评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置禁止向远端对等体分配标签示例
组网需求
如图3-26所示,PE1、PE2和PE3由MPLS骨干网P设备连接,各设备间运行IS-IS路由协议。使用公网LSP隧道,PE1分别与PE2、PE3建立LDP远端会话来传递私网标签信息,在PE1和PE2之间、PE1和PE3之间建立动态PW。
在MPLS网络中,LDP不但会传递私网标签信息,还会为其远端对等体分配普通的LDP标签。如果网络中存在多个LDP远端对等体的时候,会导致很多空闲标签存在,大量占用系统资源。要求能够控制LDP向远端对等体分标签,以节约系统资源。
操作步骤
- 配置各接口的IP地址
# 配置PE1。P、PE2、PE3的配置与PE1类似,不再赘述。
<Huawei> system-view [Huawei] sysname PE1 [PE1] interface loopback0 [PE1-LoopBack0] ip address 10.10.1.1 32 [PE1-LoopBack0] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24 [PE1-GigabitEthernet1/0/1] quit
- 配置IS-IS协议发布各节点接口所连网段和LSR ID的主机路由
# 配置PE1。
[PE1] isis 1 [PE1-isis-1] is-level level-2 [PE1-isis-1] network-entity 86.4501.0010.0100.0001.00 [PE1-isis-1] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] isis enable 1 [PE1-GigabitEthernet1/0/1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit
# 配置P。
[P] isis 1 [P-isis-1] is-level level-2 [P-isis-1] network-entity 86.4501.0030.0300.0003.00 [P-isis-1] quit [P] interface gigabitethernet 1/0/1 [P-GigabitEthernet1/0/1] isis enable 1 [P-GigabitEthernet1/0/1] quit [P] interface gigabitethernet 1/0/3 [P-GigabitEthernet1/0/3] isis enable 1 [P-GigabitEthernet1/0/3] quit [P] interface gigabitethernet 1/0/2 [P-GigabitEthernet1/0/2] isis enable 1 [P-GigabitEthernet1/0/2] quit [P] interface loopback 0 [P-LoopBack0] isis enable 1 [P-LoopBack0] quit
# 配置PE2。
[PE2] isis 1 [PE2-isis-1] is-level level-2 [PE2-isis-1] network-entity 86.4501.0050.0500.0005.00 [PE2-isis-1] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] isis enable 1 [PE2-GigabitEthernet1/0/1] quit [PE2] interface loopback 0 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit
# 配置PE3。
[PE3] isis 1 [PE3-isis-1] is-level level-2 [PE3-isis-1] network-entity 86.4501.0040.0400.0004.00 [PE3-isis-1] quit [PE3] interface gigabitethernet 1/0/1 [PE3-GigabitEthernet1/0/1] isis enable 1 [PE3-GigabitEthernet1/0/1] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 1 [PE3-LoopBack0] quit
- 使能各节点全局和各接口的MPLS和MPLS LDP
# 配置PE1。
[PE1] mpls lsr-id 10.10.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] mpls [PE1-GigabitEthernet1/0/1] mpls ldp [PE1-GigabitEthernet1/0/1] quit
# 配置P。
[P] mpls lsr-id 10.10.1.2 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet 1/0/1 [P-GigabitEthernet1/0/1] mpls [P-GigabitEthernet1/0/1] mpls ldp [P-GigabitEthernet1/0/1] quit [P] interface gigabitethernet 1/0/2 [P-GigabitEthernet1/0/2] mpls [P-GigabitEthernet1/0/2] mpls ldp [P-GigabitEthernet1/0/2] quit [P] interface gigabitethernet 1/0/3 [P-GigabitEthernet1/0/3] mpls [P-GigabitEthernet1/0/3] mpls ldp [P-GigabitEthernet1/0/3] quit
# 配置PE2。
[PE2] mpls lsr-id 10.10.1.5 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] mpls [PE2-GigabitEthernet1/0/1] mpls ldp [PE2-GigabitEthernet1/0/1] quit
# 配置PE3。
[PE3] mpls lsr-id 10.10.1.4 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface gigabitethernet 1/0/1 [PE3-GigabitEthernet1/0/1] mpls [PE3-GigabitEthernet1/0/1] mpls ldp [PE3-GigabitEthernet1/0/1] quit
上述配置完成后,相邻节点之间应该建立起LDP会话以及公网LSP。在各节点上执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。以PE1的显示为例:
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 10.10.1.2:0 Operational DU Passive 0000:00:01 6/6 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.
执行display mpls ldp lsp命令可以看到建立的LSP情况和标签的分配情况。
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 10.10.1.1/32 3/NULL 10.10.1.2 127.0.0.1 InLoop0 *10.10.1.1/32 Liberal/1025 DS/10.10.1.2 10.10.1.2/32 NULL/3 - 10.1.1.2 GE1/0/1 10.10.1.2/32 1024/3 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.4/32 NULL/1024 - 10.1.1.2 GE1/0/1 10.10.1.4/32 1025/1024 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.5/32 NULL/1026 - 10.1.1.2 GE1/0/1 10.10.1.5/32 1022/1026 10.10.1.2 10.1.1.2 GE1/0/1 ------------------------------------------------------------------------------- TOTAL: 7 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is stale A '*' before a DS means the session is stale A '*' before a NextHop means the LSP is FRR LSP
- 在PW两端的PE之间要建立MPLS LDP远端对等体关系
# 配置PE1。
[PE1] mpls ldp remote-peer PE2 [PE1-mpls-ldp-remote-pe2] remote-ip 10.10.1.5 [PE1-mpls-ldp-remote-pe2] quit [PE1] mpls ldp remote-peer PE3 [PE1-mpls-ldp-remote-pe3] remote-ip 10.10.1.4 [PE1-mpls-ldp-remote-pe3] quit
# 配置PE2。
[PE2] mpls ldp remote-peer PE1 [PE2-mpls-ldp-remote-pe1] remote-ip 10.10.1.1 [PE2-mpls-ldp-remote-pe1] quit
# 配置PE3。
[PE3] mpls ldp remote-peer PE1 [PE3-mpls-ldp-remote-pe1] remote-ip 10.10.1.1 [PE3-mpls-ldp-remote-pe1] quit
上述配置完成后,各PE节点之间应该建立起远端LDP会话。在各节点上执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。以PE1的显示为例:
[PE1]display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 10.10.1.2:0 Operational DU Passive 0000:00:18 75/75 10.10.1.4:0 Operational DU Passive 0000:00:10 43/43 10.10.1.5:0 Operational DU Passive 0000:00:12 50/50 ------------------------------------------------------------------------------ TOTAL: 3 session(s) Found.
执行display mpls ldp lsp命令可以看到各PE设备都给自己的远端邻居分配了Liberal标签,但实际上这些标签在PWE3方式的MPLS L2VPN应用中是空闲无用的,且占用了大量系统资源。
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 10.10.1.1/32 3/NULL 10.10.1.2 127.0.0.1 InLoop0 10.10.1.1/32 3/NULL 10.10.1.5 127.0.0.1 InLoop0 10.10.1.1/32 3/NULL 10.10.1.4 127.0.0.1 InLoop0 *10.10.1.1/32 Liberal/1025 DS/10.10.1.2 *10.10.1.1/32 Liberal/1024 DS/10.10.1.5 *10.10.1.1/32 Liberal/1025 DS/10.10.1.4 10.10.1.2/32 NULL/3 - 10.1.1.2 GE1/0/1 10.10.1.2/32 1024/3 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.2/32 1024/3 10.10.1.5 10.1.1.2 GE1/0/1 10.10.1.2/32 1024/3 10.10.1.4 10.1.1.2 GE1/0/1 10.10.1.4/32 NULL/1024 - 10.1.1.2 GE1/0/1 10.10.1.4/32 1025/1024 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.4/32 1025/1024 10.10.1.5 10.1.1.2 GE1/0/1 10.10.1.4/32 1025/1024 10.10.1.4 10.1.1.2 GE1/0/1 *10.10.1.4/32 Liberal/1026 DS/10.10.1.5 *10.10.1.4/32 Liberal/3 DS/10.10.1.4 10.10.1.5/32 NULL/1026 - 10.1.1.2 GE1/0/1 10.10.1.5/32 1022/1026 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.5/32 1022/1026 10.10.1.5 10.1.1.2 GE1/0/1 10.10.1.5/32 1022/1026 10.10.1.4 10.1.1.2 GE1/0/1 *10.10.1.5/32 Liberal/3 DS/10.10.1.5 *10.10.1.5/32 Liberal/1026 DS/10.10.1.4 ------------------------------------------------------------------------------- TOTAL: 15 Normal LSP(s) Found. TOTAL: 9 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is stale A '*' before a DS means the session is stale A '*' before a NextHop means the LSP is FRR LSP
- 在PW两端的PE之间配置禁止向远端对等体分配标签
# 配置PE1。
[PE1] mpls ldp remote-peer PE2 [PE1-mpls-ldp-remote-pe2] remote-ip 10.10.1.5 pwe3 [PE1-mpls-ldp-remote-pe2] quit [PE1] mpls ldp remote-peer PE3 [PE1-mpls-ldp-remote-pe3] remote-ip 10.10.1.4 pwe3 [PE1-mpls-ldp-remote-pe3] quit
# 配置PE2。
[PE2] mpls ldp remote-peer PE1 [PE2-mpls-ldp-remote-pe1] remote-ip 10.10.1.1 pwe3 [PE2-mpls-ldp-remote-pe1] quit
# 配置PE3。
[PE3] mpls ldp remote-peer PE1 [PE3-mpls-ldp-remote-pe1] remote-ip 10.10.1.1 pwe3 [PE3-mpls-ldp-remote-pe1] quit
上述配置完成后,相邻节点之间应该LDP远端会话所分配的标签将会被禁止。在各节点上执行display mpls ldp lsp命令可以看到配置禁止向远端对等体分配标签后的LSP建立情况。以PE1的显示为例:
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 10.10.1.1/32 3/NULL 10.10.1.2 127.0.0.1 InLoop0 *10.10.1.1/32 Liberal/1025 DS/10.10.1.2 10.10.1.2/32 NULL/3 - 10.1.1.2 GE1/0/1 10.10.1.2/32 1024/3 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.4/32 NULL/1024 - 10.1.1.2 GE1/0/1 10.10.1.4/32 1025/1024 10.10.1.2 10.1.1.2 GE1/0/1 10.10.1.5/32 NULL/1026 - 10.1.1.2 GE1/0/1 10.10.1.5/32 1022/1026 10.10.1.2 10.1.1.2 GE1/0/1 ------------------------------------------------------------------------------- TOTAL: 7 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is stale A '*' before a DS means the session is stale A '*' before a NextHop means the LSP is FRR LSP
大量空闲的远端标签及LSP已经撤销,LSP的建立情况又恢复到了只有本地会话的情况。
配置文件
PE1的配置文件
# sysname PE1 # mpls lsr-id 10.10.1.1 mpls # mpls ldp # mpls ldp remote-peer pe2 remote-ip 10.10.1.5 pwe3 # mpls ldp remote-peer pe3 remote-ip 10.10.1.4 pwe3 # isis 1 is-level level-2 network-entity 86.4501.0010.0100.0001.00 # interface GigabitEthernet1/0/1 ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 10.10.1.1 255.255.255.255 isis enable 1 # returnP的配置文件
# sysname P # mpls lsr-id 10.10.1.2 mpls # mpls ldp # isis 1 is-level level-2 network-entity 86.4501.0030.0300.0003.00 # interface GigabitEthernet1/0/1 ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/3 ip address 10.2.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/2 ip address 10.3.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 10.10.1.2 255.255.255.255 isis enable 1 # return
PE2的配置文件
# sysname PE2 # mpls lsr-id 10.10.1.5 mpls # mpls ldp # mpls ldp remote-peer pe1 remote-ip 10.10.1.1 pwe3 # isis 1 is-level level-2 network-entity 86.4501.0050.0500.0005.00 # interface GigabitEthernet1/0/1 ip address 10.2.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 10.10.1.5 255.255.255.255 isis enable 1 # returnPE3的配置文件
# sysname PE3 # mpls lsr-id 10.10.1.4 mpls # mpls ldp # mpls ldp remote-peer pe1 remote-ip 10.10.1.1 pwe3 # isis 1 is-level level-2 network-entity 86.4501.0040.0400.0004.00 # interface GigabitEthernet1/0/1 ip address 10.3.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 10.10.1.4 255.255.255.255 isis enable 1 # return
