3 Configuring MPLS/VPN Support

3 Configuring MPLS/VPN Support
CH A P T E R
3
Configuring MPLS/VPN Support
This module explains how to configure MPLS/VPN support. Both the SCE platform and the SM must
be properly configured.
•
Configuring the MPLS Environment, page 3-1
•
How to Configure the SCE Platform for MPLS/VPN Support, page 3-2
•
How to Configure the SM for MPLS/VPN Support, page 3-6
Configuring the MPLS Environment
In order for MPLS/VPN support to function, the environment must be configured correctly, specifically
the following are required:
•
All other tunneling protocols should be configured to the default mode.
•
The MPLS auto-learning mechanism must be enabled.
How to Check the Running Configuration
Check the running configuration to verify no user-configured values appear for tunneling protocols or
VLAN support, indicating that they are all in default mode.
Step 1
From the SCE# prompt, type show running-config and press Enter.
Displays the running configuration.
Step 2
Check that no VLAN or L2TP configuration appears.
How to Configure the MPLS Environment
If either VLAN or tunneling support is in default mode, skip the relevant step in the following procedure.
Step 1
From the SCE(config if)# prompt, type default vlan and press Enter.
Configures VLAN support to default mode.
Step 2
From the SCE(config if)# prompt, type no IP-tunnel and press Enter.
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
OL-8822-05
3-1
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SCE Platform for MPLS/VPN Support
Disables all other tunneling protocol support.
Note
All subscribers with VPN mappings must be cleared to change the tunneling mode. If the connection
with the SM is down, use the no subscriber all with-vpn-mappings CLI command.
Note
In addition, all VPN mappings must also be removed. This can only be done via the SM CLU (which
means that the connection with the SM must be up). See How to Manage VPN Mappings, page 4-10
Step 3
From the SCE(config if)# prompt, type MPLS VPN auto-learn and press Enter.
Enables the MPLS auto-learning mechanism.
How to Configure the SCE Platform for MPLS/VPN Support
•
About Configuring the SCE Platform for MPLS/VPN Support, page 3-2
•
How to Define the PE Routers, page 3-2
•
How to Configure the MAC Resolver, page 3-4
•
How to Monitor the MAC Resolver, page 3-5
About Configuring the SCE Platform for MPLS/VPN Support
There are three main steps to configure the SCE platform for MPLS/VPN support:
1.
Correctly configure the MPLS tunneling environment, disabling all other tunneling protocols,
including VLAN support. (see How to Configure the MPLS Environment, page 3-1)
2.
Define all PE routers, specifying the relevant interface IP addresses necessary for MAC resolution
(see How to Define the PE Routers, page 3-2.)
3.
Configure the MAC resolver (see How to Configure the MAC Resolver, page 3-4.)
How to Define the PE Routers
•
Options, page 3-2
•
How to Add a PE Router, page 3-3
•
How to Remove PE Routers, page 3-3
Options
The following options are available:
•
PE-ID — IP address that identifies the PE router.
•
interface-ip — Interface IP address for the PE router. This is used for MAC resolution.
– At least one interface IP address must be defined per PE router.
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
3-2
OL-8822-05
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SCE Platform for MPLS/VPN Support
– Multiple interface IP addresses may be defined for one PE router.
– In the case where the PE router has multiple IP interfaces sharing the same MAC address, it is
sufficient to configure just one of the PE interfaces
•
vlan — A VLAN tag can optionally be provided for each interface IP.
Two interfaces cannot be defined with the same IP address, even if they have different VLAN tags. If
such a configuration is attempted, it will simply update the VLAN tag information for the existing PE
interface.
How to Add a PE Router
Each PE router that has managed VPNs behind it must be defined using the following CLI command.
Step 1
From the SCE(config if)# prompt, type MPLS VPN PE-ID pe-id interface-ip-address interface-ip
[vlan vlan ] and press Enter.
Defines the PE router with with one interface IP address and optional VLAN tag. May also be used to
add an additional interface IP address to an existing PE router.
How to Remove PE Routers
•
About Removing PE Routers, page 3-3
•
How to Remove a Specified PE Router, page 3-3
•
How to Remove All PE Routers, page 3-4
•
How to Remove a Specified Interface from a PE Router, page 3-4
About Removing PE Routers
Use these commands to remove one or all defined PE routers.
Please note the following:
•
You cannot remove a PE if it retains any MPLS mappings. You must logout the VPN and remove all
mappings before removing the router it uses. (You must use the SM CLU to remove VPN mappings.
See How to Manage VPN Mappings, page 4-10)
•
Removing the last interface of a PE router removes the router as well. Therefore, you must logout
the relevant VPN to remove the last interface.
•
Likewise, all VPNs must be logged out before using the no PE-Database command below, since it
removes all PE routers.
How to Remove a Specified PE Router
Step 1
From the SCE(config if)# prompt, type no MPLS VPN PE-ID pe-id and press Enter.
Removes the specified PE router.
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
OL-8822-05
3-3
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SCE Platform for MPLS/VPN Support
How to Remove All PE Routers
Step 1
From the SCE(config if)# prompt, type no MPLS VPN PE-Database and press Enter.
Removes all configured PE routers.
How to Remove a Specified Interface from a PE Router
Step 1
From the SCE(config if)# prompt, type no MPLS VPN PE-ID pe-id interface-ip-address interface-ip
and press Enter.
Removes the specified interface from the PE router definition. The PE router itself is not removed.
How to Configure the MAC Resolver
•
About the MAC Resolver, page 3-4
•
Options, page 3-5
•
How to Add a Static IP Address, page 3-5
•
How to Remove a Static IP Address, page 3-5
About the MAC Resolver
The MAC resolver allows the SCOS to find the MAC address associated with a specific IP address. The
MAC resolver must be configured when the SCE platform operates in MPLS/VPN mode, to translate the
IP addresses of the provider edge router interfaces to their respective MAC addresses.
The MPLS/VPN mode needs the MAC resolver, as opposed to the standard ARP protocol, because ARP
is used by the management interface, while MPLS/VPN uses the traffic interfaces of the SCE platform,
which ARP does not include.
The MAC resolver database holds the IP addresses registered by the clients to be resolved. The IP
addresses of the routers are added to and removed from the database in either of two modes:
•
Dynamic mode (default)
In this mode, the system listens to ARP messages of the configured PE interfaces, and this way it
stays updated with their MAC addresses. There is no configuration required when operating in
dynamic mode.
– Benefit: it works even if the MAC address of the PE interface changes.
•
Drawback: depending on the specific network topology, the MAC resolution convergence time may
be undesirably long.
•
Static mode
In this mode, the MAC address of each PE router must be explicitly defined by the user.
– Benefit: no initial delay until IP addresses converge
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
3-4
OL-8822-05
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SCE Platform for MPLS/VPN Support
– Drawback: PE interface is not automatically updated via ARP updates; therefore it doesn't
automatically support cases where the MAC address changes on the fly.
However, for statically configured MAC addresses, a user log message appears when the system
detects that the MAC address changed. This can be used by the operator to configure the new
address.
These two modes can function simultaneously; therefore selected PE routers can be configured statically,
while the rest are resolved dynamically
For more information regarding the MAC resolver, refer to the Cisco Service Control Engine Software
Configuration Guide.
Options
The following options are available:
•
ip address — The IP address entry to be added to or removed from the database.
•
vlan tag — VLAN tag that identifies the VLAN that carries this IP address (if applicable).
•
mac address — MAC address assigned to the IP address, in xxxx.xxxx.xxxx format.
How to Add a Static IP Address
Step 1
From the SCE(config if)# prompt, type mac-resolver arp ip_address [vlan vlan_tag ] mac_address
and press Enter.
Adds the specified IP address and MAC address pair to the MAC resolver database.
How to Remove a Static IP Address
Step 1
From the SCE(config if)# prompt, type no mac-resolver arp ip_address [vlan vlan_tag ] and press
Enter.
Removes the specified IP address and MAC address pair from the MAC resolver database.
How to Monitor the MAC Resolver
Use this command to see a listing of all IP addresses and corresponding MAC addresses currently
registered in the MAC resolver database.
Step 1
From the SCE# prompt, type show interface linecard 0 mac-resolver arp and press Enter.
Displays a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC
resolver database.
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
OL-8822-05
3-5
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SM for MPLS/VPN Support
How to Configure the SM for MPLS/VPN Support
•
Configuring the SM for MPLS/VPN Support, page 3-6
•
How to Edit the SM Configuration File, page 3-6
•
How to Configure the SM to Allow IP Ranges, page 3-7
Configuring the SM for MPLS/VPN Support
There are two main steps to configure the SM for MPLS/VPN support:
Step 1
Edit the p3sm.cfg configuration file to specify the field in the BGP messages that should be used by the
SM for MPLS-VPN identification.
See How to Edit the SM Configuration File, page 3-6
Step 2
Install and configure the BGP LEG
Refer to the Cisco SCMS SM MPLS/VPN BGP LEG Reference Guide for more information.
How to Edit the SM Configuration File
The SM configuration file, p3sm.cfg , must be configured for the following:
•
To specify the field in the BGP messages that should be used by the SM for MPLS-VPN
identification.
•
To enable IP ranges
How to Configure the SM for MPLS/VPN Support
Step 1
Add the following section to the p3sm.cfg configuration file:
# The following section enables SM operation with MPLS-VPN support.
[MPLS-VPN]
# The following parameter defines the BGP attribute to use to identify VPN subscribers
# possible values: "rd" or "rt".
# (default: rt)
vpn_id=rt
How to Configure the SM for Troubleshooting MPLS/VPN Support
An optional parameter may be turned on to facilitate troubleshooting the BGP LEG installation. This
parameter turns on detailed logging of messages received from the BGP LEG. It should only be turned
on when necessary for troubleshooting and should always be turned off for normal operation of the
system.
Step 1
Add the following parameter to the [MPLS-VPN] section of the p3sm.cfg configuration file:
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
3-6
OL-8822-05
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SM for MPLS/VPN Support
# The following parameter turns on detailed logging of messages received from the BGP LEG
# should be changed to true only during troubleshooting
# (default: false)
log_all=true
How to Configure the SM to Allow IP Ranges
To setup the SM to work with MPLS/VPN, you must enable IP ranges by setting the support_ip_ranges
in the configuration file.
Step 1
Set the support_ip_ranges parameter in the [Data Repository] section of the p3sm.cfg configuration file
to 'yes', as in the following example.
support_ip_ranges=yes
Note
Resetting this parameter requires restarting the SM. This parameter is discarded on regular configuration
loading (using CLU).
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
OL-8822-05
3-7
Chapter 3
Configuring MPLS/VPN Support
How to Configure the SM for MPLS/VPN Support
Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5
3-8
OL-8822-05
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising