IES

IES is a routed connectivity service that enables subscribers to communicate with an IP router interface to send and receive Internet traffic. An IES has one or more logical IP routing interfaces, each with a SAP that acts as the access point to the subscriber network.

IES allows IP interfaces to participate in the same routing instance used for service network core routing connectivity.

See "Internet Enhanced Service" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN for detailed information about IES.

See IES for information about relevant verification commands.

The following figure shows the IES topology for this example.

Figure 1. IES topology used in this example

An IES service will be created to establish communication between the Layer 2 clients. The routes are exchanged from the global routing table to the IES service. Routed VPLS or RVPLS (commonly called IRB) is configured toward the customer to collect traffic and forward it to the IES service. The RVPLS service is configured with a SAP that acts as the access point.

To connect Layer 3 clients, a direct Layer 3 interface can be created facing the Layer 3 client.

Configuration

CE-facing port configuration on PE1 and PE3:

/configure port 1/1/c10/1 admin-state enable
/configure port 1/1/c10/1 ethernet mode access
/configure port 1/1/c10/1 ethernet encap-type dot1q
/configure port 1/1/c10/1 ethernet mtu 5000

VPLS SAP IPv4 filter configuration on PE1:

/configure filter ip-filter "RVPLS-ACL" filter-id 105
/configure filter ip-filter "RVPLS-ACL" entry 10 match protocol icmp
/configure filter ip-filter "RVPLS-ACL" entry 10 match dst-ip address 192.168.51.1
/configure filter ip-filter "RVPLS-ACL" entry 10 match dst-ip mask 255.255.255.255
/configure filter ip-filter "RVPLS-ACL" entry 10 action accept

VPLS configuration on PE1:

/configure service vpls "RVPLS-VLAN500" service-id 50
/configure service vpls "RVPLS-VLAN500" customer "1"
/configure service vpls "RVPLS-VLAN500" admin-state enable
/configure service vpls "RVPLS-VLAN500" routed-vpls { }
/configure service vpls "RVPLS-VLAN500" sap 1/1/c10/1:500 ingress qos sap-ingress policy-name "CE-ingress-QoS"
/configure service vpls "RVPLS-VLAN500" sap 1/1/c10/1:500 ingress filter ip "RVPLS-ACL"
/configure service vpls "RVPLS-VLAN500" sap 1/1/c10/1:500 egress qos sap-egress policy-name "CE-egress-QoS"

VPLS configuration on PE3:

/configure service vpls "RVPLS-VLAN500" service-id 50
/configure service vpls "RVPLS-VLAN500" customer "1"
/configure service vpls "RVPLS-VLAN500" admin-state enable
/configure service vpls "RVPLS-VLAN500" routed-vpls { }
/configure service vpls "RVPLS-VLAN500" sap 1/1/c10/1:500 { }

IES configuration on PE1:

/configure service ies "IES-500" admin-state enable
/configure service ies "IES-500" service-id 51
/configure service ies "IES-500" customer "1"
/configure service ies "IES-500" interface "to-CEA-VLAN500" { vpls "RVPLS-VLAN500" }
/configure service ies "IES-500" interface "to-CEA-VLAN500" ipv4 primary address 192.168.50.254
/configure service ies "IES-500" interface "to-CEA-VLAN500" ipv4 primary prefix-length 24

IES configuration on PE3:

/configure service ies "IES-500" admin-state enable
/configure service ies "IES-500" service-id 51
/configure service ies "IES-500" customer "1"
/configure service ies "IES-500" interface "to-CEZ-VLAN500" { vpls "RVPLS-VLAN500" }
/configure service ies "IES-500" interface "to-CEZ-VLAN500" ipv4 primary address 192.168.51.254
/configure service ies "IES-500" interface "to-CEZ-VLAN500" ipv4 primary prefix-length 24

To establish reachability between the client subnets in the global routing table, we will create a static route on PE1 and PE3 that will resolve to a SR-ISIS tunnel.

Static route on PE1:

/configure router "Base" static-routes route 192.168.51.0/24 route-type unicast indirect 10.10.10.3 admin-state enable
/configure router "Base" static-routes route 192.168.51.0/24 route-type unicast indirect 10.10.10.3 tunnel-next-hop resolution filter
/configure router "Base" static-routes route 192.168.51.0/24 route-type unicast indirect 10.10.10.3 tunnel-next-hop resolution-filter sr-isis true

Static route on PE3:

/configure router "Base" static-routes route 192.168.50.0/24 route-type unicast indirect 10.10.10.1 admin-state enable
/configure router "Base" static-routes route 192.168.50.0/24 route-type unicast indirect 10.10.10.1 tunnel-next-hop resolution filter
/configure router "Base" static-routes route 192.168.50.0/24 route-type unicast indirect 10.10.10.1 tunnel-next-hop resolution-filter sr-isis true

Customer verification

Login to CEA:

docker exec -it cea bash

Ping CEZ VLAN 600 from CEA:

└──> ping -c 100 -Q 34 192.168.51.1
PING 192.168.51.1 (192.168.51.1) 56(84) bytes of data.
64 bytes from 192.168.51.1: icmp_seq=1 ttl=61 time=17.8 ms
64 bytes from 192.168.51.1: icmp_seq=2 ttl=61 time=9.91 ms
64 bytes from 192.168.51.1: icmp_seq=3 ttl=61 time=5.03 ms

--- 192.168.51.1 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99142ms
rtt min/avg/max/mdev = 4.955/7.436/17.811/3.667 ms

While the ping is in progress, check the SAP, ACL, and QoS statistics.