评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置IP和VPN混合FRR示例
组网需求
如图2-66所示,CE双归属接入PE1和PE2。用户要求CE-PE1之间直连链路出现故障时,路由能快速切换到链路PE1-PE2-CE上,保证VPN业务流量的快速切换,降低对业务的影响。
请确保该场景下互联接口的STP处于未使能状态。同时将互连接口退出VLAN1,避免形成环路。因为在使能STP的环形网络中,如果用交换机的VLANIF接口构建三层网络,会导致某个端口被阻塞,从而导致三层业务不能正常运行。
配置思路
采用如下的思路配置IP和VPN混合FRR功能。
在MPLS骨干网上(PE1和PE2)配置OSPF,实现骨干网互通。
在MPLS骨干网上配置MPLS基本能力,使能MPLS LDP,建立LDP LSP。
分别在各PE设备(PE1和PE2)上配置VPN实例,将CE接入PE1和PE2。
在PE1和PE2间建立BGP VPNv4对等体。
在PE1、PE2上配置混合FRR策略,配置备份下一跳,使能IP FRR。
操作步骤
- 配置各接口所属VLAN,并配置VLANIF接口和Loopback接口IP地址。
# 配置PE1。PE2和CE的配置与PE1类似,详见配置文件。
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] vlan batch 10 20 [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [PE1-GigabitEthernet1/0/1] quit [PE1] interface gigabitethernet 2/0/2 [PE1-GigabitEthernet2/0/2] port link-type trunk [PE1-GigabitEthernet2/0/2] port trunk allow-pass vlan 20 [PE1-GigabitEthernet2/0/2] quit [PE1] interface vlanif 10 [PE1-Vlanif10] ip address 10.3.1.2 30 [PE1-Vlanif10] quit
- 在MPLS骨干网上配置OSPF协议,实现骨干网PE互通。
# 配置PE1。PE2的配置与PE1类似,详见配置文件。
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
- 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlanif 10 [PE1-Vlanif10] mpls [PE1-Vlanif10] mpls ldp [PE1-Vlanif10] quit
# 配置PE2。
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlanif 10 [PE2-Vlanif10] mpls [PE2-Vlanif10] mpls ldp [PE2-Vlanif10] quit
配置完成后,PE1与PE2之间应该建立起LDP对等体关系,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。以PE1的显示为例:
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- Flag after Out IF: (I) - LSP Is Only Iterated by RLFA ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 1.1.1.1/32 3/NULL 2.2.2.2 127.0.0.1 InLoop0 *1.1.1.1/32 Liberal/1024 DS/2.2.2.2 2.2.2.2/32 NULL/3 - 10.3.1.1 Vlanif10 2.2.2.2/32 1024/3 2.2.2.2 10.3.1.1 Vlanif10 ------------------------------------------------------------------------------- TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is stale A '*' before a DS means the session is stale A '*' before a NextHop means the LSP is FRR LSP - 在PE设备上配置VPN实例,将CE接入PE
# 配置PE1。
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] ipv4-family [PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1 [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 [PE1-vpn-instance-vpn1-af-ipv4] quit [PE1-vpn-instance-vpn1] quit [PE1] interface vlanif 20 [PE1-Vlanif20] ip binding vpn-instance vpn1 [PE1-Vlanif20] ip address 10.1.1.2 30 [PE1-Vlanif20] quit
# 配置PE2。
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] ipv4-family [PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:2 [PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 [PE2-vpn-instance-vpn1-af-ipv4] quit [PE2-vpn-instance-vpn1] quit [PE2] interface vlanif 30 [PE2-Vlanif30] ip binding vpn-instance vpn1 [PE2-Vlanif30] ip address 10.2.1.2 30 [PE2-Vlanif30] quit
- CE和PE之间配置静态路由。在PE1和PE2上引入直连VPN路由和静态路由。
配置混合FRR时,在PE到CE的静态路由,必须指定出接口信息。
# 配置PE1。
[PE1] ip route-static vpn-instance vpn1 10.5.1.0 24 vlanif20 10.1.1.1 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route static [PE1-bgp-vpn1] quit [PE1-bgp] quit
# 配置PE2。
[PE2] ip route-static vpn-instance vpn1 10.5.1.0 24 vlanif30 10.2.1.1 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route static [PE2-bgp-vpn1] quit [PE2-bgp] quit
# 配置CE。
[CE] ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 preference 60 [CE] ip route-static 0.0.0.0 0.0.0.0 10.2.1.2 preference 100
- 在PE之间建立BGP VPNv4对等体
# 配置PE1。
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# 配置PE2。
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.1 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
完成此步骤后,在PE上执行display bgp vpnv4 all peer命令,可看到BGP VPNv4对等体建立成功,其状态为“Established”。
- 配置混合FRR路由策略
[PE1] ip ip-prefix frr1 permit 10.1.1.1 32 [PE1] route-policy ip_vpn_frr_rp permit node 10 [PE1-route-policy] if-match ip next-hop ip-prefix frr1 [PE1-route-policy] apply backup-nexthop 2.2.2.2 [PE1-route-policy] quit
- 使能IP FRR
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] ipv4-family [PE1-vpn-instance-vpn1-af-ipv4] ip frr route-policy ip_vpn_frr_rp [PE1-vpn-instance-vpn1-af-ipv4] quit [PE1-vpn-instance-vpn1] quit
# 通过命令display ip routing-table vpn-instance查看VPN实例路由表项。加粗字体是备份下一跳、备份标签和备份Tunnel ID信息,表明混合FRR表项生成。
[PE1] display ip routing-table vpn-instance vpn1 10.5.1.0 verbose Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : vpn1 Summary Count : 2 Destination: 10.5.1.0/24 Protocol: Static Process ID: 0 Preference: 60 Cost: 0 NextHop: 10.1.1.1 Neighbour: 0.0.0.0 State: Active Adv Age: 00h01m33s Tag: 0 Priority: medium Label: NULL QoSInfo: 0x0 IndirectID: 0x0 RelayNextHop: 0.0.0.0 Interface: Vlanif20 TunnelID: 0x0 Flags: D BkNextHop: 2.2.2.2 BkInterface: Vlanif10 BkLabel: 75776 SecTunnelID: 0x0 BkPETunnelID: 0x200800b BkPESecTunnelID: 0x0 BkIndirectID: 0x0 Destination: 10.5.1.0/24 Protocol: IBGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Inactive Adv Relied Age: 00h01m33s Tag: 0 Priority: low Label: 1025 QoSInfo: 0x0 IndirectID: 0x6 RelayNextHop: 10.3.1.1 Interface: Vlanif10 TunnelID: 0x48000007 Flags: R如果PE1-CE间链路故障,静态路由会失效,通过FRR表项实现流量的快速切换。
去使能IP FRR功能,流量切换依赖路由的收敛而不是FRR来完成,切换速度比FRR慢。
配置文件
PE1的配置文件
# sysname PE1 # vlan batch 10 20 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 ip frr route-policy ip_vpn_frr_rp vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # interface Vlanif10 ip address 10.3.1.2 255.255.255.252 mpls mpls ldp # interface Vlanif20 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.252 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/2 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 import-route direct import-route static # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.3.1.0 0.0.0.3 # route-policy ip_vpn_frr_rp permit node 10 if-match ip next-hop ip-prefix frr1 apply backup-nexthop 2.2.2.2 # ip ip-prefix frr1 index 10 permit 10.1.1.1 32 # ip route-static vpn-instance vpn1 10.5.1.0 255.255.255.0 Vlanif20 10.1.1.1 # return
PE2的配置文件
# sysname PE2 # vlan batch 10 30 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Vlanif10 ip address 10.3.1.1 255.255.255.252 mpls mpls ldp # interface Vlanif30 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.252 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/2 port link-type trunk port trunk allow-pass vlan 30 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 import-route direct import-route static # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.3.1.0 0.0.0.3 # ip route-static vpn-instance vpn1 10.5.1.0 255.255.255.0 Vlanif30 10.2.1.1 # return
CE的配置文件
# sysname CE # vlan batch 10 20 30 # interface Vlanif10 ip address 10.5.1.1 255.255.255.0 # interface Vlanif20 ip address 10.1.1.1 255.255.255.252 # interface Vlanif30 ip address 10.2.1.1 255.255.255.252 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet2/0/2 port link-type trunk port trunk allow-pass vlan 30 # interface GigabitEthernet3/0/3 port link-type trunk port trunk allow-pass vlan 10 # ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 ip route-static 0.0.0.0 0.0.0.0 10.2.1.2 preference 100 # return
