Configuring VPRN components

Creating a VPRN service

Use the following CLI syntax to create a VPRN service. A route distinguisher must be defined in order for VPRN to be operationally active.

CLI syntax:
config>service# vprn service-id [customer customer-id]
    route-distinguisher rd
    description description-string
    no shutdown

The following example displays a VPRN service configuration.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        route-distinguisher 10001:0
            no shutdown
        exit
...
----------------------------------------------
*A:ALU-1>config>service>vprn#

Configuring global VPRN parameters

The autonomous system (AS) number for a VPRN service is configured in the config>service>vprn context. Local AS numbers can be set at the VPRN BGP global, group, and neighbor levels.

A spoke SDP can be bound to the VPRN service using the auto-bind-tunnel command or the spoke-sdp sdp-id command. However, when using the spoke-sdp command, you must create a spoke SDP for each peer PE router.

A VPRN spoke SDP can be any of the supported SDPs, except the IP SDP.

The following example displays a VPRN service with configured parameters.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        router-id 2000
        route-distinguisher 10001:0
        spoke-sdp 2 create
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Configuring router interfaces

See the 7705 SAR Router Configuration Guide for command descriptions and syntax information to configure router interfaces.

The following example displays a router interface configuration:

ALU48>config>router# info
#------------------------------------------
echo "IP Configuration"
#------------------------------------------
...
    interface "if1"
        address 10.0.0.0/8
        port 1/1/33
    exit
    interface "if2"
        address 10.0.0.1/8
        port 1/1/34
    exit
    interface "if3"
        address 10.0.0.2/8
        port 1/1/35
    exit
...
#------------------------------------------
ALU48>config>router#

Configuring static route entries for VPRN

The 7705 SAR VPRN service supports static routes to next-hop addresses.

Only one next-hop IP address can be specified per IP interface for static routes.

Use the following CLI syntax to create a VPRN static route entry. Multiple types of static routes (black-hole, grt, indirect, ipsec-tunnel, and next-hop) can be applied to the same entry. Unless no shutdown is specified, the static-route-entry will be created in a shutdown state.

CLI syntax:
config>service>vprn>
 static-route-entry {ip-prefix/prefix-length} 
        black-hole {ip-int-name | ip-address | ipv6-address}
            description description-string 
            metric metric 
            preference preference 
            prefix-list prefix-list-name [all | none]
            no shutdown 
            tag tag
        grt 
            description description-string 
            metric metric 
            preference preference 
            no shutdown 
        indirect ip-address
            cpe-check cpe-ip-address
                drop-count count
                interval seconds
                log
            description description-string
            metric metric
            preference preference
            prefix-list prefix-list-name {all | none} 
            no shutdown 
            tag tag 
        ipsec-tunnel [ipsec-tunnel-name]
            description description-string 
            metric metric 
            preference preference 
            no shutdown 
            tag tag
        next-hop {ip-int-name | ip-address | ipv6-address}
            bfd-enable 
            cpe-check cpe-ip-address
                drop-count count 
                interval interval 
                log 
            description description-string 
            metric metric 
            preference preference 
            prefix-list prefix-list-name [all | none]
            no shutdown 
            tag tag
Example:
config>service>vprn# static-route-entry 10.5.5.5/8 
    static-route-entry# next-hop 10.1.1.2
        next-hop# metric 1 
        next-hop# preference 5
        next-hop# tag 20
        next-hop# no shutdown

Configuring BGP for VPRN

Configuring BGP between the PE routers allows the PE routers to exchange information about routes originating and terminating in the VPRN. The PE routers use the information to determine which labels are used for traffic intended for remote sites.

The minimal parameters that should be configured for a VPRN BGP instance are:

  • an autonomous system number

    For an example of a VPRN service with a configured autonomous system number, see Configuring global VPRN parameters.

  • a router ID

    For an example of a VPRN service with a configured router ID, see Configuring global VPRN parameters.

  • a VPRN BGP peer group

  • a VPRN BGP neighbor with which to peer

  • a VPRN BGP peer-AS that is associated with the above peer

VPRN BGP is administratively enabled upon creation. Minimally, to enable VPRN BGP in a VPRN instance, you must associate an autonomous system number and router ID for the VPRN service, create a peer group, neighbor, and associate a peer AS number. There are no default VPRN BGP groups or neighbors. Each VPRN BGP group and neighbor must be explicitly configured.

All parameters configured for VPRN BGP are applied to the group and are inherited by each peer, but a group parameter can be overridden on a specific basis. The VPRN BGP command hierarchy consists of three levels:

  • global level

  • group level

  • neighbor level

Use the following CLI syntax to configure these three levels:

CLI syntax:
config>service>vprn>bgp#
    group 
        neighbor 
Note: The local-address command must be explicitly configured if two systems have multiple BGP peer sessions between them.

BGP for MP-BGP purposes is configured under the config>router>bgp context. For more information about the BGP protocol, see the 7705 SAR Routing Protocols Guide, ‟BGP”.

Configuring VPRN BGP group and neighbor parameters

A group is a collection of related VPRN BGP peers. The group name should be a descriptive name for the group. Follow your group, name, and ID naming conventions for consistency and to help when troubleshooting faults.

After a group name is created and options are configured, neighbors can be added in different autonomous systems, creating EBGP peers. All parameters configured for the peer group are inherited by each peer (neighbor), but a group parameter can be overridden on a specific neighbor-level basis.

Configuring route reflection

Route reflection can be implemented in autonomous systems with a large internal BGP mesh to reduce the number of IBGP sessions required. One or more routers can be selected to act as focal points for internal BGP sessions. Several BGP-speaking routers can peer with a route reflector. A route reflector forms peer connections to other route reflectors. A router assumes the role as a route reflector by configuring the cluster cluster-id command. No other command is required unless disabling reflection to specific peers is needed.

If you configure the cluster command at the global level, all subordinate groups and neighbors are members of the cluster. The route reflector cluster ID is expressed in dotted-decimal notation. The ID should be a significant topology-specific value. No other command is required unless disabling reflection to specific peers is needed.

If a route reflector client is fully meshed, the disable-client-reflect command can be enabled to stop the route reflector from reflecting redundant route updates to a client.

VPRN BGP CLI syntax

The following example displays a VPRN BGP configuration. The example includes two BGP groups: one group has a static (configured) neighbor and the other group has dynamic neighbors.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
        auto-bind-tunnel 
            resolution-filter
                ldp
            exit
            resolution filter
        exit
        vrf-target target:10001:1
        interface "to-ce1" create
            address 172.16.0.0/12
            sap 1/1/10:1 create
                ingress
                    qos 100
                    filter ip 6
                exit
                egress
                    qos 1010
                exit
            exit
        exit
        static-route-entry 10.1.1.1/8 
            next-hop 10.1.1.2
                no shutdown
            exit
        exit
        bgp
            router-id 10.0.0.1
            group ‟to-cel”
                export ‟vprnBgpExpPolCust1‟
                multihop 3
                peer-as 65101
                ttl-security 10
                neighbor 172.16.0.10
                exit
            group "dynamic"
                peer-as 100
                dynamic-neighbor
                    prefix 10.100.0.0/16
                dynamic-neighbor-limit 75
                exit
            exit
        exit
        spoke-sdp 2 create 
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Configuring IPv6 parameters for VPRN BGP

Use the following CLI syntax to configure IPv6 parameters for VPRN BGP:

CLI syntax:
config>service# vprn service-id [customer customer-id]
    bgp
        family ipv6
            group name
                family ipv6
                neighbor ipv6-address
                    family ipv6
Example:
A:ALU>config>service# vprn 20
A:ALU>config>service>vprn$ bgp
A:ALU>config>service>vprn>bgp$ family ipv6
A:ALU>config>service>vprn>bgp>family$ group BGP1
A:ALU>config>service>vprn>bgp>family>group$ family ipv6
A:ALU>config>service>vprn>bgp>family>group>family$ neighbor 2001:db8:a::123
A:ALU>config>service>vprn>bgp>family>group>family> neighbor$ family ipv6
A:ALU>config>service>vprn>bgp>family>group>family> neighbor$ exit
A:ALU>config>service>vprn>bgp>family>group>family$ exit
A:ALU>config>service>vprn>bgp>family>group$ exit
A:ALU>config>service>vprn>bgp>family$ exit
A:ALU>config>service>vprn>bgp$ exit

Configuring VPRN IPv6 neighbor discovery parameters

Use the following CLI syntax to configure IPv6 neighbor discovery parameters for a VPRN service:

CLI syntax:
config# config>service# vprn service-id [customer customer-id]
    ipv6
        reachable-time seconds
        stale-time seconds
Example:
config# service vprn 20
config>service>vprn# ipv6
config>service>vprn>ipv6# reachable-time 30
config>service>vprn>ipv6# stale-time 14400
config>service>vprn>ipv6# exit
config>service>vprn# exit

The following example displays IPv6 neighbor discovery parameters output.

A:ALU-A>config>service>vprn 20# info
#------------------------------------------
        ...
            reachable-time 30
            stale-time 14400
        exit
        ...

Configuring OSPF or OSPFv3 for VPRN

Each VPN routing instance is isolated from any other VPN routing instance and from the routing used across the backbone. OSPF or OSPFv3 can be run with any VPRN, independently of the routing protocols used in other VPRNs, or in the backbone. For more information about the OSPF and OSPFv3 protocols and for the commands used to run OSPF or OSPFv3 over the backbone (router context), see the 7705 SAR Routing Protocols Guide.

Use the following CLI syntax to configure OSPF or OSPFv3 in the VPRN context:

CLI syntax:
config>service>vprn>ospf#
CLI syntax:
config>service>vprn>ospf3#

The following example displays a VPRN OSPF configuration:

*A:ALU-1>config>service# info
---------------------------------------------- 
     vprn 2 customer 1 create
         interface "ospf_interface" create
         exit
         ospf
             area 0.0.0.0
                 interface ‟ospf_interface” 
                     no shutdown
                 exit
             exit
         exit
----------------------------------------------
*A:ALU-1>config>service#

Configuring RIP for VPRN

PE routers need to advertise reachability information for each CE that is attached to a VRF. RIP can be used to exchange reachability information between PE and CE routers by establishing adjacency with a CPE router that supports RIP. Via this adjacency, RIP learns the subnet or subnets for the customer site and will advertise any routes learned from other CEs. The routing table is updated to reflect the new information.

RIP can be used to distribute routes between PE and CE routers. When PE and CE routers are RIP peers, the CE router can use RIP to transmit to the PE router the set of address prefixes that are reachable via the CE router. When RIP is configured on the CE, care must be taken to ensure that address prefixes from other sites, that is, address prefixes learned by the CE router from the PE router, are never advertised to the PE. Specifically, if a PE router receives a VPN-IPv4 route and distributes it to a CE, that route must never be distributed from the CE site to, either the originating PE router, or any other PE router.

The parameters configured at the VPRN RIP global level are inherited by the group and neighbor levels. Parameters can be modified and overridden on a level-specific basis. The VPRN RIP command hierarchy consists of three levels:

  • global

  • group

  • neighbor

Hierarchical VPRN RIP commands can be modified on different levels. The most specific value is used. A group-specific command takes precedence over a global command. A neighbor-specific command takes precedence over a global or group-specific command.

Note: Careful planning is essential to implement commands that can affect the behavior of global, group, and neighbor levels. Because the RIP commands are hierarchical, analyze the values that can disable features on a particular level.

To enable a VPRN RIP instance, the RIP protocol must be enabled in the config>service>vprn>rip context of the VPRN. VPRN RIP is administratively enabled upon creation. Configuring other RIP commands and parameters is optional.

The minimum RIP configuration for a VPRN instance must define:

  • one VPRN RIP peer group

  • one VPRN RIP neighbor peer

  • one VPRN RIP peer-AS associated with the neighbor peer

The following example displays a VPRN RIP configuration:

*A:ALU-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution-filter
                    ldp
                exit
                resolution filter
            exit
            vrf-target target:10001:1
            interface "to-ce1" create
                address 172.16.0.0/12
                sap 1/1/10:1 create
                    ingress
                        qos 100
                    exit
                    egress
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------

For more information about the RIP protocol, see the 7705 SAR Routing Protocols Guide.

Configuring IGMP for VPRN

When using the ssm-translate command, the group range is not created until the source is specified.

The following example displays multicast IGMP parameters under a VPRN configuration:

*A:Sar18 Dut-B>config>service>vprn>igmp# info detail
----------------------------------------------
                interface "mvpn_if"
                    no import
                    version 3
                    subnet-check
                    no max-groups
                    no max-grp-sources
                    no disable-router-alert-check
                    ssm-translate
                        grp-range 239.255.0.2 239.255.0.20
                            source 192.168.0.0
                        exit
                    exit
                    no shutdown
                exit
                query-interval 125
                query-last-member-interval 1
                query-response-interval 10
                robust-count 2
                no shutdown
----------------------------------------------
*A:Sar18 Dut-B>config>service>vprn>igmp#

Configuring PIM for VPRN

The following example displays a PIM configuration for VPRN.

A:ALU-1>config>service>vprn>pim# info detail
----------------------------------------------
                no import join-policy
                no import register-policy
                interface "vprn_if"
                    hello-interval 30
                    hello-multiplier 35
                    no tracking-support
                    improved-assert
                    no bfd-enable
                    no three-way-hello
                    priority 1
                    multicast-senders auto
                    no bsm-check-rtr-alert
                    no sticky-dr
                    no max-groups
                    no assert-period
                    no instant-prune-echo
                    no shutdown
                    no ipv4-multicast-disable
                exit
                apply-to none
                rp
                    no bootstrap-import
                    no bootstrap-export
                    static
                    exit
                    bsr-candidate
                        shutdown
                        priority 0
                        hash-mask-len 30
                        no address
                    exit
                    rp-candidate
                        shutdown
                        no address
                        holdtime 150
                        priority 192
                    exit
                exit
                no non-dr-attract-traffic
                no ssm-default-range-disable ipv4
                no shutdown
                no ipv4-multicast-disable
----------------------------------------------
A:ALU-1>config>service>vprn>pim# 

Configuring MVPN for VPRN

For selective PMSI provider tunnels, mLDP must be configured before setting a maximum-p2mp-spmsi. Also, the data-threshold c-grp-ip-addr must be a valid multicast address.

The following example displays the MVPN parameters for VPRN configuration:

*A:ALU>config>service>vprn>mvpn# info detail
----------------------------------------------
                auto-discovery default
                c-mcast-signaling bgp
                umh-selection highest-ip
                mdt-type sender-receiver
                provider-tunnel
                    inclusive
                        mldp
                            shutdown
                        exit
                    exit
                    selective
                        mldp
                            shutdown
                        exit
                        maximum-p2mp-spmsi 4
                        no data-delay-interval
                        data-threshold 239.255.0.0/6 10
                    exit
                exit
                vrf-target unicast
                exit
----------------------------------------------
*A:ALU>config>service>vprn>mvpn#

The following example displays a VPRN service with MVPN. The MVPN in this example supports inclusive PMSI and selective PMSI. The data-threshold that forces a group C(S,G) to switch from I-PMSI to S-PMSI in this example is 1 kb/s.

        vprn 1 customer 1 create
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution-filter
                    ldp
                    rsvp
                exit
                resolution filter
            exit
           vrf-target target:65000:1
            interface "TO-CE-SOURCE" create
                address 172.16.0.1/12
                sap 1/1/9:100 create
                exit
            exit
            pim
                interface "to-ce-source"
                rp
                exit
                no shutdown
            exit
            mvpn
                provider-tunnel
                    inclusive
                        mldp
                            no shutdown
                        exit
                    exit
                    selective
                        mldp
                            no shutdown
                        exit
                        data-threshold 239.255.0.0/7 1
                    exit
                exit
                vrf-target target:65000:1
                exit
            exit
            ospf        
                area 0.0.0.0
                    interface "TO-CE-SOURCE"
                        interface-type point-to-point
                        no shutdown
                    exit
                exit
            exit
            no shutdown
        exit

Configuring a VPRN interface

Interface names associate an IP address with the interface, and then associate the IP interface with a physical port. The logical interface can associate attributes such as an IP address, port, or link aggregation group (LAG). There are no default interfaces.

Note:
  • The VPRN interface can be configured as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined, and a SAP cannot be defined on a loopback interface.

  • See Configuring a VPRN IPv6 interface for the CLI required to configure VPRN IPv6 interface parameters.

When using mrinfo and mtrace in a Layer 3 VPN context, the configuration for the VPRN should have a loopback address configured that has the same address as the core VPRN instance's system address (that is, the BGP next hop).

The following example displays a VPRN interface configuration:

*A:ALU-1>config>service>vprn# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
         auto-bind-tunnel
            resolution-filter
                ldp
            exit
            resolution filter
        exit
        vrf-target target:10001:1
        interface "to-ce1" create
            address 172.16.0.1/12
              proxy-arp policy ‟proxyARPpolicy”
              local proxy-arp
              remote proxy-arp
            exit
        exit
        static-route-entry 10.1.1.1/8 
            next-hop 10.1.1.2
                no shutdown
            exit
        exit
        spoke-sdp 2 create
        exit
    no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Use the following CLI syntax to configure interface parameters for the VPRN service.

CLI syntax:
config>service# vprn service-id [customer customer-id] [create] 
    interface ip-int-name
        address if-ip-address
        allow-directed-broadcasts
        arp-timeout
        bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
        description description-string
        dhcp
            description description-string
            option 
                action {replace | drop | keep}
                circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
                remote-id [mac | string string]
                vendor-specific-option
                    client-mac-address 
                    sap-id 
                    service-id
                    string text
                    system-id 
            server server1 [server2...(up to 8 max)]
            no shutdown
            trusted
        icmp
            mask-reply
            ttl-expired [number seconds]
            unreachables
        if-attribute 
            admin-group group-name [group-name...(up to 5 max)]
            srlg-group group-name [group-name...(up to 5 max)]
        ip-mtu octets
        ipcp
            dns ip-address [secondary ip-address]
            dns secondary ip-address
            peer-ip-address ip-address
        l4-load-balancing hashing-algorithm
        local-dhcp-service local-server-name
        local-proxy-arp
        loopback
        mac ieee-address
        proxy-arp-policy policy-name [policy-name...(up to 5 max)]
        remote-proxy-arp
        secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
        no shutdown
        static-arp ip-address ieee-mac-address
        static-arp ieee-mac-address unnumbered
        tcp-mss mss-value
        teid-load-balancing 
        unnumbered {ip-int-name | ip-address}
    no shutdown
Example:
A:ALU-41>config>service# vprn 4
A:ALU-41>config>service>vprn$ interface ‟vprn_interface” 
A:ALU-41>config>service>vprn>if$ address 192.168.0.0/16
A:ALU-41>config>service>vprn>if$ dhcp option
A:ALU-41>config>service>vprn>if>dhcp>option$ circuit-id ifindex 
A:ALU-41>config>service>vprn>if>dhcp>option$ exit
A:ALU-41>config>service>vprn>if$ ip-mtu 1524

The following example displays the VPRN interface creation output.

A:ALU-41>config>service>vprn>if# info detail
-------------------------------------------
...
              no description
              address 192.168.0.0/16 broadcast host-ones
              no mac
              arp-timeout 14400
              no allow-directed-broadcasts
              icmp
                 mask-reply
                 unreachables 100 10
                 ttl-expired 100 10
              exit
              dhcp
                 shutdown
                 no description
                 option
                     action keep
                     circuit-id ifindex
                     no remote-id
                     no vendor-specific-option
                 exit
                 no server
                 no trusted
              exit
              ip-mtu 1524
              no bfd
              ipcp
                 no peer-ip-address
                 no dns
              exit
              proxy-arp policy ‟proxyARPpolicy”
              local proxy-arp
              remote proxy-arp
              no shutdown...

Configuring a VPRN IPv6 interface

Use the following CLI syntax to create a VPRN IPv6 interface and to configure optional VPRN IPv6 interface parameters:

CLI syntax:
config>service
    vprn service-id
        interface ip-int-name
            ipv6 
                address ipv6-address/prefix-length [eui-64] [preferred]
                bfd transmit-interval [receive receive-interval] [multiplier multiplier]
                dhcp6-relay
                    description description-string
                    option
                        interface-id
                            interface-id ascii-tuple
                            interface-id ifindex
                            interface-id sap-id
                            interface-id string
                        remote-id
                    server ipv6-address...(upto 8 max)
                    shutdown
                    source-address ipv6-address
                dhcp6-server
                    max-nbr-of-leases max-nbr-of-leases
                    prefix-delegation
                        prefix ipv6-address/prefix-length
                            duid duid [iaid iaid]
                            preferred-lifetime seconds
                            preferred-lifetime infinite
                            valid-lifetime seconds
                            valid-lifetime infinite
                        no shutdown
                icmp6
                    packet-too-big number seconds
                    param-problem number seconds
                    time-exceeded number seconds
                    unreachables number seconds
                link-local-address ipv6-address [preferred]
                local-dhcp-server server-name [create]
                neighbor ipv6-address mac-address
                reachable-time seconds
                stale-time seconds

(The example below shows only some of the CLI VPRN IPv6 interface commands).

Example:
config>service# vprn 20
config>service>vprn# interface ‟int1”
config>service>vprn>if>ipv6#
config>service>vprn>if>ipv6>address# 2001:db8:a::123
config>service>vprn>if>ipv6>icmp6# packet-too-big 100 10
config>service>vprn>if>ipv6>icmp6# param-problem 100 10
config>service>vprn>if>ipv6>icmp6# time-exceeded 100 10
config>service>vprn>if>ipv6>icmp6# unreachables 100 10
config>service>vprn>if>ipv6>icmp6# exit
config>service>vprn>if>ipv6>neighbor# 2001:db8:a::124
config>service>vprn>if>ipv6>reachable-time# 30
config>service>vprn>if>ipv6>stale-time# 14400
config>service>vprn>if>ipv6># exit
config>service>vprn>if># exit

The following example displays a VPRN IPv6 interface configuration:

A:ALU-B>config>service>vprn 20# info detail
----------------------------------------------
.....
                ipv6
                    icmp6
                        packet-too-big 100 10
                        param-problem 100 10
                        time-exceeded 100 10
                        unreachables 100 10
                    exit
                    address 2001:db8:a::123
                    reachable-time 30
                    stale-time 14400
                    no dhcp6-relay
                    no local-dhcp-server
                    neighbor 2001:db8:a::124
                    no bfd
                exit
.....

Configuring VPRN interface routed VPLS IPv6 parameters

Use the following CLI syntax to configure VPRN interface routed VPLS IPv6 parameters:

CLI syntax:
config>service# vprn service-id [customer customer-id] [create]
    interface ip-int-name
        vpls service-name create
            ingress
                v6-routed-override-filter ipv6-filter-id 
            [no] shutdown
Example:
A:ALU-41>config>service# vprn 20
A:ALU-41>config>service>vprn$ interface ‟vprn20_interface”
A:ALU-41>config>service>vprn>if$ vpls 2/2/2:1 create
A:ALU-41>config>service>vprn>if>vpls$ ingress
A:ALU-41>config>service>vprn>if>vpls>ingress$ v6-routed-override-filter 44
A:ALU-41>config>service>vprn>if>vpls>ingress$ exit
A:ALU-41>config>service>vprn>if>vpls$ exit
A:ALU-41>config>service>vprn>if$ exit

Configuring VPRN interface SAP parameters

A SAP is a combination of a port and encapsulation parameters that identify the service access point on the interface and within the 7705 SAR. Each SAP must be unique within a router. A SAP cannot be defined if the loopback command is enabled on the interface.

When configuring VPRN interface SAP parameters, a default QoS policy is applied to each ingress and egress SAP. Additional QoS policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

A VPRN interface SAP is supported on the following ports and adapter cards:

  • T1/E1 port in access mode with PPP or MLPPP encapsulation (by setting the port’s channel-group encap-type to be ipcp):

    • any T1/E1 ASAP port or bundle on the 16-port T1/E1 ASAP Adapter card or 32-port T1/E1 ASAP Adapter card:

      • fractional T1/E1

      • clear channel T1/E1

    • any T1/E1 ASAP port or bundle on the 7705 SAR-X, 7705 SAR-M, or 7705 SAR-A:

      • fractional T1/E1

      • clear channel T1/E1

  • V.35 ports in access mode with PPP encapsulation on the 12-port Serial Data Interface card, version 3, with speed set to 64 kb/s, 2048 kb/s, or any value from 128 kb/s to 1920 kb/s (every 128 kb/s)

  • DS1/E1 channels on the 4-port OC3/STM1 / 1-port OC12/STM4 Adapter card:

    • the SAP can be a PPP link over a single DS1/E1 channel

    • the SAP can be an MLPPP or MC-MLPPP bundle over multiple DS1/E1 channels

  • Ethernet port in access mode:

    • any Ethernet port (null, dot1q, or qinq) on the 6-port Ethernet 10Gbps Adapter card, 8-port Gigabit Ethernet Adapter card, or 10-port 1GigE/1-port 10GigE X-Adapter card (supported on the 7705 SAR-18 only)

    • any Ethernet port (null, dot1q, or qinq) on the 7705 SAR-M, 7705 SAR-H, 7705 SAR-Hc, 7705 SAR-A, 7705 SAR-Ax, 7705 SAR-Wx, or 7705 SAR-X

Note:
  • IPv6 and multicast are not supported on PPP, MLPPP, or MC-MLPPP SAPs on the 4-port OC3/STM1 / 1-port OC12/STM4 Adapter card.

  • The 10-port 1GigE/1-port 10GigE X-Adapter card supports qinq only when it is in 10-port 1GigE mode.

The following examples show the configuration of a VPRN interface SAP for:

  • an access port on a 16-port T1/E1 ASAP Adapter card

  • an MLPPP bundle on an access port on a 16-port T1/E1 ASAP Adapter card


*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:10
         auto-bind-tunnel
            resolution-filter
                ldp
            exit
            resolution filter
        exit
        vrf-target target:10001:1
        interface "to-ce1" create
            address 172.16.0.0/12
            sap 1/1/10:1 create
                ingress
                    qos 100
                    filter ip 6
                exit
                egress
                    qos 1010
                exit
            exit
        exit
        static-route-entry 192.168.0.0/16 
            next-hop 192.168.0.1
               no shutdown
            exit
        exit
        spoke-sdp 2 create 
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#


*A:ALU-1>config>service>vprn# info 
----------------------------------------------
    description "test VPRN for PPP SAPs"
    route-distinguisher 10001:1
    vrf-target target:10001:1
    interface "to-ce1" create
        address 172.16.0.0/12
        sap 1/1/10:1 create
        exit
    exit
    interface "to_ce2_ppp" create
        address 172.16.0.1/12
        bfd 100 receive 100 multiplier 3
        ipcp
            peer-ip-address 192.168.0.50
        exit
        sap 1/1/2.24 create
        exit
    exit
    interface "to_ce2_mlppp" create
        address 172.16.0.3/12
        bfd 100 receive 100 multiplier 3
        ipcp
            peer-ip-address 192.168.0.51
            dns 2.2.2.2 secondary 3.3.3.3
        exit
        sap bundle-ppp-1/1.1 create
        exit
    exit
    interface "to_ce2_eth" create
         address 172.16.0.3/12
         sap 1/2/1:25 create
         exit
    exit
    static-route-entry 192.168.0.0/16
        next-hop 192.168.0.5
            no shutdown
        exit
    exit
    static-route-entry 192.168.0.1/16 
        next-hop 192.168.0.6
            no shutdown
        exit
    exit
    static-route-entry 192.168.0.2/16 
        next-hop 192.168.0.7
            no shutdown
        exit
    exit
    static-route-entry 192.168.0.3/16 
        next-hop 192.168.0.8
            no shutdown
        exit
    exit
    static-route-entry 192.168.0.3/16 
        next-hop 192.168.0.9 disable
            shutdown
        exit
    exit
----------------------------------------------
*A:ALU-1>config>service>vprn# 

Configuring VPRN interface SAP IPv6 parameters

Use the following CLI syntax to configure VPRN interface SAP IPv6 parameters:

CLI syntax:
config>service# vprn service-id [customer customer-id] [create]
    interface ip-int-name
        sap sap-id create
            ingress
                filter ipv6 ipv6-filter-id 
            [no] shutdown
Example:
A:ALU-41>config>service# vprn 20
A:ALU-41>config>service>vprn$ interface ‟vprn20_interface”
A:ALU-41>config>service>vprn>if$ sap 1/1/10:1 create
A:ALU-41>config>service>vprn>if>sap$ ingress
A:ALU-41>config>service>vprn>if>sap>ingress$ filter ipv6 78
A:ALU-41>config>service>vprn>if>sap>ingress$ exit
A:ALU-41>config>service>vprn>if>sap$ exit

Configuring VPRN interface spoke SDP parameters

Use the following CLI syntax to configure VPRN interface spoke SDP parameters:

CLI syntax:
config>service# vprn service-id [customer customer-id] [create]
    interface ip-int-name
        spoke-sdp sdp-id:vc-id [create]
            egress
                vc-label egress-vc-label 
            ingress
                filter ip ip-filter-id 
                vc-label ingress-vc-label 
            [no] shutdown
Example:
A:ALU-41>config>service# vprn 6
A:ALU-41>config>service>vprn$ interface ‟vprn6_interface”
A:ALU-41>config>service>vprn>if$ spoke-sdp 7:8 create
A:ALU-41>config>service>vprn>if>spoke-sdp$ ingress
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ filter ip 78
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ vc-label 7788

The following example displays the VPRN interface spoke SDP creation output.

A:ALU-41>config>service>vprn>if>spoke SDP# info detail
-------------------------------------------
...
           no description
           egress
               no vc-label
           ingress
               filter ip 78
               vc-label 7788
           exit
           no shutdown

Configuring VPRN interface spoke SDP IPv6 parameters

Use the following CLI syntax to configure VPRN interface spoke SDP IPv6 parameters:

CLI syntax:
config>service# vprn service-id [customer customer-id] [create]
    interface ip-int-name
        spoke-sdp sdp-id:vc-id [create]
            egress
                filter ipv6 ipv6-filter-id 
            ingress
                filter ipv6 ipv6-filter-id 
            [no] shutdown
Example:
A:ALU-41>config>service# vprn 10
A:ALU-41>config>service>vprn$ interface ‟vprn10_interface”
A:ALU-41>config>service>vprn>if$ spoke-sdp 8:9 create
A:ALU-41>config>service>vprn>if>spoke-sdp$ egress
A:ALU-41>config>service>vprn>if>spoke-sdp>egress$ filter ipv6 88
A:ALU-41>config>service>vprn>if>spoke-sdp>egress$ exit
A:ALU-41>config>service>vprn>if>spoke-sdp$ ingress
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ filter ipv6 89
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ exit
A:ALU-41>config>service>vprn>if>spoke-sdp$ exit

Configuring VRRP

Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on a VPRN interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP addresses shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

For overview information about VRRP and VRRP VPRN interface parameters, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.

The following displays a VPRN interface VRRP owner configuration:

config>service>vprn> info 
#----------------------------------------------
...
    interface ‟vrrpowner”
        address 10.10.10.24
        vrrp 1 owner
            backup 10.10.10.23
            authentication-key "testabc”
        exit
    exit
...
#----------------------------------------------
config>service>vprn#
config>service>vprn>if># info 
-------------------------------------------
...
    ipv6
        address 2001:db8:a::123 
        vrrp 1 owner
            backup 2001:db8:a::124 
        exit
    exit
        exit
...
-------------------------------------------

Configuring a security zone within a VPRN

To configure NAT or firewall security functionality, you must:

  • configure a NAT or firewall security profile and policy in the config>security context

    • in the config>security>profile context, specify the timeouts for the TCP/UDP/ICMP protocols and configure logging and application assurance parameters. This step is optional. If you do not configure the profile, a default profile is assigned.

    • in the config>security>policy context, configure a security policy, specify the match criteria and the action to be applied to a packet if a match is found.

  • configure a security zone and apply the policy ID to the zone, as shown in the following CLI syntax

CLI syntax:
config>service
    vprn service-id [customer customer-id] [create]
    abort
    begin
    commit
    zone zone-id [create]
        description description-string
        interface ip-int-name [create]
        name zone-name
        nat
            pool pool-id [create]
                description description-string
                direction {zone-outbound | zone-inbound | both}
                entry entry-id [create]
                    ip-address ip-address [to ip-address] interface ip-int-name
                    port port [to port] interface ip-int-name
                name pool-name
        policy policy-id | policy-name
        shutdown

The following example displays a NAT zone configuration output.

A:ALU-B>config>service>vprn# info
----------------------------------------------
        configure
            service vprn 1 create
                zone 1 create
                begin
                    name ‟VPRN zone”
                    description ‟uplink zone from private” 
                    interface vprn-100-192.168.0.0 
                    exit 
                    nat 
                        pool 1 create 
                            description "pool 1" 
                            direction zone-inbound 
                            exit 
                            entry 1 create 
                                ip-addr interface vprn-100-203.0.113.0 
                            exit 
                        exit 
                    exit 
                    policy 1 nat pool 1 
                    commit 
                exit
                no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#

Configuring serial raw socket transport within a VPRN

Configure an IP transport subservice within a VPRN service to enable the transport of serial data using raw sockets.

CLI syntax:
config>service
    vprn service-id [customer customer-id] [create]
        ip-transport ipt-id [create]
            description description-string
            filter-unknown-host
            local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}
            remote-host host-id [ip-addr ip-addr] [port-num port-num] [create]
                description description-string
                name host-name
                exit
            fc fc-name profile {in | out}
            shutdown
            tcp
                inactivity-timeout seconds
                max-retries number
                retry-interval seconds
            exit
        exit
    exit
exit

The following example displays an IP transport subservice configuration output.

A:ALU-B>config>service>vprn# info
----------------------------------------------
        configure
            service vprn 100 create
                ip-transport 1/2/4.1 create
                description ‟ip-transport vprn”
                filter-unknown-host
                local-host ip-address 192.168.0.0 port-number 4000 protocol udp
                    exit 
                remote-host 1 ip-address 192.168.0.1 port-number 4001 create
                    exit 
                exit
                no-shutdown
----------------------------------------------
A:ALU-B>config>service>vprn

Configuring VPRN router advertisement

Use the following CLI syntax to enable VPRN router advertisement on all IPv6-enabled interfaces and to configure optional router advertisement parameters:

CLI syntax:
config>service
    vprn service-id
        router-advertisement
            interface ip-int-name
                current-hop-limit number
                managed-configuration
                max-advertisement-interval seconds
                min-advertisement-interval seconds
                mtu mtu-bytes
                other-stateful-configuration
                prefix ipv6-prefix/prefix-length
                    autonomous
                    on-link
                    preferred-lifetime {seconds | infinite}
                    valid-lifetime {seconds | infinite}
                reachable-time milli-seconds
                retransmit-time milli-seconds
                router-lifetime seconds
                no shutdown
Example:
config>service# vprn 1
config>service>vprn# router-advertisement 
config>service>vprn>router-advert# interface ‟int1”
config>service>vprn>router-advert>if# prefix 2001:db8:a::123
config>router>router-advert>if>prefix# autonomous
config>router>router-advert>if>prefix# on-link
config>router>router-advert>if>prefix# preferred-lifetime 206800
config>router>router-advert>if>prefix# valid-lifetime 1502000
config>router>router-advert>if>prefix# exit
config>router>router-advert>if# exit
config>router>router-advert# exit

The following example displays a VPRN router advertisement configuration:

A:ALU-A>config>service# info detail
------------------------------------------
            interface ‟n1”
                prefix 3::/64
                exit
                no shutdown
------------------------------------------
A:ALU-A>config>router>router-advert# interface n1
A:ALU-A>config>router>router-advert>if# prefix 2001:db8:a::123
A:ALU-A>config>router>router-advert>if>prefix# into detail
------------------------------------------
                      
                      autonomous
                      on-link
                      preferred-lifetime 604800
                      valid-lifetime 2592000
------------------------------------------
A:ALU-A>config>router>router-advert>if>prefix#