评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置L3VPN over TE场景下的CBTS示例
组网需求
如图3-28所示,CE1和CE2属于同一L3VPN,分别通过PE1和PE2接入公网。CE1和CE2之间存在多种业务流量,当普通业务流量过大时,重要业务流量的转发将受到影响。为保证重要业务的转发质量,可以配置CBTS功能。配置了CBTS功能后,不同业务等级的流量会有指定的隧道承载,这样可有效保证高业务等级的重要业务的转发质量。
假定本组网中,指定PE1上承载重要业务的隧道分别为Tunnel 1和Tunnel 2,对于其他未指定承载隧道的其他业务等级的报文均由Tunnel 3承载。
配置了CBTS功能时,建议不要同时配置以下业务:
- 混合负载分担
- 动态负载分担
配置思路
采用如下的思路使用RSVP-TE配置MPLS TE隧道:
配置各接口的IP地址及作为LSR ID的Loopback地址。
全局使能IS-IS协议,配置网络实体名称,改变cost类型以使能IS-IS TE。并在各接口(包括Loopback接口)上使能IS-IS。
配置MPLS LSR-ID并全局使能MPLS、MPLS TE、MPLS RSVP-TE、MPLS CSPF。
使能各接口的MPLS、MPLS TE和MPLS RSVP-TE。
在隧道沿途的各链路出接口上配置链路的最大可预留带宽和BC带宽。
在入节点创建隧道接口,指定隧道的IP地址、隧道协议、目的地址以及隧道带宽。
在PE1上配置复杂流分类
在PE1上配置VPN实例并应用隧道策略
数据准备
为完成此配置例,需准备如下的数据:
各节点的IS-IS区域ID、起始的系统ID、IS-IS Level
隧道沿途的链路最大带宽和最大可预留带宽
隧道接口的接口编号、IP地址、目的地址、隧道ID、隧道带宽
流分类名、流行为名和流策略名
操作步骤
- 配置各接口的IP地址
按照图3-28配置各接口的IP地址和掩码,具体配置过程略。
- 配置IS-IS协议发布路由
# 配置PE1。
[~PE1] isis 1[*PE1-isis-1] network-entity 00.0005.0000.0000.0001.00[*PE1-isis-1] is-level level-2[*PE1-isis-1] quit[*PE1] interface gigabitethernet 0/1/0
[*PE1-GigabitEthernet0/1/0] isis enable 1
[*PE1-GigabitEthernet0/1/0] quit
[*PE1] interface loopback 1[*PE1-LoopBack1] isis enable 1[*PE1-LoopBack1] commit[~PE1-LoopBack1] quit# 配置P1。
[~P1] isis 1[*P1-isis-1] network-entity 00.0005.0000.0000.0002.00[*P1-isis-1] is-level level-2[*P1-isis-1] quit[*P1] interface gigabitethernet 0/1/0
[*P1-GigabitEthernet0/1/0] isis enable 1
[*P1-GigabitEthernet0/1/0] quit
[*P1] interface gigabitethernet 0/2/0
[*P1-GigabitEthernet0/2/0] isis enable 1
[*P1-GigabitEthernet0/2/0] quit
[*P1] interface loopback 1[*P1-LoopBack1] isis enable 1[*P1-LoopBack1] commit[~P1-LoopBack1] quit# 配置P2。
[~P2] isis 1[*P2-isis-1] network-entity 00.0005.0000.0000.0003.00[*P2-isis-1] is-level level-2[*P2-isis-1] quit[*P2] interface gigabitethernet 0/1/0
[*P2-GigabitEthernet0/1/0] isis enable 1
[*P2-GigabitEthernet0/1/0] quit
[*P2] interface gigabitethernet 0/2/0
[*P2-GigabitEthernet0/2/0] isis enable 1
[*P2-GigabitEthernet0/2/0] quit
[*P2] interface loopback 1[*P2-LoopBack1] isis enable 1[*P2-LoopBack1] commit[~P2-LoopBack1] quit# 配置PE2。
[~PE2] isis 1[*PE2-isis-1] network-entity 00.0005.0000.0000.0004.00[*PE2-isis-1] is-level level-2[*PE2-isis-1] quit[*PE2] interface gigabitethernet 0/1/0
[*PE2-GigabitEthernet0/1/0] isis enable 1
[*PE2-GigabitEthernet0/1/0] quit
[*PE2] interface loopback 1[*PE2-LoopBack1] isis enable 1[*PE2-LoopBack1] commit[~PE2-LoopBack1] quit配置完成后,在各节点上执行display ip routing-table命令,可以看到相互之间都学到了到对方的路由。以PE1的显示为例:
[~PE1] display ip routing-tableRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : _public_ Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 GigabitEthernet0/1/0 3.3.3.9/32 ISIS 15 20 D 10.1.1.2 GigabitEthernet0/1/0 4.4.4.9/32 ISIS 15 30 D 10.1.1.2 GigabitEthernet0/1/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet0/1/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0 10.2.1.0/24 ISIS 15 20 D 10.1.1.2 GigabitEthernet0/1/0 10.3.1.0/24 ISIS 15 30 D 10.1.1.2 GigabitEthernet0/1/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 - 配置PE和CE间的EBGP以及PE间的MP-IBGP
具体配置详见配置文件。
- 配置MPLS基本能力,使能MPLS TE、RSVP-TE和CSPF
# 在各节点全局使能MPLS、MPLS TE和RSVP-TE,在隧道沿途的接口上使能MPLS、MPLS TE和RSVP-TE,并在入节点的系统视图下使能CSPF。
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.9[*PE1] mpls[*PE1-mpls] mpls te[*PE1-mpls] mpls rsvp-te[*PE1-mpls] mpls te cspf[*PE1-mpls] quit[*PE1] interface gigabitethernet 0/1/0
[*PE1-GigabitEthernet0/1/0] mpls
[*PE1-GigabitEthernet0/1/0] mpls te
[*PE1-GigabitEthernet0/1/0] mpls rsvp-te
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
# 配置P1。
[~P1] mpls lsr-id 2.2.2.9[*P1] mpls[*P1-mpls] mpls te[*P1-mpls] mpls rsvp-te[*P1-mpls] quit[*P1] interface gigabitethernet 0/1/0
[*P1-GigabitEthernet0/1/0] mpls
[*P1-GigabitEthernet0/1/0] mpls te
[*P1-GigabitEthernet0/1/0] mpls rsvp-te
[*P1-GigabitEthernet0/1/0] quit
[*P1] interface gigabitethernet 0/2/0
[*P1-GigabitEthernet0/2/0] mpls
[*P1-GigabitEthernet0/2/0] mpls te
[*P1-GigabitEthernet0/2/0] mpls rsvp-te
[*P1-GigabitEthernet0/2/0] commit
[~P1-GigabitEthernet0/2/0] quit
# 配置P2。
[~P2] mpls lsr-id 3.3.3.9[*P2] mpls[*P2-mpls] mpls te[*P2-mpls] mpls rsvp-te[*P2-mpls] quit[*P2] interface gigabitethernet 0/1/0
[*P2-GigabitEthernet0/1/0] mpls
[*P2-GigabitEthernet0/1/0] mpls te
[*P2-GigabitEthernet0/1/0] mpls rsvp-te
[*P2-GigabitEthernet0/1/0] quit
[*P2] interface gigabitethernet 0/2/0
[*P2-GigabitEthernet0/2/0] mpls
[*P2-GigabitEthernet0/2/0] mpls te
[*P2-GigabitEthernet0/2/0] mpls rsvp-te
[*P2-GigabitEthernet0/1/0] commit
[~P2-GigabitEthernet2/0/0] quit# 配置PE2。
[~PE2] mpls lsr-id 4.4.4.9[*PE2] mpls[*PE2-mpls] mpls te[*PE2-mpls] mpls rsvp-te[*PE2-mpls] quit[*PE2] interface gigabitethernet 0/1/0
[*PE2-GigabitEthernet0/1/0] mpls
[*PE2-GigabitEthernet0/1/0] mpls te
[*PE2-GigabitEthernet0/1/0] mpls rsvp-te
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
- 配置IS-IS TE
# 配置PE1。
[~PE1] isis 1[~PE1-isis-1] cost-style wide[*PE1-isis-1] traffic-eng level-2[*PE1-isis-1] commit[~PE1-isis-1] quit# 配置P1。
[~P1] isis 1[~P1-isis-1] cost-style wide[*P1-isis-1] traffic-eng level-2[*P1-isis-1] commit[~P1-isis-1] quit# 配置P2。
[~P2] isis 1[~P2-isis-1] cost-style wide[*P2-isis-1] traffic-eng level-2[*P2-isis-1] commit[~P2-isis-1] quit# 配置PE2。
[~PE2] isis 1[~PE2-isis-1] cost-style wide[*PE2-isis-1] traffic-eng level-2[*PE2-isis-1] commit[~PE2-isis-1] quit - 配置链路的MPLS TE带宽属性
# 在隧道沿途各接口上配置链路的最大可预留带宽和BC0带宽。
# 配置PE1。
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] mpls te bandwidth max-reservable-bandwidth 100000
[*PE1-GigabitEthernet0/1/0] mpls te bandwidth bc0 100000
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
# 配置P1。
[~P1] interface gigabitethernet 0/2/0
[~P1-GigabitEthernet0/2/0] mpls te bandwidth max-reservable-bandwidth 100000
[*P1-GigabitEthernet0/2/0] mpls te bandwidth bc0 100000
[*P1-GigabitEthernet0/2/0] commit
[~P1-GigabitEthernet0/2/0] quit
# 配置P2。
[~P2] interface gigabitethernet 0/1/0
[~P2-GigabitEthernet0/1/0] mpls te bandwidth max-reservable-bandwidth 100000
[*P2-GigabitEthernet0/1/0] mpls te bandwidth bc0 100000
[*P2-GigabitEthernet0/1/0] commit
[~P2-GigabitEthernet0/1/0] quit
- 在PE设备上配置QoS。
# 在PE1上配置复杂流分类,为不同的业务报文配置服务等级。
[~PE1] acl 2001[*PE1-acl4-basic-2001] rule 10 permit source 40.0.0.0 0.255.255.255[*PE1-acl4-basic-2001] quit[*PE1] acl 2002[*PE1-acl4-basic-2002] rule 20 permit source 50.0.0.0 0.255.255.255[*PE1-acl4-basic-2002] quit[*PE1] traffic classifier service1[*PE1-classifier-service1] if-match acl 2001[*PE1-classifier-service1] commit[~PE1-classifier-service1] quit[~PE1] traffic behavior behavior1[*PE1-behavior-behavior1] service-class af1 color green[*PE1-behavior-behavior1] commit[*PE1-behavior-behavior1] quit[*PE1] traffic classifier service2[*PE1-classifier-service2] if-match acl 2002[*PE1-classifier-service2] commit[~PE1-classifier-service2] quit[~PE1] traffic behavior behavior2[*PE1-behavior-behavior2] service-class af2 color green[*PE1-behavior-behavior2] commit[~PE1-behavior-behavior2] quit[~PE1] traffic policy policy1[*PE1-trafficpolicy-policy1] classifier service1 behavior behavior1[*PE1-trafficpolicy-policy1] classifier service2 behavior behavior2[*PE1-trafficpolicy-policy1] commit[~PE1-trafficpolicy-policy1] quit[~PE1] interface gigabitethernet 0/2/0
[~PE1-GigabitEthernet0/2/0] traffic-policy policy1 inbound
[*PE1-GigabitEthernet0/2/0] commit
[~PE1-GigabitEthernet0/2/0] quit
- 配置MPLS TE隧道接口
# 在隧道入节点上创建Tunnel接口,并配置Tunnel接口的IP地址、隧道协议、目的地址、Tunnel ID、动态信令协议、隧道带宽以及隧道承载报文的服务等级。
执行mpls te service-class { service-class & <1-8> | default }命令实现指定各Tunnel承载报文的服务等级。
# 配置PE1。
[~PE1] interface tunnel1[*PE1-Tunnel1] ip address unnumbered interface loopback 1[*PE1-Tunnel1] tunnel-protocol mpls te[*PE1-Tunnel1] destination 4.4.4.9[*PE1-Tunnel1] mpls te tunnel-id 1[*PE1-Tunnel1] mpls te bandwidth ct0 20000[*PE1-Tunnel1] mpls te service-class af1[*PE1-Tunnel1] commit[~PE1-Tunnel1] quit[~PE1] interface tunnel2[*PE1-Tunnel2] ip address unnumbered interface loopback 1[*PE1-Tunnel2] tunnel-protocol mpls te[*PE1-Tunnel2] destination 4.4.4.9[*PE1-Tunnel2] mpls te tunnel-id 2[*PE1-Tunnel2] mpls te bandwidth ct0 20000[*PE1-Tunnel2] mpls te service-class af2[*PE1-Tunnel2] commit[~PE1-Tunnel2] quit[~PE1] interface tunnel3[*PE1-Tunnel3] ip address unnumbered interface loopback 1[*PE1-Tunnel3] tunnel-protocol mpls te[*PE1-Tunnel3] destination 4.4.4.9[*PE1-Tunnel3] mpls te tunnel-id 3[*PE1-Tunnel3] mpls te bandwidth ct0 20000[*PE1-Tunnel3] mpls te service-class default[~PE1-Tunnel3] commit[~PE1-Tunnel3] quit[*PE1] tunnel-policy policy1[*PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 3[*PE1-tunnel-policy-policy1] commit[~PE1-tunnel-policy-policy1] quit# 配置PE2
[~PE2] interface tunnel1[*PE2-Tunnel1] ip address unnumbered interface loopback 1[*PE2-Tunnel1] tunnel-protocol mpls te[*PE2-Tunnel1] destination 1.1.1.9[*PE2-Tunnel1] mpls te tunnel-id 1[*PE2-Tunnel1] mpls te bandwidth ct0 20000[*PE2-Tunnel1] commit[~PE2-Tunnel1] quit[~PE2] tunnel-policy policy1[*PE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 3[*PE2-tunnel-policy-policy1] commit[~PE2-tunnel-policy-policy1] quit - 在PE上配置L3VPN接入
# PE1上的配置
[~PE1] ip vpn-instance vpn1[*PE1-vpn-instance-vpn1] ipv4-family[*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*PE1-vpn-instance-vpn1-af-ipv4] tnl-policy policy1[*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both[*PE1-vpn-instance-vpn1-af-ipv4] commit[~PE1-vpn-instance-vpn1-af-ipv4] quit[~PE1-vpn-instance-vpn1] quit[~PE1] interface gigabitethernet 0/2/0
[~PE1-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[~PE1-GigabitEthernet0/2/0] commit
# PE2上的配置
[~PE2] ip vpn-instance vpn2[*PE2-vpn-instance-vpn2] ipv4-family[*PE2-vpn-instance-vpn2-af-ipv4] route-distinguisher 200:1[*PE2-vpn-instance-vpn2-af-ipv4] vpn-target 111:1 both[*PE2-vpn-instance-vpn2-af-ipv4] commit[~PE2-vpn-instance-vpn2-af-ipv4] quit[~PE2-vpn-instance-vpn2] quit[~PE2] interface gigabitethernet 0/2/0
[~PE2-GigabitEthernet0/2/0] ip binding vpn-instance vpn2
[~PE2-GigabitEthernet0/2/0] commit
配置文件
PE1的配置文件
# sysname PE1 # mpls lsr-id 1.1.1.9 # mpls mpls te mpls te cspf mpls rsvp-te # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity tnl-policy policy1 # isis 1 is-level level-2 cost-style wide traffic-eng level-2 network-entity 00.0005.0000.0000.0001.00 # acl number 2001 rule 10 permit source 40.0.0.0 0.255.255.255 # acl number 2002 rule 20 permit source 50.0.0.0 0.255.255.255 # traffic classifier service1 if-match acl 2001 # traffic classifier service2 if-match acl 2002 # traffic behavior behavior1 service-class af1 color green # traffic behavior behavior2 service-class af2 color green # traffic policy policy1 classifier service1 behavior behavior1 classifier service2 behavior behavior2 # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 3 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ip address 10.10.1.1 255.255.255.0 traffic-policy policy1 inbound # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # interface Tunnel1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te bandwidth ct0 20000 mpls te tunnel-id 1 mpls te service-class af1 # interface Tunnel2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te bandwidth ct0 20000 mpls te tunnel-id 2 mpls te service-class af2 # interface Tunnel3 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te bandwidth ct0 20000 mpls te tunnel-id 3 mpls te service-class default # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 peer 10.10.1.2 as-number 65410 # return
P1的配置文件
# sysname P1 # mpls lsr-id 2.2.2.9 # mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide traffic-eng level-2 network-entity 00.0005.0000.0000.0002.00 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface GigabitEthernet0/2/0 undo shutdown ip address 10.2.1.1 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return
P2的配置文件
# sysname P2 # mpls lsr-id 3.3.3.9 # mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide traffic-eng level-2 network-entity 00.0005.0000.0000.0003.00 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.3.1.1 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface GigabitEthernet0/2/0 undo shutdown ip address 10.2.1.2 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # return
PE2的配置文件
# sysname PE2 # mpls lsr-id 4.4.4.9 # mpls mpls te mpls rsvp-te # ip vpn-instance vpn2 ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # isis 1 is-level level-2 cost-style wide traffic-eng level-2 network-entity 00.0005.0000.0000.0004.00 # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 3 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.3.1.2 255.255.255.0 mpls mpls te mpls te bandwidth max-reservable-bandwidth 100000 mpls te bandwidth bc0 100000 isis enable 1 mpls rsvp-te # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn2 ip address 10.11.1.1 255.255.255.0 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # interface Tunnel1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te bandwidth ct0 20000 mpls te tunnel-id 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 10.11.1.2 as-number 65420 # return
