 成长值: 63400
|
简介
BGP/MPLS IP VPN是一种基于MPLS的L3VPN,组网方式灵活,可扩展性好,支持大规模部署。新增一个站点时,只需要修改提供该站点业务的边缘节点的配置。
BGP/MPLS IP VPN适用于位于不同地理位置的公司总部和分支之间需要相互通信的场景,由于通信数据需要穿越运营商的骨干网,可以使用BGP在骨干网上发布VPN路由,使用MPLS在骨干网上转发VPN报文;由于公司内部各个部门之间需要相互隔离,可以通过该功能实现不同VPN之间的路由隔离、地址空间隔离和访问隔离。
VPLS结合了以太网技术和MPLS技术的优势,是对传统LAN全部功能的仿真,其主要目的是通过运营商提供的IP/MPLS网络连接地域上隔离的多个由以太网构成的LAN,使它们像一个LAN那样工作。
目前,很多企业的分布范围日益扩大,公司员工的移动性也不断增加,因此企业中立即消息、网络会议的应用越来越广泛。这些应用对端到端的数据通信技术有了更高的要求。在运营商建立的城域网中,企业的多个分支机构分布在不同区域。此时,需要将企业机构之间的二层业务报文通过城域网传输,可以使用VPLS技术,实现分布在不同地区的企业内部之间的互通。
运营商通过使用同一个PE设备同时为企业提供VPLS业务及三层VPN业务来降低网络建设投入成本。
组网需求
如图1所示:
运营商提供VPLS业务及三层VPN业务;
A企业总部连接的CE1和分支机构连接的CE3属于同一个VPLS,为企业提供二层业务互通,同时CE1和CE3也属于vpna,为企业提供三层数据的安全互通。
B企业总部连接的CE2和分支机构连接的CE4属于同一个VPLS,为企业提供二层业务互通,同时CE2和CE4也属于vpnb,为企业提供三层数据的安全互通。
Switch与CE侧接口配置灵活QinQ,对CE发送过来的报文打上运营商指定允许通过的外层VLAN Tag。当Switch连接多个CE时,对不同CE发送过来的不同的VLAN Tag报文打上相同的外层VLAN Tag,还可以达到节省公网VLAN数量的目的。
图1 配置BGP/MPLS IP VPN和VPLS组合应用示例组网图
配置思路
采用如下的思路配置BGP/MPLS IP VPN和VPLS:
P、PE之间配置OSPF,实现骨干网的IP连通性。
PE、P上配置MPLS基本能力和MPLS LDP,建立MPLS LSP公网隧道,传输VPN数据。
PE1和PE2之间配置MP-IBGP,交换VPN路由信息。
配置BGP/MPLS IP VPN。PE1和PE2上配置L3VPN的VPN实例,其中,vpna使用的VPN-target属性为111:1,vpnb使用的VPN-target属性为222:2,以实现相同VPN间互通,不同VPN间隔离。CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE设备。
配置VPLS。PE1和PE2上配置VPLS的VSI实例,指定信令为BGP,指定RD、VPN-Target和Site。同时,采用子接口作为AC接口与VSI进行绑定,以接入VPLS用户。CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE。
在Switch的接口上配置灵活QinQ和允许通过的VLAN。
CE与PE之间配置EBGP,交换VPN路由信息。
操作步骤
在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通
# 配置PE1。
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] vlan batch 30
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] port link-type hybrid
[PE1-GigabitEthernet3/0/0] port hybrid pvid vlan 30
[PE1-GigabitEthernet3/0/0] port hybrid untagged vlan 30
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 172.1.1.1 24
[PE1-Vlanif30] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit# 配置P。
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] vlan batch 30 60
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port link-type hybrid
[P-GigabitEthernet1/0/0] port hybrid pvid vlan 30
[P-GigabitEthernet1/0/0] port hybrid untagged vlan 30
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] port link-type hybrid
[P-GigabitEthernet2/0/0] port hybrid pvid vlan 60
[P-GigabitEthernet2/0/0] port hybrid untagged vlan 60
[P-GigabitEthernet2/0/0] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 172.1.1.2 24
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] ip address 172.2.1.1 24
[P-Vlanif60] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit# 配置PE2。
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] vlan batch 60
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] port link-type hybrid
[PE2-GigabitEthernet3/0/0] port hybrid pvid vlan 60
[PE2-GigabitEthernet3/0/0] port hybrid untagged vlan 60
[PE2-GigabitEthernet3/0/0] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip address 172.2.1.2 24
[PE2-Vlanif60] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit配置完成后,PE1、P、PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.9/32 OSPF 10 1 D 172.1.1.2 Vlanif30
3.3.3.9/32 OSPF 10 2 D 172.1.1.2 Vlanif30
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.1.0/24 Direct 0 0 D 172.1.1.1 Vlanif30
172.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Vlanif30
[PE1] display ospf peer
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 172.1.1.1(Vlanif30)'s neighbors
Router ID: 2.2.2.9 Address: 172.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 172.1.1.2 BDR: 172.1.1.1 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:16:21
Authentication Sequence: [ 0 ]
在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit# 配置P。
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] mpls
[P-Vlanif60] mpls ldp
[P-Vlanif60] quit# 配置PE2。
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] mpls
[PE2-Vlanif60] mpls ldp
[PE2-Vlanif60] quit上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
以PE1的显示为例:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Active 0000:00:01 6/6
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
Flag after Out IF: (I) - LSP Is Only Iterated by RLFA
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 Inloop0
*1.1.1.9/32 Liberal/1025 DS/2.2.2.9
2.2.2.9/32 NULL/3 - 172.1.1.2 Vlanif30
2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 Vlanif30
3.3.3.9/32 NULL/1025 - 172.1.1.2 Vlanif30
3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 Vlanif30
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP
在PE设备上配置L3VPN的VPN实例。vpna为单层tag接入,使用Dot1q终结子接口,vpnb为双层tag接入,使用QinQ终结子接口(用VLAN10、VLAN20标识使用三层业务的用户,PE上VLAN10、VLAN100标识三层业务)。
# 配置PE1。
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type hybrid
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna
[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[PE1-GigabitEthernet1/0/0.1] arp broadcast enable
[PE1-GigabitEthernet1/0/0.1] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type hybrid
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb
[PE1-GigabitEthernet2/0/0.1] ip address 10.2.1.2 24
[PE1-GigabitEthernet2/0/0.1] arp broadcast enable
[PE1-GigabitEthernet2/0/0.1] quit# 配置PE2。
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port link-type hybrid
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna
[PE2-GigabitEthernet1/0/0.1] ip address 10.3.1.2 24
[PE2-GigabitEthernet1/0/0.1] arp broadcast enable
[PE2-GigabitEthernet1/0/0.1] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port link-type hybrid
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb
[PE2-GigabitEthernet2/0/0.1] ip address 10.4.1.2 24
[PE2-GigabitEthernet2/0/0.1] arp broadcast enable
[PE2-GigabitEthernet2/0/0.1] quit# 配置A企业总部连接的CE1。按图1配置各CE的接口IP地址,其中CE2、CE3和CE4的配置与CE1类似,不再赘述。
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10 to 11
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type hybrid
[CE1-GigabitEthernet1/0/0] port hybrid tagged vlan 10 to 11
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
说明:
当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
以PE1和CE1为例:
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpna, 1
Interfaces : Vlanif10
Address family ipv4
Create date : 2012/07/25 00:58:17 UTC+08:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label Policy : label per instance
Per-Instance Label : 4096
Log Interval : 5
VPN-Instance Name and ID : vpnb, 2
Interfaces : Vlanif20
Address family ipv4
Create date : 2012/07/25 00:58:17 UTC+08:00
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label Policy : label per instance
Per-Instance Label : 4096
Log Interval : 5
[PE1] ping -vpn-instance vpnb 10.2.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/6/16 ms
在PE设备上配置VPLS的VSI实例,指定信令为BGP,指定RD、VPN-Target和Site。同时,采用子接口作为AC接口与VSI进行绑定,以接入VPLS用户。CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE(CE用VLAN11、VLAN21区分使用二层业务的用户,PE上用VLAN11、VLAN200标识二层业务)。
# 配置PE1。
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vsi vsi1 auto
[PE1-vsi-vsi1] pwsignal bgp
[PE1-vsi-vsi1-bgp] route-distinguisher 101:1
[PE1-vsi-vsi1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-vsi1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-vsi1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-vsi1-bgp] quit
[PE1-vsi-vsi1] quit
[PE1] vsi vsi2 auto
[PE1-vsi-vsi2] pwsignal bgp
[PE1-vsi-vsi2-bgp] route-distinguisher 101:2
[PE1-vsi-vsi2-bgp] vpn-target 200:1 import-extcommunity
[PE1-vsi-vsi2-bgp] vpn-target 200:1 export-extcommunity
[PE1-vsi-vsi2-bgp] site 1 range 5 default-offset 0
[PE1-vsi-vsi2-bgp] quit
[PE1-vsi-vsi2] quit
[PE1] interface gigabitethernet 1/0/0.2
[PE1-GigabitEthernet1/0/0.2] dot1q termination vid 11
[PE1-GigabitEthernet1/0/0.2] l2 binding vsi vsi1
[PE1-GigabitEthernet1/0/0.2] quit
[PE1] interface gigabitethernet 2/0/0.2
[PE1-GigabitEthernet2/0/0.2] qinq termination pe-vid 200 ce-vid 21
[PE1-GigabitEthernet2/0/0.2] l2 binding vsi vsi2
[PE1-GigabitEthernet2/0/0.2] quit# 配置PE2。
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vsi vsi1 auto
[PE2-vsi-vsi1] pwsignal bgp
[PE2-vsi-vsi1-bgp] route-distinguisher 201:1
[PE2-vsi-vsi1-bgp] vpn-target 100:1 import-extcommunity
[PE2-vsi-vsi1-bgp] vpn-target 100:1 export-extcommunity
[PE2-vsi-vsi1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-vsi1-bgp] quit
[PE2-vsi-vsi1] quit
[PE2] vsi vsi2 auto
[PE2-vsi-vsi2] pwsignal bgp
[PE2-vsi-vsi2-bgp] route-distinguisher 201:2
[PE2-vsi-vsi2-bgp] vpn-target 200:1 import-extcommunity
[PE2-vsi-vsi2-bgp] vpn-target 200:1 export-extcommunity
[PE2-vsi-vsi2-bgp] site 2 range 5 default-offset 0
[PE2-vsi-vsi2-bgp] quit
[PE2-vsi-vsi2] quit
[PE2] interface gigabitethernet 1/0/0.2
[PE2-GigabitEthernet1/0/0.2] dot1q termination vid 11
[PE2-GigabitEthernet1/0/0.2] l2 binding vsi vsi1
[PE2-GigabitEthernet1/0/0.2] quit
[PE2] interface gigabitethernet 2/0/0.2
[PE2-GigabitEthernet2/0/0.2] qinq termination pe-vid 200 ce-vid 21
[PE2-GigabitEthernet2/0/0.2] l2 binding vsi vsi2
[PE2-GigabitEthernet2/0/0.2] quit
在PE与CE之间建立EBGP对等体关系,引入L3VPN路由。
# 配置A企业总部连接的CE1。CE2、CE3和CE4的配置与CE1类似,不再赘述。
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit# 配置PE1。PE2的配置与PE1类似,不再赘述。
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp]quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.9
Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.9:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.1 4 65410 11 9 0 00:07:25 Established 1
在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 3.3.3.9 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit# 配置PE2。
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
在Switch的接口上配置灵活QinQ和允许通过的VLAN
# 配置Switch1。
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 100 200
[Switch1] interface gigabitethernet 2/0/0
[Switch1-GigabitEthernet2/0/0] port link-type hybrid
[Switch1-GigabitEthernet2/0/0] port hybrid tagged vlan 100 200
[Switch1-GigabitEthernet2/0/0] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port link-type hybrid
[Switch1-GigabitEthernet1/0/0] port hybrid untagged vlan 100 200
[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 20 stack-vlan 100
[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 21 stack-vlan 200
[Switch1-GigabitEthernet1/0/0] quit# 配置Switch2。
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan batch 100 200
[Switch2] interface gigabitethernet 2/0/0
[Switch2-GigabitEthernet2/0/0] port link-type hybrid
[Switch2-GigabitEthernet2/0/0] port hybrid tagged vlan 100 200
[Switch2-GigabitEthernet2/0/0] quit
[Switch2] interface gigabitethernet 1/0/0
[Switch2-GigabitEthernet1/0/0] port link-type hybrid
[Switch2-GigabitEthernet1/0/0] port hybrid untagged vlan 100 200
[Switch2-GigabitEthernet1/0/0] port vlan-stacking vlan 20 stack-vlan 100
[Switch2-GigabitEthernet1/0/0] port vlan-stacking vlan 21 stack-vlan 200
[Switch2-GigabitEthernet1/0/0] quit
检查配置结果
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的L3VPN路由。
以PE1的显示为例:
[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30
[PE1] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif20
10.2.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30
同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。
例如:A企业总部连接的CE1能够Ping通CE3(10.3.1.1),但不能Ping通B企业分支机构连接的CE4(10.4.1.1)。
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.4.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss在PE1上执行display vsi name vsi2 verbose命令,可以看到名字为vsi2的VSI建立了一条到PE2的PW,VSI状态为Up。
[PE1] display vsi name vsi2 verbose
***VSI Name : vsi2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 1
PW Signaling : bgp
Member Discovery Style : auto
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 22 minutes, 6 seconds
VSI State : up
BGP RD : 101:2
SiteID/Range/Offset : 1/5/0
Import vpn target : 200:1
Export vpn target : 200:1
Remote Label Block : 35845/5/0
Local Label Block : 0/35845/5/0
Interface Name : GigabitEthernet2/0/0.2
State : up
Access Port : false
Last Up Time : 2012/12/24 21:19:48
Total Up Time : 0 days, 0 hours, 20 minutes, 42 seconds
**PW Information:
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 35847
Remote VC Label : 35846
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x5
Broadcast Tunnel ID : 0x5
Broad BackupTunnel ID : 0x0
Ckey : 0xc
Nkey : 0xb
Main PW Token : 0x5
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif30
Backup OutInterface :
Stp Enable : 0
PW Last Up Time : 2012/12/24 21:38:43
PW Total Up Time : 0 days, 0 hours, 1 minutes, 47 seconds
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2018-4-25 17:12:30
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2018-4-26 08:54:28
