Table Of Contents
Creating and Provisioning MPLS VPNs
Creating a VPN Customer Definition
Defining the VPN Customer Information
Finding a Specific Customer Site
Adding the Customer Edge Routers to a Site
Editing VPN Customer Information
Finding a Specific VPN Customer
Editing Customer Site and Site CE Definitions
Editing or Viewing the Customer Edge Router Definition
Showing the Topology for a VPN Customer
Viewing the Sites and Their CEs for a VPN Customer
Retrieving Site and PAD Details
Defining a New VPN in the VPNSC Software
Defining CE Routing Communities
Showing the Topology for a VPN
Viewing the List of Hubs and CEs in the Selected VPN
Viewing Details on the CEs in the VPN
Implementing the Management VPN Technique
Defining a Management VPN in VPNSC Software
About Provisioning PE-CE Links in the Management VPN
Creating and Provisioning MPLS VPNs
This chapter describes how to create and provision MPLS VPNs using the VPN Solutions Center software. The main topics presented in this chapter are as follows:
•Creating a VPN Customer Definition
•Defining a New VPN in the VPNSC Software
•Implementing the Management VPN Technique
•Provisioning a Management VPN
Creating a VPN Customer Definition
Creating a VPN Customer Definition includes the following tasks:
•Define the VPN customer information.
•Define the customer sites.
•Add the customer edge routers (CEs) to the sites.
When you add a CE to a site, you can indicate whether the CE is enabled for the Service Assurance Agent (SA Agent).
Defining the VPN Customer Information
To define the VPN customer information, follow these steps:
Step 1 From the VPN Console menu, choose Setup > New VPN Customer. The New VPN Customer dialog box appears (see Figure 3-1).
Figure 3-1 Entering the New VPN Customer Information
Step 2 Enter the customer name.
Step 3 Optionally, enter the customer's contact information.
Though it is not required, entering the contact information is recommended.
For details on how to modify the VPN customer information, see the "Editing VPN Customer Information" section.
Defining the Customer Sites
A customer site is a collection of one or more customer edge routers (CEs).
Note This procedure assumes the CEs in the customer site are managed by the provider.
To define a customer site, follow these steps:
Step 1 From the New VPN Customer dialog box, click Add.
The Customer Site dialog box appears (see Figure 3-2).
Figure 3-2 Entering the Customer Site Information
Step 2 Enter the customer site name and location information.
For details on how to modify the customer site information, see the "Editing Customer Site and Site CE Definitions" section.
Finding a Specific Customer Site
To find a specific Customer site, follow these steps:
Step 1 From the VPN Console window, choose Find > Find Customer Site.
The Find dialog box appears with the category Customer Site already selected (see Figure 3-3).
Figure 3-3 Find Customer Site Dialog Box
Step 2 In the Find What field, enter the name of the Customer site you want to find.
Step 3 If you want the search to match the case of the Customer site name you enter, check the Match Case check box.
Step 4 Choose the direction of the search by clicking the Up or Down radio button.
Step 5 When you have completed the search parameters, click Find Next.
The VPNSC software locates the indicated Customer site and highlights it in the hierarchy pane.
Step 6 Close the Find dialog box.
Adding the Customer Edge Routers to a Site
In addition to allowing you to assign specific CEs to a site, this procedure also lets you indicate the following:
•Whether the CE is a managed or unmanaged CE.
The Service Assurance Agent (SA Agent) can gather performance information from CEs only when they are managed CEs.
•Define the CE's Service Assurance Agent (SA Agent) status—no SA Agent usage, regular SA Agent, or shadow SA Agent. These options are discussed in detail below.
VPN Solutions Center software monitors performance through the service-level agreement (SLA) servers. VPN Solutions Center monitors the service related performance criteria by provisioning and monitoring SLAs on routers that support the Service Assurance Agent (SA Agent) management information base (MIB).
•Define the selected CE as a Management CE (MCE).
For information on the role of the MCE, see the "The Network Management Subnet Implementation Techniques" section.
To assign CEs to a site, follow these steps:
Step 1 From the Customer Site dialog box, click Add.
Step 2 From the Add Customer Edge Routers dialog box, select the appropriate service provider network from the Network drop-down list (see Figure 3-4).
Figure 3-4 Assigning CEs to a Site
Step 3 From the list of routers displayed, select a CE in the current site.
Defining the CE as Managed or Unmanaged
Step 4 With the This customer edge router is managed by the provider check box, indicate whether the CE is managed by the service provider or is an unmanaged CE.
VPN Solutions Center provisions only managed CEs, thus the default is This customer edge router is managed by the provider. For more information about managed CEs and unmanaged CEs, see "Administering Customer Edge Routers."
Note If configuring a service for a cable link, the CE should be configured as an unmanaged CE.
Defining the CE's SA Agent Status
Tips The SA Agent can gather performance information from CEs only when they are managed CEs. Make sure that when you add a CE to VPN Customer that the CE is configured as a managed CE with either Regular SA Agent status or Shadow SA Agent status enabled.
Step 5 Indicate the CE's status regarding SA Agent.
•Selecting No SA Agent indicates that the CE does not employ the SA Agent feature.
•Selecting Regular SA Agent indicates that the CE has a dual function as a CE and an SA Agent router. That is, while functioning as a CE in the VPN, it is also monitoring traffic response times between CEs in the same VPN.
Note that a CE operating as an SA Agent device must also be a managed CE.
•Selecting Shadow SA Agent indicates that the designated CE is actually a PE (in provider space) functioning as an SA Agent device.
Note The Management LAN and Management LAN, SA Agent options in this dialog box allow you to define a router in service provider space as a Management CE (MCE) in a Management VPN. For information on these options, see the "Implementing the Management VPN Technique" section.
Step 6 Repeat Steps 1 through 5 for each CE you want to add to the customer site.
Step 7 When you have added all the CEs in the site to the CE list, click OK.
You return to the Edit Customer Site dialog box. Note that the CEs selected here are displayed in the Customer Edge Routers pane.
Step 8 Click OK.
You return to the VPN Console. Under the VPN Customers folder in the VPN Console hierarchy pane, you can view the customers defined, the sites for each customer, and the list of CEs in each site.
Figure 3-5 Viewing the Customer Definition in the VPN Console
Step 9 Repeat the steps in "Creating a VPN Customer Definition" section" for each additional customer.
For information on how to modify the CE definition, see the "Editing or Viewing the Customer Edge Router Definition" section.
Editing VPN Customer Information
To edit (or view) the VPN Customer information, follow these steps:
Step 1 In the VPN Console hierarchy view, click the VPN Customers' open-close icon.
The list of VPN customers is displayed.
Step 2 Select the name of the pertinent customer, then right-click.
Step 3 From the Customers menu, choose Open VPN Customer.
The Edit VPN Customer dialog box appears.
Figure 3-6 Edit VPN Customer Dialog Box
You can edit the contact information by changing the information in the Contact Info panel and clicking OK.
Finding a Specific VPN Customer
To find a specific VPN Customer, follow these steps:
Step 1 From the VPN Console window, choose Find > Find VPN Customer.
The Find dialog box appears with the category VPN Customer already selected (see Figure 3-7).
Figure 3-7 Find VPN Customer Dialog Box
Step 2 In the Find What field, enter the name of the VPN Customer you want to find.
Step 3 If you want the search to match the case of the VPN Customer name you enter, check the Match Case check box.
Step 4 Choose the direction of the search by clicking the Up or Down radio button.
Step 5 When you have completed the search parameters, click Find Next.
The VPNSC software locates the indicated VPN Customer and highlights it in the hierarchy pane.
Step 6 Close the Find dialog box.
Editing Customer Site and Site CE Definitions
You can modify an existing CE definition and change whether the CE is managed or unmanaged, modify the CE's SA Agent status, indicate whether the CE is a Management CE (Management LAN option), and determine whether the MCE also provides SA Agent functionality.
To edit (or view) the customer site and site CE definition, follow these steps:
Step 1 From the VPN Console hierarchy view, click the VPN Customers open-close icon.
The list of VPN customers is displayed.
Step 2 Click the open-close icon for the pertinent VPN customer.
The list of sites for the selected customer is displayed.
Step 3 Select the appropriate site, then right-click.
The Site menu appears, as shown in Figure 3-8.
Figure 3-8 Site Menu
Step 4 From the Site menu, choose Open Site.
The Edit Customer Site dialog box appears (see Figure 3-9).
Figure 3-9 Edit Customer Site Dialog Box
Note You can also access the Edit Customer Site dialog box from the Edit VPN Customer dialog box (see Figure 3-6) by selecting the pertinent Customer and clicking Edit.
Step 5 You can edit the location information by changing the information in the Location Info panel.
Editing or Viewing the Customer Edge Router Definition
Tips The SA Agent can gather performance information from CEs only when they are managed CEs. Make sure that when you add a CE to VPN Customer that the CE is configured as a managed CE with either Regular SA Agent status or Shadow SA Agent status enabled.
Step 1 To edit or view the CE definition for the chosen site, select the CE you wish to edit, then click Edit.
The Edit Customer Edge Routers dialog box appears (see Figure 3-10).
Figure 3-10 Edit Customer Edge Routers Dialog Box
Step 2 Make the changes necessary for the selected CE, then click OK.
Showing the Topology for a VPN Customer
This section provides an overview of main features for viewing VPN Customer topologies. This section does not describe all the topology features in detail. For details on each of the menus and options available from the Topology window, refer to "Topology" in Chapter 10 of the VPN Solutions Center: MPLS Solution User Reference.
To display the topology for a particular VPN Customer, follow these steps:
Step 1 In the hierarchy pane of the VPN Console, select the name of the VPN Customer, then right-click. The Customer menu appears (see Figure 3-11).
Figure 3-11 The Customer Menu
Step 2 From the Customer menu, choose Show Topology.
The VPNSC software displays the current top-level topology for the selected VPN Customer (see Figure 3-12).
Figure 3-12 Top-Level Topology for the Selected VPN Customer
Step 3 Use the functions and features in the Topology window to view various aspects of the VPN Customer topology.
Viewing the Sites and Their CEs for a VPN Customer
To view the sites and CEs in each site, open the folders in the hierarchy pane as shown in Figure 3-13.
Figure 3-13 Site Information for a VPN Customer
Retrieving Site and PAD Details
You can view and retrieve various details concerning the sites and the PAD for a selected VPN Customer.
Step 1 To do so, select the name of a site or the name of the PAD. The Node menu appears (see Figure 3-14).
Figure 3-14 Viewing Details with the Node Menu Options
The Node menu presents the following options:
•List Service Requests
Choose List Service Requests to generate the VPN Service Requests Report that lists the service requests associated with the selected customer site (see Figure 3-15).
Figure 3-15 The VPN Service Requests Report for the Selected Site
•Navigation
An element displayed with a + (plus) sign indicates that more information is available. The Navigation option offers two options: Go to Child Graph and Show Child Graph.
•View As
The View As option provides two options: Icon and Details.
•Edit Font
Choosing the Edit Font option brings up the Choose Font dialog box. From this dialog box, you can choose the font type and size for the topology display.
•Background Color
Choosing the Background Color option brings up the Choose Color dialog box. From this dialog box, you can choose the background color for the topology display.
•Foreground Color
Choosing the Foreground Color option brings up the Choose Color dialog box. From this dialog box, you can choose the foreground color for the topology display.
Step 2 Choose the options you need from the Node menu.
Defining a New VPN in the VPNSC Software
You have defined the network elements, defined the Provider Administrative Domain, and created the VPN customer definition. The final stage of setting up is to define the VPN.
Note This procedure does not implement the VPN in the network; it only defines the VPN within the VPN Solutions Center software.
To define the VPN, follow these steps:
Step 1 From the VPN Console menu, choose Setup > New VPN Definition.
Figure 3-16 Selecting the PAD for a New VPN
Step 2 From the drop-down list in the Select Provider Administrative Domain dialog box (as shown in Figure 3-16), select the Provider Administrative Domain for the VPN, then click OK.
The New VPN Definition dialog box appears (see Figure 3-17).
Figure 3-17 Defining a New VPN
Step 3 Enter the name of the new VPN and click OK.
You return to the VPN Console window, which now displays the new VPN name under the VPNs folder. This is all that is required to complete the VPN definition. However, you may want to define one or more CE Routing Communities for this VPN. If so, proceed to the next section.
Finding a Specific VPN
To find a specific VPN, follow these steps:
Step 1 From the VPN Console window, choose Find > Find VPN.
The Find dialog box appears with the category VPN already selected (see Figure 3-18).
Figure 3-18 Find VPN Dialog Box
Step 2 In the Find What field, enter the name of the VPN you want to find.
Step 3 If you want the search to match the case of the VPN name you enter, check the Match Case check box.
Step 4 Choose the direction of the search by clicking the Up or Down radio button.
Step 5 When you have completed the search parameters, click Find Next.
The VPNSC software locates the indicated VPN and highlights it in the hierarchy pane.
Step 6 Close the Find dialog box.
Defining CE Routing Communities
Whenever you create a VPN, the VPN Solutions Center software creates one default CE routing community (CERC) for you. This means that until you need advanced customer layout methods, you will not need to define new CERCs. Up to that point, consider a CERC as standing for the VPN itself—they are identical.
Tips CERCs should be defined only with consultation with the VPN network administrator.
To build complex topologies, it is necessary to break down the required connectivity between CEs into groups, where each group is either fully meshed, or has a hub and spoke pattern. A CE can be in more than one group at a time, so long as each group has one of the two basic configuration patterns.
Each subgroup in the VPN needs its own CERC. Any CE that is only in one group just joins the corresponding CERC (as a spoke if necessary). If a CE is in more than one group, then you can use the Advanced Setup choice during provisioning to add the CE to all the relevant groups in one service request. Given this information, the provisioning software does the rest, assigning route target values and VRF tables to arrange exactly the connectivity the customer requires.
You can use the Topology tool to double-check the CERC memberships and resultant VPN connection status.
For more information on CERCs, see the "CE Routing Communities" section.
To define a new CE Routing Community (CERC) for a VPN, follow these steps:
Step 1 From the New VPN Definition dialog box (see Figure 3-17), choose the CE Routing Communities (CERCs) tab (see Figure 3-19).
Figure 3-19 CERC for a VPN Definition
Step 2 From the CE Routing Communities (CERCs) tab, click Add.
The Add CE Routing Community dialog box appears.
Figure 3-20 Add CE Routing Community Dialog Box
Caution If you choose to bypass the Auto-pick route target values option and set the route target (RT) values manually, note that the RT values cannot be edited once they have been defined in the VPN Solutions Center software.
Step 3 Complete the fields as required for the VPN, then click OK.
Adding CERC Definitions
You can add or delete CERCs to an existing VPN definition. To do so (or view the definitions for an existing VPN and CERC), follow these steps:
Step 1 From the VPN Console hierarchy view, click the VPNs open-close icon.
The list of VPNs is displayed.
Step 2 Select the VPN that the CERC is defined in, then right-click.
The VPN menu appears (see Figure 3-21).
Figure 3-21 The VPN Menu
Step 3 Choose Open VPN.
The Edit VPN Definition dialog box appears.
Step 4 Choose the CE Routing Communities (CERCs) tab.
The dialog box shown in Figure 3-22 appears.
Figure 3-22 Displaying the Current CERC Definition
Step 5 To add a CERC to the currently selected VPN, click Add.
The Add CE Routing Community dialog box appears (see Figure 3-23).
Figure 3-23 Adding a CERC
Step 6 Enter the name of the CERC.
Step 7 Specify the CERC type: Hub and Spoke or Fully Meshed.
Step 8 Choose to either let VPN Solutions Center automatically set the route target (RT) values or set the RT values manually.
By default, the Auto-pick route target values check box is checked. If you uncheck the check box, you can enter the Route Target values manually.
Caution If you choose to bypass the Auto-pick route target values option and set the route target (RT) values manually, note that the RT values cannot be edited once they have been defined in the VPN Solutions Center software.
Step 9 When you have finished entering the information in the Add CE Routing Community dialog box, click OK.
The new CERC is added to the VPN definition.
Deleting a CERC Definition
You cannot delete a CERC from the VPNSC software if there are active service requests using the CERC.
To delete a CERC definition, follow these steps:
Step 1 From the VPN Console hierarchy view, click the VPNs open-close icon.
The list of VPNs is displayed.
Step 2 Select the VPN that the CERC is defined in, then right-click.
The VPN menu appears (see Figure 3-21).
Step 3 Choose Open VPN.
The Edit VPN Definition dialog box appears.
Step 4 Choose the CE Routing Communities (CERCs) tab (see Figure 3-22
Step 5 To delete a CERC from the currently selected VPN, click Delete.
If the CERC you wish to delete has active service requests, you receive a warning that the CERC is not deletable.
Step 6 Click OK.
Showing the Topology for a VPN
This section provides an overview of main features of the topology feature for VPNs. This section does not describe all the topology features in detail. For details on each of the menus and options available from the Topology window, refer to "Topology" in Chapter 10 of the VPN Solutions Center: MPLS Solution User Reference.
To display the topology for a particular VPN, follow these steps:
Step 1 In the hierarchy pane of the VPN Console, select the name of the VPN, then right-click. The VPN menu appears.
Step 2 From the VPN menu, choose Show Topology.
The VPNSC software displays the current top-level topology for the selected VPN (see Figure 3-24).
The hierarchy pane (on the left) shows the folders for the VPN's components: the hubs, the CEs, and the CERCs.
Figure 3-24 Top-Level Topology Display for the VPN
Step 3 Use the functions and features in the Topology windows view various aspects of the VPN topology.
Viewing the List of Hubs and CEs in the Selected VPN
When you open the Hubs and Customer Edge Router folders, you can see the names of each CE functioning as a hub, as well as the list of CES that are members of the selected VPN (see Figure 3-25).
Figure 3-25 Viewing the Hubs and CEs in the VPN
Sorting the Hubs and CEs
Step 1 You can sort the display of Hubs and Customer Edge Routers. To do so, select either the Hubs or Customer Edge Routers folder and right-click. The Sort menu appears.
Step 2 Choose Sort > Ascending to sort the list in ascending order; or choose Sort > Descending to sort the list in descending order
You can view the Hubs or CEs in their new order.
Viewing Details on the CEs in the VPN
You can view and retrieve various details concerning the CEs in the selected VPN.
Step 1 To do so, select the name of specific CE. The Node menu appears (see Figure 3-26).
Figure 3-26 Viewing CE Details with the Node Menu Options
The Node menu presents the following options:
•List Service Requests
Choose List Service Requests to generate the VPN Service Requests Report (see Figure 3-27) that lists the service requests associated with the selected VPN.
Figure 3-27 The VPN Service Requests Report
•Navigation
An element displayed with a + (plus) sign indicates that more information is available. The Navigation option offers two options: Go to Child Graph and Show Child Graph.
•View As
The View As option provides two options: Icon and Details.
•Edit Font
Choosing the Edit Font option brings up the Choose Font dialog box. From this dialog box, you can choose the font type and size for the topology display.
•Background Color
Choosing the Background Color option brings up the Choose Color dialog box. From this dialog box, you can choose the background color for the topology display.
•Foreground Color
Choosing the Foreground Color option brings up the Choose Color dialog box. From this dialog box, you can choose the foreground color for the topology display.
Step 2 Choose the options you need from the Node menu.
Implementing the Management VPN Technique
The Management VPN technique is the default method provisioned by VPN Solutions Center. A key concept for this implementation technique is that all the CEs in the network are a member of the management VPN. The Management VPN is a VPN that belongs to the service provider so that the service provider can manage the VPNs that belong to the provider's customers. Figure 3-28 shows a typical topology for the Management VPN technique.
Figure 3-28 Example of Management VPN Topology
A Management VPN employs two devices called the Management CE (MCE) and the Management PE (MPE).
•The network management subnet is connected to the Management CE (MCE). The MCE emulates the role of a customer edge router (CE), but the MCE is a router in provider space that serves as a network operations center gateway router. The MCE is part of a management site as defined in the VPN Solutions Center software.
•The Management PE (MPE) is a router in service provider space that emulates the role of a PE in the provider core network. The MPE connects the MCE to the provider core network. An MPE can have a dual role as both a standard PE and the MPE.
The MPE needs access to the following devices:
The MPE-MCE link uses a Management VPN (see the "Management VPN Technique" section) to connect to managed CEs. To connect to the PEs and NetFlow Connector, the MPE-MCE link uses a parallel IPv4 link.
Provisioning a Management VPN
The procedure to provision a management VPN assumes that routers that are to function as the MPE and MCE already exist in the service provider network.
The first step is to create a VPN Customer specifically reserved as the Management VPN Customer. The Management VPN Customer should have a single site with a single CE—the router designated as the Management CE—assigned to the Management VPN Customer's site.
Note Prior versions of VPN Solutions Center used numbered access list entries. For versions 2.0 and after, the product employs named access list entries. When you redeploy existing service requests in MPLS VPN Solution 2.0, you will observe that each numbered access list entry automatically converts to a named access list entry. No action is required on the part of the service provider to effect the transition to numbered access list entries.
Defining a Management VPN in VPNSC Software
To define a management VPN in VPN Solutions Center software, follow these steps:
Step 1 From the VPN Console menu, choose Setup > New VPN Customer.
You can also right-click the VPN Customers folder and choose New VPN Customer.
The New VPN Customer dialog box appears (see Figure 3-29).
Figure 3-29 Creating the Management VPN Customer
Step 2 Enter the name of the Management VPN Customer. Remember that the Customer in this case is the Service Provider.
Step 3 Optionally, enter the contact information for the Service Provider network administrator.
Though it is not required, entering the contact information is recommended.
Step 4 To define the site for the Management VPN, click Add.
The Add Customer Site dialog box appears (see Figure 3-30).
Figure 3-30 Adding the Management VPN Customer Site
Step 5 Enter the management site's name and location information.
Step 6 To add the Management CE to the management site, click Add.
The Add Customer Edge Routers dialog box appears (see Figure 3-31).
Figure 3-31 Adding the MCE to the Management Site
Step 7 From the Add Customer Edge Routers dialog box, select the name of the service provider network from the Network drop-down list.
Step 8 From the list of routers, select the router that is to function as a Management CE (MCE).
Step 9 Define the router as an MCE by choosing one of these two options, then click OK.
•Management LAN
•Management LAN, SA Agent
Selecting the Management LAN, SA Agent option defines the router as both an MCE and a CE with SA Agent enabled.
When you click OK, the selected router is designated as the MCE.
Provisioning the MCE-PE Link
The next step is to provision a service request between the MCE and a PE designated as the Management PE (MPE). For detailed information on deploying service requests in the VPN Solutions Center software, see "Provisioning MPLS VPN Service Requests."
Step 1 Choose Provisioning > Add VPN Service to CE.
The introductory panel in the Add VPN Service to CE wizard appears.
Step 2 Click Next. The dialog box shown in Figure 3-32 appears.
When provisioning standard PE-CE links, the next dialog box is used to select the CE in the PE-CE link. However, setting up a service request for the MCE is a special case, and so use this dialog box to select the router designated as the MCE.
Figure 3-32 Selecting the MCE for the Service Request
Step 3 From the Customer drop-down list, select the name of the Management customer.
Step 4 From the Site drop-down list, select the name of the Management site.
As shown in Figure 3-32, the name of the router designated as the MCE appears in the CE Routers pane.
Step 5 When completed with the selections, click Next.
When provisioning standard PE-CE links, the next dialog box is used to select the PE in the PE-CE link. However, for this operation, use this dialog box to select the router designated as the Management PE (MPE).
Figure 3-33 Selecting the MPE for the Service Request
Step 6 From the Provider drop-down list, select the name of the service provider.
Step 7 From the Region drop-down list, select the name of the Region where the MPE resides.
The list of routers in the selected Region appears in the PE Routers pane (see Figure 3-33).
Step 8 When completed with the selections, click Next.
The next dialog box (shown in Figure 3-34) asks you to specify the routing protocol used over the MPE-MCE link.
Figure 3-34 Choosing the Routing Protocol for the MPE-MCE Link
Step 9 Choose the routing protocol used for the link between the MPE and MCE.
Cisco recommends that you use a dynamic routing protocol for a Management VPN (that is, BGP or RIP).
For details about the routing protocols options available from this dialog box, see the "Choosing the Routing Protocol for the Link" section.
Step 10 Complete the information required for the selected routing protocol, then click Next.
The next dialog box (shown in Figure 3-35) asks you to specify the protocols redistributed from the MCE.
Step 11 If protocols are to be redistributed over the MPE-MCE link, complete the necessary information, then click Next.
For details, see the "Specifying Redistributed Protocols on the Link" section. The next dialog box asks you to select the type of interface (WAN or LAN) and the encapsulation used on the MPE and MCE.
Figure 3-35 Selecting LAN or WAN Interfaces and Encapsulation
Step 12 Specify the interface information for the MPE-MCE link, then click Next.
a. Specify whether the MPE-MCE link is on a WAN or LAN.
b. From the PE interface panel Interface drop-down list, select the interface for the MPE.
c. From the PE interface panel Encapsulation drop-down list, select the encapsulation type for the MPE.
d. From the CE interface panel Interface drop-down list, select the interface for the MCE.
e. From the CE interface panel Encapsulation drop-down list, select the encapsulation type for the MCE.
The next dialog box in the Add VPN Service to the CE wizard (see Figure 3-36) provides a way to define the IP addressing scheme that is appropriate for this MPE-MCE link.
Figure 3-36 Choosing the MPE-MCE IP Addressing Scheme
Step 13 Choose the appropriate IP addressing scheme for the MPE and MCE.
Only the IP Numbered and IP Numbered with Extra CE Loopback options are valid for the MPE-MCE link.
For details on the options available on the IP Address Scheme dialog box, see the "Choosing an IP Addressing Scheme" section.
Step 14 Enter the IP addresses for the MPE-MCE link, then click Next.
a. In the PE Interfaces fields, enter the IP address for the MPE.
b. In the CE Interfaces fields, enter the IP address for the MCE
c. If you selected the IP Numbered with Extra CE Loopback option, In the CE Loopback fields, enter the IP address for the MCE loopback address.
Step 15 In the next dialog box, you can optionally specify the import map and maximum routes parameters for the MCE, then click Next.You can also enable NetFlow accounting on the MCE from this dialog box.
For details on these options, see the "Specifying VRF Parameters" section.
Note When you use the VPN Solutions Center software to define a management VPN, the software automatically generates an export route map for the management VPN. Because the Cisco IOS supports only one export route map per VRF, you would specify an export map in this field only if the router is not part of a management VPN. The export route map generated for the management VPN overrides the export route map defined here.
The next dialog box asks you to select a Class of Service (CoS) profile.
Step 16 If desired, select a CoS profile to assign to the PE-CE link, then click Next.
The next screen displays a summary of all the service settings defined for the Management VPN.
Step 17 Verify that the service request information is correct, then click Next.
The service request is assigned an ID number and submitted. This service request is now in the Requested state. For details on the states a service request moves through, see the "Service Request Summary" section.
Note To create the Management VPN, the service request must be deployed successfully.
Step 18 From the VPN Console, choose Provisioning > Deploy Service Requests.
The Deploy Service Requests wizard begins. For details on completing the information for completing the Deployment wizard, see the "Deploying a VPN Service" section.
When the service request is deployed successfully, VPN Solutions Center creates the Management VPN with the name in this form:
service_provider_name_grey_mgmt_vpn
About Provisioning PE-CE Links in the Management VPN
When you have created the Management VPN, then you can proceed to add service for the PE-CE links you want to participate in the Management VPN.
Step 1 Add VPN service between each PE and CE as described in the "Adding a Service for a PE-CE Link" section.
Step 2 In the CERC Memberships dialog box, be sure to check the Join the management VPN option, as shown in Figure 3-37.
Figure 3-37 Joining a CE to the Management VPN
When you make the CE join the Management VPN in this step, VPN Solutions Center generates the appropriate route-map statements in the PE's configlet.
The function of the management route map is to allow only the routes to the specific CE into the management VPN. The Cisco IOS supports only one export route map and one import route map per VRF (and therefore, per VPN).
Step 3 Complete the service request wizard as described in the "Adding a Service for a PE-CE Link" section."