Configuring MPLS/VPN Support

Table Of Contents

Configuring MPLS/VPN Support

Configuring the MPLS Environment

How to Check the Running Configuration

How to Configure the MPLS Environment

How to Configure the SCE Platform for MPLS/VPN Support

About Configuring the SCE Platform for MPLS/VPN Support

How to Define the PE Routers

How to Configure the MAC Resolver

How to Monitor the MAC Resolver

How to Configure the SM for MPLS/VPN Support

Configuring the SM for MPLS/VPN Support

How to Edit the SM Configuration File

Configuring MPLS/VPN Support

This module explains how to configure MPLS/VPN support. Both the SCE platform and the SM must be properly configured.

• Configuring the MPLS Environment

• How to Configure the SCE Platform for MPLS/VPN Support

• How to Configure the SM for MPLS/VPN Support

Configuring the MPLS Environment

In order for MPLS/VPN support to function, the environment must be configured correctly, specifically the following are required:

•All other tunneling protocols must be configured to the default mode.

•VLAN support must be configured to the default mode.

•The MPLS auto-learning mechanism must be enabled.

How to Check the Running Configuration

Check the running configuration to verify no user-configured values appear for tunneling protocols or VLAN support, indicating that they are all in default mode.

Step 1 From the SCE# prompt, type show running-config and press Enter.

Displays the running configuration.

Step 2 Check that no VLAN or L2TP configuration appears.

How to Configure the MPLS Environment

If either VLAN or tunneling support is in default mode, skip the relevant step in the following procedure.

Step 1 From the SCE(config if)# prompt, type default vlan and press Enter.

Configures VLAN support to default mode.

Step 2 From the SCE(config if)# prompt, type no IP-tunnel and press Enter.

Disables all other tunneling protocol support.

Note All subscribers with tunnel mappings must be cleared to change the tunneling mode. If the connection with the SM is down, use the no subscriber all with-tunnel-mappings CLI command.

Step 3 From the SCE(config if)# prompt, type MPLS VPN auto-learn and press Enter.

Enables the MPLS auto-learning mechanism.

How to Configure the SCE Platform for MPLS/VPN Support

• About Configuring the SCE Platform for MPLS/VPN Support

• How to Define the PE Routers

• How to Configure the MAC Resolver

• How to Monitor the MAC Resolver

About Configuring the SCE Platform for MPLS/VPN Support

There are three main steps to configure the SCE platform for MPLS/VPN support:

1. Correctly configure the MPLS tunneling environment, disabling all other tunneling protocols, as well as disabling VLAN support (see How to Configure the MPLS Environment )

2. Define all PE routers, specifying the relevant interface IP addresses necessary for MAC resolution (see How to Define the PE Routers.)

3. Configure the MAC resolver (see How to Configure the MAC Resolver.)

How to Define the PE Routers

• Options

• How to Add a PE Router

• How to Remove PE Routers

Options

The following options are available:

•PE-ID — IP address that identifies the PE router.

•interface-ip — Interface IP address for the PE router. This is used for MAC resolution.

–At least one interface IP address must be defined per PE router.

–Multiple interface IP addresses may be defined for one PE router.

–In the case where the PE router has multiple IP interfaces sharing the same MAC address, it is sufficient to configure just one of the PE interfaces

•vlan — A VLAN tag can optionally be provided for each interface IP.

Two interfaces cannot be defined with the same IP address, even if they have different VLAN tags. If such a configuration is attempted, it will simply update the VLAN tag information for the existing PE interface.

How to Add a PE Router

Each PE router that has managed MPLS/VPN subscribers behind it must be defined using the following CLI command.

Step 1 From the SCE(config if)# prompt, type MPLS VPN PE-ID pe-idinterface-IP interface-ip [vlan vlan][Interface-IP interface-ip [vlan vlan]] and press Enter.

Defines the PE router with optional VLAN tag and optional additional IP addresses.

How to Remove PE Routers

• About Removing PE Routers

• How to Remove a Specified PE Router

• How to Remove All PE Routers

• How to Remove a Specified Interface from a PE Router

About Removing PE Routers

Use these commands to remove one or all defined PE routers.

Please note the following:

•You cannot remove a PE if it retains any MPLS mappings. You must logout the VPN before removing the router it uses.

•Removing the last interface of a PE router removes the router as well. Therefore, you must logout the relevant VPN to remove the last interface.

•Likewise, all MPLS VPNs must be logged out before using the no PE-Database command below, since it removes all PE routers.

How to Remove a Specified PE Router

Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-ID pe-id and press Enter.

Removes the specified PE router.

How to Remove All PE Routers

Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-Database and press Enter.

Removes all configured PR routers.

How to Remove a Specified Interface from a PE Router

Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-ID pe-idinterface-IP interface-ip and press Enter.

Removes the specified interface from the PE router definition. The PE router itself is not removed.

How to Configure the MAC Resolver

• About the MAC Resolver

• Options

• How to Add a Static IP Address

• How to Remove a Static IP Address

About the MAC Resolver

The MAC resolver allows the SCOS to find the MAC address associated with a specific IP address. The MAC resolver must be configured when the SCE platform operates in MPLS/VPN mode, to translate the IP addresses of the provider edge router interfaces to their respective MAC addresses.

The MPLS/VPN mode needs the MAC resolver, as opposed to the standard ARP protocol, because ARP is used by the management interface, while MPLS/VPN uses the traffic interfaces of the SCE platform, which ARP does not include.

The MAC resolver database holds the IP addresses registered by the clients to be resolved. The IP addresses of the routers are added to and removed from the database in either of two modes:

•Dynamic mode (default)

In this mode, the system listens to ARP messages of the configured PE interfaces, and this way it stays updated with their MAC addresses. There is no configuration required when operating in dynamic mode.

–Benefit: it works even if the MAC address of the PE interface changes.

•Drawback: depending on the specific network topology, the MAC resolution convergence time may be undesirably long.

•Static mode

In this mode, the MAC address of each PE router must be explicitly defined by the user.

–Benefit: no initial delay until IP addresses converge.

–Drawback: PE interface is not automatically updated via ARP updates; therefore it doesn't automatically support cases where the MAC address changes on the fly.

However, for statically configured MAC addresses, a user log message appears when the system detects that the MAC address changed. This can be used by the operator to configure the new address.

These two modes can function simultaneously; therefore selected PE routers can be configured statically, while the rest are resolved dynamically

For more information regarding the MAC resolver, refer to the Cisco Service Control Engine Software Configuration Guide.

Options

The following options are available:

•ip address — The IP address entry to be added to or removed from the database.

•vlan tag — VLAN tag that identifies the VLAN that carries this IP address (if applicable).

•mac address — MAC address assigned to the IP address, in xxxx.xxxx.xxxx format.

How to Add a Static IP Address

Step 1 From the SCE(config if)# prompt, type mac-resolver arp ip_address[vlan vlan_tag] mac_address andpress Enter.

Adds the specified IP address and MAC address pair to the MAC resolver database.

How to Remove a Static IP Address

Step 1 From the SCE(config if)# prompt, type no mac-resolver arp ip_address[vlan vlan_tag] mac_address and press Enter.

Removes the specified IP address and MAC address pair to the MAC resolver database.

How to Monitor the MAC Resolver

Use this command to see a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC resolver database.

Step 1 From the SCE# prompt, type show interface linecard 0 mac-resolver arp and press Enter.

Displays a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC resolver database.

How to Configure the SM for MPLS/VPN Support

• Configuring the SM for MPLS/VPN Support

• How to Edit the SM Configuration File

Configuring the SM for MPLS/VPN Support

There are two main steps to configure the SM for MPLS/VPN support:

Step 1 Edit the p3sm.cfg configuration file to specify the field in the BGP messages that should be used by the SM for MPLS-VPN identification.

See How to Edit the SM Configuration File

Step 2 Install and configure the BGP LEG

Refer to the Cisco SCM SM MPLS/VPN BGP LEG Reference Guide .

How to Edit the SM Configuration File

The SM configuration file, p3sm.cfg , must be configured to specify the field in the BGP messages that should be used by the SM for MPLS-VPN identification.

• How to Configure the SM for MPLS/VPN Support

• How to Configure the SM for Troubleshooting MPLS/VPN Support

How to Configure the SM for MPLS/VPN Support

Step 1 Add the following section to the p3sm.cfg configuration file:

# The following parameter enables SM operation with MPLS-VPN support. [MPLS-VPN] # The following parameter determines field in the BGP messages that should be used # for MPLS-VPN identification, in correlation to the MPLS-VPN mappings that were # previously set to the SM. # possible values: "rd" or "rt". # (default: rt) vpn_id=rt
How to Configure the SM for Troubleshooting MPLS/VPN Support

An optional parameter may be turned on to facilitate troubleshooting the BGP LEG installation. This parameter turns on detailed logging of messages received from the BGP LEG. It should only be turned on when necessary for troubleshooting and should always be turned off for normal operation of the system.

Step 1 Add the following section to the p3sm.cfg configuration file:

# The following parameter turns on detailed logging of messages received from the BGP LEG # should be changed to true only during troubleshooting # (default: false) log_all=true