FS S5500-48T8SP Multi VRF CE Configuration Instructions

Multi-VRF CE
Configuration Guide
Model: S5500-48T8SP

Chapter 1 Multi-VRF CE Intro

1.1 Overview
The Virtual Private Network (VPN) provides a secure method for multiple client networks to share the ISP-supplied bandwidth. In general, one VPN comprises a team of client networks that share a public routing table on the ISP’s routers. Each client network is connected to the interface of the network devices of ISP, while ISP’s device will relate each interface to a VPN routing table. One VPN routing table is also called as a VRF (VPN Routing /Forwarding table).
VRF is usually deployed on a Provider Edge (PE) device, such as MPLS VRF VPN. A PE supports multiple VPNs, and each VPN has its independent IP address space among which IP addresses can be overlapped. The VPN of a different client connects a different interface of PE, while PE differentiates the to-be- checked routing tables according to the incoming port of the packet.
Multi-VRF CE is to remove the task of connecting multiple client networks from PE to CE, which only requires a physical link to connect CE and PE. In this way, the port resource of PE is saved. CE also maintains the VRF routing table for each VPN. The packets from the client network are first forwarded on CE and then transmitted to PE after the packets pass through the ISP network.
The switch which serves as MCE connects different client networks through different ports and then relates these ports to a VPN routing table. MY COMPANY switches only support VRF settings on the VLAN port.
The MCE function is usually deployed at the edge of the large-scale MPLS-VRF VPN network. The three functions, Multi-VRF CE, MPLS label switching and the function of MPLS control layer, are independent. Figure 1.1 shows an MPLS-VRF VPN network.

1.1.1 Establishing Routes with CE
The Multi-VRF CE switch can establish routes with CE through multiple dynamic routing protocols. CE can be routers or the Ethernet switches. The routing protocols
which are supported include OSPF, RIP and BEIGRP. The MCE switch also supports static routing configuration.
The MCE switch generally needs different VLAN ports to connect CEs that belong to different VPNs. The VLAN ports that are used to connect the VPNs require to be
related to a VRF. CE does not need to support VRF.
1.1.2 Establishing Routes with PE
The MCE switch (MCE) can connect one or multiple PEs, but both MCE and the connected PEs have to get VRF configured. MCE will provide PE the routes which
MCE learns from CE and learns the routes of remote client networks from PE.
The VRF route can be established between MCE and PE through dynamic routing protocols such as BGP, OSPF, RIP and BEIGRP. Of course, the VRF route can also be
established statically.
In general, MCE and PE belong to different autonomous systems. Hence, the method to establish the VRF route between MCE and PE by using EBGP is the key point in
this document.

Chapter 2 Multi-VRF CE Configuration

2.1 Default VRF Configuration

All routes are added to the default routing table.
VPN expansibility of VRF| There is no Routing Distinguisher (RD).
There is no input/output Routing Target (RT).
Maximum number of VRF routes| 10240
VRF port| N/A.
None of VLAN ports is related with VRF, and the routes of ports are added to the default routing table.
IP Express Forwarding| The hardware IP routing is not enabled.

2.2 MCE Configuration Tasks

• Configuring VRF
• Configuring a VPN Route
• Configuring BGP Route Between PE and CE
•  Testifying the VRF Connectivity between PE and CE

2.3 MCE Configuration
2.3.1 Configuring VRF
Refer to the following steps to configure one or multiple VRFs.

configuration mode.
vrf-name: VRF name with up to 31 characters
Switchconfig ** vrf# rd route-distinguisher| Sets the route distinguisher of VRF.  route-distinguisher: Stands for the distinguisher of the route. It consists of autonomous domain ID and random numbers, or IP and random numbers.
Switch_config_vrf# route-target { export | import | both } route- target-extened-community| Creates the expanded VPN attributes of input/output VRF objects. route-target-extended-community: It consists of autonomous domain ID and random numbers, or IP and random numbers.
---|---
Switch_config_vrf# interface intf-name| Enters the interface configuration mode. intf-name: Stands for the name of an interface.
Switch_config_intf# ip vrf forwarding vrf-name| Relates the L3 interface with VRF. vfi-name: Means the name of VRF.
Switch_config_intf# exit| Exits from interface configuration mode.
Switch_config# ip exf| Enables ip hardware routing .
Switch_config# show ip vrf [ brief | detail | interface ] [ vrf-name ]| Browses the VRF information.
Switch_config# no ip vrf vrf-name| Deletes the configured VRF and the relation between VRF and the L3 interface. vfi-name: Means the name of VRF.
Switch_config_intf# no ip vrf forwarding [ vrf-name ]**| Deletes the relation between the L3 interface and VRF.

2.3.2 Configuring VPN Route
The route can be established between MCE and customer device through the configuration of BGP, OSPF, RIP, BEIGRP or static route. The following takes OSPF configuration as an example, which is similar to other routes’ configurations.
Note:
When a route is configured on MCE to connect the client network, the VRF attributes of the routing protocol need be specified. VRF need not be configured on
the customer device.

OSPF-VRF route and enters the configuration mode.
Switch_config_ospf# network network-number network-mask area area-id| Defines the OSPF network, mask and area ID.
Switch_config_ospf# redistribute bgp ASN| Forwards the designated BGP network to the OSPF network.
Switch_config_ospf# exit| Exits from the OSPF configuration mode.
Switch_config# show ip ospf| Browses the information about the OSPF protocol.
---|---
Switch_config# no router ospf process-id| Deletes the OSPF-VRF routing configuration.

2.3.3 Configuring the BGP Route Between PE and CE
Refer to the following configuration commands:

protocol by designating autonomous system number and enters the BGP configuration mode.
Switch_config_bgp# bgp log-neighbor-changes| Starts the record about BGP neighbor change.
Switch_config_bgp# address-family ipv4 vrf vrf-name| Enters the configuration mode  of  VRF address-family.
Switch_config_bgp_af# redistribute ospf ospf-process-id| Forwards the OSPF routing information to the BGP network.
Switch_config_bgp_af# network network-number/prefix-length| Configures the network number and the mask‘s length that are distributed by BGP.
Switch_config_bgp_af# neighbor address  remote-as ASN| Configures the BGP neighbor and the autonomous system number of a neighbor.
Switch_config_bgp_af# exit-address-family| Exits from the configuration mode of address-family.
Switch_config_bgp# exit| Exits from the BGP configuration mode.
Switch_config# show ip bgp vpnv4 [ all | rd | vrf ]| Browses the BGP- VRF routing information.
Switch_config# no router bgp ASN| Deletes the BGP routing configuration.

2.3.4 Testifying the VRF Connectivity Between PE and CE
Use the PING command with the VRF option to testify the VRF connectivity of PE and CE.

the addresses in VRF.

Chapter 3 MCE Configuration Example

Figure 2.1 shows a simple VRF network. Both S1 and S2 are the Multi-VRF CE
switches. S11, S12 and S13 belong to VPN1, S21 and S22 belong to VPN2, and all of them are customer devices. The OSPF route should be configured between CE and customer device, while the BGP route is configured between CE and PE.

3.1 Configuring S11
Set the VLAN attributes of the physical interface that connects CE:
Switch_config# interface gigaEthernet 0/1
Switch_config_g0/1# switchport pvid 11
Switch_config_g0/1# exit
Sets the IP address and the VLAN interface.
Switch_config# interface VLAN11
Switch_config_v11# ip address 11.0.0.2 255.0.0.0
Switch_config_v11# exit
Set the routing protocol between CE and customer’s device:
Switch_config# router ospf 101
Switch_config_ospf_101# network 11.0.0.0 255.0.0.0 area 0
Switch_config_ospf_101# exit
3.2 Configuring MCE-S1
Configures VRF on the Multi-VRF CE device.
Switch#config
Switch_config# ip vrf vpn1
Switch_config_vrf_vpn1# rd 100:1
Switch_config_vrf_vpn1# route-target export 100:1
Switch_config_vrf_vpn1# route-target import 100:1
Switch_config_vrf_vpn1# exit
Switch_config# ip vrf vpn2
Switch_config_vrf_vpn2# rd 100:2
Switch_config_vrf_vpn2# route-target export 100:2
Switch_config_vrf_vpn2# route-target import 100:2
Switch_config_vrf_vpn2# exit
Configure the loopback port and the physical port, and use the address of the
loopback port as the router ID of the BGP protocol.
Switch_config# interface loopback 0
Switch_config_l0# ip address 101.0.0.1 255.255.255.255
Switch_config_l0# exit
S1 connects S11 through the F0/1 port, S21 through the G0/4 port and PE through the G0/2 port.
Switch_config# interface gigaEthernet 0/1
Switch_config_g0/1# switchport pvid 11
Switch_config_g0/1# exit
Switch_config# interface gigaEthernet 0/4
Switch_config_g0/4# switchport pvid 15
Switch_config_g0/4# exit
Switch_config# interface gigaEthernet 0/2
Switch_config_g0/2# switchport mode trunk
Switch_config_g0/2# exit
Set the L3 VLAN port of a switch, bind the VRF to the VLAN port and set the IP address. S1 connects PE through two logical ports, VLAN21 and VLAN22. The two
ports, VLAN11 and VLAN15, connect VPN1 and VPN2 respectively.
Switch_config# interface VLAN11
Switch_config_v11# ip vrf forwarding vpn1
Switch_config_v11# ip address 11.0.0.1 255.0.0.0
Switch_config_v11# exit
Switch_config# interface VLAN15
Switch_config_v15# ip vrf forwarding vpn2
Switch_config_v15# ip address 15.0.0.1 255.0.0.0
Switch_config_v15# exit
Switch_config# interface VLAN21
Switch_config_v21# ip vrf forwarding vpn1
Switch_config_v21# ip address 21.0.0.2 255.0.0.0
Switch_config_v21# exit
Switch_config# interface VLAN22
Switch_config_v22# ip vrf forwarding vpn2
Switch_config_v22# ip address 22.0.0.2 255.0.0.0
Switch_config_v22# exit
Configure the OSPF route between CE and customer device.
Switch_config# router ospf 1 vrf vpn1
Switch_config_ospf_1# network 11.0.0.0 255.0.0.0 area 0
Switch_config_ospf_1# redistribute bgp 100
Switch_config_ospf_1#exit
Switch_config# router ospf 2 vrf vpn2
Switch_config_ospf_2# network 15.0.0.0 255.0.0.0 area 0
Switch_config_ospf_2# redistribute bgp 100
Switch_config_ospf_2#exit
Configure the EBGP route between PE and CE.
Switch_config# router bgp 100
Switch_config_bgp# bgp log-neighbor-changes
Switch_config_bgp# address-family ipv4 vrf vpn1
Switch_config_bgp_vpn1# no synchronization
Switch_config_bgp_vpn1# redistribute ospf 1
Switch_config_bgp_vpn1# neighbor 21.0.0.1 remote-as 200
Switch_config_bgp_vpn1# exit-address-family
Switch_config_bgp# address-family ipv4 vrf vpn2
Switch_config_bgp_vpn2# no synchronization
Switch_config_bgp_vpn2# redistribute ospf 2
Switch_config_bgp_vpn2# neighbor 22.0.0.1 remote-as 200
Switch_config_bgp_vpn2# exit-address-family
Switch_config_bgp# exit
Create VLAN.
Switch_config# vlan 1,11-12,21-22
Enables the forwarding of subnet route of the switch.
Switch_config# ip exf
3.3 Configuring PE
Set VRF on PE:
Switch#config
Switch_config# ip vrf vpn1
Switch_config_vrf_vpn1# rd 200:1
Switch_config_vrf_vpn1# route-target export 200:1
Switch_config_vrf_vpn1# route-target import 200:1
Switch_config_vrf_vpn1# exit
Switch_config# ip vrf vpn2
Switch_config_vrf_vpn2# rd 200:2
Switch_config_vrf_vpn2# route-target export 200:2
Switch_config_vrf_vpn2# route-target import 200:2
Switch_config_vrf_vpn2# exit
Set the loopback interface as the router identifier:
Switch_config# interface loopback 0
Switch_config_l0# ip address 102.0.0.1 255.255.255.255
Switch_config_l0# exit
Set the physical interface which connects PE and CE: G1/1 and G1/2 connect S1 and S2 respectively:
Switch_config# interface gigaEthernet 1/1
Switch_config_g1/1# switchport mode trunk
Switch_config_g1/1# interface gigaEthernet 1/2
Switch_config_g1/2# switchport mode trunk
Switch_config_g1/2# exit
Set the L3 VLAN interface of PE, which connects S1:
Switch_config# interface VLAN21
Switch_config_v21# ip vrf forwarding vpn1
Switch_config_v21# ip address 21.0.0.1 255.0.0.0
Switch_config_v21# exit
Switch_config# interface VLAN22
Switch_config_v22# ip vrf forwarding vpn2
Switch_config_v22# ip address 22.0.0.1 255.0.0.0
Switch_config_v22# exit
Set the L3 VLAN interface of PE, which connects S2:
Switch_config# interface VLAN31
Switch_config_v31# ip vrf forwarding vpn1
Switch_config_v31# ip address 31.0.0.1 255.0.0.0
Switch_config_v31# exit
Switch_config# interface VLAN32
Switch_config_v32# ip vrf forwarding vpn2
Switch_config_v32# ip address 32.0.0.1 255.0.0.0
Switch_config_v32# exit
Set the EBGP of PE:
Switch_config# router bgp 200
Switch_config_bgp# bgp log-neighbor-changes
Switch_config_bgp# address-family ipv4 vrf vpn1
Switch_config_bgp_vpn1# no synchronization
Switch_config_bgp_vpn1# neighbor 21.0.0.2 remote-as 100
Switch_config_bgp_vpn1# neighbor 31.0.0.2 remote-as 300
Switch_config_bgp_vpn1# exit-address-family
Switch_config_bgp# address-family ipv4 vrf vpn2
Switch_config_bgp_vpn2# no synchronization
Switch_config_bgp_vpn2# neighbor 22.0.0.2 remote-as 100
Switch_config_bgp_vpn2# neighbor 32.0.0.2 remote-as 300
Switch_config_bgp_vpn2# exit-address-family
Switch_config_bgp# exit
Set VLAN and enable the subnet routing forwarding.
Switch_config# vlan 1,21-22,31-32
Switch_config# ip exf
3.4 Configuring MCE-S2
Configures VRF:
Switch#config
Switch_config# ip vrf vpn1
Switch_config_vrf_vpn1# rd 300:1
Switch_config_vrf_vpn1# route-target export 300:1
Switch_config_vrf_vpn1# route-target import 300:1
Switch_config_vrf_vpn1# exit
Switch_config# ip vrf vpn2
Switch_config_vrf_vpn2# rd 300:2
Switch_config_vrf_vpn2# route-target export 300:2
Switch_config_vrf_vpn2# route-target import 300:2
Switch_config_vrf_vpn2# exit
Configure the loopback port and the physical port, and use the address of the loopback port as the router ID of the BGP protocol.
Switch_config# interface loopback 0
Switch_config_l0# ip address 103.0.0.1 255.255.255.255
Switch_config_l0# exit
S2 connects S13 through the F0/1 port, S22 through the G0/3 port and PE through the G0/2 port.
Switch_config# interface gigaEthernet 0/1
Switch_config_g0/1# switchport pvid 41
Switch_config_g0/1# exit
Switch_config# interface gigaEthernet 0/3
Switch_config_g0/3# switchport pvid 46
Switch_config_g0/3# exit
Switch_config# interface gigaEthernet 0/2
Switch_config_g0/2# switchport mode trunk
Switch_config_g0/2# exit
Set the L3 VLAN port of a switch, bind the VRF to the VLAN port and set the IP address. S2 connects PE through two logical ports, VLAN31 and VLAN32. The two
ports, VLAN41 and VLAN46, connect VPN1 and VPN2 respectively.
Switch_config# interface VLAN41
Switch_config_v41# ip vrf forwarding vpn1
Switch_config_v41# ip address 41.0.0.1 255.0.0.0
Switch_config_v41# exit
Switch_config# interface VLAN46
Switch_config_v46# ip vrf forwarding vpn2
Switch_config_v46# ip address 46.0.0.1 255.0.0.0
Switch_config_v46# exit
Switch_config# interface VLAN31
Switch_config_v31# ip vrf forwarding vpn1
Switch_config_v31# ip address 31.0.0.2 255.0.0.0
Switch_config_v31# exit
Switch_config# interface VLAN32
Switch_config_v32# ip vrf forwarding vpn2
Switch_config_v32# ip address 32.0.0.2 255.0.0.0
Switch_config_v32# exit
Configure the OSPF route between CE and customer device.
Switch_config# router ospf 1 vrf vpn1
Switch_config_ospf_1# network 41.0.0.0 255.0.0.0 area 0
Switch_config_ospf_1# redistribute bgp 300
Switch_config_ospf_1#exit
Switch_config# router ospf 2 vrf vpn2
Switch_config_ospf_2# network 46.0.0.0 255.0.0.0 area 0
Switch_config_ospf_2# redistribute bgp 300
Switch_config_ospf_2# exit
Configure the EBGP route between PE and CE.
Switch_config# router bgp 300
Switch_config_bgp# bgp log-neighbor-changes
Switch_config_bgp# address-family ipv4 vrf vpn1
Switch_config_bgp_vpn1# no synchronization
Switch_config_bgp_vpn1# redistribute ospf 1
Switch_config_bgp_vpn1# neighbor 31.0.0.1 remote-as 200
Switch_config_bgp_vpn1# exit-address-family
Switch_config_bgp# address-family ipv4 vrf vpn2
Switch_config_bgp_vpn2# no synchronization
Switch_config_bgp_vpn2# redistribute ospf 2
Switch_config_bgp_vpn2# neighbor 32.0.0.1 remote-as 200
Switch_config_bgp_vpn2# exit-address-family
Switch_config_bgp# exit
Create VLAN.
Switch_config# vlan 1,31-32,41,46
Enables the forwarding of subnet route of the switch.
Switch_config# ip exf
3.5 Setting S22
Set the VLAN attributes of the physical interface of CE, and connect S22 and S2 through interface f0/1:
Switch_config# interface gigaEthernet 0/1
Switch_config_g0/1# switchport pvid 46
Switch_config_g0/1# exit
Sets the IP address and the VLAN interface.
Switch_config# interface VLAN46
Switch_config_v46# ip address 46.0.0.2 255.0.0.0
Switch_config_v46# exit
Set the routing protocol between CE and customer’s device:
Switch_config# router ospf 103
Switch_config_ospf_103# network 46.0.0.0 255.0.0.0 area 0
Switch_config_ospf_103# exit
3.6 TestifyingVRF Connectivity
Run the PING command on S1 to testify the connectivity of VPN1 between S1 and S11:
Switch# ping -vrf vpn1 11.0.0.2
!!!!!
— 11.0.0.2 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms
Testify the connectivity between S1 and PE:
Switch# ping -vrf vpn1 21.0.0.1
!!!!!
— 21.0.0.1 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/0/0 ms

https://www.fs.com
The information in this document is subject to change without notice.
FS has made all efforts to ensure the accuracy of the information, but all information in this document does not constitute any kind of warranty.
Copyright 2009-2022 FS.COM All Rights Reserved.

Documents / Resources

| FS S5500-48T8SP Multi VRF CE Configuration [pdf] Instructions
S5500-48T8SP Multi VRF CE Configuration, S5500-48T8SP, S5500-48T8SP CE Configuration, Multi VRF CE Configuration, CE Configuration, Multi VRF Configuration, Configuration
---|---

References

• FS.com - HPC, Data Center, Enterprise, Telecom

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>