cc/td/doc/product/rtrmgmt/isc/5_0_1
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Sample Configlets

Overview

L2 Access into L3 MPLS VPN

CE-PE L3 MPLS VPN (BGP with full-mesh)

CE-PE L3 MPLS VPN (BGP with SOO)

CE-PE L3 MPLS VPN

N-PE L3 MPLS VPN (IPv4, IOS XR, OSPF)

N-PE L3 MPLS VPN (IPv6, IOS XR, EIGRP)


Sample Configlets

This appendix provides sample configlets for MPLS VPN provisioning in ISC. It contains the following sections:

Overview

L2 Access into L3 MPLS VPN

CE-PE L3 MPLS VPN (BGP with full-mesh)

CE-PE L3 MPLS VPN (BGP with SOO)

CE-PE L3 MPLS VPN

N-PE L3 MPLS VPN (IPv4, IOS XR, OSPF)

N-PE L3 MPLS VPN (IPv6, IOS XR, EIGRP)

Overview

The configlets provided in this appendix show the CLIs generated by ISC for particular services and features. Each configlet example provides the following information:

Service.

Feature.

Devices configuration (network role, hardware platform, relationship of the devices and other relevant information).

Sample configlets for each device in the configuration.

Comments.

Note The configlets generated by ISC are only the delta between what needs to be provisioned and what currently exists on the device. This means that if a relevant CLI is already on the device, it does not show up in the associated configlet.

Note All examples in this appendix assume an MPLS core.

For information on how to view configlets, see Viewing Configlets Generated by a Service Request.

L2 Access into L3 MPLS VPN

Configuration

Service: L2VPN/Metro Ethernet.

Feature: Access into L3 MPLS VPN.

Device configuration:

The CE is a CISCO3550 with IOS 12.1(22)EA1.

F0/13 <-> F0/4

The U-PE is a CISCO3550 with IOS 12.1(22)EA1.

F0/14

The N-PE is a CISCO7609 with IOS 12.2(18)SXF.

F2/8

VLAN = 3101

Configlets

CE
U-PE
N-PE
!
vlan 3101
exit
!
interface FastEthernet0/13
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,3101
!
interface Vlan3101
description By VPNSC: Job Id# = 13
ip address 10.19.19.10 255.255.255.252
no shutdown
!
vlan 3101
exit
!
interface FastEthernet0/14
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,3101
!
interface FastEthernet0/4
no keepalive
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 3101
switchport nonegotiate
cdp enable
no shutdown
mac access-group ISC-FastEthernet0/4 in
!
mac access-list extended ISC-FastEthernet0/4
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
permit any any
!
ip vrf V5:VPN_sample
rd 100:1502
route-target import 100:1602
route-target import 100:1603
route-target export 100:1602
maximum routes 100 80
!
interface FastEthernet2/8
no shutdown
!
interface FastEthernet2/8.3101
description FastEthernet2/8.3101 dot1q vlan id=3101. By VPNSC: Job Id# = 13
encapsulation dot1Q 3101
ip vrf forwarding V5:VPN_sample
ip address 10.19.19.9 255.255.255.252
no shutdown
!
router bgp 100
address-family ipv4 vrf V5:VPN_sample
redistribute connected
redistribute static

exit-address-family


Comments

IP Numbered scenario with Dot1q encapsulation for VPN Link.

The VRF is created on the N-PE device (-s designates that VPN is joining as a Hun-n-Spoke.

On the N-PE, the VRF is added to iBGP routing instance with user configured redistribution of connected and static options.

The VRF is created on the NPE with forwarding associated with the U-PE facing interface.

CE-PE L3 MPLS VPN (BGP with full-mesh)

Configuration

Service: L3 MPLS VPN.

Feature: CE-PE BGP with full-mesh.

Device configuration:

The PE is a CISCO7609 with IOS 12.2(18)SXF.

F0/12

The CE is a CISCO3550 with IOS 12.2(22)EA1.

F2/5

Routing protocol = BGP.

Configlets

CE
PE
!
vlan 62
exit
!
interface Vlan62
description By VPNSC: Job Id# = 29
ip address 10.19.19.42 255.255.255.252
no shutdown
!
router bgp 10
neighbor 10.19.19.41 remote-as 100
!
ip vrf V9:mpls_vpn1
rd 100:1506
route-target import 99:3204
route-target export 99:3204
maximum routes 100 80
!
interface FastEthernet2/5.62
description FastEthernet2/5.62 dot1q vlan id=62. By VPNSC: Job Id# = 29
encapsulation dot1Q 62
ip vrf forwarding V9:mpls_vpn1
ip address 10.19.19.41 255.255.255.252
no shutdown
!
router bgp 100
address-family ipv4 vrf V9:mpls_vpn1
neighbor 10.19.19.42 remote-as 10
neighbor 10.19.19.42 activate
neighbor 10.19.19.42 allowas-in 2
redistribute connected
redistribute static
exit-address-family

Comments

A full-mesh configuration is created by means of the CERC selected for the VPN policy. As a result, route-target import and route-target export are identical.

BGP is the routing protocol on the CE-PE access link.

IP Numbered scenario with Dot1q encapsulation for the VPN link.

The VRF is created on the PE device.

The VRF is created on the PE with forwarding associated with the CE facing interface.

CE-PE L3 MPLS VPN (BGP with SOO)

Configuration

Service: L3 MPLS VPN.

Feature: CE-PE.

Device configuration:

The PE is a CISCO7609 with IOS 12.2(18)SXF.

F0/5

The CE created in ISC.

F2/32

Routing protocol = BGP.

VPN = Hub

Configlets

CE
PE
!
vlan 3100
exit
!
interface FastEthernet1/0/14
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,3100
no shutdown
!
interface Vlan3100
description By VPNSC: Job Id# = 12
ip address 10.19.19.6 255.255.255.252
no shutdown
!
router ospf 3500
network 10.19.19.4 0.0.0.3 area 12345
!
ip vrf V4:VPN_sample-s
rd 100:1501
route-target import 100:1602
route-target export 100:1603
maximum routes 100 80
!
interface FastEthernet2/3.3100
description FastEthernet2/3.3100 dot1q vlan id=3100. By VPNSC: Job Id# = 12
encapsulation dot1Q 3100
ip vrf forwarding V4:VPN_sample-s
ip address 10.19.19.5 255.255.255.252
no shutdown
!
router ospf 2500 vrf V4:VPN_sample-s
redistribute bgp 100 subnets
network 10.19.19.4 0.0.0.3 area 12345
!
router bgp 100
address-family ipv4 vrf V4:VPN_sample-s
redistribute connected
redistribute ospf 2500 vrf V4:VPN_sample-s match internal external 1 external 2
redistribute static
exit-address-family

Comments

IP Numbered scenario with Dot1q encapsulation for the VPN link.

The VRF is created on PE device (VPN is joining as a Spoke).

On PE, the VRF is added to iBGP routing instance with user configured redistribution of connected and static options.

The VRF is created on the PE with forwarding associated with the CE facing interface.

CE-PE L3 MPLS VPN

Configuration

Service: L3 MPLS VPN.

Feature: CE-PE.

Device configuration:

The PE is a CISCO7609 with IOS 12.2(18)SXF.

F1/0/14

The CE is an ME-C3750-24TE with IOS 12.2(25)EY.

F2/3

VPN = Spoke

Configlets

CE
PE
!
interface FastEthernet0/5.3102
description FastEthernet0/5.3102 dot1q vlan id=3102. By VPNSC: Job Id# = 26
encapsulation dot1Q 3102
ip address 10.19.19.38 255.255.255.252
no shutdown
!
router bgp 10
neighbor 10.19.19.37 remote-as 100
no auto-summary
! interface FastEthernet2/32.3102 description FastEthernet2/32.3102 dot1q vlan id=3102. By VPNSC: Job Id# = 26 encapsulation dot1Q 3102 ip vrf forwarding V6:mpls_vpn1 ip address 10.19.19.37 255.255.255.252 no shutdown ! router bgp 100 address-family ipv4 vrf V6:mpls_vpn1 neighbor 10.19.19.38 remote-as 10 neighbor 10.19.19.38 activate neighbor 10.19.19.38 allowas-in 2 neighbor 10.19.19.38 route-map SetSOO_V6:mpls_vpn1_100:9999 in ! route-map SetSOO_V6:mpls_vpn1_100:9999 permit 10 set extcommunity soo 100:9999


Comments

IP Numbered scenario with Dot1q encapsulation for the VPN link.

The VRF is created on the PE device.

neighbor 10.19.19.38 remote-as 10 is created as a result of the policy having
CE BGP AS ID = 10.

neighbor 10.19.19.38 allowas-in 2 is created as a result of the policy having
Neighbor Allow-AS in = 2 in the PE-CE Routing information screen.

The VRF is created on the PE with forwarding associated with the CE facing interface.

On the PE, BGP defines a route-map for the CE neighbor. 

The associated route map sets the extended community attribute to SOO, which is the community value (SOO pool value defined in ISC).

N-PE L3 MPLS VPN (IPv4, IOS XR, OSPF)

Configuration

Service: L3 MPLS VPN.

Feature: IPv4 with IOS XR.

Device configuration:

The N-PE is a Cisco 12000 router with IOS XR.

Routing protocol = OSPF.

Configlets

N-PE

(See the extended code example below.)


<?xml version="1.0" encoding="UTF-8"?>
<Request MajorVersion="1" MinorVersion="0">
<Delete>
<Configuration Source="CurrentConfig">
<InterfaceConfigurationTable>
<InterfaceConfiguration>
<Naming>
<Name>GigabitEthernet0/1/1/1.856</Name>
<Active>act</Active>
</Naming>
<Shutdown>true</Shutdown>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
</Configuration>
</Delete>
<Set>
<Configuration Source="CurrentConfig">
<VRFTable>
<VRF>
<Naming>
<Name>ICICI_VPN_1</Name>
</Naming>
<AFI_SAFITable>
<AFI_SAFI>
<Naming>
<AFI>IPv4</AFI>
<SAFI>Unicast</SAFI>
</Naming>
<BGP>
<ImportRouteTargets>
<RouteTargetTable>
<RouteTarget>
<Naming>
<Type>AS</Type>
<AS>100</AS>
<ASIndex>1</ASIndex>
</Naming>
<True>true</True>
</RouteTarget>
</RouteTargetTable>
</ImportRouteTargets>
<ExportRouteTargets>
<RouteTargetTable>
<RouteTarget>
<Naming>
<Type>AS</Type>
<AS>100</AS>
<ASIndex>1</ASIndex>
</Naming>
<True>true</True>
</RouteTarget>
</RouteTargetTable>
</ExportRouteTargets>
</BGP>
</AFI_SAFI>
</AFI_SAFITable>
</VRF>
</VRFTable>
<InterfaceConfigurationTable>
<InterfaceConfiguration>
<Naming>
<Name>GigabitEthernet0/1/1/1.856</Name>
<Active>act</Active>
</Naming>
<Description>GigabitEthernet0/1/1/1.856 dot1q vlan id=856. By VPNSC: Job Id# = 116</Description>
<InterfaceModeNonPhysical>Default</InterfaceModeNonPhysical>
<VLANSubConfiguration>
<VLANIdentifier>
<VlanType>VLANTypeDot1q</VlanType>
<FirstTag>856</FirstTag>
</VLANIdentifier>
</VLANSubConfiguration>
<VRF>ICICI_VPN_1</VRF>
<IPV4Network>
<Addresses>
<Primary>
<IPAddress>10.10.56.1</IPAddress>
<Mask>255.255.255.252</Mask>
</Primary>
</Addresses>
</IPV4Network>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
<BGP>
<AS>
<Naming>
<AS>0</AS>
</Naming>
<FourByteAS>
<Naming>
<AS>100</AS>
</Naming>
<VRFTable>
<VRF>
<Naming>
<Name>ICICI_VPN_1</Name>
</Naming>
<VRFGlobal>
<Exists>true</Exists>
<RouteDistinguisher>
<Type>AS</Type>
<AS>100</AS>
<ASIndex>8064</ASIndex>
</RouteDistinguisher>
<VRFGlobalAFTable>
<VRFGlobalAF>
<Naming>
<AF>IPv4Unicast</AF>
</Naming>
<Enabled>true</Enabled>
<Redistribution>
<ConnectedRoutes/>
<OSPFRouteTable>
<OSPFRoutes>
<Naming>
<OSPFInstanceName>100</OSPFInstanceName>
</Naming>
<RedistType>21</RedistType>
<DefaultMetric>20000</DefaultMetric>
</OSPFRoutes>
</OSPFRouteTable>
<StaticRoutes/>
</Redistribution>
</VRFGlobalAF>
</VRFGlobalAFTable>
</VRFGlobal>
</VRF>
</VRFTable>
</FourByteAS>
</AS>
</BGP>
<OSPF>
<ProcessTable>
<Process>
<Naming>
<InstanceName>100</InstanceName>
</Naming>
<Start>true</Start>
<VRFTable>
<VRF>
<Naming>
<VRFName>ICICI_VPN_1</VRFName>
</Naming>
<VRFStart>true</VRFStart>
<Redistribution>
<RedistributeTable>
<Redistribute>
<Naming>
<ProtocolType>rip</ProtocolType>
<InstanceName>rip</InstanceName>
</Naming>
<Classful>false</Classful>
</Redistribute>
<Redistribute>
<Naming>
<ProtocolType>static</ProtocolType>
<InstanceName>static</InstanceName>
</Naming>
<Classful>false</Classful>
</Redistribute>
</RedistributeTable>
</Redistribution>
<AreaTable>
<Area>
<Naming>
<IntegerID>100</IntegerID>
</Naming>
<NameScopeTable>
<NameScope>
<Naming>
<Interface>GigabitEthernet0/1/1/1.856</Interface>
</Naming>
<Running>true</Running>
</NameScope>
</NameScopeTable>
<Running>true</Running>
</Area>
</AreaTable>
<DefaultInformation>
<AlwaysAdvertise>true</AlwaysAdvertise>
</DefaultInformation>
</VRF>
</VRFTable>
</Process>
</ProcessTable>
</OSPF>
</Configuration>
</Set>
<Commit/>
</Request>
Comments

In IOS XR, device configuration is specified in XML format.

With respect to the XML schemas, different versions of IOS XR will generate different XML configlets. However the configurations will be almost identical, except for changes in the XML schema.

There are different cases to consider. For example, when a service request is decommissioned or modified, the XML configuration will slightly differ.

N-PE L3 MPLS VPN (IPv6, IOS XR, EIGRP)

Configuration

Service: L3 MPLS VPN.

Feature: N-PE running IOS XR 3.5.x.

Device configuration:

The N-PE is a Cisco 12000 router with IOS XR 3.5.x.

Routing protocol = EIGRP.

Configlets

N-PE

(See the extended code example below.)


<?xml version="1.0" encoding="UTF-8"?>
<Request MajorVersion="1" MinorVersion="0">
<CLI>
<Configuration>
interface GigabitEthernet0/1/1/1.840

ipv6 address fec0:140:9834::/64

exit

</Configuration>
</CLI>
<Delete>
<Configuration Source="CurrentConfig">
<EIGRP>
<ProcessTable>
<Process>
<Naming>
<ASNumber>100</ASNumber>
</Naming>
<VRFTable>
<VRF>
<Naming>
<VRFName>V10:ICICI_VPN</VRFName>
</Naming>
<VRF_AFTable>
<VRF_AF>
<Naming>
<VRF_AFType>IPv4</VRF_AFType>
</Naming>
<AutoSummary/>
</VRF_AF>
</VRF_AFTable>
</VRF>
</VRFTable>
</Process>
</ProcessTable>
</EIGRP>
<InterfaceConfigurationTable>
<InterfaceConfiguration>
<Naming>
<Name>GigabitEthernet0/1/1/1.840</Name>
<Active>act</Active>
</Naming>
<Shutdown>true</Shutdown>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
</Configuration>
</Delete>
<Set>
<Configuration Source="CurrentConfig">
<InterfaceConfigurationTable>
<InterfaceConfiguration>
<Naming>
<Name>GigabitEthernet0/1/1/1.840</Name>
<Active>act</Active>
</Naming>
<Description>GigabitEthernet0/1/1/1.840 dot1q vlan id=840. By VPNSC: Job Id# = 50</Description>
<InterfaceModeNonPhysical>Default</InterfaceModeNonPhysical>
<VLANSubConfiguration>
<VLANIdentifier>
<VlanType>VLANTypeDot1q</VlanType>
<FirstTag>840</FirstTag>
</VLANIdentifier>
</VLANSubConfiguration>
<VRF>V10:ICICI_VPN</VRF>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
<BGP>
<AS>
<Naming>
<AS>0</AS>
</Naming>
<FourByteAS>
<Naming>
<AS>100</AS>
</Naming>
<VRFTable>
<VRF>
<Naming>
<Name>V10:ICICI_VPN</Name>
</Naming>
<VRFGlobal>
<Exists>true</Exists>
<VRFGlobalAFTable>
<VRFGlobalAF>
<Naming>
<AF>IPv6Unicast</AF>
</Naming>
<Enabled>true</Enabled>
<Redistribution>
<EIGRPRouteTable>
<EIGRPRoutes>
<Naming>
<EIGRPInstanceName>120</EIGRPInstanceName>
</Naming>
</EIGRPRoutes>
</EIGRPRouteTable>
</Redistribution>
</VRFGlobalAF>
</VRFGlobalAFTable>
</VRFGlobal>
</VRF>
</VRFTable>
</FourByteAS>
</AS>
</BGP>
<EIGRP>
<ProcessTable>
<Process>
<Naming>
<ASNumber>100</ASNumber>
</Naming>
<VRFTable>
<VRF>
<Naming>
<VRFName>V10:ICICI_VPN</VRFName>
</Naming>
<Enabled>true</Enabled>
<VRF_AFTable>
<VRF_AF>
<Naming>
<VRF_AFType>IPv4</VRF_AFType>
</Naming>
<Enabled>true</Enabled>
<RedistributeTable>
<Redistribute>
<Naming>
<Protocol>BGP</Protocol>
<SecondASNumber>100</SecondASNumber>
</Naming>
<PolicySpecified>false</PolicySpecified>
</Redistribute>
</RedistributeTable>
<DefaultMetric>
<BW>2000</BW>
<Delay>2001</Delay>
<Reliability>200</Reliability>
<Load>201</Load>
<MTU>20000</MTU>
</DefaultMetric>
<InterfaceTable>
<Interface>
<Naming>
<InterfaceName>GigabitEthernet0/1/1/1.840</InterfaceName>
</Naming>
<Enabled>true</Enabled>
</Interface>
</InterfaceTable>
<AutonomousSystem>120</AutonomousSystem>
</VRF_AF>
</VRF_AFTable>
</VRF>
</VRFTable>
</Process>
</ProcessTable>
</EIGRP>
</Configuration>
</Set>
<Commit/>
</Request>Comments

In IOS XR, device configuration is specified in XML format.

With respect to the XML schemas, different versions of IOS XR will generate different XML configlets. However the configurations will be almost identical, except for changes in the XML schema.

There are different cases to consider. For example, when a service request is decommissioned or modified, the XML configuration will slightly differ.

hometocprevnextglossaryfeedbacksearchhelp

Posted: Mon Feb 18 15:00:40 PST 2008
All contents are Copyright © 1992--2008 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.