评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置VPN GR示例
组网需求
CE1和CE2属于同一个VPN。PE1、P和PE2为骨干网设备,在同一AS内,通过IS-IS互连。CE1与PE1相连,它们之间运行BGP;CE2接入PE2,它们之间运行OSPF。如图2-64。
配置思路
本例按照如下思路配置VPN GR:
配置基本BGP/MPLS IP VPN。
配置骨干网的IGP GR、BGP GR、LDP GR;配置PE和CE间路由协议的GR,以实现CE、PE或P发生主备倒换时,VPN流量不中断。
操作步骤
- 创建VLAN,并配置接口加入VLAN
# 配置PE1。P、PE2、CE2和CE1的配置与PE1类似,此处不再赘述。
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] vlan batch 10 20 [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] port link-type trunk [PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] port link-type trunk [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20 [PE1-GigabitEthernet2/0/0] quit
- 配置骨干网的BGP/MPLS IP VPN
使用IS-IS作为骨干网的IGP协议,PE1和PE2之间使能LDP,并建立MP-IBGP对等体关系。
# 配置PE1。
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface vlanif 20 [PE1-Vlanif20] ip address 100.1.1.1 30 [PE1-Vlanif20] isis enable 1 [PE1-Vlanif20] mpls [PE1-Vlanif20] mpls ldp [PE1-Vlanif20] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# 配置P。
[P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] isis 1 [P-isis-1] network-entity 10.0000.0000.0002.00 [P-isis-1] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit [P] interface vlanif 20 [P-Vlanif20] ip address 100.1.1.2 30 [P-Vlanif20] isis enable 1 [P-Vlanif20] mpls [P-Vlanif20] mpls ldp [P-Vlanif20] quit [P] interface vlanif 30 [P-Vlanif30] ip address 100.2.1.1 30 [P-Vlanif30] isis enable 1 [P-Vlanif30] mpls [P-Vlanif30] mpls ldp [P-Vlanif30] quit
# 配置PE2。
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] isis 1 [PE2-isis-1] network-entity 10.0000.0000.0003.00 [PE2-isis-1] quit [PE2] interface loopback 1 [PE2-LoopBack1] isis enable 1 [PE2-LoopBack1] quit [PE2] interface vlanif 30 [PE2-Vlanif30] ip address 100.2.1.2 30 [PE2-Vlanif30] isis enable 1 [PE2-Vlanif30] mpls [PE2-Vlanif30] mpls ldp [PE2-Vlanif30] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
配置完成后,在PE1或PE2上执行display isis peer命令可以看到IS-IS邻居关系已建立,状态为Up;执行display mpls ldp session命令可以看到LDP会话建立成功,会话状态为“Operational”;执行display bgp vpnv4 all peer命令可以看到BGP对等体关系已建立,并达到“Established”状态。
- 配置VPN实例,接入CE
在PE1上配置vpn1的VPN实例,接入CE1;在PE2上配置vpn1的VPN实例,接入CE2。并在CE1和PE1之间配置EBGP,在CE2和PE2之间配置OSPF。
# 配置CE1。
[CE1] interface vlanif 10 [CE1-Vlanif10] ip address 10.1.1.1 30 [CE1-Vlanif10] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# 配置PE1。
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] ipv4-family [PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1 [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 [PE1-vpn-instance-vpn1-af-ipv4] quit [PE1-vpn-instance-vpn1] quit [PE1] interface vlanif 10 [PE1-Vlanif10] ip binding vpn-instance vpn1 [PE1-Vlanif10] ip address 10.1.1.2 30 [PE1-Vlanif10] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] quit [PE1-bgp] quit
# 配置PE2。
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] ipv4-family [PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:2 [PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 [PE2-vpn-instance-vpn1-af-ipv4] quit [PE2-vpn-instance-vpn1] quit [PE2] interface vlanif 40 [PE2-Vlanif40] ip binding vpn-instance vpn1 [PE2-Vlanif40] ip address 10.2.1.2 30 [PE2-Vlanif40] quit [PE2] ospf 2 vpn-instance vpn1 [PE2-ospf-2] area 0 [PE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3 [PE2-ospf-2-area-0.0.0.0] quit [PE2-ospf-2] import-route bgp [PE2-ospf-2] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 2 [PE2-bgp-vpn1] quit [PE2-bgp] quit
# 配置CE2。
[CE2] interface vlanif 40 [CE2-Vlanif40] ip address 10.2.1.1 30 [CE2-Vlanif40] quit [CE2] ospf 2 [CE2-ospf-2] area 0 [CE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3 [CE2-ospf-2-area-0.0.0.0] quit [CE2-ospf-2] import-route direct [CE2-ospf-2] quit
至此,基本BGP/MPLS IP VPN配置完成。CE1与CE2之间能相互通讯。
- 配置骨干网IGP GR
在骨干网PE1、P、PE2上配置IGP GR。
# 配置PE1。
[PE1] isis 1 [PE1-isis-1] graceful-restart [PE1-isis-1] quit
# 配置P。
[P] isis 1 [P-isis-1] graceful-restart [P-isis-1] quit
# 配置PE2。
[PE2] isis 1 [PE2-isis-1] graceful-restart [PE2-isis-1] quit
在骨干网PE1、P、PE2设备上执行display isis graceful-restart status命令,可以看到IS-IS GR配置成功。
以PE1的显示为例:
[PE1] display isis graceful-restart status Restart information for ISIS(1) ------------------------------- IS-IS(1) Level-1 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE IS-IS(1) Level-2 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE - 配置骨干网MPLS LDP GR
在骨干网PE1、P、PE2上配置MPLS LDP GR。
# 配置PE1。
[PE1] mpls ldp [PE1-mpls-ldp] graceful-restart [PE1-mpls-ldp] quit
# 配置P。
[P] mpls ldp [P-mpls-ldp] graceful-restart [P-mpls-ldp] quit
# 配置PE2。
[PE2] mpls ldp [PE2-mpls-ldp] graceful-restart [PE2-mpls-ldp] quit
- 配置PE和CE间路由协议的GR
在PE1和CE1的BGP中配置BGP GR;在PE2和CE2的OSPF中配置OSPF GR。
# 配置PE1。
[PE1] bgp 100 [PE1-bgp] graceful-restart [PE1-bgp] quit
# 配置CE1。
[CE1] bgp 65410 [CE1-bgp] graceful-restart [CE1-bgp] quit
# 配置PE2。
[PE2] ospf 2 vpn-instance vpn1 [PE2-ospf-2] opaque-capability enable [PE2-ospf-2] graceful-restart [PE2-ospf-2] quit
# 配置CE2。
[CE2] ospf 2 [CE2-ospf-2] opaque-capability enable [CE2-ospf-2] graceful-restart [CE2-ospf-2] quit
在PE2或CE2上执行display ospf brief命令,可以看到OSPF GR配置成功。
以PE2的显示为例:
[PE2] display ospf brief OSPF Process 2 with Router ID 10.2.1.2 OSPF Protocol Information RouterID: 10.2.1.2 Border Router: AREA AS ECA-route-type: 0x0306 Route Tag: 3489661028 PE Router, Multi-VPN-Instance is enabled Opaque Capable Global DS-TE Mode: Non-Standard IETF Mode Graceful-restart capability: planned and un-planned, totally Helper support capability : enabled filter capability : disabled policy capability : strict lsa check, planned and un-planned Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 8 RFC 1583 Compatible Retransmission limitation is disabled OSPF is in protocol hot standby state: Real-Time Backup Area Count: 1 Nssa Area Count: 0 ExChange/Loading Neighbors: 0 Process total up interface count: 1 Process valid up interface count: 1 Area: 0.0.0.0 (MPLS TE not enabled) Authtype: None Area flag: Normal SPF scheduled Count: 8 ExChange/Loading Neighbors: 0 Router ID conflict state: Normal Area interface up count: 1 Interface: 10.2.1.2 (Vlanif40) Cost: 1 State: BDR Type: Broadcast MTU: 1500 Priority: 1 Designated Router: 10.2.1.1 Backup Designated Router: 10.2.1.2 Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1 - 配置PE上的BGP GR
步骤5已对PE1配置BGP GR,现在只要在PE2上配置BGP GR。
# 配置PE2。
[PE2] bgp 100 [PE2-bgp] graceful-restart [PE2-bgp] quit
在PE1执行display bgp vpnv4 all peer verbose命令,可以看到PE1和PE2之间的IBGP GR及PE1和CE1之间的EBGP GR配置成功。
[PE1] display bgp vpnv4 all peer verbose BGP Peer is 3.3.3.9, remote AS 100 Type: IBGP link BGP version 4, Remote router ID 3.3.3.9 Update-group ID: 1 BGP current state: Established, Up for 00h23m47s BGP current event: RecvUpdate BGP last state: OpenConfirm BGP Peer Up count: 2 Received total routes: 2 Received active routes total: 2 Advertised total routes: 2 Port: Local - 51939 Remote - 179 Configured: Connect-retry Time: 32 sec Configured: Min Hold Time: 0 sec Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension Peer supports bgp route refresh capability Peer supports bgp 4-byte-as capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds Address families preserved for peer in GR: IPv4 Unicast (was preserved) VPNv4 (was preserved) Address family IPv4 Unicast: advertised and received Address family VPNv4: advertised and received Received: Total 29 messages Update messages 9 Open messages 1 KeepAlive messages 19 Notification messages 0 Refresh messages 0 Sent: Total 25 messages Update messages 5 Open messages 1 KeepAlive messages 19 Notification messages 0 Refresh messages 0 Authentication type configured: None Last keepalive received: 2012-03-03 07:13:49+08:00 Last keepalive sent : 2012-03-03 07:13:49+08:00 Last update received: 2012-03-03 07:13:49+08:00 Last update sent : 2012-03-03 07:13:49+08:00 Minimum route advertisement interval is 0 seconds Optional capabilities: Route refresh capability has been enabled 4-byte-as capability has been enabled Connect-interface has been configured Peer Preferred Value: 0 Routing policy configured: No routing policy is configured IPv4-family for VPN instance: vpn1 BGP Peer is 10.1.1.1, remote AS 65410 Type: EBGP link BGP version 4, Remote router ID 10.1.1.1 Update-group ID: 1 BGP current state: Established, Up for 00h43m05s BGP current event: RecvKeepalive BGP last state: OpenConfirm BGP Peer Up count: 2 Received total routes: 2 Received active routes total: 2 Advertised total routes: 2 Port: Local - 49941 Remote - 179 Configured: Connect-retry Time: 32 sec Configured: Min Hold Time: 0 sec Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension Peer supports bgp route refresh capability Peer supports bgp 4-byte-as capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds Address families preserved for peer in GR: IPv4 Unicast (was preserved) Address family IPv4 Unicast: advertised and received Received: Total 25 messages Update messages 4 Open messages 1 KeepAlive messages 20 Notification messages 0 Refresh messages 0 Sent: Total 28 messages Update messages 9 Open messages 1 KeepAlive messages 18 Notification messages 0 Refresh messages 0 Authentication type configured: None Last keepalive received: 2012-03-03 07:13:49+08:00 Last keepalive sent : 2012-03-03 07:13:49+08:00 Last update received: 2012-03-03 07:13:49+08:00 Last update sent : 2012-03-03 07:13:49+08:00 Minimum route advertisement interval is 30 seconds Optional capabilities: Route refresh capability has been enabled 4-byte-as capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured - 检查配置结果
# 在PE1上执行命令display switchover state查看备板状态,显示结果为:
Slot 4 HA FSM State(master): realtime or routine backup. Slot 5 HA FSM State(slave): receiving realtime or routine data.
在PE1上执行主备切换:
[PE1] slave switchover Warning: This operation will switch the slave board to the master board. Continu e?[Y/N]:y
发现CE1所在站点与CE2所在站点之间的通讯不会中断。
在CE1、PE1、 PE2和CE2上,如果有两个或者更多的邻居设备同时执行主备倒换,当前通讯可能会中断。
配置文件
PE1的配置文件
# sysname PE1 # vlan batch 10 20 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp graceful-restart # isis 1 graceful-restart network-entity 10.0000.0000.0001.00 # interface Vlanif10 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.252 # interface Vlanif20 ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 graceful-restart peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 # return
P的配置文件
# sysname P # vlan batch 20 30 # mpls lsr-id 2.2.2.9 mpls # mpls ldp graceful-restart # isis 1 graceful-restart network-entity 10.0000.0000.0002.00 # interface Vlanif20 ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Vlanif30 ip address 100.2.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return
PE2的配置文件
# sysname PE2 # vlan batch 30 40 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp graceful-restart # isis 1 graceful-restart network-entity 10.0000.0000.0003.00 # interface Vlanif30 ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Vlanif40 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.252 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 40 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 graceful-restart peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route ospf 2 # ospf 2 vpn-instance vpn1 import-route bgp opaque-capability enable graceful-restart area 0.0.0.0 network 10.2.1.0 0.0.0.3 # return
CE1的配置文件
# sysname CE1 # vlan batch 10 # interface Vlanif10 ip address 10.1.1.1 255.255.255.252 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # bgp 65410 graceful-restart peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # returnCE2的配置文件
# sysname CE2 # vlan batch 40 # interface Vlanif40 ip address 10.2.1.1 255.255.255.252 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # ospf 2 import-route direct opaque-capability enable graceful-restart area 0.0.0.0 network 10.2.1.0 0.0.0.3 # return
