所选语种没有对应资源,请选择:
企业业务网站
选择区域/语言
Huawei Global - English
技术支持 文档中心
NetEngine 8000 X V800R012C00SPC300 配置指南 - VPN 04
评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置VPLS接入L3VPN示例(IPRAN场景)

配置VPLS接入L3VPN示例(IPRAN场景)

Mixed VPN是IPTime MBB移动宽带(Mobile Broadband)解决方案的一种承载方式。该方案是华为公司建设IP MBH(IP Mobile Backhaul)网络的主要方案。

组网需求

Mixed VPN方案具备优秀FMC承载能力和简单灵活的组网形式。CSG到RSG之间采用分层的设计,适合大规模的网络承载。

CSG(Cell Site Gateway,基站侧网关)组成接入网(Access Network),ASG(Aggregation Site Gateway,汇聚侧网关)和RSG(Radio Service Gateway,无线业务侧网关)组成汇聚网(Aggregation Network),可以根据2G、3G 和LTE业务的承载需求进行灵活部署。如图11-11所示。

图11-11 配置VPLS接入L3VPN(IPRAN场景)组网图
为实现ETH基站(NodeB)到基站控制器(RNC)之间的业务互通,可以采用集成场景的L2VPN+L3VPN方式,通过创建多业务接入虚拟以太网接口组VE-Group(Virtual Ethernet Group),在ASG设备上终结L2VPN并接入L3VPN,同时在CSG配置主从模式PW Redundancy保护PW;ASG之间部署VRRP,确定ASG的主备;RSG之间部署VRRP,确定RSG的主备;L3VPN配置VPN FRR保护链路,从而为业务提供可靠的连接。

本例使用Virtual-Ethernet接口配置L2VPN接入L3VPN。由于VE接口只绑定在一块单板上,单板出现故障时,会导致业务中断。为了提高业务可靠性,也可以在ASG上创建两个全局虚拟以太网接口Global-VE1和Global-VE2,其中Global-VE1接口用来终结L2VE,Global-VE2接口用来接入L3VPN网络的L3VE,其他配置保持不变。

对于L2VPN可以采用HVPLS(PWE3接入VPLS)或PWE3方式,本举例采用的方案为ETH基站H-VPLS(PWE3接入VPLS)+L3VPN承载。图11-12为简化后的单环组网图。根据当前版本实现,重点介绍CSG、ASG设备的配置。

图11-12 配置VPLS接入L3VPN(IPRAN场景)简化组网图
  • 本示例中interface1,inerface2分别代表GE1/0/0,GE1/0/3


表11-1 设备接口及IP地址对应关系

设备

接口

对端设备

IP地址

CSG

GE1/0/1

ASG1

172.16.1.1/24

GE1/0/2

ASG2

172.16.4.1/24

GE1/0/3

NodeB

-

ASG1

GE1/0/0

ASG2

172.16.2.2/24

GE1/0/1

CSG

172.16.1.2/24

GE1/0/3

RSG1

172.16.3.1/24

GE1/0/4

RSG2

172.16.8.1/24

ASG2

GE1/0/0

ASG1

172.16.2.1/24

GE1/0/2

CSG

172.16.4.2/24

GE1/0/3

RSG2

172.16.6.1/24

GE1/0/4

RSG1

172.16.7.1/24

RSG1

GE1/0/0

RSG2

-

GE1/0/1

ASG1

172.16.3.2/24

GE1/0/2

ASG2

172.16.7.2/24

GE1/0/3

RNC

-

RSG2

GE1/0/0

RSG1

-

GE1/0/1

ASG2

172.16.6.2/24

GE1/0/2

ASG1

172.16.8.2/24

GE1/0/3

RNC

-

配置思路

采用如下的思路配置VPLS接入L3VPN(IPRAN场景):

  1. 配置IP地址和路由

  2. 配置MPLS和公网隧道

    • CSG和ASG之间配置TE隧道。
    • ASG与RSG之间配置LSP隧道。

  3. 配置Master/Slave模式的PW Redundancy

    • 配置H-VPLS(PWE3接入VPLS)。
    • 配置管理PW,并配置Spoke PW联动管理PW。
    • 配置BFD检测管理PW。

  4. 配置L3VPN

    • 在ASG和RSG上配置VPN实例
    • 在ASG上配置VE-Group,将VPN实例与L3VE子接口绑定
    • 在ASG和RSG之间建立MP-IBGP对等体
    • 在ASG和RSG上引入直连VPN路由
    • 配置VPN FRR

  5. 配置VRRP

    • ASG上配置业务VRRP和管理VRRP确定基站的网关
    • RSG上配置业务VRRP确定主备

数据准备

为完成此配置例,需准备如下的数据:

  • 接口编号、接口IP地址和OSPF进程号

  • LSR ID

  • L2VC的目的地址、VC ID和VC Type

  • VSI名称及VSI ID

  • BFD的会话名、本地/远端识别符

  • VE-Group组号

  • VRRP的备份组号和优先级

操作步骤

  1. 配置各接口的IP地址和路由协议
    1. 配置设备各接口IP地址。具体配置过程略,请参考配置文件。
    2. 在CSG、ASG1、ASG2、RSG1、RSG2上配置路由协议,实现这些设备的路由互通。本举例使用OSPF。

      本例只是以一个接入环为例。如果接入环为多个,则每个接入环属于不同的Area。如果是IS-IS协议的话,每个环属于不同的IS-IS进程,并部署不同的NET。如网络规划较小可全网部署为Level-2区域。

    配置完成后,在CSG、ASG和RSG上执行display ip routing-table命令可以看到已学到彼此的路由。配置OSPF时,注意需要发布CSG、ASG和RSG的32位Loopback接口地址(LSR ID)。

    具体配置过程略,请参考配置文件。

  2. 配置MPLS基本功能和公网隧道

    • CSG和ASG1、CSG和ASG2之间配置显式路径TE隧道。
    • ASG1和ASG2、ASG和RSG之间配置LSP隧道。
    • 为增强可靠性,需要使能RSVP GR、LDP GR和OSPF GR。

    具体配置过程略,请参考配置文件。

  3. 配置PW Redundancy
    1. CSG和ASG之间配置MPLS LDP远端会话

      因为CSG和ASG之间是TE隧道,没有配置MPLS LDP,但是PWE3使用扩展的LDP信令分配私网标签,所以此处需要配置MPLS LDP远端会话。而ASG之间已经是LDP-LSP隧道,且是直连的,所以不用配置LDP远端会话。

      # 配置CSG。

      [~CSG] mpls ldp
      [*CSG-mpls-ldp] quit
      [*CSG] mpls ldp remote-peer 2.2.2.2
      [*CSG-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
      [*CSG-mpls-ldp-remote-2.2.2.2] quit
      [*CSG] mpls ldp remote-peer 3.3.3.3
      [*CSG-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
      [*CSG-mpls-ldp-remote-3.3.3.3] quit
      [*CSG] commit

      # 配置ASG1。

      [~ASG1] mpls ldp
      [*ASG1-mpls-ldp] quit
      [*ASG1] mpls ldp remote-peer 1.1.1.1
      [*ASG1-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
      [*ASG1-mpls-ldp-remote-1.1.1.1] quit
      [*ASG1] commit

      # 配置ASG2。

      [~ASG2] mpls ldp
      [*ASG2-mpls-ldp] quit
      [*ASG2] mpls ldp remote-peer 1.1.1.1
      [*ASG2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
      [*ASG2-mpls-ldp-remote-1.1.1.1] quit
      [*ASG2] commit

    2. 配置H-VPLS。

      • CSG上配置Master/Slave模式PW Redundancy,接入ASG上的VPLS,形成CSG双归接入ASG的H-VPLS,增强可靠性。
      • ASG1和ASG2之间配置Spoke PW,实现AC侧和PW侧故障隔离,保证业务流量快速恢复。

      # 配置CSG。

      [~CSG] interface gigabitethernet 1/0/3
      [*CSG-GigabitEthernet1/0/3] undo shutdown
      [*CSG-GigabitEthernet1/0/3] quit
      [*CSG] interface gigabitethernet 1/0/3.10
      [*CSG-GigabitEthernet1/0/3.10] vlan-type dot1q 10
      [*CSG-GigabitEthernet1/0/3.10] mpls l2vc 2.2.2.2 100 tunnel-policy policy1
      [*CSG-GigabitEthernet1/0/3.10] mpls l2vc 3.3.3.3 tunnel-policy policy1 200 secondary
      [*CSG-GigabitEthernet1/0/3.10] mpls l2vpn redundancy master
      [*CSG-GigabitEthernet1/0/3.10] mpls l2vpn mac-withdraw disable
      [*CSG-GigabitEthernet1/0/3.10] quit
      [*CSG] commit

      # 配置ASG1。

      [~ASG1] vsi 1 static
      [*ASG1-vsi-1] pwsignal ldp
      [*ASG1-vsi-1-ldp] vsi-id 100
      [*ASG1-vsi-1-ldp] peer 1.1.1.1 tnl-policy policy1 ignore-standby-state
      [*ASG1-vsi-1-ldp] peer 3.3.3.3 negotiation-vc-id 8000 upe
      [*ASG1-vsi-1-ldp] quit
      [*ASG1-vsi-1] quit
      [*ASG1] commit

      # 配置ASG2。

      [~ASG2] vsi 1 static
      [*ASG2-vsi-1] pwsignal ldp
      [*ASG2-vsi-1-ldp] vsi-id 200
      [*ASG2-vsi-1-ldp] peer 1.1.1.1 tnl-policy policy1 ignore-standby-state
      [*ASG2-vsi-1-ldp] peer 2.2.2.2 negotiation-vc-id 8000 upe
      [*ASG2-vsi-1-ldp] quit
      [*ASG2-vsi-1] quit
      [*ASG2] commit

    3. 在ASG上配置VE-Group,L2VE子接口上绑定VSI。

      # 配置ASG1。

      [~ASG1] interface virtual-ethernet 1/0/0
      [*ASG1-Virtual-Ethernet1/0/0] ve-group 10 l2-terminate
      [*ASG1-Virtual-Ethernet1/0/0] quit
      [*ASG1] interface virtual-ethernet 1/0/0.1
      [*ASG1-Virtual-Ethernet1/0/0.1] vlan-type dot1q 10
      [*ASG1-Virtual-Ethernet1/0/0.1] l2 binding vsi 1
      [*ASG1-Virtual-Ethernet1/0/0.1] quit
      [*ASG1] commit

      # 配置ASG2。

      [~ASG2] interface virtual-ethernet 1/0/0
      [*ASG2-Virtual-Ethernet1/0/0] ve-group 10 l2-terminate
      [*ASG2-Virtual-Ethernet1/0/0] quit
      [*ASG2] interface virtual-ethernet 1/0/0.1
      [*ASG2-Virtual-Ethernet1/0/0.1] vlan-type dot1q 10
      [*ASG2-Virtual-Ethernet1/0/0.1] l2 binding vsi 1
      [*ASG2-Virtual-Ethernet1/0/0.1] quit
      [*ASG2] commit

      # 在CSG上执行命令display mpls l2vc brief,查看VC state是否是Up。

      [~CSG] display mpls l2vc brief
       Total ldp vc : 2     2 up       0 down

 *Client Interface     : GigabitEthernet1/0/3.10
  Administrator PW     : no
  AC status            : up
  VC State             : up
  Label state          : 0
  Token state          : 0
  VC ID                : 100
  VC Type              : VLAN
  session state        : up
  Destination          : 2.2.2.2
  link state           : up

 *Client Interface     : GigabitEthernet1/0/3.10
  Administrator PW     : no
  AC status            : up
  VC State             : up
  Label state          : 0
  Token state          : 0
  VC ID                : 200
  VC Type              : VLAN
  session state        : up
  Destination          : 3.3.3.3
  link state           : up

      # 完成上述配置后,在ASG上执行display vsi name vsi1 verbose命令,可以看到名字为1的VSI的状态为UP;对应的PW状态也为Up。

      [~ASG1] display vsi name vsi1 verbose
       ***VSI Name               : 1
    Work Mode              : normal
    Administrator VSI      : no
    Isolate Spoken         : disable
    VSI Index              : 0
    PW Signaling           : ldp
    Member Discovery Style : static
    Bridge-domain Mode     : disable
    PW MAC Learn Style     : unqualify
    Encapsulation Type     : vlan
    MTU                    : 1500
    Diffserv Mode          : uniform
    Service Class          : --
    Color                  : --
    DomainId               : 255
    Domain Name            :
    Ignore AcState         : disable
    P2P VSI                : disable
    Create Time            : 0 days, 0 hours, 3 minutes, 58 seconds
    VSI State              : up
    Resource Status        : Valid

    VSI ID                 : 100
   *Peer Router ID         : 1.1.1.1
    primary or secondary   : primary
    ignore-standby-state   : yes
    VC Label               : 1027
    Peer Type              : dynamic
    Session                : up
    Tunnel ID              : 0x800044
    Broadcast Tunnel ID    : 0x800044
    Broad BackupTunnel ID  : 0x0
    Tunnel Policy Name     : policy1
    CKey                   : 32
    NKey                   : 31
    StpEnable              : 0
    PwIndex                : 0
    Control Word           : disable
   *Peer Router ID         : 3.3.3.3
    Negotiation-vc-id      : 8000
    primary or secondary   : primary
    ignore-standby-state   : no
    VC Label               : 1028
    Peer Type              : dynamic
    Session                : up
    Tunnel ID              : 0x800047
    Broadcast Tunnel ID    : 0x800047
    Broad BackupTunnel ID  : 0x0
    CKey                   : 34
    NKey                   : 33
    StpEnable              : 0
    PwIndex                : 0
    Control Word           : disable

    Interface Name         : Virtual-Ethernet1/0/0.1
    State                  : up
    Last Up Time           : 2010/09/14 19:38:19
    Total Up Time          : 0 days, 0 hours, 4 minutes, 0 seconds

   **PW Information:

   *Peer Ip Address        : 3.3.3.3
    PW State               : up
    Local VC Label         : 1028
    Remote VC Label        : 1028
    Remote Control Word    : disable
    PW Type                : MEHVPLS
    Tunnel ID              : 0x800047
    Broadcast Tunnel ID    : 0x800047
    Broad BackupTunnel ID  : 0x0
    Ckey                   : 0x22
    Nkey                   : 0x21
    Main PW Token          : 0x800047
    Slave PW Token         : 0x0
    Tnl Type               : LSP
    OutInterface           : GigabitEthernet1/0/0
    Backup OutInterface    :
    Stp Enable             : 0
    PW Last Up Time        : 2010/09/14 19:38:21
    PW Total Up Time       : 0 days, 0 hours, 3 minutes, 58 seconds
   *Peer Ip Address        : 1.1.1.1
    PW State               : up
    Local VC Label         : 1027
    Remote VC Label        : 1024
    Remote Control Word    : disable
    PW Type                : label
    Tunnel ID              : 0x800044
    Broadcast Tunnel ID    : 0x800044
    Broad BackupTunnel ID  : 0x0
    Ckey                   : 0x20
    Nkey                   : 0x1f
    Main PW Token          : 0x45
    Slave PW Token         : 0x46
    Tnl Type               : CR-LSP
    OutInterface           : Tunnel11
    Backup OutInterface    :
    Stp Enable             : 0
    PW Last Up Time        : 2010/09/14 19:38:21
    PW Total Up Time       : 0 days, 0 hours, 4 minutes, 0 seconds

  4. 配置L3VPN
    1. 在ASG和RSG上配置VPN实例,并配置接口与VPN实例关联。

      # 以ASG1配置为例,ASG2上配置相同。

      [~ASG1] ip vpn-instance vpna
      [*ASG1-vpn-instance-vpna] ipv4-family
      [*ASG1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1
      [*ASG1-vpn-instance-vpna-af-ipv4] vpn-target 1:1
      [*ASG1-vpn-instance-vpna-af-ipv4] quit
      [*ASG1] interface virtual-ethernet 1/0/1
      [*ASG1-Virtual-Ethernet1/0/1] ve-group 10 l3-access
      [*ASG1-Virtual-Ethernet1/0/1] quit
      [*ASG1] interface virtual-ethernet 1/0/1.1
      [*ASG1-Virtual-Ethernet1/0/1.1] vlan-type dot1q 10
      [*ASG1-Virtual-Ethernet1/0/1.1] ip binding vpn-instance vpna
      [*ASG1-Virtual-Ethernet1/0/1.1] ip address 10.0.0.2 24
      [*ASG1-Virtual-Ethernet1/0/1.1] direct-route track pw-state degrade-cost 30
      [*ASG1-Virtual-Ethernet1/0/1.1] quit
      [*ASG1] commit

      # 以RSG1配置为例,RSG2配置相同。

      [~RSG1] ip vpn-instance vpna
      [*RSG1-vpn-instance-vpna] ipv4-family
      [*RSG1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1
      [*RSG1-vpn-instance-vpna-af-ipv4] vpn-target 1:1
      [*RSG1-vpn-instance-vpna-af-ipv4] quit
      [*RSG1] interface gigabitethernet 1/0/3
      [*RSG1-GigabitEthernet1/0/3] portswitch
      [*RSG1-GigabitEthernet1/0/3] port link-type trunk
      [*RSG1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10
      [*RSG1-GigabitEthernet1/0/3] quit
      [*RSG1] interface gigabitethernet 1/0/0
      [*RSG1-GigabitEthernet1/0/0] portswitch
      [*RSG1-GigabitEthernet1/0/0] port link-type trunk
      [*RSG1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
      [*RSG1-GigabitEthernet1/0/0] quit
      [*RSG1] vlan 10
      [*RSG1-vlan10] quit
      [*RSG1] interface vlanif 10
      [*RSG1-Vlanif10] ip binding vpn-instance vpna
      [*RSG1-Vlanif10] ip address 10.0.1.1 24
      [*RSG1-Vlanif10] quit
      [*RSG1] commit

    2. 在ASG和RSG之间建立MP-IBGP对等体

      # 以ASG2配置为例,ASG1配置相同。

      [~ASG2] bgp 100
      [*ASG2-bgp] graceful-restart
      [*ASG2-bgp] peer 2.2.2.2 as-number 100
      [*ASG2-bgp] peer 2.2.2.2 connect-interface loopback 0
      [*ASG2-bgp] peer 4.4.4.4 as-number 100
      [*ASG2-bgp] peer 4.4.4.4 connect-interface loopback 0
      [*ASG2-bgp] peer 4.4.4.4 tracking delay 30
      [*ASG2-bgp] peer 5.5.5.5 as-number 100
      [*ASG2-bgp] peer 5.5.5.5 connect-interface loopback 0
      [*ASG2-bgp] peer 5.5.5.5 tracking delay 30
      [*ASG2-bgp] ipv4-family vpnv4
      [*ASG2-bgp-af-vpnv4] peer 2.2.2.2 enable
      [*ASG2-bgp-af-vpnv4] peer 4.4.4.4 enable
      [*ASG2-bgp-af-vpnv4] peer 5.5.5.5 enable
      [*ASG2-bgp-af-vpnv4] quit
      [*ASG2] commit

      # 以RSG1配置为例,RSG2配置相同。

      [~RSG1] bgp 100
      [*RSG1-bgp] graceful-restart
      [*RSG1-bgp] peer 2.2.2.2 as-number 100
      [*RSG1-bgp] peer 2.2.2.2 connect-interface loopback 0
      [*RSG1-bgp] peer 2.2.2.2 tracking delay 30
      [*RSG1-bgp] peer 3.3.3.3 as-number 100
      [*RSG1-bgp] peer 3.3.3.3 connect-interface loopback 0
      [*RSG1-bgp] peer 3.3.3.3 tracking delay 30
      [*RSG1-bgp] peer 5.5.5.5 as-number 100
      [*RSG1-bgp] peer 5.5.5.5 connect-interface loopback 0
      [*RSG1-bgp] ipv4-family vpnv4
      [*RSG1-bgp-af-vpnv4] peer 2.2.2.2 enable
      [*RSG1-bgp-af-vpnv4] peer 3.3.3.3 enable
      [*RSG1-bgp-af-vpnv4] peer 5.5.5.5 enable
      [*RSG1-bgp-af-vpnv4] quit
      [*RSG1] commit

    3. 在ASG和RSG上引入直连VPN路由

      # 以ASG1配置为例,ASG2配置相同。

      [~ASG2-bgp] ipv4-family vpn-instance vpna
      [*ASG2-bgp-vpna] import-route direct
      [*ASG2-bgp-vpna] quit
      [*ASG2-bgp] quit
      [*ASG2] commit

      # 以RSG1配置为例,RSG2配置相同。

      [~RSG1-bgp] ipv4-family vpn-instance vpna
      [*RSG1-bgp-vpna] import-route direct
      [*RSG1-bgp-vpna] quit
      [*RSG1-bgp] quit
      [*RSG1] commit

    4. 配置VPN FRR

      # ASG和RSG上配置相同,以RSG1为例。

      [~RSG1] ip vpn-instance vpna
      [*RSG1-vpn-instance-vpna] ipv4-family
      [*RSG1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1
      [*RSG1-vpn-instance-vpna-af-ipv4] vpn frr
      [*RSG1-vpn-instance-vpna-af-ipv4] quit
      [*RSG1-vpn-instance-vpna] quit
      [*RSG1] commit

  5. 配置BFD检测公网故障
    1. 在CSG上配置BFD检测主PW

      # 配置CSG。

      [~CSG] bfd
      [*CSG-bfd] quit
      [*CSG] bfd master bind pw interface gigabitethernet 1/0/3.10 remote-peer 2.2.2.2 pw-ttl auto-calculate
      [*CSG-bfd-lsp-session-master] discriminator local 2
      [*CSG-bfd-lsp-session-master] discriminator remote 2
      [*CSG-bfd-lsp-session-master] commit
      [*CSG-bfd-lsp-session-master] quit
      [*CSG] commit

      # 配置ASG1。

      [~ASG1] bfd
      [*ASG1-bfd] quit
      [~ASG1] bfd master bind pw vsi 1 peer 1.1.1.1 remote-peer 1.1.1.1 pw-tt auto-calculate
      [*ASG1-bfd-lsp-session-master] discriminator local 2
      [*ASG1-bfd-lsp-session-master] discriminator remote 2
      [*ASG1-bfd-lsp-session-master] commit
      [*ASG1-bfd-lsp-session-master] quit
      [*ASG1] commit

    2. 在ASG上配置BFD检测VSI PW

      # 配置ASG1。

      [~ASG1] bfd
      [*ASG1-bfd] quit
      [*ASG1] bfd spoke bind pw vsi 1 peer 3.3.3.3 vc-id 8000
      [*ASG1-bfd-lsp-session-spoke] discriminator local 5
      [*ASG1-bfd-lsp-session-spoke] discriminator remote 5
      [*ASG1-bfd-lsp-session-spoke] commit
      [*ASG1-bfd-lsp-session-spoke] quit
      [*ASG1] commit

      # 配置ASG2。

      [~ASG2] bfd
      [*ASG2-bfd] quit
      [*ASG2] bfd spoke bind pw vsi 1 peer 2.2.2.2 vc-id 8000
      [*ASG2-bfd-lsp-session-spoke] discriminator local 5
      [*ASG2-bfd-lsp-session-spoke] discriminator remote 5
      [*ASG2-bfd-lsp-session-spoke] commit
      [*ASG2-bfd-lsp-session-spoke] quit
      [*ASG2] commit

  6. 配置VRRP
    1. ASG 之间配置管理VSI 用于传输VRRP心跳报文,即L3VE子接口对应的L2VE子接 口绑定VSI,且是管理VSI。

      # 配置ASG1。

      [~ASG1] vsi for_vrrp static
      [*ASG1-vsi-for_vrrp] pwsignal ldp
      [*ASG1-vsi-for_vrrp-ldp] vsi-id 1000
      [*ASG1-vsi-for_vrrp-ldp] peer 2.2.2.2 tnl-policy policy1
      [*ASG1-vsi-for_vrrp-ldp] quit
      [*ASG1-vsi-for_vrrp] admin-vsi
      [*ASG1] interface virtual-ethernet 1/0/0.100
      [*ASG1-Virtual-Ethernet1/0/0.100] vlan-type dot1q 100
      [*ASG1-Virtual-Ethernet1/0/0.100] l2 binding vsi for_vrrp
      [*ASG1-Virtual-Ethernet1/0/0.100] quit
      [*ASG1] commit

      # 配置ASG2。

      [~ASG2] vsi for_vrrp static
      [*ASG2-vsi-for_vrrp] pwsignal ldp
      [*ASG2-vsi-for_vrrp-ldp] vsi-id 1000
      [*ASG2-vsi-for_vrrp-ldp] peer 3.3.3.3 tnl-policy policy1
      [*ASG2-vsi-for_vrrp-ldp] quit
      [*ASG2-vsi-for_vrrp] admin-vsi
      [*ASG2] interface virtual-ethernet 1/0/0.100
      [*ASG2-Virtual-Ethernet1/0/0.100] vlan-type dot1q 100
      [*ASG2-Virtual-Ethernet1/0/0.100] l2 binding vsi for_vrrp
      [*ASG2-Virtual-Ethernet1/0/0.100] quit
      [*ASG2] commit

    2. ASG1和ASG2上配置VRRP确定基站网关

      具体配置过程请参见《NetEngine 8000 配置指南-网络可靠性-VRRP配置》,以及配置文件。

    3. 在RSG上配置VRRP确定主备

      具体配置过程请参见《NetEngine 8000 配置指南-网络可靠性-VRRP配置》,以及配置文件。

配置文件

  • CSG的配置文件

    #
 sysname CSG
#
 bfd
#
 mpls lsr-id 1.1.1.1
 mpls
  mpls te
  mpls rsvp-te
  mpls rsvp-te hello
  mpls te cspf
#
 mpls l2vpn
#
explicit-path to_asg1
 next hop 172.16.1.2
 next hop 2.2.2.2
#
explicit-path to_asg2
 next hop 172.16.4.2
 next hop 3.3.3.3
#
mpls ldp
 graceful-restart
#
 mpls ldp remote-peer 2.2.2.2
 remote-ip 2.2.2.2
#
mpls ldp remote-peer 3.3.3.3
 remote-ip 3.3.3.3
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 172.16.1.1 255.255.255.0
 mpls
 mpls te
 mpls rsvp-te
 mpls rsvp-te hello
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 172.16.4.1 255.255.255.0
 mpls
 mpls te
 mpls rsvp-te
 mpls rsvp-te hello
#
interface GigabitEthernet1/0/3
 undo shutdown
#
interface GigabitEthernet1/0/3.10
 vlan-type dot1q 10
 mpls l2vc 2.2.2.2 100 tunnel-policy policy1
 mpls l2vc 3.3.3.3 200 tunnel-policy policy1 secondary
 mpls l2vpn redundancy master
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
interface Tunnel11
 ip address unnumbered interface LoopBack0
 tunnel-protocol mpls te
 destination 2.2.2.2
 mpls te tunnel-id 100
 mpls te record-route label
 mpls te path explicit-path to_asg1
 mpls te reserved-for-binding
#
interface Tunnel12
 ip address unnumbered interface LoopBack0
 tunnel-protocol mpls te
 destination 3.3.3.3
 mpls te tunnel-id 200
 mpls te record-route label
 mpls te path explicit-path to_asg2
 mpls te reserved-for-binding
#
ospf 100
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.4.0 0.0.0.255
  mpls-te enable
#
tunnel-policy policy1
 tunnel binding destination 2.2.2.2 te Tunnel11
 tunnel binding destination 3.3.3.3 te Tunnel12
#
bfd master bind pw interface GigabitEthernet1/0/3.10 remote-peer 2.2.2.2 pw-ttl auto-calculate
 discriminator local 2
 discriminator remote 2
 commit
#
return

  • ASG1的配置文件

    #
 sysname ASG1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 1:1
  apply-label per-instance
  vpn frr
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
 bfd
#
 mpls lsr-id 2.2.2.2
 mpls
  mpls te
  mpls rsvp-te
  mpls rsvp-te hello
  mpls te cspf
#
 mpls l2vpn
#
vsi 1 static
 pwsignal ldp
  vsi-id 100
  peer 1.1.1.1 tnl-policy policy1 ignore-standby-state
  peer 3.3.3.3 negotiation-vc-id 8000 upe
#
 explicit-path to_csg
  next hop 172.16.1.1
  next hop 1.1.1.1
#
mpls ldp
 graceful-restart
#
 mpls ldp remote-peer 1.1.1.1
 remote-ip 1.1.1.1
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.2.2 255.255.255.0
 vrrp vrid 20 virtual-ip 172.16.2.3
 admin-vrrp vrid 20 ignore-if-down
 vrrp vrid 20 priority 150
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 172.16.1.2 255.255.255.0
 mpls
 mpls te
 mpls rsvp-te
 mpls rsvp-te hello
#
interface GigabitEthernet1/0/3
 undo shutdown
 ip address 172.16.3.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/4
 undo shutdown
 ip address 172.16.8.1 255.255.255.0
 mpls
 mpls ldp
#
interface Virtual-Ethernet1/0/0
 ve-group 10 l2-terminate
#
interface Virtual-Ethernet1/0/0.1
 vlan-type dot1q 10
 l2 binding vsi 1
#
interface Virtual-Ethernet1/0/1
 ve-group 10 l3-access
#
interface Virtual-Ethernet1/0/1.1
 vlan-type dot1q 10
 ip binding vpn-instance vpna
 ip address 10.0.0.2 255.255.255.0
 direct-route track pw-state degrade-cost 30
 vrrp vrid 10 virtual-ip 10.0.0.3
 vrrp vrid 10 track admin-vrrp interface GigabitEthernet1/0/0 vrid 20
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
#
interface Tunnel11
 ip address unnumbered interface LoopBack0
 tunnel-protocol mpls te
 destination 1.1.1.1
 mpls te tunnel-id 100
 mpls te record-route label
 mpls te signal-protocol rsvp-te
 mpls te path explicit-path to_csg
 mpls te backup hot-standby wtr 15
 mpls te reserved-for-binding
#
bgp 100
 graceful-restart
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
#
ospf 100
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
  network 172.16.2.0 0.0.0.255
  network 172.16.8.0 0.0.0.255
  mpls-te enable
#
tunnel-policy policy1
 tunnel binding destination 1.1.1.1 te Tunnel11
#
bfd master bind pw vsi 1 peer 1.1.1.1 remote-peer 1.1.1.1 pw-ttl auto-ca
lculate
 discriminator local 2
 discriminator remote 2
 commit
#
bfd spoke bind pw vsi 1 peer 3.3.3.3 vc-id 8000
 discriminator local 5
 discriminator remote 5
 commit
#
return

  • ASG2的配置文件

    #
 sysname ASG2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 1:1
  apply-label per-instance
  vpn frr
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
 bfd
#
 mpls lsr-id 3.3.3.3
 mpls
  mpls te
  mpls rsvp-te
  mpls rsvp-te hello
  mpls te cspf
#
 mpls l2vpn
#
vsi 1 static
 pwsignal ldp
  vsi-id 200
  peer 1.1.1.1 tnl-policy policy1 ignore-standby-state
  peer 2.2.2.2 negotiation-vc-id 8000 upe
#
 explicit-path to_csg
  next hop 172.16.4.1
  next hop 1.1.1.1
#
mpls ldp
 graceful-restart
#
 mpls ldp remote-peer 1.1.1.1
 remote-ip 1.1.1.1
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.2.1 255.255.255.0
 vrrp vrid 20 virtual-ip 172.16.2.3
 admin-vrrp vrid 20 ignore-if-down
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 172.16.4.2 255.255.255.0
 mpls
 mpls te
 mpls rsvp-te
 mpls rsvp-te hello
#
interface GigabitEthernet1/0/3
 undo shutdown
 ip address 172.16.6.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/4
 undo shutdown
 ip address 172.16.7.1 255.255.255.0
 mpls
 mpls ldp
#
interface Virtual-Ethernet1/0/0
 ve-group 10 l2-terminate
#
interface Virtual-Ethernet1/0/0.1
 vlan-type dot1q 10
 l2 binding vsi 1
#
interface Virtual-Ethernet1/0/1
 ve-group 10 l3-access
#
interface Virtual-Ethernet1/0/1.1
 vlan-type dot1q 10
 ip binding vpn-instance vpna
 ip address 10.0.0.4 255.255.255.0
 vrrp vrid 10 virtual-ip 10.0.0.3
 vrrp vrid 10 track admin-vrrp interface GigabitEthernet1/0/0 vrid 20
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
interface Tunnel12
 ip address unnumbered interface LoopBack0
 tunnel-protocol mpls te
 destination 1.1.1.1
 mpls te tunnel-id 200
 mpls te record-route label
 mpls te signal-protocol rsvp-te
 mpls te path explicit-path to_csg
 mpls te backup hot-standby wtr 15
 mpls te reserved-for-binding
#
bgp 100
 graceful-restart
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
#
ospf 100
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 172.16.7.0 0.0.0.255
  network 172.16.4.0 0.0.0.255
  network 172.16.6.0 0.0.0.255
  mpls-te enable
#
tunnel-policy policy1
 tunnel binding destination 1.1.1.1 te Tunnel12
#
bfd spoke bind pw vsi 1 peer 2.2.2.2 vc-id 8000
 discriminator local 5
 discriminator remote 5
 commit
#
return

  • RSG1的配置文件

    #
 sysname RSG1
#
 vlan batch 10
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 1:1
  apply-label per-instance
  vpn frr
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
 mpls lsr-id 4.4.4.4
 mpls
#
 mpls l2vpn
#
mpls ldp
 graceful-restart
#
interface Vlanif10
 ip binding vpn-instance vpna
 ip address 10.0.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.1.3
 vrrp vrid 1 priority 150
#
interface GigabitEthernet1/0/0
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 172.16.3.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 172.16.7.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/3
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
#
bgp 100
 graceful-restart
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
#
ospf 100
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 172.16.3.0 0.0.0.255
  network 172.16.7.0 0.0.0.255
  mpls-te enable
#
return

  • RSG2的配置文件

    #
 sysname RSG2
#
 vlan batch 10
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 1:1
  apply-label per-instance
  vpn frr
  vpn-target 11 export-extcommunity
  vpn-target 11 import-extcommunity
#
 mpls lsr-id 5.5.5.5
 mpls
#
 mpls l2vpn
#
mpls ldp
 graceful-restart
#
interface Vlanif10
 ip binding vpn-instance vpna
 ip address 10.0.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.1.3
#
interface GigabitEthernet1/0/0
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 172.16.6.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 172.16.8.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/3
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255
#
bgp 100
 graceful-restart
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
#
ospf 100
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 172.16.8.0 0.0.0.255
  network 172.16.6.0 0.0.0.255
  mpls-te enable
#
return
翻译
English
下载文档
更新时间:2020-06-20

文档编号:EDOC1100143312

浏览量:60677

下载量:128

平均得分:
本文档适用于这些产品

相关版本

相关文档

分享
上一页 下一页
华为亿家APP下载 华为亿家APP下载

版权所有 © 华为技术有限公司 1998-2022。 保留一切权利。粤A2-20044005号

您正离开华为站点,前往: