote LDP session.
3. Establish MPLS L2VC connections between the PEs and ASBR-PEs in the same AS.
Data Preparation
l IS-IS data
l IP addresses of the peers (addresses of loopback interfaces on the peers)
l MPLS LSR-IDs of PEs and ASBR-PEs (addresses of the local loopback interfaces)
l L2VC ID
Procedure


PEs and ASBR-PEs on the MPLS backbone network can communicate with each other by using
IGP.
In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.
After the configuration, the IS-IS neighbor relation can be established between the ASBR-PE
and the PE in the same AS. Run the display isis peercommand, and you can find that the neighbor
relation is Up.
<ASBR-PE1> display isis peer

----------------------------
0000.0000.0001 Vlanif20 0000000002 Up 28s L1L2 --
Total Peer(s): 1
Run the display ip routing-table command, and you can see that the PEs and ASBR-PEs can
learn the loopback routes of each other.
<ASBR-PE1> display ip routing-table
------------------------------------------------------------------------------
1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Vlanif20

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif20
10.1.1.1/32 Direct 0 0 D 10.1.1.1 Vlanif20
The ASBR-PEs and PEs in the same AS can ping each other.
Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP
LSP between the PE and ASBR-PE in the same AS.
After this step, an LSP is established between the PE and ASBR-PE in the same AS.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 4 Configure the MPLS L2VC connection.

Configure the L2VC connection on the U-PE and ASBR-PE and connect the U-PE to the CE.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-Vlanif50] quit
# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif50] quit

Display information about the L2VPN connection on PE. You can see that an L2VC is set up
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN


link state : up
tunnel policy : --
<ASBR-PE2> display mpls l2vc interface vlanif 30

session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
link state : up
tunnel policy : --

<CE1> ping 100.1.1.2


0.00% packet loss

----End
Configuration Files
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
mpls l2vc 2.2.2.9 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
return

#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#

mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
mpls l2vc 1.1.1.9 100
#
#
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return

#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
mpls l2vc 4.4.4.9 100
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
return

#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc 3.3.3.9 100
#
#
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif 50
ip address 100.1.1.2 255.255.255.0
#
#
return
5.10.6 VPLS Configuration

This chapter describes the basic principle, configuration procedures, and configuration examples
for VPLS.
Example for Configuring Martini VPLS
As shown in Figure 5-226, VPLS needs to be enabled on PE1 and PE2; CE1 is connected to
PE1 and CE2 is connected to PE2; CE1 and CE2 belong to the same VPLS network; PWs are

established with LDP as the VPLS signaling, and VPLS is configured to implement the
interworking between CE1 and CE2.
Figure 5-226 Networking diagram for configuring Martini VPLS

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE2/0/0 GE2/0/0
PE1 PE2
GE1/0/0 GE1/0/0
GE1/0/0 P GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
PE1 GigabitEthernet 1/0/0 VLANIF 10 -
GigabitEthernet 2/0/0 VLANIF 20 168.1.1.1/24
Loopback1 - 1.1.1.9/32
PE2 GigabitEthernet 1/0/0 VLANIF 30 169.1.1.2/24
GigabitEthernet 2/0/0 VLANIF 40 -
Loopback1 - 3.3.3.9/32
P GigabitEthernet 1/0/0 VLANIF 20 168.1.1.2/24
Loopback1 - 2.2.2.9/32
CE1 GigabitEthernet 1/0/0 VLANIF 10 10.1.1.1/24
1. Configure a routing protocol on the backbone network to implement the interworking

between devices.
2. Establish remote LDP sessions between PEs.
3. Establish tunnels between PEs to transmit user data.
4. Enable MPLS L2VPN on PEs.
5. Create VSIs on PEs, use the signaling protocol as LDP, and bind VSIs to related AC
interfaces.

Data Preparation
l Names and IDs of VSIs
l IP addresses of peers and tunnel policy used for setting up peer relationships
l Interfaces to which VSIs are bound
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 5-226.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
Step 2 Configure an IGP. In this example, OSPF is adopted.

When configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1, P,
and PE2.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
Step 3 Configure basic MPLS functions and LDP.
After the configuration, run the display mpls ldp session command. You can find that the
Status of the peer relationship between PE1 and PE2 is Operational, which indicates that the
peer relationship is established. Run the display mpls lsp command, and you can view the setup
of the LSP.
Step 4 Establish remote LDP sessions between PEs.
# Configure PE1.
# Configure PE2.
After the configuration, run the display mpls ldp session on PE1 or PE2. You can find that the
status of the peer relationship between PE1 and PE2 is Operational, which indicates that the
peer relationship is established.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.

[PE2] mpls l2vpn
Step 6 Configure VSIs on PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi a2 static
Step 7 Bind VSIs to interfaces on PEs.

# Configure PE1.
[PE1-Vlanif10] l2 binding vsi a2
[PE1-Vlanif10] quit
# Configure PE2.
[PE2-Vlanif40] quit
Step 8 Assign an IP address to each VLANIF interface on CEs.

# Configure CE1.
<Quidway> sysname CE1
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif40] quit

After the preceding configurations, run the display vsi name a2 verbose command on PE1. You
can find that a VSI named a2 sets up a PW to PE2, and the status of the VSI is UP.
.
<PE1> display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0

Domain Name :
VSI State : up
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x20021,
Interface Name : Vlanif10

State : up
**PW Information:
*Peer Ip Address : 3.3.3.9

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
PW Type : label
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

<CE1> ping 10.1.1.2
0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#

#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
l2 binding vsi a2
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp

#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return

#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi a2
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return

Example for Configuring Kompella VPLS
As shown in Figure 5-227, PE1 and PE2 are PEs to be enabled with the VPLS function; CE1
is connected to PE1 and CE2 is connected to PE2; CE1 and CE2 belong to the same VPLS
network;
It is required to set up PWs by using BGP as the VPLS signaling, implement the automatic
discovery of VPLS PEs through VPN targets, and implement interworking between CE1 and
CE2.
Figure 5-227 Networking diagram for configuring Kompella VPLS

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE2/0/0 GE2/0/0
PE1 PE2
GE1/0/0 GE1/0/0
GE1/0/0 P GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32

1. Configure a routing protocol on the backbone network to implement the interworking

between devices and enable basic MPLS functions.
2. Set up LSP tunnels between PEs.
3. Enable MPLS L2VPN on PEs.
4. Enable BGP peers to exchange the VPLS information between PEs.
5. Create VSIs on PEs, specify BGP as the signaling protocol, and specify the RD, VPN target,
and site.
6. Bind VSIs to AC interfaces.
Data Preparation
l IP addresses of peers
l Names of the VSIs on PE1 and PE2
l BGP AS numbers on PE1 and PE2
l Signaling protocol of a VSI, that is, BGP
l RDs, VPN targets, site IDs of VSIs on PEs
l Interfaces to which VSIs are bound and VLAN IDs of the interfaces
Procedure
NOTE
Step 2 Configure an IGP. In this example, OSPF is adopted.

Configure an IP address for each interface on the PEs and P as shown in Figure 5-227. When
configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1, P, and PE2.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
For detailed configuration procedures, see the following configuration files.
After the configuration, run the display mpls ldp peer command. You can find that the peer
relationship is established between PE1 and P and between PE2 and P. Run the display mpls
ldp session command on PE1 and PE2, and you can find that an LDP session is set up between
PE1 and PE2. Run the display mpls lsp command, and you can view the setup of the LSP.
Step 4 Enable BGP peers to exchange VPLS information.
# Configure PE1.
[PE1] bgp 100


[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 3.3.3.9 enable
[PE1-bgp-af-vpls] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp-af-vpls] quit

# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 6 Configure VSIs on PEs.

NOTE
Site IDs at both ends of a VSI must be different.
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] pwsignal bgp
[PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1
[PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] pwsignal bgp
[PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1
[PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0
Step 7 Bind VSIs to AC interfaces on PEs.

# Create a sub-interface on PE1, allow the sub-interface to receive packets from VLAN 10, and
bind a VSI to the sub-interface.
[PE1-Vlanif10] l2 binding vsi bgp1
# Create a sub-interface on PE2, allow the sub-interface to receive packets from VLAN 10, and
bind a VSI to the sub-interface.
[PE2-Vlanif40] l2 binding vsi bgp1

# Configure CE1.
[CE1] interface vlanif10

# Configure CE2.

After the preceding configurations, run the display vsi name bgp1 verbose command on PE1.
You can find that a VSI named bgp1 sets up a PW to PE2, and the status of the VSI is UP.
.
<PE1> display vsi name bgp1 verbose
***VSI Name : bgp1

VSI Index : 0
PW Signaling : bgp
Member Discovery Style : auto
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0
Domain Name :
VSI State : up
BGP RD : 168.1.1.1:1
SiteID/Range/Offset : 1/5/0
Import vpn target : 100:1,
Export vpn target : 100:1,
Remote Label Block : 25600/5/0,
Local Label Block : 25600/5/0,

State : up
**PW Information:

PW State : up
PW Type : label
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

<CE1> ping 10.1.1.2
0.00% packet loss
----End

Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname PE1
#
port default 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
route-distinguisher 168.1.1.1:1
site 1 range 5 default-offset 0
#
mpls ldp
#
interface Vlanif10
l2 binding vsi bgp1
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1

ip address 1.1.1.9 255.255.255.255

#
bgp 100
#
vpls-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp

route-distinguisher 169.1.1.2:1
#
mpls ldp
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi bgp1
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
vpls-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
Example for Configuring LDP HVPLS
As shown in Figure 5-228, Site 1, Site 2, and Site 3 belong to the same VPLS; CE1 and CE2
access the basic VPLS fully-connected network through UPEs and CE3 accesses the network
through a PE.

Figure 5-228 Networking diagram for configuring LDP HVPLS

Basic VPLS full mesh
Loopback1 Loopback1
2.2.2.9/32 3.3.3.9/32
GE1/0/0
GE1/0/0 PE
GE2/0/0
Loopback1 SPE GE2/0/0
1.1.1.9/32
GE3/0/0
UPE
GE1/0/0
GE1/0/0 GE2/0/0
CE3
GE1/0/0
CE1 GE1/0/0 CE2 Site3
Site1 Site2
UPE GigabitEthernet 1/0/0 VLANIF 10 -
Loopback1 - 1.1.1.9/32
SPE GigabitEthernet 1/0/0 VLANIF 30 100.1.1.2/24
Loopback1 - 2.2.2.9/32
PE GigabitEthernet 1/0/0 VLANIF 40 100.2.1.2/24
Loopback1 - 3.3.3.9/32
1. Complete the task of Configuring Martini VPLS between SPEs and PEs.
2. Establish the MPLS LDP peer relationship between UPEs and SPEs.
3. Create a VSI on an SPE, and specify the UPE as its PE of the lower layer.

4. Create a VSI on a UPE, and specify the SPE as the peer of the VSI.
5. Configure CE1 and CE2 to access UPEs, and configure CE3 to access PEs.
Data Preparation
l MPLS LSR IDs (as IP addresses of peers) of UPEs, SPEs, and PEs
l Routing protocol
Procedure
NOTE

OSPF is adopted in the example. The configuration details are not mentioned here.
After the configuration, run the display ip routing-table command on UPEs, SPEs, and PEs.
You can view that UPEs, SPEs, and PEs have learned the addresses of the loopback interfaces
from each other.
After the configuration, run the display mpls ldp session command. You can find that the
Status of the peer relationship between the UPE and the SPE or between the PE and the SPE is
Operational, which indicates that the peer relationship is established. Run the display mpls
lsp command, and you can view the setup of the LSP.
Step 4 Enable MPLS L2VPN and configure a VSI.
<UPE> system-view
[UPE] mpls l2vpn
[UPE] vsi v123 static
[UPE-vsi-v123] pwsignal ldp
[UPE-vsi-v123-ldp] vsi-id 123
[UPE-vsi-v123-ldp] peer 2.2.2.9
# Configure the SPE.

<SPE> system-view
[SPE] mpls l2vpn
[SPE] vsi v123 static
[SPE-vsi-v123] pwsignal ldp
[SPE-vsi-v123-ldp] vsi-id 123
[SPE-vsi-v123-ldp] peer 3.3.3.9
[SPE-vsi-v123-ldp] peer 1.1.1.9 upe
# Configure the PE.

<PE> system-view
[PE] mpls l2vpn

[PE] vsi v123 static

[PE-vsi-v123] pwsignal ldp
[PE-vsi-v123-ldp] vsi-id 123
[PE-vsi-v123-ldp] peer 2.2.2.9
Step 5 Bind VSIs to interfaces on the SPE and UPE.

[UPE-Vlanif10] l2 binding vsi v123
[UPE-Vlanif10] quit
[UPE-Vlanif20] l2 binding vsi v123
[UPE-Vlanif20] quit
# Configure the PE.

[PE-Vlanif50] l2 binding vsi v123

# Configure CE1.
[CE1] interface Vlanif10
# Configure CE2.
# Configure CE3.

After the preceding configurations, run the display vsi name v123 verbose command on the
SPE. You can view that the VSI named v123 is in the Up state and the corresponding PW is also
in the Up state.
<SPE> display vsi name v123 verbose
***VSI Name : v123

VSI Index : 0
PW Signaling : ldp
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0
Domain Name :
VSI State : up
VSI ID : 123
VC Label : 23552
Peer Type : dynamic

Session : up
VC Label : 23553
Peer Type : dynamic
Session : up
**PW Information:

PW State : up
PW Type : MEHVPLS
PW State : up
PW Type : label
CE1, CE2, and CE3 can ping each other successfully. After you run the shutdown command
on GE 2/0/0.1 (to which the VSI is bound) of the UPE or PE, CE2 and CE3 cannot ping each
other successfully. This indicates that user data is transmitted through the PW of this VSI.
----End
Configuration Files
l Configuration file of the UPE
#
sysname UPE
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi v123
#
interface Vlanif20
l2 binding vsi v123
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#

#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
#
return
l Configuration file of the SPE
#
sysname SPE
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.9
peer 1.1.1.9 upe
#
mpls ldp
#
interface Vlanif 30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.2.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
return
l Configuration file of the PE
#
sysname PE
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls

#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v123
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
#
return
#
sysname CE3
#

vlan batch 50
#
interface Vlanif50
ip address 10.1.1.3 255.255.255.0
#
#
return
Example for Configuring Static VLLs to Access a VPLS Network
As shown in Figure 5-229, UPEs do not support dynamic VLLs, and access SPEs through static
VLLs; VLLs are set up between UPEs and SPEs in SVC mode; CE1 and CE2 access the VPLS
fully-connected VPLS network through UPEs.
Figure 5-229 Networking diagram for configuring static VLLs to access a VPLS network
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE1/0/0
SPE1 SPE2
GE1/0/0 GE2/0/0
GE2/0/0 P GE2/0/0
Loopback1 Loopback1
4.4.4.9/32 5.5.5.9/32
GE1/0/0 GE1/0/0
UPE1 UPE2
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
UPE1 GigabitEthernet 1/0/0 VLANIF 20 100.1.3.2/24
Loopback1 - 4.4.4.9/32
SPE1 GigabitEthernet 1/0/0 VLANIF 30 100.1.1.1/24
Loopback1 - 1.1.1.9/32

Loopback1 - 2.2.2.9/32
SPE2 GigabitEthernet 1/0/0 VLANIF 40 100.1.2.2/24
Loopback1 - 3.3.3.9/32
UPE2 GigabitEthernet 1/0/0 VLANIF 50 100.1.4.2/24
Loopback1 - 5.5.5.9/32
1. Complete the task of Configuring Martini VPLS between SPEs.
2. Configure basic MPLS L2VPN functions on UPEs and SPEs.
3. Configure static VLLs and VSIs on SPEs and enable MAC-withdraw function on the VSIs.
4. Configure UPEs to access SPEs through static VLLs.
Data Preparation
l MPLS LSR IDs of UPEs and SPEs, which are used as peer IP addresses
l Routing protocol
l Received and sent labels on static LSPs between UPEs and SPEs
Procedure
1. Configure IP addresses for interfaces.
As shown in Figure 5-229, configure the VLAN to which each interface belongs, and
configure the IP addresses and masks for loopback interfaces and VLANIF interfaces.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may
occur.
2. Configure an IGP.
Configure OSPF on SPEs and the P device to advertise the network segment and LSR IDs.
# Configure SPE1.
<SPE1> system-view
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0


[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure P.
<P> system-view
[P] ospf
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure SPE2.
<SPE2> system-view
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] quit
[SPE2-ospf-1] quit
# Configure UPE1.
<UPE1> system-view
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
<UPE2> system-view
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
3. Configure basic MPLS functions and LDP.

# Configure SPE1.
[SPE1] mpls lsr-id 1.1.1.9
[SPE1] mpls
[SPE1-mpls] quit
[SPE1] quit
[SPE1] mpls ldp
[SPE1-mpls-ldp] quit
[SPE1] interface vlanif 30
[SPE1-Vlanif30] mpls
[SPE1-Vlanif30] mpls ldp
[SPE1-Vlanif30] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif30] mpls

[P-Vlanif30] quit
[P-Vlanif40] mpls
[P-Vlanif40] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] quit
[SPE2] mpls ldp
[SPE2-mpls-ldp] quit
[SPE2-Vlanif40] mpls ldp
After the configuration, run the display mpls ldp session command on SPE1, P, and SPE2.
You can find that the Status of the peer relationship between SPE1 and P or between SPE2
and P is Operational, which indicates that the peer relationship is established. Run the
display mpls lsp command, and you can view the setup of the LSP.
Take the display on SPE1 as an example.
<SPE1> display mpls ldp session
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
<SPE1> display mpls lsp

----------------------------------------------------------------------
----------------------------------------------------------------------
2.2.2.9/32 NULL/3 -/Vlanif30
1.1.1.9/32 3/NULL -/-
3.3.3.9/32 NULL/1025 -/Vlanif30
4. Establish remote LDP sessions between SPEs.

# Configure SPE1.
[SPE1] mpls ldp remote-peer 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] quit
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on SPE1 and SPE2.
You can find that the status of the peer relationship between SPE1 and SPE2 is
Operational. That is, the peer relationship is established.
Take the display on SPE1 as an example.
<SPE1> display mpls ldp session

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
5. Configure static LSPs between UPEs and SPEs.

# Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9
[UPE1] mpls
[UPE1-mpls] quit
[UPE1] interface vlanif 20
[UPE1-Vlanif20] mpls
[UPE1-Vlanif20] quit
[UPE1] static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1
out-label 20
[UPE1] static-lsp egress SPE1toUPE1 incoming-interface vlanif 20 in-label 30
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9
[UPE2] mpls
[UPE2-mpls] quit
[UPE2-Vlanif50] mpls
[UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1
out-label 40
[UPE2] static-lsp egress SPE2toUPE2 incoming-interface vlanif 50 in-label 50
# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2
out-label 30
[SPE1] static-lsp egress UPE1toSPE1 incoming-interface vlanif 20 in-label 20
# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2
out-label 50
[SPE2] static-lsp egress UPE2toSPE2 incoming-interface vlanif 50 in-label 40
6. Enable MPLS L2VPN on UPEs and configure the UPEs to access SPEs through static
VLLs.
# Configure UPE1.
<UPE1> system-view
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1-Vlanif10] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100
# Configure UPE2.
<UPE2> system-view
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2-Vlanif60] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100
7. Enable MPLS L2VPN on SPEs and bind VSIs.

# Configure SPE1.
<SPE1> system-view
[SPE1] mpls l2vpn
[SPE1] vsi V100 static
[SPE1-vsi-v100] pwsignal ldp
[SPE1-vsi-v100-ldp] vsi-id 100
[SPE1-vsi-v100-ldp] mac-withdraw enable
[SPE1-vsi-v100-ldp] peer 3.3.3.9
[SPE1-vsi-v100-ldp] peer 4.4.4.9 static-upe trans 100 recv 100
[SPE1-vsi-v100-ldp] quit
# Configure SPE2.
<SPE2> system-view
[SPE2] mpls l2vpn
[SPE2] vsi V100 static
[SPE2-vsi-v100] pwsignal ldp
[SPE2-vsi-v100-ldp] vsi-id 100
[SPE2-vsi-v100-ldp] mac-withdraw enable
[SPE2-vsi-v100-ldp] peer 1.1.1.9
[SPE2-vsi-v100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100
[SPE2-vsi-v100-ldp] quit

After the configuration, run the display mpls static-l2vc on UPEs. You can find that static
VLLs are established and the VC status is Up. Take the display on UPE1 as an example.
<UPE1> display mpls static-l2vc interface vlanif 10
AC Status : up
VC State : up
VC ID : 0
VC Type : VLAN
Tunnel Policy : --
Run the display vsi name v100 command on SPEs, and you can find that the VSI named
v100 is Up and the corresponding PW is also Up. Take the display on SPE1 as an example.
<SPE1> display vsi name v100 verbose
***VSI Name : v100

VSI Index : 0
PW Signaling : ldp
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0
Domain Name :
VSI State : up
VSI ID : 100


VC Label : 23552
Peer Type : dynamic
Session : up
VC Label : 100
Peer Type : static
**PW Information:

PW State : up
PW Type : MEHVPLS
PW State : up
PW Type : label
CE1 and CE2, which reside in the same network segment, can ping each other successfully.
After you run the shutdown command on VLANIF 10 (to which the VSI is bound) of
UPE1, CE1 and CE2 cannot ping each other successfully. This indicates that user data is
transmitted through the PW of this VSI.
Before VLANIF 20 of SPE1 is shut down, check the MAC addresses learnt by the VSI on
SPE2.
<SPE2> display mac-address dynamic
MAC Address VLAN/VSI Port Type Lsp
----------------------------------------------------------------------------
0000-c101-0102 v100 Vlanif20 dynamic 3/3366
After VLANIF 20 of SPE1 is shut down, the VSI bound to the static VLL becomes Down.
Check MAC addresses learnt by the VSI on SPE2, and you can find that one MAC address
learned from VLANIF 20 is deleted.
<SPE2> display mac-address dynamic
MAC Address VLAN/VSI Port Type
Lsp
----------------------------------------------------------------------------
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return


#
sysname CE2
#
interface Vlanif60
ip address 10.1.1.2 255.255.255.0
#
#
return
l Configuration file of UPE1

#
sysname UPE1
#
vlan batch 10 20
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
interface Vlanif10
100
#
interface Vlanif20
ip address 100.1.3.2 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.1.3.0 0.0.0.255
#
static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-
label 20
static-lsp egress SPE1toUPE1 incoming-interface Vlanif 20 in-label 30
#
return
l Configuration file of SPE1

#
sysname SPE1
#
vlan batch 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
peer 3.3.3.9

peer 4.4.4.9 static-upe tran 100 recv 100

#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 100.1.3.1 255.255.255.0
mpls
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-
label 30
static-lsp egress UPE1toSPE1 incoming-interface Vlanif 20 in-label 20
#
return
#
sysname P
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255

#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
l Configuration file of SPE2
#
sysname SPE2
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
peer 1.1.1.9
peer 5.5.5.9 static-upe tran 100 recv 100
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif40
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.1.4.1 255.255.255.0
mpls
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-
labe
l 50
static-lsp egress UPE2toSPE2 incoming-interface Vlanif 50 in-label 40
#
return
l Configuration file of UPE2
#
sysname UPE2
#
vlan batch 50 60
#

mpls lsr-id 5.5.5.9

mpls
#
mpls l2vpn
#
interface Vlanif50
ip address 100.1.4.2 255.255.255.0
mpls
#
interface Vlanif60
100
#
#
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 100.1.4.0 0.0.0.255
#
static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-
label 40
static-lsp egress SPE2toUPE2 incoming-interface Vlanif 50 in-label 50
#
return
Example for Configuring Inter-AS Martini VPLS Option A
As shown in Figure 5-230, the Option A scheme is adopted to establish the inter-AS Martini
VPLS.

Figure 5-230 Networking diagram for configuring inter-AS Martini VPLS Option A
VPLS Backbone VPLS Backbone

AS 100 AS 200
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
GE2/0/0 GE2/0/0 GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
PE1 ASBR-PE1 ASBR-PE2 PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.1/32
ASBR-PE1 GigabitEthernet 1/0/0 VLANIF 20 100.1.1.2/24
Loopback1 - 2.2.2.2/32
ASBR-PE2 GigabitEthernet 1/0/0 VLANIF 30 -
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
The MPLS backbone network in an AS uses IS-IS as the IGP protocol.
1. Run an IGP on the MPLS backbone network so that devices in the same AS can interwork.

2. Configure basic MPLS functions on devices in the backbone network and establish dynamic
LSPs between PEs and ASBR-PEs in the same AS. Establish remote LDP sessions if PEs
and ASBR-PEs are indirectly connected.
3. Establish VPLS connections between PEs and ASBR-PEs in the same AS.
Data Preparation
l IS-IS data
l IP addresses of remote peers
l MPLS LSR IDs on PEs and ASBR-PEs
l VSI IDs
Procedure
NOTE
Step 2 Configure an IGP on the MPLS backbone network.

PEs and ASBR-PEs on the backbone network can interwork by using an IGP.
In this example, IS-IS is used, and the configuration details are not mentioned here.
After the configuration, the IS-IS neighbor relationship is established between ASBR-PEs and
PEs in the same AS. Run the display isis peer command, and you can view that the status of
IS-IS neighbors is Up, and the PEs can learn loopback addresses from each other.

----------------------------
0000.0000.0002 Vlanif20 0000000002 Up 23s L1L2 --
Total Peer(s): 1
ASBR-PEs and PEs in the same AS can ping each other successfully.
<PE1> ping 2.2.2.2

0.00% packet loss


Configure basic MPLS functions on the MPLS backbone network. Establish dynamic LDP LSPs
between PEs and ASBR-PEs in the same AS.
After this step, an LSP tunnel is established between the PE and ASBR-PE in the same AS.
Take ASBR-PE1 as an example.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 5 Bind VSIs to related interfaces.

Configure VSIs on PEs and ASBR-PEs respectively and bind the VSIs to related interfaces.
# Configure PE1.
[PE1] vsi a1 static
[PE1-vsi-a1-ldp] quit
[PE1-vsi-a1] quit
[PE1-Vlanif10] quit
[ASBR-PE1] vsi a1 static
[ASBR-PE1-vsi-a1] pwsignal ldp
[ASBR-PE1-vsi-a1-ldp] vsi-id 2
[ASBR-PE1-vsi-a1-ldp] peer 1.1.1.1
[ASBR-PE1-vsi-a1-ldp] quit
[ASBR-PE1-vsi-a1] quit
[ASBR-PE1-Vlanif30] l2 binding vsi a1
[ASBR-PE2] vsi a1 static
[ASBR-PE2-vsi-a1] pwsignal ldp

[ASBR-PE2-vsi-a1-ldp] vsi-id 3
[ASBR-PE2-vsi-a1-ldp] peer 4.4.4.4
[ASBR-PE2-vsi-a1-ldp] quit
[ASBR-PE2-vsi-a1] quit
[ASBR-PE2-Vlanif30] l2 binding vsi a1
# Configure PE2.
[PE2] vsi a1 static
[PE2-vsi-a1-ldp] quit
[PE2-vsi-a1] quit
[PE2-Vlanif50] quit

# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif50] quit

After the preceding configurations, run the display vsi name verbose command on PE1. You
can find that a VSI named a1 sets up a PW to PE2, and the status of the VSI is UP.
.
<PE1> display vsi name a1 verbose
***VSI Name : a1
VSI Index : 0
PW Signaling : ldp
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0
Domain Name :
VSI State : up
VSI ID : 2
VC Label : 23552
Peer Type : dynamic
Session : up

State : up
**PW Information:


PW State : up
PW Type : label
CE1 and CE2 can ping each other successfully.

Take the display on CE1 as an example.
<CE1> ping 10.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi a1

#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
return
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi a1
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return
#
sysname ASBR-PE2
#
vlan batch 30 40

#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 4.4.4.4
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi a1
#
interface Vlanif40
ip address 200.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 3.3.3.3
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 200.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi a1
#


#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
#
return
Example for Configuring Inter-AS Kompella VPLS Option A
As shown in Figure 5-231, CE1 and CE2 belong to the same VPLS, and access the backbone
network through PE1 in AS 100 and PE2 in AS 200 respectively.
It is required to adopt Option A to implement inter-AS Kompella VPLS. The interfaces that
connect ASBR-PEs serve as AC interfaces to which VSIs are bound, that is, the interfaces are
exclusively used by the VPLS.

Figure 5-231 Networking diagram for configuring inter-AS Kompella VPLS Option A
VPLS Backbone VPLS Backbone

AS 100 AS 200
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
GE2/0/0 GE2/0/0 GE1/0/0 GE2/0/0

GE1/0/0 GE1/0/0
PE1 GE1/0/0 ASBR-PE1 ASBR-PE2 PE2
GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.1/32
ASBR-PE1 GigabitEthernet 1/0/0 VLANIF 20 100.1.1.2/24
Loopback1 - 2.2.2.2/32
ASBR-PE2 GigabitEthernet 1/0/0 VLANIF 30 -
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
1. Configure an IGP on the backbone network to implement the connectivity between ASBR-
PEs and PEs and set up tunnels between PEs.
2. Establish MP IBGP peer relationships between PEs and ASBR-PEs in the same AS.

3. Configure VSIs on PE1, ASBR-PE1, ASBR-PE2, and PE2 and bind the VSIs to related
AC interfaces.
Data Preparation
l IS-IS data
l MPLS LSR IDs of PEs and ASBR-PEs (IP addresses of the loopback interfaces on peers)
l CE IDs and CE ranges
l IP addresses of interfaces connecting CEs to PEs (No IP address is required for interfaces
connecting PEs to CEs.)
Procedure
NOTE
Step 2 Configure an IGP on the backbone network.

Devices on the MPLS backbone network can interwork through an IGP. IS-IS used as an IGP
in this example.
The configuration details are not mentioned here. Note that IS-IS must be enabled on Loopback1.
After the configuration, IS-IS neighbor relationships are established between ASBR-PEs and
PEs in the same AS. Run the display isis peer command, and you can view that the neighbors
are Up. ASBRs and PEs can learn loopback addresses from each other.
Take PE1 as an example.

----------------------------
0000.0000.0002 Vlanif20 0000000001 Up 20s L1L2 --
Total Peer(s): 1

------------------------------------------------------------------------------

2.2.2.2/32 ISIS 15 10 D 100.1.1.2 Vlanif20
100.1.1.0/30 Direct 0 0 D 100.1.1.1 Vlanif20
100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif20
ASBR-PEs and PEs in the same AS can ping Loopback1 of each other successfully. Take ASBR-
PE1 as an example.

<ASBR-PE1> ping 1.1.1.1


0.00% packet loss
Step 3 Enable MPLS and MPLS LDP, and establish tunnels.

Enable MPLS and MPLS LDP on PEs and ASBR-PEs in the same AS and establish LDP LSPs.
After the configuration, run the display mpls lsp command on each S9300, and you can find
that LSPs are successfully set up between the PEs and the ASBR-PEs in the same AS.
Take PE1 as an example.
<PE1> display mpls lsp
----------------------------------------------------------------------
----------------------------------------------------------------------
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/Vlanif20
Step 4 Configure MP IBGP connections within an AS.

# Establish MP IBGP connections and enable BGP VPLS.
# Configure PE1.
<PE1> system-view
[PE1] bgp 100
<ASBR-PE1> system-view
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] vpls-family
[ASBR-PE1-bgp-af-vpls] peer 1.1.1.1 enable
The configurations of AS 200 are similar to those of AS 100, and thus are not mentioned here.
After this step, run the display bgp vpls peer command on PEs or ASBR-PEs, and you can find
that MP-IBGP peer connections are in the Established state.
<PE1> display bgp vpls peer


2.2.2.2 4 100 11 13 0 00:09:04 Established 0
Step 5 Enable MPLS L2VPN on PEs and ASBR-PEs.

# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 6 Configure VSIs on PEs and ASBR-PEs and bind the VSIs to related AC interfaces.
# Configure PE1.
[PE1] vsi v1 auto
[PE1-vsi-v1] pwsignal bgp
[PE1-vsi-v1-bgp] route-distinguisher 100:1
[PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE1-vsi-v1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-v1-bgp] quit
[PE1-vsi-v1] quit
[PE1-Vlanif10] l2 binding vsi v1
[PE1-Vlanif10] quit
[ASBR-PE1] vsi v1 auto
[ASBR-PE1-vsi-v1] pwsignal bgp
[ASBR-PE1-vsi-v1-bgp] route-distinguisher 100:2
[ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR-PE1-vsi-v1-bgp] site 2 range 5 default-offset 0
[ASBR-PE1-vsi-v1-bgp] quit
[ASBR-PE1-vsi-v1] quit
[ASBR-PE1-Vlanif30] l2 binding vsi v1
[ASBR-PE2] vsi v1 auto
[ASBR-PE2-vsi-v1] pwsignal bgp
[ASBR-PE2-vsi-v1-bgp] route-distinguisher 200:1
[ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR-PE2-vsi-v1-bgp] site 1 range 5 default-offset 0
[ASBR-PE2-vsi-v1-bgp] quit
[ASBR-PE2-vsi-v1] quit
[ASBR-PE2-Vlanif30] l2 binding vsi v1
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] pwsignal bgp

[PE2-vsi-v1-bgp] route-distinguisher 200:2

[PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE2-vsi-v1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-v1-bgp] quit
[PE2-vsi-v1] quit
[PE2-Vlanif50] l2 binding vsi v1
[PE2-Vlanif50] quit

# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif50] quit

Run the display vpls connection bgp command on a PE, and you can view that the status of the
VSI is Up.
<PE1> display vpls connection bgp verbose
VSI Name: v1 Signaling: bgp
**Remote Site ID : 2
VC State : up
RD : 100:2
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 2.2.2.2
PW Type : label
Tunnel Policy : --
Remote Label Block : 25600/5/0
Export vpn target : 1:1,
CE1 and CE2 can ping through each other.

<CE1> ping 10.1.1.2
0.00% packet loss
Run the display bgp vpls all command on a PE or an ASBR-PE, and you can view information
about the VPLS label block of BGP.
Take ASBR-PE1 as an example.
<ASBR-PE1> display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100

Status codes : * - active, > - best

BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 0
--------------------------------------------------------------------------------
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 25600 0x0 0.0.0.0 0
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#


#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi v1
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100


#
ipv4-family unicast
peer 1.1.1.1 enable
#
vpls-family
policy vpn-target
peer 1.1.1.1 enable
#
return

#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi v1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 200
#
ipv4-family unicast
peer 4.4.4.4 enable
#
vpls-family
policy vpn-target
peer 4.4.4.4 enable
#
return


#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v1
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 200
#
ipv4-family unicast
peer 3.3.3.3 enable
#
vpls-family
policy vpn-target
peer 3.3.3.3 enable
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif 50
ip address 100.1.1.2 255.255.255.0
#


#
return

Commission Guide A Appendix
A Appendix
This appendix describes the maintenance operations that are usually performed during
commissioning.
A.1 Testing the Optical Power of the Interfaces on the S9300
This section describes how to commission the optical power of the interfaces of the S9300.
A.2 License Description
This section describes the items controlled by the license of the S9300.
Issue 04 (2009-11-10) Huawei Proprietary and Confidential A-1

A Appendix Commission Guide
A.1 Testing the Optical Power of the Interfaces on the S9300

This section describes how to commission the optical power of the interfaces of the S9300.
Context
The S9300 provides FE, GE, and 10GE optical interfaces. If the power of the SFP optical module
is insufficient, packet loss or communication interruption may occur on the network layer.
Therefore, it is recommended that you measure the power of optical interfaces before using the
S9300.
When measuring the optical power, pay attention to the following points:
l Clean the fiber splice and the optical connector on the panel of the LPU and connect them
properly.
l Do not look strictly into the laser transmitter on the LPU or the fiber splice.
l Measure the attenuation of the fiber jumper in advance to ensure accurate location of the
faulty point.
l Use different fiber jumpers for single mode and multimode optical modules.
l Use a calibrated tester (optical power meter).
You can run the display transceiver command to view the general information, production
information, and alarms about the optical module of the S9300. If you specify the verbose
parameter, the diagnosis information is also displayed.
<Quidway>display transceiver interface GigabitEthernet10/0/0
GigabitEthernet10/0/0 transceiver information:

-------------------------------------------------------------
Common information:
Transceiver Type :1000_BASE_T_SFP
Connector Type :LC
Wavelength(nm) :1310
Transfer Distance(m) :
(25.9,60.5)
Digital Diagnostic Monitoring :NO
Vendor Name :FINISAR CORP.
Ordering Name :
-------------------------------------------------------------
Manufacture information:
Manu. Serial Number :P8Q004D
Manufacturing Date :2005-12-05
Vendor Name :FINISAR CORP.
-------------------------------------------------------------
Alarm information:
Do as follows to measure the optical power:
Procedure
Step 1 Set the working wavelength of the optical power meter to the wavelength of the tested fiber.
Step 2 Pull out the fiber jumper from the sending interface on the S9300.
Step 3 Connect one end of the fiber jumper to the sending interface on the S9300 and the other end to
the optical power meter.
Step 4 When the optical power becomes stable, record the optical power.
A-2 Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Commission Guide A Appendix
Step 5 Look up the List of Interface Attributes to check whether the optical power of the interface is in
the normal range.
NOTE
The List of Interface Attributes is in the Quidway S9300 Terabit Routing Switch Hardware Description.
----End
A.2 License Description

This section describes the items controlled by the license of the S9300.
Through license authorization, a new user can purchase relevant functional modules of services
and resource rights, which lowers the cost; the user who wants to upgrade the software and
expand the system capacity can apply for a new license to achieve capacity expansion and
function addition and maintenance.
To apply the following features of the S9300V100R002, users need to purchase related license
files.
Table A-1 License Controlled Items

License Controlled Feature
LLE0IPV601 IPV6
LLE0MPLS01 MPLS
LLE0NQAF01 NQA
NOTE
After the S9300V100R001 is upgraded to the S9300V100R002, the previously purchased license files can
still be used.
Description of the License Controlled Features

l IPV6 license
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard
network protocol of second generation. It is designed by the Internet Engineering Task
Force (IETF) and is the upgraded version of IPv4. The main feature of IPv6 is the greater
address space: addresses in IPv6 are 128 bits long, whereas addresses in IPv4 are 32 bits.
Generally, the commands related to IPv6 functions can be used on a newly purchased
device, but the IPv6 functions are not implemented. To implement IPv6 functions of the
S9300, apply for and purchase the license from Huawei local office.
l MPLS license
The Multiprotocol Label Switching (MPLS) protocol provides fast data packet exchange
and routing, and has the capability of routing, forwarding, and switching for data traffic on
the network. In particular, MPLS can manage different types of traffic. MPLS is
independent of Layer 2 and Layer 3 protocol, for example, ATM and IP. MPLS maps the
IP address to a label with a fixed length for packet forwarding and switching, and can be
used with routing and switching protocols, for example, IP, ATM, RSVP, and OSPF.
Issue 04 (2009-11-10) Huawei Proprietary and Confidential A-3

A Appendix Commission Guide
MPLS is introduced to solve network problems including the network speed, scalability,
QoS management, and traffic engineering, and bandwidth management and service request
problems on the next generation IP backbone network.
MPLS functions of the S9300 are controlled by the license. By default, MPLS functions
are disabled on a newly purchased device. To implement MPLS functions of the S9300,
apply for and purchase the license from Huawei local office.
NOTE
G24SA, G24CA, and X12SA boards do not support MPLS functions.
l NQA License
As the development of value-added services, users and carriers demand higher Quality of
Service (QoS). After voice over IP and video over IP services are performed, carriers and
users all tend to sign Service Level Agreements (SLAs) to implement QoS guaranteed
services.
To help users know the performance of the network in time, carriers need to collect the
statistics on the delay, jitter, and packet loss ratio of the device. In this case, users can check
whether the committed bandwidth is ensured.
The S9300 provides NQA that can help operators collect these statistics. NQA measures
the performance of different protocols running on the network. In this case, carriers can
collect network indexes in real time, including:
– Total delay of the HTTP
– Delay in a TCP connection
– Delay in DNS resolution
– File transmission speed
– Delay in an FTP connection
– DNS resolution error ratio
By controlling these indexes, carriers can provide network services of different levels and
charge differently. NQA is also an effective tool for diagnosing and locating network faults.
Generally, the commands related to NQA functions can be used on a newly purchased
device, but the NQA functions are not implemented. To implement NQA functions of the
S9300, apply for and purchase the license from Huawei local office.
A-4 Huawei Proprietary and Confidential Issue 04 (2009-11-10)


Commission Guide (V100R002C00 04)

Uploaded by

Document Informationclick to expand document informationCommission Guide

Document Informationclick to expand document information

Copyright:

Commission Guide (V100R002C00 04)

Uploaded by

Document Information

Original Title

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Commission Guide (V100R002C00 04)

Uploaded by

Copyright:

Quidway S9300 Terabit Routing Switch

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Copyright © Huawei Technologies Co., Ltd. 2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

About This Document.....................................................................................................................1

5 Typical Service Commissioning..............................................................................................5-1

Issue 04 (2009-11-10) Huawei Proprietary and Confidential i

5.1.1 ARP Configuration.................................................................................................................................5-3

ii Huawei Proprietary and Confidential Issue 04 (2009-11-10)

5.6.4 BFD Configuration.............................................................................................................................5-599

Issue 04 (2009-11-10) Huawei Proprietary and Confidential iii

Figure 1-1 Commissioning flowchart...................................................................................................................1-1

Issue 04 (2009-11-10) Huawei Proprietary and Confidential v

Figure 5-27 Networking diagram for configuring IS-IS load balancing..........................................................5-107

vi Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Figure 5-69 Networking diagram of the MPing reserved group......................................................................5-264

Issue 04 (2009-11-10) Huawei Proprietary and Confidential vii

Figure 5-108 Networking diagram for configuring VLAN-based IGMP snooping.........................................5-484

viii Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Issue 04 (2009-11-10) Huawei Proprietary and Confidential ix

Figure 5-190 Networking diagram for configuring CR-LSP hot standby........................................................5-875

x Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Issue 04 (2009-11-10) Huawei Proprietary and Confidential xi

Table 2-1 Hardware checklist...............................................................................................................................2-2

Issue 04 (2009-11-10) Huawei Proprietary and Confidential xiii

About This Document

Product Name Version

1 Commissioning Process This chapter describes the general commissioning process

2 Commissioning This chapter describes the preparations for hardware,

Issue 04 (2009-11-10) Huawei Proprietary and Confidential 1

3 Precautions This chapter describes the precautions for commissioning.

4 Basic Commissioning This chapter describes how to commission a single S9300

5 Typical Service This chapter describes how to commission the services of

A Appendix This appendix describes the maintenance operations that

Indicates a hazard with a high level of risk, which if not

Indicates a hazard with a medium or low level of risk, which

Indicates a potentially hazardous situation, which if not

NOTE Provides additional information to emphasize or supplement

Times New Roman Normal paragraphs are in Times New Roman.

2 Huawei Proprietary and Confidential Issue 04 (2009-11-10)

Boldface Names of files, directories, folders, and users are in

Italic Book titles are in italics.

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

[ x | y | ... ] Optional items are grouped in brackets and separated by

{ x | y | ... }* Optional items are grouped in braces and separated by

[ x | y | ... ]* Optional items are grouped in brackets and separated by

# A line starting with the # sign is comments.

Boldface Buttons, menus, parameters, tabs, window, and dialog titles

> Multi-level menus are in boldface and separated by the ">"

Issue 04 (2009-11-10) Huawei Proprietary and Confidential 3

Double-click Press the primary mouse button twice continuously and

Updates in Issue 04 (2009-11-10)

The following chapter is added:

The following chapters or sections are modified:

Updates in Issue 03 (2009-09-20)

The following chapters or sections are modified: