Configuring a VPRN Service with CLI

This section provides information to configure Virtual Private Routed Network (VPRN) services using the command line interface.

Topics in this section include:

Basic Configuration

The following fields require specific input (there are no defaults) to configure a basic VPRN service:

  1. customer ID (refer to Configuring Customer Accounts)
  2. interface parameters
  3. spoke SDP parameters (at VPRN service level)

The following example displays a sample configuration of a VPRN service.

*A:ALU-1>config>service>vprn# info
----------------------------------------------
vrf-import "vrfImpPolCust1"
vrf-export "vrfExpPolCust1"
autonomous-system 10000
route-distinguisher 10001:1
auto-bind ldp
vrf-target target:10001:1
interface "to-ce1" create
    address 11.1.0.1/24
    exit
    sap 1/1/10:1 create
        ingress
            qos 100
            filter ip 10
        exit
        egress
            qos 1010
        exit
    exit
    dhcp
        description "DHCP test"
    exit
exit
exit
static-route 6.5.0.0/24 next-hop 10.1.1.2
no shutdown
----------------------------------------------
*A:ALU-1>config>service>vprn#

Common Configuration Tasks

This section provides a brief overview of the tasks that must be performed to configure a VPRN service and provides the CLI commands.

  1. Define BGP parameters and enable BGP in the config>service>vprn>bgp context. To configure BGP for the router, refer to the 7705 SAR OS Routing Protocols Guide, “BGP”.
  2. Associate a VPRN service with a customer ID.
  3. Define a route distinguisher (RD) (mandatory).
  4. Set the auto-bind parameter. Alternatively, define a VPRN spoke SDP. When using the spoke SDP command, you must enter the command for each peer PE router.
  5. Define VRF route-target associations or VRF import/export policies.
  6. Define OSPF parameters (optional).
  7. Create a VPRN interface.
  8. Define SAP parameters on the VPRN interface:
    1. select nodes and ports
    2. optional—select QoS policies other than the default (configured in the config>qos context)
    3. optional—select filter policies (configured in the config>filter context)
    4. optional—select accounting policy (configured in the config>log context)
    5. optional—configure DHCP features
  9. Define spoke SDP parameters on the VPRN interface.
  10. Configure VRRP (optional).
  11. Enable the service.

Configuring VPRN Components

Topics in this section include:

Creating a VPRN Service

Use the following CLI syntax to create a VPRN service. A route distinguisher must be defined in order for VPRN to be operationally active.

CLI Syntax:
config>service# vprn service-id [customer customer-id]
route-distinguisher rd
description description-string
no shutdown

where rd is:

ip-addr:comm-val | 2byte-asnumber:ext-comm-val | 4-byte-asnumber:comm-val

ip-addr: a.b.c.d

comm-val : 0 to 65535

2-byte-asnumber : 1 to 65535

ext-comm-val : 0 to 4294967295

4-byte-asnumber: 1 to 4294967295

The following example displays a VPRN service configuration.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        route-distinguisher 100:76525
            no shutdown
        exit
...
----------------------------------------------
*A:ALU-1>config>service>vprn#

Configuring Global VPRN Parameters

See VPRN Services Command Reference for the CLI syntax to configure VPRN parameters.

The autonomous system (AS) number is configured in the config>router>bgp context.

A spoke SDP can be bound to the VPRN service using the auto-bind command or the spoke-sdp sdp-id command. However, when using the spoke-sdp command, you must create a spoke SDP for each peer PE router.

A VPRN spoke SDP can be any of the supported SDPs, except the IP SDP.

The following example displays a VPRN service with configured parameters.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        router-id 2000
        route-distinguisher 10001:1
        spoke-sdp 2 create
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Configuring Router Interfaces

Refer to the 7705 SAR OS Router Configuration Guide for command descriptions and syntax information to configure router interfaces.

The following example displays a router interface configuration:

ALU48>config>router# info
#------------------------------------------
echo "IP Configuration"
#------------------------------------------
...
    interface "if1"
        address 2.2.2.1/24
        port 1/1/33
    exit
    interface "if2"
        address 10.49.1.46/24
        port 1/1/34
    exit
    interface "if3"
        address 11.11.11.1/24
        port 1/1/35
    exit
...
#------------------------------------------
ALU48>config>router#

Configuring BGP for VPRN

Configuring BGP between the PE routers allows the PE routers to exchange information about routes originating and terminating in the VPRN. The PE routers use the information to determine which labels are used for traffic intended for remote sites.

The minimal parameters that should be configured for a VPRN BGP instance are:

  1. an autonomous system number for the router
    For an example of a VPRN service with a configured autonomous system number, refer to Configuring Global VPRN Parameters.
  2. a router ID
    For an example of a VPRN service with a configured router ID, refer to Configuring Global VPRN Parameters.
  3. a VPRN BGP peer group
  4. a VPRN BGP neighbor with which to peer
  5. a VPRN BGP peer-AS that is associated with the above peer

There are no default VPRN BGP groups or neighbors. Each VPRN BGP group and neighbor must be explicitly configured.

All parameters configured for VPRN BGP are applied to the group and are inherited by each peer, but a group parameter can be overridden on a specific basis. The VPRN BGP command hierarchy consists of three levels:

  1. global level
  2. group level
  3. neighbor level

Use the following CLI syntax to configure these three levels:

CLI Syntax:
config>service>vprn>bgp#
group
neighbor
Note:

The local-address command must be explicitly configured if two systems have multiple BGP peer sessions between them.

BGP for MP-BGP purposes is configured under the config>router>bgp context. For more information about the BGP protocol, refer to the 7705 SAR OS Routing Protocols Guide, “BGP”.

Configuring VPRN BGP Group and Neighbor Parameters

A group is a collection of related VPRN BGP peers. The group name should be a descriptive name for the group. Follow your group, name, and ID naming conventions for consistency and to help when troubleshooting faults.

After a group name is created and options are configured, neighbors can be added in different autonomous systems, creating EBGP peers. All parameters configured for the peer group are inherited by each peer (neighbor), but a group parameter can be overridden on a specific neighbor-level basis.

VPRN BGP CLI Syntax

See VPRN Services Command Reference for the CLI syntax to configure VPRN BGP parameters.

The following example displays a VPRN BGP configuration:

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
        auto-bind ldp
        vrf-target target:10001:1
        interface "to-ce1" create
            address 11.1.0.1/24
            sap 1/1/10:1 create
                ingress
                    qos 100
                    filter ip 6
                exit
                egress
                    qos 1010
                exit
            exit
        exit
        static-route 6.5.0.0/24 next-hop 10.1.1.2
        bgp
            router-id 10.0.0.1
            group “to-cel”
                export “vprnBgpExpPolCust1“
                multihop 3
                peer-as 65101
                ttl-security 10
                neighbor 10.1.1.2
                exit
            exit
        exit
        spoke-sdp 2 create 
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Configuring IPv6 Parameters for VPRN BGP

Use the following CLI syntax to configure IPv6 parameters for VPRN BGP:

CLI Syntax:
config>service# vprn service-id [customer customer-id]
bgp
family ipv6
group name
family ipv6
neighbor ipv6-address
family ipv6
Example:
A:ALU>config>service# vprn 20
A:ALU>config>service>vprn$ bgp
A:ALU>config>service>vprn>bgp$ family ipv6
A:ALU>config>service>vprn>bgp>family$ group BGP1
A:ALU>config>service>vprn>bgp>family>group$ family ipv6
A:ALU>config>service>vprn>bgp>family>group>family$ neighbor 2001:db8:a0b:12f0::1
A:ALU>config>service>vprn>bgp>family>group>family> neighbor$ family ipv6
A:ALU>config>service>vprn>bgp>family>group>family> neighbor$ exit
A:ALU>config>service>vprn>bgp>family>group>family$ exit
A:ALU>config>service>vprn>bgp>family>group$ exit
A:ALU>config>service>vprn>bgp>family$ exit
A:ALU>config>service>vprn>bgp$ exit

Configuring VPRN IPv6 In-Band Management Parameters

Use the following CLI syntax to configure IPv6 in-band management parameters for a VPRN service:

CLI Syntax:
config>service# vprn service-id [customer customer-id]
grt-lookup
enable-grt-local-management-only
export-grt-rib-only policy-name [policy-name ...(up to 5 max)]
export-v6-limit num-routes
Example:
config# service vprn 20
config>service>vprn# grt-lookup
config>service>vprn>grt-lookup# enable-grt-local-management-only
config>service>vprn>grt-lookup# export-grt-rib-only “policy-name 1”
config>service>vprn>grt-lookup# export-v6-limit 4
config>service>vprn>grt-lookup# exit
config>service>vprn# exit

The following example displays IPv6 in-band management parameters output.

A:ALU-A>config>service>vprn 20# info
#------------------------------------------
.....
            grt-lookup
                enable-grt-local-management-only
                export-grt-rib-only “policy-name 1”
                export-v6-limit 4
            exit
.....

Configuring VPRN IPv6 Neighbor Discovery Parameters

Use the following CLI syntax to configure IPv6 neighbor discovery parameters for a VPRN service:

CLI Syntax:
config# config>service# vprn service-id [customer customer-id]
ipv6
reachable-time seconds
stale-time seconds
Example:
config# service vprn 20
config>service>vprn# ipv6
config>service>vprn>ipv6# reachable-time 30
config>service>vprn>ipv6# stale-time 14400
config>service>vprn>ipv6# exit
config>service>vprn# exit

The following example displays IPv6 neighbor discovery parameters output.

A:ALU-A>config>service>vprn 20# info
#------------------------------------------
        ...
            reachable-time 30
            stale-time 14400
        exit
        ...

Configuring OSPF for VPRN

Each VPN routing instance is isolated from any other VPN routing instance, and from the routing used across the backbone. OSPF can be run with any VPRN, independently of the routing protocols used in other VPRNs, or in the backbone. For more information on the OSPF protocol and for the commands used to run OSPF over the backbone (router context), refer to the 7705 SAR OS Routing Protocols Guide.

Use the following CLI syntax to configure OSPF in the VPRN context:

CLI Syntax:
config>service>vprn>ospf#

Refer to VPRN Services Command Reference for the CLI syntax to configure VPRN OSPF parameters.

The following example displays a VPRN OSPF configuration:

*A:ALU-1>config>service# info
---------------------------------------------- 
     vprn 2 customer 1 create
         interface "ospf_interface" create
         exit
         ospf
             area 0.0.0.0
                 interface “ospf_interface” 
                     no shutdown
                 exit
             exit
         exit
----------------------------------------------
*A:ALU-1>config>service#

Configuring RIP for VPRN

PE routers need to advertise reachability information for each CE that is attached to a VRF. RIP can be used to exchange reachability information between PE and CE routers by establishing adjacency with a CPE router that supports RIP. Via this adjacency, RIP learns the subnet or subnets for the customer site and will advertise any routes learned from other CEs. The routing table is updated to reflect the new information.

RIP can be used to distribute routes between PE and CE routers. When PE and CE routers are RIP peers, the CE router can use RIP to transmit to the PE router the set of address prefixes that are reachable via the CE router. When RIP is configured on the CE, care must be taken to ensure that address prefixes from other sites, that is, address prefixes learned by the CE router from the PE router, are never advertised to the PE. Specifically, if a PE router receives a VPN-IPv4 route and distributes it to a CE, that route must never be distributed from the CE site to, either the originating PE router, or any other PE router.

The parameters configured at the VPRN RIP global level are inherited by the group and neighbor levels. Parameters can be modified and overridden on a level-specific basis. The VPRN RIP command hierarchy consists of three levels:

  1. global
  2. group
  3. neighbor

Hierarchical VPRN RIP commands can be modified on different levels. The most specific value is used. A group-specific command takes precedence over a global command. A neighbor-specific command takes precedence over a global or group-specific command.

Note:

Careful planning is essential to implement commands that can affect the behavior of global, group, and neighbor levels. Because the RIP commands are hierarchical, analyze the values that can disable features on a particular level.

To enable a VPRN RIP instance, the RIP protocol must be enabled in the config>service>vprn>rip context of the VPRN. VPRN RIP is administratively enabled upon creation. Configuring other RIP commands and parameters is optional.

The minimum RIP configuration for a VPRN instance must define:

  1. one VPRN RIP peer group
  2. one VPRN RIP neighbor peer
  3. one VPRN RIP peer-AS associated with the neighbor peer

See VPRN Services Command Reference for the CLI syntax to configure VPRN RIP parameters.

The following example displays a VPRN RIP configuration:

*A:ALU-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        qos 100
                    exit
                    egress
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------

For more information about the RIP protocol, refer to the 7705 SAR OS Routing Protocols Guide.

Configuring IGMP for VPRN

When using the ssm-translate command, the group range is not created until the source is specified.

The following example displays multicast IGMP parameters under a VPRN configuration:

*A:Sar18 Dut-B>config>service>vprn>igmp# info detail
----------------------------------------------
                interface "mvpn_if"
                    no import
                    version 3
                    subnet-check
                    no max-groups
                    no max-grp-sources
                    no disable-router-alert-check
                    ssm-translate
                        grp-range 229.255.0.2 229.255.0.20
                            source 172.22.184.197
                        exit
                    exit
                    no shutdown
                exit
                query-interval 125
                query-last-member-interval 1
                query-response-interval 10
                robust-count 2
                no shutdown
----------------------------------------------
*A:Sar18 Dut-B>config>service>vprn>igmp#

Configuring PIM for VPRN

The following example displays a PIM configuration for VPRN.

A:ALU-1>config>service>vprn>pim# info detail
----------------------------------------------
                no import join-policy
                interface "vprn_if"
                    hello-interval 30
                    hello-multiplier 35
                    no tracking-support
                    no bfd-enable
                    no three-way-hello
                    priority 1
                    no sticky-dr
                    no max-groups
                    no assert-period
                    no instant-prune-echo
                    no shutdown
                    no ipv4-multicast-disable
                exit
                apply-to none
                rp
                    no bootstrap-import
                    no bootstrap-export
                exit
                no non-dr-attract-traffic
                no shutdown
                no ipv4-multicast-disable
----------------------------------------------
A:ALU-1>config>service>vprn>pim# 

Configuring MVPN for VPRN

For selective PMSI provider tunnels, mLDP must be configured prior to setting a maximum-p2mp-spmsi. Also, the data-threshold c-grp-ip-addr must be a valid multicast address.

The following example displays the MVPN parameters for VPRN configuration:

*A:ALU>config>service>vprn>mvpn# info detail
----------------------------------------------
                auto-discovery default
                c-mcast-signaling bgp
                umh-selection highest-ip
                mdt-type sender-receiver
                provider-tunnel
                    inclusive
                        mldp
                            shutdown
                        exit
                    exit
                    selective
                        mldp
                            shutdown
                        exit
                        maximum-p2mp-spmsi 4
                        no data-delay-interval
                        data-threshold 228.0.0.0/6 10
                    exit
                exit
                vrf-target unicast
                exit
----------------------------------------------
*A:ALU>config>service>vprn>mvpn#

The following example displays a VPRN service with MVPN. The MVPN in this example supports inclusive PMSI and selective PMSI. The data-threshold that forces a group C(S,G) to switch from I-PMSI to S-PMSI in this example is 1 kb/s.

        vprn 1 customer 1 create
            route-distinguisher 10.10.10.126:65000
            auto-bind mpls
           vrf-target target:65000:1
            interface "TO-CE-SOURCE" create
                address 2.2.2.100/31
                sap 1/1/9:100 create
                exit
            exit
            pim
                interface "to-ce-source"
                rp
                exit
                no shutdown
            exit
            mvpn
                provider-tunnel
                    inclusive
                        mldp
                            no shutdown
                        exit
                    exit
                    selective
                        mldp
                            no shutdown
                        exit
                        data-threshold 224.0.0.0/7 1
                    exit
                exit
                vrf-target target:65000:1
                exit
            exit
            ospf        
                area 0.0.0.0
                    interface "TO-CE-SOURCE"
                        interface-type point-to-point
                        no shutdown
                    exit
                exit
            exit
            no shutdown
        exit

Configuring a VPRN Interface

Interface names associate an IP address with the interface, and then associate the IP interface with a physical port. The logical interface can associate attributes such as an IP address, port, or Link Aggregation Group (LAG). There are no default interfaces.

Note:

  1. The VPRN interface can be configured as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined, and a SAP cannot be defined on a loopback interface.
  2. See Configuring a VPRN IPv6 Interface for the CLI required to configure VPRN IPv6 interface parameters.

When using mrinfo and mtrace in a Layer 3 VPN context, the configuration for the VPRN should have a loopback address configured that has the same address as the core VPRN instance's system address (that is, the BGP next hop).

See VPRN Services Command Reference for CLI commands and syntax.

The following example displays a VPRN interface configuration:

*A:ALU-1>config>service>vprn# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
        auto-bind ldp
        vrf-target target:10001:1
        interface "to-ce1" create
            address 11.1.0.1/24
              proxy-arp policy “proxyARPpolicy”
              local proxy-arp
              remote proxy-arp
            exit
        exit
        static-route 6.5.0.0/24 next-hop 10.1.1.2
        spoke-sdp 2 create
        exit
    no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Use the following CLI syntax to configure interface parameters for the VPRN service.

CLI Syntax:
config>service# vprn service-id [customer customer-id] [create]
interface ip-int-name
address if-ip-address
allow-directed-broadcasts
arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
description description-string
dhcp
description description-string
option
action {replace | drop | keep}
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
remote-id [mac | string string]
vendor-specific-option
client-mac-address
sap-id
service-id
string text
system-id
server server1 [server2...(up to 8 max)]
no shutdown
trusted
icmp
mask-reply
ttl-expired [number seconds]
unreachables
ip-mtu octets
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
peer-ip-address ip-address
l4-load-balancing {includeL4 | excludeL4}
local proxy-arp
loopback
mac ieee-address
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
remote-proxy-arp
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no shutdown
static-arp ip-address ieee-mac-address
static-arp ieee-mac-address unnumbered
unnumbered {ip-int-name | ip-address}
no shutdown
Example:
A:ALU-41>config>service# vprn 4
A:ALU-41>config>service>vprn$ interface “vprn_interface”
A:ALU-41>config>service>vprn>if$ address 10.10.3.3/24
A:ALU-41>config>service>vprn>if$ dhcp option
A:ALU-41>config>service>vprn>if>dhcp>option$ circuit-id ifindex
A:ALU-41>config>service>vprn>if>dhcp>option$ exit
A:ALU-41>config>service>vprn>if$ ip-mtu 1524

The following example displays the VPRN interface creation output.

A:ALU-41>config>service>vprn>if# info detail
-------------------------------------------
...
              no description
              address 10.10.3.3/24 broadcast host-ones
              no mac
              arp-timeout 14400
              no allow-directed-broadcasts
              icmp
                 mask-reply
                 unreachables 100 10
                 ttl-expired 100 10
              exit
              dhcp
                 shutdown
                 no description
                 option
                     action keep
                     circuit-id ifindex
                     no remote-id
                     no vendor-specific-option
                 exit
                 no server
                 no trusted
              exit
              ip-mtu 1524
              no bfd
              ipcp
                 no peer-ip-address
                 no dns
              exit
              proxy-arp policy “proxyARPpolicy”
              local proxy-arp
              remote proxy-arp
              no shutdown...

Configuring a VPRN IPv6 Interface

Use the following CLI syntax to create a VPRN IPv6 interface and to configure optional VPRN IPv6 interface parameters:

CLI Syntax:
config>service
vprn service-id
interface ip-int-name
ipv6
address ipv6-address/prefix-length [eui-64] [preferred]
bfd transmit-interval [receive receive-interval] [multiplier multiplier]
dhcp6-relay
description description-string
option
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
remote-id
server ipv6z-address...(upto 8 max)
shutdown
source-address ipv6-address
dhcp6-server
max-nbr-of-leases max-nbr-of-leases
prefix-delegation
prefix ipv6-address/prefix-length
duid duid [iaid iaid]
preferred-lifetime seconds
preferred-lifetime infinite
valid-lifetime seconds
valid-lifetime infinite
no shutdown
icmp6
packet-too-big number seconds
param-problem number seconds
time-exceeded number seconds
unreachables number seconds
link-local-address ipv6-address [preferred]
local-dhcp-server server-name [create]
neighbor ipv6-address mac-address
reachable-time seconds
stale-time seconds

(The example below shows only some of the CLI VPRN IPv6 interface commands).

Example:
config>service# vprn 20
config>service>vprn# interface “int1”
config>service>vprn>if>ipv6#
config>service>vprn>if>ipv6>address# fd00:1:1:1::/64
config>service>vprn>if>ipv6>icmp6# packet-too-big 100 10
config>service>vprn>if>ipv6>icmp6# param-problem 100 10
config>service>vprn>if>ipv6>icmp6# time-exceeded 100 10
config>service>vprn>if>ipv6>icmp6# unreachables 100 10
config>service>vprn>if>ipv6>icmp6# exit
config>service>vprn>if>ipv6>neighbor# FE80::203:FAFF:FE78:5 C88 00:16:4d:50:17:a3
config>service>vprn>if>ipv6>reachable-time# 30
config>service>vprn>if>ipv6>stale-time# 14400
config>service>vprn>if>ipv6># exit
config>service>vprn>if># exit
config>service>vprn# exit

The following example displays a VPRN IPv6 interface configuration:

A:ALU-B>config>service>vprn 20# info detail
----------------------------------------------
.....
                ipv6
                    icmp6
                        packet-too-big 100 10
                        param-problem 100 10
                        time-exceeded 100 10
                        unreachables 100 10
                    exit
                    address fd00:1:1:1::/64
                    reachable-time 30
                    stale-time 14400
                    no dhcp6-relay
                    no local-dhcp-server
                    neighbor fe80::203:faff:fe78:5c88 00:16:4d:50:17:a3
                    no bfd
                exit
.....

Configuring VPRN Interface Routed VPLS IPv6 Parameters

Use the following CLI syntax to configure VPRN interface routed VPLS IPv6 parameters:

CLI Syntax:
config>service# vprn service-id [customer customer-id] [create]
interface ip-int-name
vpls service-name create
ingress
v6-routed-override-filter ipv6-filter-id
[no] shutdown
Example:
A:ALU-41>config>service# vprn 20
A:ALU-41>config>service>vprn$ interface “vprn20_interface”
A:ALU-41>config>service>vprn>if$ vpls 2/2/2:1 create
A:ALU-41>config>service>vprn>if>vpls$ ingress
A:ALU-41>config>service>vprn>if>vpls>ingress$ v6-routed-override-filter 44
A:ALU-41>config>service>vprn>if>vpls>ingress$ exit
A:ALU-41>config>service>vprn>if>vpls$ exit
A:ALU-41>config>service>vprn>if$ exit

Configuring VPRN Interface SAP Parameters

A SAP is a combination of a port and encapsulation parameters that identify the service access point on the interface and within the 7705 SAR. Each SAP must be unique within a router. A SAP cannot be defined if the loopback command is enabled on the interface.

When configuring VPRN interface SAP parameters, a default QoS policy is applied to each ingress and egress SAP. Additional QoS policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

A VPRN interface SAP is supported on the following ports and adapter cards:

  1. port in access mode with PPP or MLPPP encapsulation (by setting the port’s channel-group encap-type to be ipcp):
    1. any T1/E1 ASAP port or bundle on a 16-port T1/E1 ASAP Adapter card or on a 32-port T1/E1 ASAP Adapter card on a 7705 SAR-8 or 7705 SAR-18:
      1. fractional T1/E1
      2. clear channel T1/E1
    2. any T1/E1 ASAP port or bundle on a 7705 SAR-X, or on a 7705 SAR-M or 7705 SAR-A (variants with T1/E1 ports):
      1. fractional T1/E1
      2. clear channel T1/E1
  2. port in access mode:
    1. any Ethernet port (null, dot1q, or qinq) on:
      1. an 8-port Ethernet Adapter card, version 1 or version 2, or an 8-port Gigabit Ethernet Adapter card on a 7705 SAR-8
      2. a 6-port Ethernet 10Gbps Adapter card on a 7705 SAR-8 Shelf V2 with CSMv2
      3. a 6-port Ethernet 10Gbps Adapter card, 8-port Ethernet Adapter card, version 2, or an 8-port Gigabit Ethernet Adapter card, or a 10-port 1GigE/1-port 10GigE X-Adapter card on a 7705 SAR-18
    2. any Ethernet port (null, dot1q, or qinq) on a 7705 SAR-M (all variants), 7705 SAR-H, 7705 SAR-Hc, 7705 SAR-A (both variants), 7705 SAR-Ax, 7705 SAR-W, 7705 SAR-Wx (all variants), or 7705 SAR-X
    3. DSL module ports (null, dot1q, or qinq) on a 7705 SAR-Wx
    4. GPON module ports and DSL module ports (null or dot1q) when the module is installed in a 7705 SAR-M (variants with module slots)
    Note:

    1. The 10-port 1GigE/1-port 10GigE X-Adapter card supports qinq only on version 2 when it is in 10-port 1GigE mode.
    2. The 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X support qinq only when the card is in access mode.

See VPRN Services Command Reference for CLI commands and syntax.

The following examples show the configuration of a VPRN interface SAP for:

  1. an access port on a 16-port T1/E1 ASAP Adapter card
  2. an MLPPP bundle on an access port on a 16-port T1/E1 ASAP Adapter card
*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
        auto-bind ldp
        vrf-target target:10001:1
        interface "to-ce1" create
            address 11.1.0.1/24
            sap 1/1/10:1 create
                ingress
                    qos 100
                    filter ip 6
                exit
                egress
                    qos 1010
                exit
            exit
        exit
        static-route 6.5.0.0/24 next-hop 10.1.1.2
        spoke-sdp 2 create 
        exit
        no shutdown
    exit
...
----------------------------------------------
*A:ALU-1>config>service#
 
 
*A:ALU-1>config>service>vprn# info 
----------------------------------------------
    description "Sasha's test VPRN for PPP SAPs"
    route-distinguisher 65101:25
    vrf-target target:65101:25
    interface "int_to_ixia" create
        address 210.177.253.1/24
        sap 1/2/4:25 create
        exit
    exit
    interface "to_ce2_ppp" create
        address 11.25.1.1/30
        bfd 100 receive 100 multiplier 3
        ipcp
            peer-ip-address 11.25.1.2
        exit
        sap 1/1/2.24 create
        exit
    exit
    interface "to_ce2_mlppp" create
        address 11.25.2.1/24
        bfd 100 receive 100 multiplier 3
        ipcp
            peer-ip-address 11.25.2.11
            dns 2.2.2.2 secondary 3.3.3.3
        exit
        sap bundle-ppp-1/1.1 create
        exit
    exit
    interface "to_ce2_eth" create
         address 11.25.3.1/24
         sap 1/2/1:25 create
         exit
    exit
    static-route 210.177.35.0/24 next-hop 210.177.253.100
    static-route 210.177.36.0/24 next-hop 210.177.253.100
    static-route 210.177.45.0/24 next-hop 11.25.1.2
    static-route 210.177.46.0/24 next-hop 11.25.2.2
    static-route 210.177.46.0/24 next-hop 11.25.3.2 disable
    no shutdown
----------------------------------------------
*A:ALU-1>config>service>vprn# 

Configuring VPRN Interface SAP IPv6 Parameters

Use the following CLI syntax to configure VPRN interface SAP IPv6 parameters:

CLI Syntax:
config>service# vprn service-id [customer customer-id] [create]
interface ip-int-name
sap sap-id create
ingress
filter ipv6 ipv6-filter-id
[no] shutdown
Example:
A:ALU-41>config>service# vprn 20
A:ALU-41>config>service>vprn$ interface “vprn20_interface”
A:ALU-41>config>service>vprn>if$ sap 1/1/10:1 create
A:ALU-41>config>service>vprn>if>sap$ ingress
A:ALU-41>config>service>vprn>if>sap>ingress$ filter ipv6 78
A:ALU-41>config>service>vprn>if>sap>ingress$ exit
A:ALU-41>config>service>vprn>if>sap$ exit

Configuring VPRN Interface Spoke SDP Parameters

Use the following CLI syntax to configure VPRN interface spoke SDP parameters:

CLI Syntax:
config>service# vprn service-id [customer customer-id] [create]
interface ip-int-name
spoke-sdp sdp-id:vc-id [create]
egress
vc-label egress-vc-label
ingress
filter ip ip-filter-id
vc-label ingress-vc-label
[no] shutdown
Example:
A:ALU-41>config>service# vprn 6
A:ALU-41>config>service>vprn$ interface “vprn6_interface”
A:ALU-41>config>service>vprn>if$ spoke-sdp 7:8 create
A:ALU-41>config>service>vprn>if>spoke-sdp$ ingress
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ filter ip 78
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ vc-label 7788

The following example displays the VPRN interface spoke SDP creation output.

A:ALU-41>config>service>vprn>if>spoke SDP# info detail
-------------------------------------------
...
           no description
           egress
               no vc-label
           ingress
               filter ip 78
               vc-label 7788
           exit
           no shutdown

Configuring VPRN Interface Spoke SDP IPv6 Parameters

Use the following CLI syntax to configure VPRN interface spoke SDP IPv6 parameters:

CLI Syntax:
config>service# vprn service-id [customer customer-id] [create]
interface ip-int-name
spoke-sdp sdp-id:vc-id [create]
egress
filter ipv6 ipv6-filter-id
ingress
filter ipv6 ipv6-filter-id
[no] shutdown
Example:
A:ALU-41>config>service# vprn 10
A:ALU-41>config>service>vprn$ interface “vprn10_interface”
A:ALU-41>config>service>vprn>if$ spoke-sdp 8:9 create
A:ALU-41>config>service>vprn>if>spoke-sdp$ egress
A:ALU-41>config>service>vprn>if>spoke-sdp>egress$ filter ipv6 88
A:ALU-41>config>service>vprn>if>spoke-sdp>egress$ exit
A:ALU-41>config>service>vprn>if>spoke-sdp$ ingress
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ filter ipv6 89
A:ALU-41>config>service>vprn>if>spoke-sdp>ingress$ exit
A:ALU-41>config>service>vprn>if>spoke-sdp$ exit

Configuring VRRP

Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on a VPRN interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP address(es) shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

For further information about VRRP CLI syntax and command descriptions, see the VPRN Services Command Reference.

The following displays a VPRN interface VRRP owner configuration:

config>service>vprn> info 
#----------------------------------------------
interface “vrrpowner”
address 10.10.10.23/24
vrrp 1 owner
backup 10.10.10.23
authentication-key "testabc”
exit
exit
#----------------------------------------------
config>service>vprn#

Configuring a Security Zone within a VPRN

To configure NAT or firewall security functionality, you must:

  1. configure a NAT or firewall security profile and policy in the config>security context
    1. in the config>security>profile context, specify the timeouts for the TCP/UDP/ICMP protocols and configure logging and application assurance parameters. This step is optional. If you do not configure the profile, a default profile is assigned.
    2. in the config>security>policy context, configure a security policy, specify the match criteria and the action to be applied to a packet if a match is found.
  2. configure a security zone and apply the policy ID to the zone, as shown in the CLI syntax below
CLI Syntax:
config>service
vprn service-id [customer customer-id] [create]
abort
begin
commit
zone zone-id [create]
description description-string
interface ip-int-name [create]
name zone-name
nat
pool pool-id [create]
description description-string
direction {zone-outbound | zone-inbound | both}
entry entry-id [create]
ip-address ip-address [to ip-address] interface ip-int-name
port port [to port] interface ip-int-name
name pool-name
policy policy-id | policy-name
shutdown

The following example displays a NAT zone configuration output.

A:ALU-B>config>service>vprn# info
----------------------------------------------
        configure
            service vprn 1 create
                zone 1 create
                begin
                    name “VPRN zone”
                    description “uplink zone from private” 
                    interface vprn-100-10.30.10.1 
                    exit 
                    nat 
                        pool 1 create 
                            description "pool 1" 
                            direction zone-inbound 
                            exit 
                            entry 1 create 
                                ip-addr interface vprn-100-10.30.10.1 
                            exit 
                        exit 
                    exit 
                    policy 1 nat pool 1 
                    commit 
                exit
                no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#

Configuring VPRN Router Advertisement

Use the following CLI syntax to enable VPRN router advertisement on all IPv6-enabled interfaces and to configure optional router advertisement parameters:

CLI Syntax:
config>service
vprn service-id
router-advertisement
interface ip-int-name
current-hop-limit number
managed-configuration
max-advertisement-interval seconds
min-advertisement-interval seconds
mtu mtu-bytes
other-stateful-configuration
prefix ipv6-prefix/prefix-length
autonomous
on-link
preferred-lifetime {seconds | infinite}
valid-lifetime {seconds | infinite}
reachable-time milli-seconds
retransmit-time milli-seconds
router-lifetime seconds
no shutdown
Example:
config>service# vprn 1
config>service>vprn# router-advertisement
config>service>vprn>router-advert# interface “int1”
config>service>vprn>router-advert>if# prefix fd00:1:1:1::/64
config>router>router-advert>if>prefix# autonomous
config>router>router-advert>if>prefix# on-link
config>router>router-advert>if>prefix# preferred-lifetime 206800
config>router>router-advert>if>prefix# valid-lifetime 1502000
config>router>router-advert>if>prefix# exit
config>router>router-advert>if# exit
config>router>router-advert# exit

The following example displays a VPRN router advertisement configuration:

A:ALU-A>config>service# info detail
------------------------------------------
            interface “n1”
                prefix 3::/64
                exit
                no shutdown
------------------------------------------
A:ALU-A>config>router>router-advert# interface n1
A:ALU-A>config>router>router-advert>if# prefix fd00:1:1:1::/64
A:ALU-A>config>router>router-advert>if>prefix# into detail
------------------------------------------
                      
                      autonomous
                      on-link
                      preferred-lifetime 604800
                      valid-lifetime 2592000
------------------------------------------
A:ALU-A>config>router>router-advert>if>prefix#

Service Management Tasks

This section discusses the following service management tasks:

Modifying VPRN Service Parameters

Use the CLI syntax to modify VPRN parameters (VPRN Services Command Reference).

The following example displays the VPRN service creation output.

*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        shutdown
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        maximum-routes 2000
        autonomous-system 10000
        route-distinguisher 10001:1
        interface "to-ce1" create
            address 10.1.1.1/24
            sap 1/1/10:1 create
            exit
        exit
        static-route 6.5.0.0/24 next-hop 10.1.1.2
        spoke-sdp 2 create 
        exit
    exit
...
----------------------------------------------
*A:ALU-1>config>service>vprn#

Deleting a VPRN Service

A VPRN service cannot be deleted until SAPs, interface spoke SDPs, and interfaces are shut down and deleted. If protocols and/or a service spoke SDP are defined, they must be shut down and removed from the configuration as well.

Use the following CLI syntax to delete a VPRN service:

CLI Syntax:
config>service#
[no] vprn service-id [customer customer-id]
shutdown
[no] interface ip-int-name
[no] sap sap-id
[no] spoke-sdp sdp-id:vc-id
shutdown
[no] spoke-sdp sdp-id
[no] shutdown

Disabling a VPRN Service

A VPRN service can be shut down without deleting any service parameters.

CLI Syntax:
config>service#
vprn service-id [customer customer-id]
shutdown
Example:
config>service# vprn 1
config>service>vprn# shutdown
config>service>vprn# exit
*A:ALU-1>config>service# info
----------------------------------------------
...
    vprn 1 customer 1 create
        shutdown
        vrf-import "vrfImpPolCust1"
        vrf-export "vrfExpPolCust1"
        autonomous-system 10000
        route-distinguisher 10001:1
        auto-bind ldp
        vrf-target target:10001:1
        interface "to-ce1" create
            address 11.1.0.1/24
            sap 1/1/10:1 create
                ingress
                    qos 100
                    filter ip 6
                exit
                egress
                    qos 1010
                exit
            exit
        exit
        static-route 6.5.0.0/24 next-hop 10.1.1.2
        spoke-sdp 2 create 
        exit
    exit
...
----------------------------------------------
*A:ALU-1>config>service#

Re-enabling a VPRN Service

To re-enable a VPRN service that was shut down:

CLI Syntax:
config>service#
vprn service-id [customer customer-id]
no shutdown