Cisco IOS CMTS Cable Software Configuration Guide, Release 12.2SC
Cisco uBR7200 Series MPLS VPN Cable Enhancements
Download this chapter
Cisco uBR7200 Series MPLS VPN Cable EnhancementsCisco uBR7200 Series MPLS VPN Cable Enhancements
Download the complete book
Cisco IOS CMTS Software Configuration Guide, Release 12.2SC Full-Book PDFCisco IOS CMTS Software Configuration Guide, Release 12.2SC Full-Book PDF (PDF - 17 MB)
give_us_feedback

Table Of Contents

Cisco uBR7200 Series MPLS VPN Cable Enhancements

Feature Overview

Benefits

Restrictions

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Others

Configuration Tasks

Creating VRFs for each VPN

Defining Subinterfaces on a Physical Cable Interface and Assigning VRFs

Configuring Cable Interface Bundles

Configuring Subinterfaces and MPLS VPNs on a Bundle Master

Configuring MPLS in the P Routers in the Provider Core

Verifying the MPLS VPN Configuration

Configuration Examples

Subinterface Configuration Example

Cable Interface Bundling Example

Subinterface Definition on Bundle Master Example

Cable Interface Bundle Master Configuration Example

PE Router Configuration Example

P Router Configuration Example

Command Reference

Glossary


Cisco uBR7200 Series MPLS VPN Cable Enhancements

This feature module describes the Cisco uBR7200 series universal broadband router cable multiprotocol label switching virtual private network (MPLS VPN) and cable interface bundling features. It explains how to create a VPN using MPLS protocol, cable subinterfaces, and interface bundles. VPNs can be created in many ways using different protocols.

This feature module includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Verifying the MPLS VPN Configuration

Configuration Examples

Command Reference

Glossary

Feature Overview

Using MPLS VPN technology, service providers can create scalable and efficient private networks using a shared hybrid fiber coaxial (HFC) network and Internet protocol (IP) infrastructure.

The cable MPLS VPN network consists of:

The multiple service operator (MSO) or cable company that owns the physical infrastructure and builds VPNs for the Internet service providers (ISPs) to move traffic over the cable and IP backbone.

ISPs that use the HFC network and IP infrastructure to supply Internet service to cable customers.

Each ISP moves traffic to and from a subscriber's PC, through the MSO's physical network infrastructure, to the ISP's network. MPLS VPNs, created in Layer 3, provide privacy and security by constraining the distribution of a VPN's routes only to the routers that belong to its network. Thus, each ISP's VPN is insulated from other ISPs that use the same MSO infrastructure.

An MPLS VPN assigns a unique VPN Routing/Forwarding (VRF) instance to each VPN. A VRF instance consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine the contents of the forwarding table.

Each PE router maintains one or more VRF tables. It looks up a packet's IP destination address in the appropriate VRF table, only if the packet arrived directly through an interface associated with that table.

MPLS VPNs use a combination of BGP and IP address resolution to ensure security. See Configuring Multiprotocol Label Switching.

Figure 1 shows a cable MPLS VPN network. The routers in the network are:

Provider (P) router—Routers in the core of the provider network. P routers run MPLS switching, and do not attach VPN labels (MPLS label in each route assigned by the PE router) to routed packets. VPN labels are used to direct data packets to the correct egress router.

Provider Edge (PE) router— Router that attaches the VPN label to incoming packets based on the interface or subinterface on which they are received. A PE router attaches directly to a CE router. In the MPLS-VPN approach, each Cisco uBR7200 series router acts as a PE router.

Customer (C) router—Router in the ISP or enterprise network.

Customer Edge (CE) router—Edge router on the ISP's network that connects to the PE router on the MSO's network. A CE router must interface with a PE router.

The MPLS network has a unique VPN that exclusively manages the MSOs devices called the management VPN. It contains servers and devices that other VPNs can access. The management VPN connects the Cisco uBR7200 series router to a PE router, which connects to management servers such as Cisco Network Registrar (CNR) and Time of Day (ToD) servers. A PE router connects to management servers and is a part of the management VPN. Regardless of the ISP they belong to, the management servers serve the Dynamic Host Configuration Protocol (DHCP), DNS (Domain Name System), and TOD requests coming from PCs or cable modems.

Note When configuring MPLS VPNs, you must configure the first subinterface created as a part of the management VPN. See Creating VRFs for each VPN.

Figure 1 MPLS VPN Network

Cable VPN configuration involves an:

MSO domain that requires a direct peering link to each enterprise network (ISP), provisioning servers for residential and commercial subscribers, and dynamic DNS for commercial users. The MSO manages cable interface IP addressing, Data-over-Cable Service Interface Specifications (DOCSIS) provisioning, CM hostnames, routing modifications, privilege levels, and usernames and passwords.

ISP or enterprise domain that includes the DHCP server for subscriber or telecommuter host devices, enterprise gateway within the MSO address space, and static routes back to the telecommuter subnets.

Note Cisco recommends that the MSO assign all addresses to the end user devices and gateway interfaces. The MSO can also use split management to let the ISP configure tunnels and security.

In an MPLS VPN configuration, the MSO must configure the following:

CMTS (Cisco uBR7200 series)

P routers

PE routers

CE routers

One VPN per ISP DOCSIS servers for all cable modem customers. The MSO must attach DOCSIS servers to the management VPN, and make them visible.

The MSO must configure Cisco uBR7200 series routers that serve the ISP, and remote PE routers connecting to the ISP, as PE routers in the VPN.

The MSO must determine the primary IP address range, which is the MSO's range for all cable modems belonging to the ISP subscribers.

The ISP must determine the secondary IP address range, which is the ISP's range for its subscriber PCs.

To reduce security breaches and differentiate DHCP requests from cable modems in VPNs or under specific ISP management, MSOs can use the cable helper-address command in Cisco IOS software. See "cable helper-address" section on page 25. The MSO can specify the host IP address to be accessible only in the ISP's VPN. This lets the ISP use its DHCP server to allocate IP addresses. Cable modem IP address must be accessible from the management VPN.

The MPLS VPN approach of creating VPNs for individual ISPs or customers requires subinterfaces to be configured on the cable interface or the cable interface bundle. Each ISP requires one subinterface. The subinterfaces are tied to the VPN Routing/Forwarding (VRF) tables for their respective ISPs. The first subinterface must be created on the cable interface bound to the management VPN.

To route a reply from the CNR back to the cable modem, the PE router that connects to the CNR must import the routes of the ISP VPN into the management VPN. Similarly, to forward management requests (such as DHCP renewal to CNR) to the cable modems, the ISP VPN must export and import the appropriate management VPN routes.

Cisco uBR7200 series software supports the definition of logical network layer interfaces over a physical cable interface or a bundle of cable interfaces. You can create subinterfaces on either a physical cable interface or a bundle of cable interfaces. Subinterfaces let service providers share one IP subnet across multiple cable interfaces grouped into a cable interface bundle.

You can group all of the cable interfaces on a Cisco uBR7200 series router into a single bundle so that only one subnet is required for each router. When you group cable interfaces, no separate IP subnet or each individual cable interface is required. This grouping avoids the performance, memory, and security problems in using a bridging solution to manage subnets, especially for a large number of subscribers.

Subinterfaces allow traffic to be differentiated on a single physical interface, and assigned to multiple VPNs. You can configure multiple subinterfaces, and associate an MPLS VPN with each subinterface. You can split a single physical interface (the cable plant) into multiple subinterfaces, where each subinterface is associated with a specific VPN. Each ISP requires access on a physical interface and is given its own subinterface. Create a management subinterface to support cable modem initialization from an ISP.

Using each subinterface associated with a specific VPN (and therefore, ISP) subscribers connect to a logical subinterface, which reflects the ISP that provides their subscribed services. When properly configured, subscriber traffic enters the appropriate subinterface and VPN.

The CMTS MSO administrator can:

Define subinterfaces on a cable physical interface and assign Layer 3 configurations to each subinterface.

or

Bundle a group of physical interfaces, define subinterfaces on the bundle master, and give each subinterface a Layer 3 configuration.

Benefits

MPLS VPNs give cable MSOs and ISPs a manageable way of supporting multiple access to a cable plant. Service providers can create scalable and efficient VPNs across the core of their networks. MPLS VPNs provide systems support scalability in cable transport infrastructure and management.

Each ISP can support Internet access services from a subscriber's PC through an MSO's physical cable plant to their networks.

MPLS VPNs allow MSOs to deliver value-added services through an ISP, and thus, deliver connectivity to a wider set of potential customers. MSOs can partner with ISPs to deliver multiple services from multiple ISPs and add value within the MSO's own network using VPN technology.

Subscribers can select combinations of services from various service providers.

The Cisco IOS MPLS VPN cable feature sets build on CMTS DOCSIS 1.0 and DOCSIS 1.0 extensions to ensure services are reliably and optimally delivered over the cable plant. MPLS VPN provides systems support domain selection, authentication per subscriber, selection of QoS, policy-based routing, and ability to reach behind the cable modem to subscriber end devices for QoS and billing while preventing session spoofing.

MPLS VPN technology ensures both secure access across the shared cable infrastructure and service integrity.

Cable interface bundling eliminates the need for an IP subnet on each cable interface. Instead, an IP subnet is only required for each cable interface bundle. All cable interfaces in a Cisco uBR7200 series router can be added to a single bundle.

Restrictions

Each subinterface on the CMTS requires an address range from the ISP and from the MSO. These two ranges must not overlap and must be extensible to support an increased number of subscribers for scalability. Cisco IOS Release 12.1(2)EC and 12.1(2)T does not support overlapping addresses for the MPLS VPN subinterface.

Note This document does not address allocation and management of MSO and ISP IP addresses. See Configuring Multiprotocol Label Switching for this information.

Cisco IOS Release 12.1(2) T supports the cable source-verify dhcp command, but Cisco IOS Release 12.1(2)EC does not support it. The cable source-verify dhcp command enables Dynamic Host Control Protocol (DHCP) servers to verify IP addresses of upstream traffic, and prevent MSO customers from using unauthorized, spoofed, or stolen IP addresses.

When using only MPLS VPNs, create subinterfaces on the bundle master, assign it an IP address, and provide VRF configuration for each ISP. When you create subinterfaces and configure only MPLS VPNs, the cable interface bundling feature is independent of the MPLS VPN.

When using cable interface bundling:

Define one of the interfaces in the bundle as the bundle's master interface.

Specify all generic IP networking information (such as IP address, routing protocols, and switching modes) on the bundle master interface. Do not specify generic IP networking information on bundle slave interfaces. If you attempt to add an interface to a bundle as a nonmaster interface and an IP address is assigned to this interface, the command will fail. You must remove the IP address configuration before you can add the interface to a bundle.

An interface that has a subinterface(s) defined over it is not allowed to be a part of the bundle.

Specify generic (not downstream or upstream related) cable interface configurations, such as source-verify or ARP handling, on the master interface. Do not specify generic configuration on nonmaster interfaces.

If you configure an interface as a part of a bundle and it is not the master interface, all generic cable configuration for this interface is removed. The master interface configuration will then apply to all interfaces in the bundle.

Cable interface bundling is only supported on cable interfaces. Cisco IOS software provides cable interfaces with Cisco uBR-MC11, Cisco uBR-MC12, Cisco uBR-MC14, and Cisco uBR-MC16 cable modem cards.

Interface bundles can only be configured using the command line interface (including the CLI-based HTML configuration).

Related Documents

For additional information on the Cisco uBR7200 series and MPLS VPN, see:

Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide

Cisco uBR7200 Series Universal Broadband Router Hardware Installation Guide

Cisco uBR7200 Series Software Release Notes and Features

Cisco uBR7200 Series Configuration Notes

Cisco Network Registrar for the Cisco uBR7200 Series Universal Broadband Routers

Regulatory Compliance and Safety Information for the Cisco uBR7200 Series Universal Broadband Router

Configuring Multiprotocol Label Switching

MPLS Label Switching on Cisco Routers

Cisco IOS Release 12.1 Documents

Supported Platforms

Cisco uBR7223

Cisco uBR7246

Cisco uBR7246 VXR

Supported Standards, MIBs, and RFCs

Standards

DOCSIS 1.0.

MIBs

CISCO-DOCS-REMOTE-QUERY.my

No new or modified MIB objects are supported by the cable interface bundling feature.

For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

RFC 1163, A Border Gateway Protocol

RFC 1164, Application of the Border Gateway Protocol in the Internet

RFC 2283, Multiprotocol Extensions for BGP-4

RFC 2547, BGP/MPLS VPNs

RFC 2233, DOCSIS OSSI Objects Support

RFC 2669, Cable Device MIB

RFC 2665, DOCSIS Ethernet MIB Objects Support

Prerequisites

Before configuring IP-based VPNs on Cisco uBR7200 series, complete the following tasks:

Ensure your network supports reliable broadband data transmission. Your plant must be swept, balanced, and certified based on National Television Standards Committee (NTSC) or appropriate international cable plant recommendations. Ensure your plant meets all DOCSIS or European Data-over-Cable Service Interface Specifications (EuroDOCSIS) downstream and upstream RF requirements.

Ensure your Cisco uBR7200 series universal broadband router is installed following instructions in the Cisco uBR7200 Series Universal Broadband Router Hardware Installation Guide and the Regulatory Compliance and Safety Information for the Cisco uBR7200 Series Universal Broadband Router.

Ensure your Cisco uBR7200 series universal broadband router is configured for basic operations following instructions in the Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide. The chassis must contain at least one port adapter to provide backbone connectivity and one Cisco cable modem card to serve as the RF cable TV interface.

Others

Ensure all other required headend or distribution hub routing and network interface equipment is installed, configured, and operational based on the services to support. This includes all routers, servers (DHCP, TFTP, and ToD), network management systems, and other configuration or billing systems and backbone and other equipment to support VPN.

Ensure DHCP and DOCSIS configuration files have been created and pushed to appropriate servers such that each cable modem, when initialized, can transmit a DHCP request, receive an IP address, obtain TFTP and ToD server addresses, and download a DOCSIS configuration file. Configure each subinterface to connect to the ISP's VPN.

Ensure DOCSIS servers are attached and made visible on the management VPN.

Be familiar with your channel plan to assign appropriate frequencies. Outline your strategies for setting up bundling or VPN solution sets if applicable to your headend or distribution hub. Obtain passwords, IP addresses, subnet masks, and device names as appropriate.

Create subinterfaces on a physical cable interface or on a bundle of cable interfaces. Configure each subinterface to connect to the ISP network.

The MPLS VPN configuration steps assume the following:

IP addressing has already been determined and there are assigned ranges in the MSO and ISP network for specific subinterfaces.

The MSO is using CNR and has configured it (using the cable helper-address command) to serve appropriate IP addresses to cable modems based on the cable modem MAC address. The CMTS forwards DHCP requests to the CNR based on the cable helper-address settings. The CNR server determines the IP address to assign the cable modem using the client-classes feature, which let the CNR assign specific parameters to devices based on MAC addresses. See "cable helper-address" section on page 25 and "ip dhcp relay information option" section on page 26.

ISP CE routers are configured (using the cable helper-address command) to appropriately route relevant IP address ranges into the VPN.

P and PE routers are already running Cisco Express Forwarding (CEF).

MPLS is configured on the outbound VPN using the tag switching ip command in interface configuration mode.

Configuration Tasks

To configure MPLS VPNs on Cisco uBR7200 series, perform the following steps:

Configuring the Cisco uBR7200 series CMTS and PE routers:

Creating VRFs for each VPN

Defining Subinterfaces on a Physical Cable Interface and Assigning VRFs

or

Configuring Cable Interface Bundles and Configuring Subinterfaces and MPLS VPNs on a Bundle Master

Configuring MPLS in the P Routers in the Provider Core

Creating VRFs for each VPN

To create VRFs for each VPN, perform the following steps beginning in the router configuration mode.

Note Since only the CMTS has logical subinterfaces, assignments of VRFs on the other PE devices will be to specific physical interfaces.

 
Command
Purpose

Step 1 

Router(config)# ip vrf mgmt-vpn

Enters VRF configuration mode (config-vrf)# and maps a VRF table to the VPN (specified by mgmt-vpn). The management VPN is the first VPN configured.

Step 2 

Router(config-vrf)# rd mgmt-rd

Creates a routing and forwarding table by assigning a route distinguisher to the management VPN.

Step 3 

Router(config-vrf)# route-target {export| import| both} mgmt-rd

Exports and/or imports all routes for the management VPNs route distinguisher. This determines which routes will be shared within VRFs.

Step 4 

Router(config-vrf)# route-target import isp1-vpn-rd

Imports all routes for the VPNs (isp1-vpn) route distinguisher.

Step 5 

Router(config-vrf)# route-target import isp2-vpn-rd

Imports all routes for the VPNs (isp2-vpn) route distinguisher.

Step 6 

Router(config-vrf)# ip vrf isp1-vpn

Creates a routing and forwarding table by assigning a route distinguisher to isp1-vpn.

Step 7 

Router(config-vrf)# rd mgmt-rd

Creates a routing and forwarding table by assigning a route distinguisher (mgmt-rd) to the management VPN (mgmt-vpn).

Step 8 

Router(config-vrf)# route-target export isp1-vpn-rd

Exports all routes for the VPNs (isp1-vpn) route distinguisher.

Step 9 

Router(config-vrf)# route-target import isp1-vpn-rd

Imports all routes for the VPNs (isp1-vpn) route distinguisher.

Step 10 

Router(config-vrf)# route-target import mgmt-vpn-rd

Exports all routes for the VPNs (mgmt-vpn) route distinguisher.

Step 11 

Router(config-vrf)# ip vrf isp2-vpn

Creates a routing and forwarding table by assigning a route distinguisher to isp2-vpn.

Step 12 

Router(config-vrf)# route-target export isp2-vpn-rd

Exports all routes for the VPNs (isp2-vpn) route distinguisher.

Step 13 

Router(config-vrf)# route-target import isp2-vpn-rd

Imports all routes for the VPNs (isp2-vpn) route distinguisher.

Step 14 

Router(config-vrf)# route-target import mgmt-vpn-rd

Imports all routes for the VPNs (mgmt-vpn) route distinguisher.

Defining Subinterfaces on a Physical Cable Interface and Assigning VRFs

To create a logical cable subinterface, perform the following steps beginning in the global configuration mode. Create one subinterface for each VPN (one per ISP). The first subinterface created must be configured as part of the management VPN (with the lowest subinterface number). Create VRFs using the procedure, "Creating VRFs for each VPN" section, and apply them to the subinterface.

 
Command
Purpose

Step 1 

Router# configure terminal

Enters configuration mode.

Step 2 

Router(config)# interface cable slot/port

Enters cable interface configuration mode.

slot = slot number in chassis (slot numbers begin with a 0)

port = port number on cable modem card slot (port numbers begin with a 0)

Step 3 

Router(config-if)# interface cable slot/port.n

Defines the first (management) subinterface with the lowest subinterface number. Valid range for n is 1 to 255.

Step 4 

Router(config-subif)# description string

Identifies the subinterface as the management subinterface.

Step 5 

Router(config-subif)# ip vrf forwarding mgmt-vpn

Assigns the subinterface to the management VPN (the MPLS VPN used by the MSO to supply service to customers).

Step 6 

Router(config-subif)# ip address ipaddress mask

Assigns the subinterface an IP address and a subnet mask.

Step 7 

Router(config-subif)# cable helper-address ip-address cable-modem

Forwards DHCP requests from cable modems to the IP address listed.

Step 8 

Router(config-subif)# cable helper-address ip-address host

Forwards DHCP requests from hosts to the IP address listed.

Step 9 

Router(config-if)# interface cable slot/port.n

Defines an additional subinterface for the ISP (such as isp1). Valid range for n is 1 to 255.

Step 10 

Router(config-subif)# description string

Identifies the subinterface (such as subinterface for isp1-vpn).

Step 11 

Router(config-subif)# ip vrf forwarding isp1-vpn

Assigns the subinterface to isp1-vpn VPN.

Step 12 

Router(config-subif)# ip address ipaddress mask

Assigns the subinterface an IP address and a subnet mask.

Step 13 

Router(config-subif)# cable helper-address ip-address cable-modem

Forwards DHCP requests from cable modems to the IP address listed.

Step 14 

Router(config-subif)# cable helper-address ip-address host

Forwards DHCP requests from hosts to the IP address listed.

Step 15 

Router(config-if)# interface cable slot/port.n

Defines an additional subinterface for the ISP (such as isp2). Valid range for n is 1 to 255.

Step 16 

Router(config-subif)# description string

Identifies the subinterface (such as subinterface for isp2-vpn).

Step 17 

Router(config-subif)# ip vrf forwarding isp2-vpn

Assigns the subinterface to isp2-vpn VPN.

Step 18 

Router(config-subif)# ip address ipaddress mask

Assigns the subinterface an IP address and a subnet mask.

Step 19 

Router(config-subif)# cable helper-address ip-address cable-modem

Forwards DHCP requests from cable modems to the IP address listed.

Step 20 

Router(config-subif)# cable helper-address ip-address host

Forwards DHCP requests from hosts to the IP address listed.

Step 21 

Router(config)# copy running-config startup-config

Returns to configuration mode, and stores the configuration or changes to your startup configuration in NVRAM.

Note Use this command to save the configuration settings that you created in the Cisco uBR7200 series universal broadband router using the configuration mode, the setup facility, and AutoInstall. If you fail to do this, your configuration will be lost the next time you reload the router.

Step 22 

Router(config)# exit

Returns to configuration mode.

Configuring Cable Interface Bundles

To assign a cable interface to a bundle, perform the following steps beginning in the interface configuration mode.

 
Command
Purpose

Step 1 

Router(config)# interface cable slot/port

Enters the cable interface configuration mode.

slot = slot number in chassis (slot numbers begin with 0)

port = port number on cable modem card slot (port numbers begin with 0)

IP addresses are not assigned to this interface. They are assigned to the logical subinterfaces created within this interface.

Step 2 

Router(config-if)# cable bundle bundle-number master

Defines the interface as the bundle's master interface. Valid range for bundle-number is 1 to 255.

Step 3 

Router(config)# interface cable slot/port

Enters the cable interface configuration mode for another cable interface.

slot = slot number in chassis (slot numbers begin with 0)

port = port number on cable modem card slot (port numbers begin with 0)

IP addresses are not assigned to this interface. They are assigned to the logical subinterfaces created within this interface.

Step 4 

Router(config-if)# cable bundle bundle-number

Adds the interface to the bundle specified by bundle-number. Valid range for bundle-number is 1 to 255.

Configuring Subinterfaces and MPLS VPNs on a Bundle Master

To configure subinterfaces on a bundle master and assign each subinterface a Layer 3 configuration:

Configure cable interface bundles using the procedure, "Configuring Cable Interface Bundles" section.

Define subinterfaces on the bundle's master interface and assign a Layer 3 configuration to each subinterface using the procedure, "Defining Subinterfaces on a Physical Cable Interface and Assigning VRFs" section. Create one subinterface for each customer VPN (one per ISP).

Configuring MPLS in the P Routers in the Provider Core

To configure MPLS in the P routers in the provider core, perform the following steps.

 
Command
Purpose

Step 1 

Router# configure terminal

Enters configuration mode.

Step 2 

Router(config)#ip cef

Enables Cisco Express Forwarding (CEF) operation.

For information about CEF configuration and command syntax, see Cisco Express Forwarding Overview and Configuring Cisco Express Forwarding.

Step 3 

Router(config)#interface FastEthernet slot/port

Enters FastEthernet interface configuration mode.

Step 4 

Router(config-if)#ip address ip-address mask

Defines the primary IP address range for the interface.

Step 5 

Router(config-if)#mpls ip

Enables the interface to be forwarded to an MPLS packet.

Step 6 

Router(config-if)#mpls label-protocol ldp

Enables Label Distribution Protocol (LDP) on the interface.

For information about LDP and MPLS, see Configuring Multiprotocol Label Switching.

Step 7 

Router(config)#copy running-config startup-config

Stores the configuration or changes to your startup configuration in NVRAM.

Note Use this command to save the configuration settings that you created in the Cisco uBR7200 series universal broadband router using the configuration mode, the setup facility, and AutoInstall. If you fail to do this, your configuration will be lost the next time you reload the router.

Step 8 

Router(config)# exit

Returns to the configuration mode.

Verifying the MPLS VPN Configuration

Use the following commands to verify MPLS VPN operations on PE routers. For more MPLS VPN verification commands, see Configuring Multiprotocol Label Switching.

 
Command
Purpose

Step 1 

Router#show ip vrf

Displays the set of VRFs and interfaces.

Step 2 

Router#show ip route vrf

Displays the IP routing table for a VRF.

Step 3 

Router#show ip protocols vrf

Displays the routing protocol information for a VRF.

Step 4 

Router(config) #show cable bundle n forwarding-table

Displays the forwarding table for the specified interface.

Configuration Examples

This section provides the following configuration examples:

Subinterface Configuration Example

Cable Interface Bundling Example

Cable Interface Bundle Master Configuration Example

PE Router Configuration Example

P Router Configuration Example

Subinterface Configuration Example

The following example shows how to define a subinterface on the cable3/0. 

interface cable3/0

! No IP address

! MAC level configuration only

! first subinterface

interface cable3/0.1

description Management Subinterface

ip address 10.255.1.1 255.255.255.0

cable helper-address 10.151.129.2


! second subinterface

interface cable3/0.2

ip address 10.279.4.2 255.255.255.0

cable helper-address 10.151.129.2


! third subinterface

interface cable3/0.3

ip address 10.254.5.2 255.255.255.0

cable helper-address 10.151.129.2

Cable Interface Bundling Example

The following example shows how to bundle a group of physical interfaces.

int c3/0 and int c4/0 are bundled. 

int c3/0

ip address 209.165.200.225 255.255.255.0

ip address 209.165.201.1 255.255.255.0 secondary

cable helper-address 10.5.1.5

! MAC level configuration

cable bundle 1 master

int c4/0

! No IP address

! MAC layer configuration only

cable bundle 1

Subinterface Definition on Bundle Master Example

The following example shows how to define subinterfaces on a bundle master and define Layer 3 configurations for each subinterface.

int c3/0 and int c4/0 are bundled. 

int c3/0

! No IP address

! MAC level configuration only

cable bundle 1 master


int c4/0

! No IP address

! MAC layer configuration

cable bundle 1


! first subinterface

int c3/0.1

ip address 10.22.64.0 255.255.255.0

cable helper-address 10.4.1.2


! second subinterface

int c3/0.2

ip address 10.12.39.0 255.255.255.0

cable helper-address 10.4.1.2


! third subinterface

int c3/0.3

ip address 10.96.3.0 255.255.255.0

cable helper-address 10.4.1.2

Cable Interface Bundle Master Configuration Example

The following examples show how to configure cable interface bundles: 

Displaying the contents of the bundle

Router(config-if)#cable bundle ?

  <1-255>  Bundle number

Router(config-if)#cable bundle 25 ?

  master  Bundle master

  <cr>

Router(config-if)#cable bundle 25 master ?

  <cr>

Router(config-if)#cable bundle 25 master

Router(config-if)#

07:28:17: %UBR7200-5-UPDOWN: Interface Cable3/0 Port U0, changed state to down

07:28:18: %UBR7200-5-UPDOWN: Interface Cable3/0 Port U0, changed state to up

PE Router Configuration Example 

!

! Identifies the version of Cisco IOS software installed.

version 12.0


! Defines the hostname of the Cisco uBR7246

hostname region-1-ubr

!

! Describes where the system is getting the software image it is running. In

! this configuration example, the system is loading a Cisco uBR7246 image named

! AdamSpecial from slot 0.

boot system flash slot0:ubr7200-p-mz.AdamSpecial

!

! Creates the enable secret password.

enable secret xxxx

enable password xxxx

!

! Sets QoS per modem for the cable plant.

no cable qos permission create

no cable qos permission update

cable qos permission modems

!

! Allows the system to use a full range of IP addresses, including subnet zero, for

! interface addresses and routing updates.

ip subnet-zero

!

! Enables Cisco Express Forwarding.

ip cef

!

! Configures a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server to insert the

! DHCP relay agent information option in forwarded BOOTREQUEST messages.

ip dhcp relay information option

!

! Enters the virtual routing forwarding (VRF) configuration mode and maps a VRF table to

! the virtual private network (VPN) called MGMT-VPN. The VRF table contains the set of

! routes that points to or gives routes to the CNR device, which provisions the cable

! modem devices. Each VRF table defines a path through the MPLS cloud.

ip vrf MGMT-VPN

!

! Creates the route distinguisher and creates the routing and forwarding table of the

! router itself.

 rd 100:1

!

! Creates a list of import and/or export route target communities for the VPN.

 route-target export 100:2

 route-target export 100:3

!

! Maps a VRF table to the VPN called ISP1-VPN.

ip vrf ISP1-VPN

!

! Creates the route distinguisher and creates the routing and forwarding table of the

! router itself.

 rd 100:2

!

! Creates a list of import and/or export route target communities for the VPN.

 route-target import 100:1

!

! Maps a VRF table to the VPN called ISP2-VPN.

ip vrf ISP2-VPN

!

! Creates the route distinguisher and creates the routing and forwarding table of the

! router itself.

 rd 100:3

!

! Creates a list of import and/or export route target communities for the VPN.

 route-target import 100:1

!

! Maps a VRF table to the VPN called MSO-isp. Note: MSO-isp could be considered ISP-3; in

! this case, the MSO is competing with other ISPs for other ISP services.

ip vrf MSO-isp

!

! Creates the route distinguisher and creates the routing and forwarding table of the

! router itself.

 rd 100:4

!

! Creates a list of import and/or export route target communities for the VPN.

  route-target import 100:1

!

! Builds a loopback interface to be used with MPLS and BGP; creating a loopback interface 
! eliminates unnecessary updates (caused by physical interfaces going up and down) from

! flooding the network.

interface Loopback0

 ip address 10.0.0.0 255.255.255.0

 no ip directed-broadcast

!

! Assigns an IP address to this Fast Ethernet interface. MPLS tag-switching must be

! enabled on this interface.

interface FastEthernet0/0

 description Connection to MSO core.

 ip address 10.0.0.0 255.255.255.0

 no ip directed-broadcast

 full-duplex

 tag-switching ip

!

! Enters cable interface configuration mode and configures the physical aspects of the

! 3/0 cable interface. Please note that no IP addresses are assigned to this interface;

! they will be assigned instead to the logical subinterfaces. All other commands for

! this cable interface should be configured to meet the specific needs of your cable RF

! plant and cable network.

interface Cable3/0

 no ip address

 ip directed-broadcast

 no ip mroute-cache

 load-interval 30

 no keepalive

 cable downstream annex B

 cable downstream modulation 64qam

 cable downstream interleave-depth 32

 cable downstream frequency 855000000

 cable upstream 0 frequency 30000000

 cable upstream 0 power-level 0

 no cable upstream 0 shutdown

 cable upstream 1 shutdown

 cable upstream 2 shutdown

 cable upstream 3 shutdown

 cable upstream 4 shutdown

 cable upstream 5 shutdown

!

! Configures the physical aspects of the 3/0.1 cable subinterface. If cable modems have

! not been assigned IP addresses, they will automatically come on-line using the settings

! for subinterface X.1. 

interface Cable3/0.1

 description Cable Administration Network

!

! Associates this interface with the VRF and MPLS VPNs that connect to the MSO cable

! network registrar (CNR). The CNR provides cable modems with IP addresses and other

! initialization parameters. 

 ip vrf forwarding MSO

!

! Defines a range of IP addresses and masks to be assigned to cable modems not yet 
associated with an ISP.

 ip address 10.0.0.0 255.255.255.0

!

! Disables the translation of directed broadcasts to physical broadcasts.

 no ip directed-broadcast

!

! Defines the DHCP server for cable modems whether they are associated with an ISP or

! with the MSO acting as ISP.

 cable helper-address 10.4.1.2 cable-modem

!

! Defines the DHCP server for PCs that are not yet associated with an ISP.

 cable helper-address 10.4.1.2 host

!

! Disables cable proxy Address Resolution Protocol (ARP) and IP multicast echo on this

! cable interface.

 no cable proxy-arp

 no cable ip-multicast-echo

!

! Configures the physical aspects of the 3/0.2 cable subinterface.

interface Cable3/0.2

 description MSO as ISP Network

!

! Assigns this subinterface to the MPLS VPN used by the MSO to supply service to

! customers—in this case, MSO-isp. 

 ip vrf forwarding MSO-isp

!

! Defines a range of IP addresses and masks to be assigned to cable modems associated

! with the MSO as ISP network.

 ip address 10.1.0.0 255.255.255.0 secondary

! 

! Defines a range of IP addresses and masks to be assigned to host devices associated

! with the MSO as ISP network.

 ip address 10.1.0.0 255.255.255.0

!

! Disables the translation of directed broadcasts to physical broadcasts.

 no ip directed-broadcast

!

! Defines the DHCP server for cable modems whether they are associated with an ISP or

! with the MSO acting as ISP.

 cable helper-address 10.4.1.2 cable-modem

!

! Defines the DHCP server for PC host devices.

 cable helper-address 10.4.1.2 host

!

! Disables cable proxy Address Resolution Protocol (ARP) and IP multicast echo on this

! cable interface.

 no cable proxy-arp

 no cable ip-multicast-echo

!

! Configures the physical aspects of the 3/0.3 cable subinterface

interface Cable3/0.3

 description ISP1's Network

! 

! Makes this subinterface a member of the MPLS VPN.

 ip vrf forwarding isp1

!

! Defines a range of IP addresses and masks to be assigned to cable modems associated

! with the MSO as ISP network.

 ip address 10.1.1.1 255.255.255.0 secondary

!

! Defines a range of IP addresses and masks to be assigned to host devices associated

! with the MSO as ISP network.

 ip address 10.0.1.1 255.255.255.0

!

! Disables the translation of directed broadcasts to physical broadcasts.

 no ip directed-broadcast

!

! Disables cable proxy Address Resolution Protocol (ARP) and IP multicast echo on this

! cable interface.

 no cable proxy-arp

 no cable ip-multicast-echo

!

! Defines the DHCP server for cable modems whether they are associated with an ISP or

! with the MSO acting as ISP.

 cable helper-address 10.4.1.2 cable-modem

!

! Defines the DHCP server for PC host devices.

 cable helper-address 10.4.1.2 host

!

! Configures the physical aspects of the 3/0.4 cable subinterface

interface Cable3/0.4

 description ISP2's Network

!

! Makes this subinterface a member of the MPLS VPN.

 ip vrf forwarding isp2

!

! Defines a range of IP addresses and masks to be assigned to cable modems associated

! with the MSO as ISP network.

 ip address 10.1.2.1 255.255.255.0 secondary

!

! Defines a range of IP addresses and masks to be assigned to host devices associated

! with the MSO as ISP network.

 ip address 10.0.1.1 255.255.255.0

!

! Disables the translation of directed broadcasts to physical broadcasts.

 no ip directed-broadcast

!

! Disables cable proxy Address Resolution Protocol (ARP) and IP multicast echo on this

! cable interface.

 no cable proxy-arp

 no cable ip-multicast-echo

!

!

 cable dhcp-giaddr policy

!

!! Defines the DHCP server for cable modems whether they are associated with an ISP or

! with the MSO acting as ISP.

 cable helper-address 10.4.1.2 cable-modem

!

! Defines the DHCP server for PC host devices.

 cable helper-address 10.4.1.2 host

!

!

end

P Router Configuration Example 

Building configuration...


Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname R7460-7206-02

!

enable password xxxx

!

ip subnet-zero

ip cef

ip host brios 223.255.254.253

!

interface Loopback0

 ip address 10.2.1.3 255.255.255.0

 no ip directed-broadcast

!

interface Loopback1

 no ip address

 no ip directed-broadcast

 no ip mroute-cache

!

interface FastEthernet0/0

 ip address 1.7.108.2 255.255.255.0

 no ip directed-broadcast

 no ip mroute-cache

 shutdown

 full-duplex

 no cdp enable

!

interface Ethernet1/0

 ip address 10.0.1.2 255.255.255.0

 no ip directed-broadcast

 no ip route-cache cef

 no ip mroute-cache

 tag-switching ip

 no cdp enable

!

interface Ethernet1/1

 ip address 10.0.1.17 255.255.255.0

 no ip directed-broadcast

 no ip route-cache cef

 no ip mroute-cache

 tag-switching ip

 no cdp enable

!

interface Ethernet1/2

 ip address 10.0.2.2 255.255.255.0

 no ip directed-broadcast

 no ip route-cache cef

 no ip mroute-cache

 tag-switching ip

 no cdp enable

!

interface Ethernet1/3

 ip address 10.0.3.2 255.255.255.0

 no ip directed-broadcast

 no ip route-cache cef

 no ip mroute-cache

 tag-switching ip

 no cdp enable

!

interface Ethernet1/4

 ip address 10.0.4.2 255.255.255.0

 no ip directed-broadcast

 no ip route-cache cef

 no ip mroute-cache

 tag-switching ip

 no cdp enable

!

interface Ethernet1/5

 no ip address

 no ip directed-broadcast

 no ip route-cache cef

 shutdown

 no cdp enable

!

interface Ethernet1/6

 no ip address

 no ip directed-broadcast

 no ip route-cache cef

 shutdown

 no cdp enable

!

interface Ethernet1/7

 no ip address

 no ip directed-broadcast

 no ip route-cache cef

 shutdown

 no cdp enable

!

router ospf 222

 network 10.0.1.0 255.255.255.0 area 0

 network 10.0.2.0 255.255.255.0 area 0

 network 10.0.3.0 255.255.255.0 area 0

 network 10.0.4.0 255.255.255.0 area 0

 network 20.2.1.3 255.255.255.0 area 0

!

ip classless

no ip http server

!

!

map-list test-b

no cdp run

!

tftp-server slot0:master/120/c7200-p-mz.120-1.4

!

line con 0

 exec-timeout 0 0

 password xxxx

 login

 transport input none

line aux 0

line vty 0 4

 password xxxx

 login

!

no scheduler max-task-time

end

Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Cable Command Reference at http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.

cable bundle

cable helper-address

ip dhcp relay information option

show cable bundle

Glossary

C Network—Customer (enterprise or ISP) networks

C Router—Customer router, a router in the C network

CMTS—Cable Modem Termination System.

CPE—Customer Premises Equipment

CE router—Customer Edge Router. An edge router in the C network, defined as a C router which attaches directly to a PE router.

CEF—Cisco Express Forwarding.

HFC—Hybrid Fiber Coaxial.

HG—Home Gateway. A device owned and managed by a customer (enterprise network or ISP) to provide the Layer 2 Tunneling Protocol Network Server (LNS) function to remote access users.

IG—Internet Gateway. PE router connecting the MPLS backbone to the public Internet.

label—A short fixed-length label that tells switching nodes how to forward data (packets or cells).

LDP—Label Distribution Protocol. The Internet Engineering Task Force (IETF) equivalent of Tag Distribution Protocol (TDP) that switches labeled packets according to precomputed switching tables.

LSR—Label Switching Router. A Layer 3 router that forwards a packet based on the value of a label encapsulated in the packet.

MPLS—Multiprotocol Label Switching.

NAT—Network Address Translation.

P network—Provider's MPLS-capable core network.

P router—Provider router, a router in the P network. P routers perform MPLS label switching.

PE router—Provider Edge router, an edge router in the provider network.

Subinterface —A logical network layer interface over a physical interface or a bundle of physical interfaces.

TDP—Tag Distribution Protocol. The protocol used to distribute label bindings to LSRs.

VRF—Virtual Private Network Routing/Forwarding table. A Routing table instance which is populated with VPN routes.


Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.