评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置Non-IETF模式的DS-TE示例(MAM模型)
组网需求
如图4-45所示,MPLS骨干网的PE和P节点运行OSPF协议实现互通。PE1和PE2接入VPN-A和VPN-B。VPN-A和VPN-B的流量分别为EF和BE类型。各流量的QoS需求如下:
数据流 |
带宽 |
抖动 |
|---|---|---|
VPN-A的EF流(DSCP46) |
100Mbit/s |
小于50ms |
VPN-B的BE流(DSCP0) |
200Mbit/s |
无需求 |
要求:在PE1和PE2之间建立Non-IETF模式的DS-TE静态TE隧道传递以上流量。带宽约束模型要求为MAM,且各CT之间也不允许发生带宽抢占。
配置思路
采用如下的思路配置Non-IETF模式的DS-TE示例(MAM模型):
- 静态TE隧道只支持单CT,因此需要为每个VPN的每种流量单独建立一条静态CR-LSP。
- 建立2条Non-IETF模式的静态CR-LSP,隧道接口分别为Tunnel0/0/1和Tunnel0/0/2,对应的CT分别为CT0和CT1。
- VPN-A的EF流使用Tunnel0/0/1承载。VPN-B的BE流使用Tunnel0/0/2承载。
- 要实现CT0承载EF流,CT1承载BE流,需要配置CT与业务类型的映射关系。将DSCP46(EF)映射到LP0,将DSCP0(BE)映射到LP1,同时将EXP5映射到LP0,EXP0映射到LP1。
- 为实现精确控制流量带宽,CT0带宽100Mbit/s,CT1带宽200Mbit/s,对应BC带宽需要为CT带宽的125%。计算后,BC0带宽125Mbit/s,BC1带宽250Mbit/s。链路的可预留带宽应不小于各BC带宽的总和。所以,链路可预留带宽≥375Mbit/s。
操作步骤
- 在PE和P节点上配置各接口IP地址,并配置OSPF,实现PE和P的互通
# 配置PE1。P和PE2的配置与PE1类似,不再赘述。
<Huawei> system-view [Huawei] sysname PE1 [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 255.255.255.0 [PE1-GigabitEthernet3/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
完成此步骤后,PE1、P、PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
- 在PE和P节点上配置LSR-ID,并使能MPLS和MPLS TE
# 配置PE1。
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] mpls [PE1-GigabitEthernet3/0/0] mpls te [PE1-GigabitEthernet3/0/0] quit
# 配置P。
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] mpls te [P-mpls] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls te [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls te [P-GigabitEthernet2/0/0] quit
# 配置PE2。
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] mpls [PE2-GigabitEthernet3/0/0] mpls te [PE2-GigabitEthernet3/0/0] quit
- 在PE和P节点上配置DS-TE模式和带宽约束模型
# 配置PE1。
[PE1] mpls [PE1-mpls] mpls te ds-te mode non-ietf [PE1-mpls] mpls te ds-te bcm mam [PE1-mpls] quit
# 配置P。
[P] mpls [P-mpls] mpls te ds-te mode non-ietf [P-mpls] mpls te ds-te bcm mam [P-mpls] quit
# 配置PE2。
[PE2] mpls [PE2-mpls] mpls te ds-te mode non-ietf [PE2-mpls] mpls te ds-te bcm mam [PE2-mpls] quit
完成此步骤后,在PE或P节点上执行display mpls te ds-te summary命令,可查看DS-TE的配置信息。以PE1为例:
[PE1] display mpls te ds-te summary DS-TE IETF Supported :YES DS-TE MODE :NON-IETF Bandwidth Constraint Model :MAM
- 在PE和P节点上配置链路带宽
# 配置PE1。
[PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] mpls te bandwidth max-reservable-bandwidth 375000 [PE1-GigabitEthernet3/0/0] mpls te bandwidth bc0 125000 bc1 250000 [PE1-GigabitEthernet3/0/0] quit
# 配置P。
[P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] mpls te bandwidth max-reservable-bandwidth 375000 [P-GigabitEthernet1/0/0] mpls te bandwidth bc0 125000 bc1 250000 [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] mpls te bandwidth max-reservable-bandwidth 375000 [P-GigabitEthernet2/0/0] mpls te bandwidth bc0 125000 bc1 250000 [P-GigabitEthernet2/0/0] quit
# 配置PE2。
[PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] mpls te bandwidth max-reservable-bandwidth 375000 [PE2-GigabitEthernet3/0/0] mpls te bandwidth bc0 125000 bc1 250000 [PE2-GigabitEthernet3/0/0] quit
完成此步骤后,在PE上执行display mpls te link-administration bandwidth-allocation命令,可查看链路的BC带宽分配情况。以PE1为例:
[PE1] display mpls te link-administration bandwidth-allocation interface gigabitethernet 3/0/0 Link ID: GigabitEthernet3/0/0 Bandwidth Constraint Model : Maximum Allocation Model (MAM) Physical Link Bandwidth(Kbits/sec) : 1000000 Maximum Link Reservable Bandwidth(Kbits/sec): 375000 Reservable Bandwidth BC0(Kbits/sec) : 125000 Reservable Bandwidth BC1(Kbits/sec) : 250000 Downstream Bandwidth (Kbits/sec) : 0 IPUpdown Link Status : UP PhysicalUpdown Link Status : UP GracefulUpdown Link Status : DOWN ---------------------------------------------------------------------- TE-CLASS CT PRIORITY BW RESERVED BW AVAILABLE DOWNSTREAM (Kbit/sec) (Kbit/sec) RSVPLSPNODE COUNT ---------------------------------------------------------------------- 0 0 0 0 125000 0 1 0 1 0 125000 0 2 0 2 0 125000 0 3 0 3 0 125000 0 4 0 4 0 125000 0 5 0 5 0 125000 0 6 0 6 0 125000 0 7 0 7 0 125000 0 8 1 0 0 250000 0 9 1 1 0 250000 0 10 1 2 0 250000 0 11 1 3 0 250000 0 12 1 4 0 250000 0 13 1 5 0 250000 0 14 1 6 0 250000 0 15 1 7 0 250000 0 ---------------------------------------------------------------------- - 在PE上配置Tunnel接口
# 配置PE1。
[PE1] interface tunnel 0/0/1 [PE1-Tunnel0/0/1] description For VPN-A_EF [PE1-Tunnel0/0/1] ip address unnumbered interface loopback 1 [PE1-Tunnel0/0/1] tunnel-protocol mpls te [PE1-Tunnel0/0/1] destination 3.3.3.9 [PE1-Tunnel0/0/1] mpls te tunnel-id 300 [PE1-Tunnel0/0/1] mpls te signal-protocol cr-static [PE1-Tunnel0/0/1] mpls te commit [PE1-Tunnel0/0/1] quit [PE1] interface tunnel 0/0/2 [PE1-Tunnel0/0/2] description For VPN-B_BE [PE1-Tunnel0/0/2] ip address unnumbered interface loopback 1 [PE1-Tunnel0/0/2] tunnel-protocol mpls te [PE1-Tunnel0/0/2] destination 3.3.3.9 [PE1-Tunnel0/0/2] mpls te tunnel-id 301 [PE1-Tunnel0/0/2] mpls te signal-protocol cr-static [PE1-Tunnel0/0/2] mpls te commit [PE1-Tunnel0/0/2] quit
# 配置PE2。
[PE2] interface tunnel 0/0/1 [PE2-Tunnel0/0/1] description For VPN-A_EF [PE2-Tunnel0/0/1] ip address unnumbered interface loopback 1 [PE2-Tunnel0/0/1] tunnel-protocol mpls te [PE2-Tunnel0/0/1] destination 1.1.1.9 [PE2-Tunnel0/0/1] mpls te tunnel-id 300 [PE2-Tunnel0/0/1] mpls te signal-protocol cr-static [PE2-Tunnel0/0/1] mpls te commit [PE2-Tunnel0/0/1] quit [PE2] interface tunnel 0/0/2 [PE2-Tunnel0/0/2] description For VPN-B_BE [PE2-Tunnel0/0/2] ip address unnumbered interface loopback 1 [PE2-Tunnel0/0/2] tunnel-protocol mpls te [PE2-Tunnel0/0/2] destination 1.1.1.9 [PE2-Tunnel0/0/2] mpls te tunnel-id 301 [PE2-Tunnel0/0/2] mpls te signal-protocol cr-static [PE2-Tunnel0/0/2] mpls te commit [PE2-Tunnel0/0/2] quit
- 在PE和P节点上配置静态CR-LSP
# 配置PE1。
[PE1] static-cr-lsp ingress tunnel-interface tunnel 0/0/1 destination 3.3.3.9 nexthop 172.1.1.2 out-label 100 bandwidth ct0 100000 [PE1] static-cr-lsp ingress tunnel-interface tunnel 0/0/2 destination 3.3.3.9 nexthop 172.1.1.2 out-label 200 bandwidth ct1 200000 [PE1] static-cr-lsp egress VPN-A_EF incoming-interface gigabitethernet 3/0/0 in-label 101 [PE1] static-cr-lsp egress VPN-B_BE incoming-interface gigabitethernet 3/0/0 in-label 201
# 配置P。
[P] static-cr-lsp transit VPN-A_EF-1to2 incoming-interface gigabitethernet1/0/0 in-label 100 nexthop 172.2.1.2 out-label 100 bandwidth ct0 100000 [P] static-cr-lsp transit VPN-B_BE-1to2 incoming-interface gigabitethernet1/0/0 in-label 200 nexthop 172.2.1.2 out-label 200 bandwidth ct1 200000 [P] static-cr-lsp transit VPN-A_EF-2to1 incoming-interface gigabitethernet2/0/0 in-label 101 nexthop 172.1.1.1 out-label 101 bandwidth ct0 100000 [P] static-cr-lsp transit VPN-B_BE-2to1 incoming-interface gigabitethernet2/0/0 in-label 201 nexthop 172.1.1.1 out-label 201 bandwidth ct1 200000
# 配置PE2。
[PE2] static-cr-lsp egress VPN-A_EF incoming-interface gigabitethernet 3/0/0 in-label 100 [PE2] static-cr-lsp egress VPN-B_BE incoming-interface gigabitethernet 3/0/0 in-label 200 [PE2] static-cr-lsp ingress tunnel-interface tunnel 0/0/1 destination 1.1.1.9 nexthop 172.2.1.1 out-label 101 bandwidth ct0 100000 [PE2] static-cr-lsp ingress tunnel-interface tunnel 0/0/2 destination 1.1.1.9 nexthop 172.2.1.1 out-label 201 bandwidth ct1 200000
完成此步骤后,在PE上执行display mpls static-cr-lsp命令,可发现静态CR-LSP的状态为Up。以PE1的Tunnel0/0/1为例:
[PE1] display mpls static-cr-lsp Tunnel0/0/1 TOTAL : 1 STATIC CRLSP(S) UP : 1 STATIC CRLSP(S) DOWN : 0 STATIC CRLSP(S) Name FEC I/O Label I/O If Status Tunnel0/0/1 3.3.3.9/32 NULL/100 -/GE3/0/0 Up
在PE上执行display interface tunnel interface-number命令,可发现Tunnel接口为Up状态。以PE1的Tunnel0/0/1为例:
[PE1] display interface tunnel 0/0/1 Tunnel0/0/1 current state : UP Line protocol current state : UP Last line protocol up time : 2012-12-29 20:16:44 Description:For VPN-A_EF Route Port,The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.9 Tunnel up/down statistics 1 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x3, secondary tunnel id is 0x0 Current system time: 2012-12-29 20:25:04 300 seconds output rate 0 bits/sec, 0 packets/sec 0 seconds output rate 0 bits/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error 0 output drop Input bandwidth utilization : 0% Output bandwidth utilization : 0%
再次执行display mpls te link-administration bandwidth-allocation命令,查看链路的带宽分配情况,可发现为优先级为0的CT0和CT1分配了带宽。
[PE1] display mpls te link-administration bandwidth-allocation interface gigabitethernet 3/0/0 Link ID: GigabitEthernet3/0/0 Bandwidth Constraint Model : Maximum Allocation Model (MAM) Physical Link Bandwidth(Kbits/sec) : 1000000 Maximum Link Reservable Bandwidth(Kbits/sec): 375000 Reservable Bandwidth BC0(Kbits/sec) : 125000 Reservable Bandwidth BC1(Kbits/sec) : 250000 Downstream Bandwidth (Kbits/sec) : 300000 IPUpdown Link Status : UP PhysicalUpdown Link Status : UP GracefulUpdown Link Status : DOWN ---------------------------------------------------------------------- TE-CLASS CT PRIORITY BW RESERVED BW AVAILABLE DOWNSTREAM (Kbit/sec) (Kbit/sec) RSVPLSPNODE COUNT ---------------------------------------------------------------------- 0 0 0 100000 25000 0 1 0 1 0 25000 0 2 0 2 0 25000 0 3 0 3 0 25000 0 4 0 4 0 25000 0 5 0 5 0 25000 0 6 0 6 0 25000 0 7 0 7 0 25000 0 8 1 0 200000 50000 0 9 1 1 0 50000 0 10 1 2 0 50000 0 11 1 3 0 50000 0 12 1 4 0 50000 0 13 1 5 0 50000 0 14 1 6 0 50000 0 15 1 7 0 50000 0 ---------------------------------------------------------------------- - 在PE节点上配置入接口信任的报文优先级以及优先级映射
# 配置PE1。
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] trust dscp [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] trust dscp [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] trust dscp [PE1-GigabitEthernet3/0/0] quit [PE1] qos map-table dscp-lp [PE1-maptbl-dscp-lp] input 46 output 0 [PE1-maptbl-dscp-lp] input 0 output 1 [PE1-maptbl-dscp-lp] quit [PE1] qos map-table exp-lp [PE1-maptbl-exp-lp] input 5 output 0 [PE1-maptbl-exp-lp] input 0 output 1 [PE1-maptbl-exp-lp] quit
# 配置P。
[P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] trust exp [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] trust exp [P-GigabitEthernet2/0/0] quit [P] qos map-table dscp-lp [P-maptbl-dscp-lp] input 46 output 0 [P-maptbl-dscp-lp] input 0 output 1 [P-maptbl-dscp-lp] quit [P] qos map-table exp-lp [P-maptbl-exp-lp] input 5 output 0 [P-maptbl-exp-lp] input 0 output 1 [P-maptbl-exp-lp] quit
# 配置PE2。
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] trust dscp [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] trust dscp [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] trust dscp [PE2-GigabitEthernet3/0/0] quit [PE2] qos map-table dscp-lp [PE2-maptbl-dscp-lp] input 46 output 0 [PE2-maptbl-dscp-lp] input 0 output 1 [PE2-maptbl-dscp-lp] quit [PE2] qos map-table exp-lp [PE2-maptbl-exp-lp] input 5 output 0 [PE2-maptbl-exp-lp] input 0 output 1 [PE2-maptbl-exp-lp] quit
在PE上执行display qos map-table dscp-lp命令,可查看DSCP到本地优先级(LP)的映射关系。以PE1为例:
[PE1] display qos map-table dscp-lp Input DSCP LP ------------------- 0 1 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 1 ... 46 0 47 5 48 6 49 6 50 6 51 6 52 6 53 6 54 6 55 6 56 7 57 7 58 7 59 7 60 7 61 7 62 7 63 7
在PE上执行display qos map-table exp-lp命令,可查看EXP到本地优先级(LP)的映射关系。以PE1为例:
[PE1] display qos map-table exp-lp Input EXP LP ------------------- 0 1 1 1 2 2 3 3 4 4 5 0 6 6 7 7
- 配置CT业务的调度方式
# 配置PE1。
[PE1] qos queue-profile queue-profile1 [PE1-qos-queue-profile-queue-profile1] schedule wfq 0 to 1 pq 2 to 7 [PE1-qos-queue-profile-queue-profile1] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] qos te queue-profile queue-profile1 [PE1-GigabitEthernet3/0/0] quit
# 配置P。
[P] qos queue-profile queue-profile1 [P-qos-queue-profile-queue-profile1] schedule wfq 0 to 1 pq 2 to 7 [P-qos-queue-profile-queue-profile1] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] qos te queue-profile queue-profile1 [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] qos te queue-profile queue-profile1 [P-GigabitEthernet2/0/0] quit
# 配置PE2。
[PE2] qos queue-profile queue-profile1 [PE2-qos-queue-profile-queue-profile1] schedule wfq 0 to 1 pq 2 to 7 [PE2-qos-queue-profile-queue-profile1] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] qos te queue-profile queue-profile1 [PE2-GigabitEthernet3/0/0] quit
# 完成此步骤后,在PE上执行display qos queue-profile命令,可查看已配置的队列模板信息,以PE1为例。
[PE1] display qos queue-profile queue-profile1 Queue-profile: queue-profile1 Queue Schedule Weight Length(Bytes/Packets) GTS(CIR/CBS) ----------------------------------------------------------------- 0 WFQ 10 -/- -/- 1 WFQ 10 -/- -/- 2 PQ - -/- -/- 3 PQ - -/- -/- 4 PQ - -/- -/- 5 PQ - -/- -/- 6 PQ - -/- -/- 7 PQ - -/- -/-
- 在PE上配置隧道策略
# 配置PE1。
[PE1] interface tunnel 0/0/1 [PE1-Tunnel0/0/1] mpls te reserved-for-binding [PE1-Tunnel0/0/1] mpls te commit [PE1-Tunnel0/0/1] quit [PE1] interface tunnel 0/0/2 [PE1-Tunnel0/0/2] mpls te reserved-for-binding [PE1-Tunnel0/0/2] mpls te commit [PE1-Tunnel0/0/2] quit [PE1] tunnel-policy policya [PE1-tunnel-policy-policya] tunnel binding destination 3.3.3.9 te tunnel 0/0/1 [PE1-tunnel-policy-policya] quit [PE1] tunnel-policy policyb [PE1-tunnel-policy-policyb] tunnel binding destination 3.3.3.9 te tunnel 0/0/2 [PE1-tunnel-policy-policyb] quit
# 配置PE2。
[PE2] interface tunnel 0/0/1 [PE2-Tunnel0/0/1] mpls te reserved-for-binding [PE2-Tunnel0/0/1] mpls te commit [PE2-Tunnel0/0/1] quit [PE2] interface tunnel 0/0/2 [PE2-Tunnel0/0/2] mpls te reserved-for-binding [PE2-Tunnel0/0/2] mpls te commit [PE2-Tunnel0/0/2] quit [PE2] tunnel-policy policya [PE2-tunnel-policy-policya] tunnel binding destination 1.1.1.9 te tunnel 0/0/1 [PE2-tunnel-policy-policya] quit [PE2] tunnel-policy policyb [PE2-tunnel-policy-policyb] tunnel binding destination 1.1.1.9 te tunnel 0/0/2 [PE2-tunnel-policy-policyb] quit
- 在PE上配置VPN实例,将CE接入PE
# 配置PE1。
[PE1] ip vpn-instance VPN-A [PE1-vpn-instance-VPN-A] ipv4-family [PE1-vpn-instance-VPN-A-af-ipv4] route-distinguisher 100:1 [PE1-vpn-instance-VPN-A-af-ipv4] vpn-target 111:1 both [PE1-vpn-instance-VPN-A-af-ipv4] tnl-policy policya [PE1-vpn-instance-VPN-A-af-ipv4] quit [PE1-vpn-instance-VPN-A] quit [PE1] ip vpn-instance VPN-B [PE1-vpn-instance-VPN-B] ipv4-family [PE1-vpn-instance-VPN-B-af-ipv4] route-distinguisher 100:2 [PE1-vpn-instance-VPN-B-af-ipv4] vpn-target 222:2 both [PE1-vpn-instance-VPN-B-af-ipv4] tnl-policy policyb [PE1-vpn-instance-VPN-B-af-ipv4] quit [PE1-vpn-instance-VPN-B] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance VPN-A [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance VPN-B [PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/0/0] quit
# 配置PE2。
[PE2] ip vpn-instance VPN-A [PE2-vpn-instance-VPN-A] ipv4-family [PE2-vpn-instance-VPN-A-af-ipv4] route-distinguisher 200:1 [PE2-vpn-instance-VPN-A-af-ipv4] vpn-target 111:1 both [PE2-vpn-instance-VPN-A-af-ipv4] tnl-policy policya [PE2-vpn-instance-VPN-A-af-ipv4] quit [PE2-vpn-instance-VPN-A] quit [PE2] ip vpn-instance VPN-B [PE2-vpn-instance-VPN-B] ipv4-family [PE2-vpn-instance-VPN-B-af-ipv4] route-distinguisher 200:2 [PE2-vpn-instance-VPN-B-af-ipv4] vpn-target 222:2 both [PE2-vpn-instance-VPN-B-af-ipv4] tnl-policy policyb [PE2-vpn-instance-VPN-B-af-ipv4] quit [PE2-vpn-instance-VPN-B] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance VPN-A [PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance VPN-B [PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24 [PE2-GigabitEthernet2/0/0] quit
# 配置各CE的接口IP地址。
# 配置CE1。CE2、CE3和CE4的配置与CE1类似,不再赘述。
<Huawei> system-view [Huawei] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0] quit
配置完成后,在PE上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。
- 在PE之间建立MP-IBGP对等体,PE与CE之间建立EBGP对等体
# 配置PE1。PE2的配置与PE1类似,不再赘述。
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] ipv4-family vpn-instance VPN-A [PE1-bgp-VPN-A] peer 10.1.1.1 as-number 65410 [PE1-bgp-VPN-A] import-route direct [PE1-bgp-VPN-A] quit [PE1-bgp] ipv4-family vpn-instance VPN-B [PE1-bgp-VPN-B] peer 10.2.1.1 as-number 65420 [PE1-bgp-VPN-B] import-route direct [PE1-bgp-VPN-B] quit
# 配置CE1。CE2、CE3和CE4的配置与CE1类似,不再赘述。
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
配置完成后,在PE上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 3 5 0 00:01:23 Established 0 Peer of IPv4-family for vpn instance : VPN-Instance VPN-A, Router ID 1.1.1.9: 10.1.1.1 4 65410 25 25 0 00:17:57 Established 1 VPN-Instance VPN-B, Router ID 1.1.1.9: 10.2.1.1 4 65420 21 22 0 00:17:10 Established 0 - 验证配置结果
# 配置完成后,将同一台测试仪的4个接口Port1、Port2、Port3和Port4分别接入CE1、CE2、CE3和CE4上。在Port1和Port2上注入100Mbit/s的EF流(DSCP46),目的地址分别为Port2和Port1。在Port3和Port4上注入200Mbit/s的BE流(DSCP0),目的地址分别为Port4和Port3。可发现所有报文都不被丢弃,且EF流的抖动小于50ms。
配置文件
PE1的配置文件
# sysname PE1 # ip vpn-instance VPN-A ipv4-family route-distinguisher 100:1 tnl-policy policya vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN-B ipv4-family route-distinguisher 100:2 tnl-policy policyb vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls mpls te mpls te ds-te bcm mam # qos map-table dscp-lp input 0 output 1 input 46 output 0 # qos map-table exp-lp input 0 output 1 input 5 output 0 # qos queue-profile queue-profile1 schedule wfq 0 to 1 pq 2 to 7 # interface GigabitEthernet1/0/0 ip binding vpn-instance VPN-A ip address 10.1.1.2 255.255.255.0 trust dscp # interface GigabitEthernet2/0/0 ip binding vpn-instance VPN-B ip address 10.2.1.2 255.255.255.0 trust dscp # interface GigabitEthernet3/0/0 ip address 172.1.1.1 255.255.255.0 trust dscp qos te queue-profile queue-profile1 mpls mpls te mpls te bandwidth max-reservable-bandwidth 375000 mpls te bandwidth bc0 125000 bc1 250000 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface Tunnel0/0/1 description For VPN-A_EF ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te signal-protocol cr-static mpls te tunnel-id 300 mpls te reserved-for-binding mpls te commit # interface Tunnel0/0/2 description For VPN-B_BE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te signal-protocol cr-static mpls te tunnel-id 301 mpls te reserved-for-binding mpls te commit # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance VPN-A import-route direct peer 10.1.1.1 as-number 65410 # ipv4-family vpn-instance VPN-B import-route direct peer 10.2.1.1 as-number 65420 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # static-cr-lsp ingress tunnel-interface Tunnel0/0/1 destination 3.3.3.9 nexthop 172.1.1.2 out-label 100 bandwidth ct0 100000 static-cr-lsp ingress tunnel-interface Tunnel0/0/2 destination 3.3.3.9 nexthop 172.1.1.2 out-label 200 bandwidth ct1 200000 static-cr-lsp egress VPN-A_EF incoming-interface Gigabitethernet3/0/0 in-label 101 static-cr-lsp egress VPN-B_BE incoming-interface Gigabitethernet3/0/0 in-label 201 # tunnel-policy policya tunnel binding destination 3.3.3.9 te Tunnel0/0/1 # tunnel-policy policyb tunnel binding destination 3.3.3.9 te Tunnel0/0/2 # return
P的配置文件
# sysname P # mpls lsr-id 2.2.2.9 mpls mpls te mpls te ds-te bcm mam # qos map-table dscp-lp input 0 output 1 input 46 output 0 # qos map-table exp-lp input 0 output 1 input 5 output 0 # qos queue-profile queue-profile1 schedule wfq 0 to 1 pq 2 to 7 # interface GigabitEthernet1/0/0 ip address 172.1.1.2 255.255.255.0 trust exp qos te queue-profile queue-profile1 mpls mpls te mpls te bandwidth max-reservable-bandwidth 375000 mpls te bandwidth bc0 125000 bc1 250000 # interface GigabitEthernet2/0/0 ip address 172.2.1.1 255.255.255.0 trust exp qos te queue-profile queue-profile1 mpls mpls te mpls te bandwidth max-reservable-bandwidth 375000 mpls te bandwidth bc0 125000 bc1 250000 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 # static-cr-lsp transit VPN-A_EF-1to2 incoming-interface Gigabitethernet1/0/0 in-label 100 nexthop 172.2.1.2 out-label 100 bandwidth ct0 100000 static-cr-lsp transit VPN-B_BE-1to2 incoming-interface Gigabitethernet1/0/0 in-label 200 nexthop 172.2.1.2 out-label 200 bandwidth ct1 200000 static-cr-lsp transit VPN-A_EF-2to1 incoming-interface Gigabitethernet2/0/0 in-label 101 nexthop 172.1.1.1 out-label 101 bandwidth ct0 100000 static-cr-lsp transit VPN-B_BE-2to1 incoming-interface Gigabitethernet2/0/0 in-label 201 nexthop 172.1.1.1 out-label 201 bandwidth ct1 200000 # return
PE2的配置文件
# sysname PE2 # ip vpn-instance VPN-A ipv4-family route-distinguisher 200:1 tnl-policy policya vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN-B ipv4-family route-distinguisher 200:2 tnl-policy policyb vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls mpls te mpls te ds-te bcm mam # qos map-table dscp-lp input 0 output 1 input 46 output 0 # qos map-table exp-lp input 0 output 1 input 5 output 0 # qos queue-profile queue-profile1 schedule wfq 0 to 1 pq 2 to 7 # interface GigabitEthernet1/0/0 ip binding vpn-instance VPN-A ip address 10.3.1.2 255.255.255.0 trust dscp # interface GigabitEthernet2/0/0 ip binding vpn-instance VPN-B ip address 10.4.1.2 255.255.255.0 trust dscp # interface GigabitEthernet3/0/0 ip address 172.2.1.2 255.255.255.0 trust dscp qos te queue-profile queue-profile1 mpls mpls te mpls te bandwidth max-reservable-bandwidth 375000 mpls te bandwidth bc0 125000 bc1 250000 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface Tunnel0/0/1 description For VPN-A_EF ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te signal-protocol cr-static mpls te tunnel-id 300 mpls te reserved-for-binding mpls te commit # interface Tunnel0/0/2 description For VPN-B_BE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te signal-protocol cr-static mpls te tunnel-id 301 mpls te reserved-for-binding mpls te commit # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance VPN-A import-route direct peer 10.3.1.1 as-number 65430 # ipv4-family vpn-instance VPN-B import-route direct peer 10.4.1.1 as-number 65440 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 172.2.1.0 0.0.0.255 # static-cr-lsp egress VPN-A_EF incoming-interface Gigabitethernet3/0/0 in-label 100 static-cr-lsp egress VPN-B_BE incoming-interface Gigabitethernet3/0/0 in-label 200 static-cr-lsp ingress tunnel-interface Tunnel0/0/1 destination 1.1.1.9 nexthop 172.2.1.1 out-label 101 bandwidth ct0 100000 static-cr-lsp ingress tunnel-interface Tunnel0/0/2 destination 1.1.1.9 nexthop 172.2.1.1 out-label 201 bandwidth ct1 200000 # tunnel-policy policya tunnel binding destination 1.1.1.9 te Tunnel0/0/1 # tunnel-policy policyb tunnel binding destination 1.1.1.9 te Tunnel0/0/2 # return
CE1的配置文件
# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return
CE3的配置文件
# sysname CE3 # interface GigabitEthernet1/0/0 ip address 10.3.1.1 255.255.255.0 # bgp 65430 peer 10.3.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.3.1.2 enable # return
CE4的配置文件
# sysname CE4 # interface GigabitEthernet1/0/0 ip address 10.4.1.1 255.255.255.0 # bgp 65440 peer 10.4.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.4.1.2 enable # return
