评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置OptionC方式跨域BGP VPWS示例
ASBR上无需创建和维护VPWS。当每个AS都有大量的跨域VPWS时,可选择这种方案,防止ASBR成为阻碍网络进一步扩展的瓶颈。
组网需求
如图9-30,CE1和CE2属于同一个VPWS,分别通过AS100内的PE1和AS200内的PE2接入骨干网。
当每个AS内有大量的跨域VPWS时,可以配置采用OptionC方式跨域BGP VPWS。在OptionC方式跨域BGP VPWS中,ASBR上不再维护VPWS标签块信息,而是PE之间直接交换VPWS标签块信息。
配置思路
采用如下的思路配置OptionC方式跨域Kompella VPWS:
在骨干网上运行IGP协议,使同一个AS域内的各设备能互通。
在骨干网上使能MPLS,在PE与ASBR之间建立动态LSP隧道,并且在ASBR之间的接口上也要使能MPLS。
同一AS的PE和ASBR之间建立IBGP。
在各ASBR之间配置EBGP,在ASBR上需配置路由策略,使能标签路由功能。在PE1和PE2之间建立MP-EBGP对等体关系。
在PE1和PE2之间创建VSI实例,接入CE。
数据准备
为完成此配置例,需准备如下的数据:
PE及ASBR上的MPLS LSR-ID。
PE上创建的VSI实例名、路由标识RD及收发路由属性VPN-Target。
PE上绑定VSI实例的AC接口。
ASBR上使用的路由策略。
操作步骤
- 配置各设备接口的IP地址
# 配置CE1。
<HUAWEI> system-view[~HUAWEI] sysname CE1
[*HUAWEI] commit
[*CE1] interface gigabitethernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit# 配置PE1。
<HUAWEI> system-view[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback1[*PE1-Loopback1] ip address 1.1.1.9 32[*PE1-Loopback1] quit[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] undo shutdown
[*PE1-GigabitEthernet2/0/0] ip address 10.10.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置ASBR1。
<HUAWEI> system-view[~HUAWEI] sysname ASBR1
[*HUAWEI] commit
[~ASBR1] interface loopback1[*ASBR1-Loopback1] ip address 2.2.2.9 32[*ASBR1-Loopback1] quit[*ASBR1] interface gigabitethernet 1/0/0
[*ASBR1-GigabitEthernet1/0/0] undo shutdown
[*ASBR1-GigabitEthernet1/0/0] ip address 10.10.1.2 24
[*ASBR1-GigabitEthernet1/0/0] quit
[*ASBR1] interface gigabitethernet 2/0/0
[*ASBR1-GigabitEthernet2/0/0] undo shutdown
[*ASBR1-GigabitEthernet2/0/0] ip address 10.20.1.1 24
[*ASBR1-GigabitEthernet2/0/0] quit
[*ASBR1] commit# 配置ASBR2。
<HUAWEI> system-view[~HUAWEI] sysname ASBR2
[*HUAWEI] commit
[~ASBR2] interface loopback1[*ASBR2-Loopback1] ip address 3.3.3.9 32[*ASBR2-Loopback1] quit[*ASBR2] interface gigabitethernet 1/0/0
[*ASBR2-GigabitEthernet1/0/0] undo shutdown
[*ASBR2-GigabitEthernet1/0/0] ip address 10.20.1.2 24
[*ASBR2-GigabitEthernet1/0/0] quit
[*ASBR2] interface gigabitethernet 2/0/0
[*ASBR2-GigabitEthernet2/0/0] undo shutdown
[*ASBR2-GigabitEthernet2/0/0] ip address 10.30.1.1 24
[*ASBR2-GigabitEthernet2/0/0] quit
[*ASBR2] commit# 配置PE2。
<HUAWEI> system-view[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback1[*PE2-Loopback1] ip address 4.4.4.9 32[*PE2-Loopback1] quit[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] undo shutdown
[*PE2-GigabitEthernet1/0/0] ip address 10.30.1.2 24
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] commit# 配置CE2。
<HUAWEI> system-view[~HUAWEI] sysname CE2
[*HUAWEI] commit
[*CE2] interface gigabitethernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit - 配置骨干网的IGP协议
# 配置PE1。
[~PE1] ospf 1[*PE1-ospf-1] area 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255[*PE1-ospf-1-area-0.0.0.0] quit[*PE1-ospf-1] quit[*PE1] commit# 配置ASBR1。
[~ASBR1] ospf 1[*ASBR1-ospf-1] area 0.0.0.0[*ASBR1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[*ASBR1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255[*ASBR1-ospf-1-area-0.0.0.0] quit[*ASBR1-ospf-1] quit[*ASBR1] commit# 配置ASBR2。
[*ASBR2] ospf 1[*ASBR2-ospf-1] area 0.0.0.0[*ASBR2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0[*ASBR2-ospf-1-area-0.0.0.0] network 10.30.1.0 0.0.0.255[*ASBR2-ospf-1-area-0.0.0.0] quit[*ASBR2-ospf-1] quit[*ASBR2] commit# 配置PE2。
[~PE2] ospf 1[*PE2-ospf-1] area 0.0.0.0[*PE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0[*PE2-ospf-1-area-0.0.0.0] network 10.30.1.0 0.0.0.255[*PE2-ospf-1-area-0.0.0.0] quit[*PE2-ospf-1] quit[*PE2] commit - 使能MPLS,建立LSP隧道
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.9[*PE1] mpls[*PE1-mpls] quit[*PE1] mpls ldp[*PE1-mpls-ldp] quit[*PE1] inerface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] mpls
[*PE1-GigabitEthernet2/0/0] mpls ldp
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置ASBR1。
[*ASBR1] mpls lsr-id 2.2.2.9[*ASBR1] mpls[*ASBR1-mpls] quit[*ASBR1] mpls ldp[*ASBR1-mpls-ldp] quit[*ASBR1] inerface gigabitethernet 1/0/0
[*ASBR1-GigabitEthernet1/0/0] mpls
[*ASBR1-GigabitEthernet1/0/0] mpls ldp
[*ASBR1-GigabitEthernet1/0/0] quit
[*ASBR1] commit# 配置ASBR2。
[~ASBR2] mpls lsr-id 3.3.3.9[*ASBR2] mpls[*ASBR2-mpls] quit[*ASBR2] mpls ldp[*ASBR2-mpls-ldp] quit[*ASBR2] inerface gigabitethernet 2/0/0
[*ASBR2-GigabitEthernet2/0/0] mpls
[*ASBR2-GigabitEthernet2/0/0] mpls ldp
[*ASBR2-GigabitEthernet2/0/0] quit
[*ASBR2] commit# 配置PE2。
[~PE2] mpls lsr-id 4.4.4.9[*PE2] mpls[*PE2-mpls] quit[*PE2] mpls ldp[*PE2-mpls-ldp] quit[*PE2] inerface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] mpls
[*PE2-GigabitEthernet1/0/0] mpls ldp
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] commit - 在ASBR上使能域间的MPLS功能
# 配置ASBR1。
[~ASBR1] inerface gigabitethernet 2/0/0
[*ASBR1-GigabitEthernet2/0/0] mpls
[*ASBR1-GigabitEthernet2/0/0-mpls] quit
[*ASBR1] commit# 配置ASBR2。
[~ASBR2] inerface gigabitethernet 1/0/0
[*ASBR2-GigabitEthernet1/0/0] mpls
[*ASBR2-GigabitEthernet1/0/0-mpls] quit
[*ASBR2] commit - 在PE1与ASBR1之间、PE2与ASBR2之间配置IBGP对等体,在ASBR1与ASBR2之间配置EBGP对等体,并在ASBR上配置路由策略,对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签。对于向本AS的PE发布的路由,如果是带标签的IPv4路由,为其重新分配MPLS标签。
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 2.2.2.9 as-number 100[*PE1-bgp] peer 2.2.2.9 label-route-capability[*PE1-bgp] peer 2.2.2.9 connect-interface LoopBack 1[*PE1-bgp] quit[*PE1] commit# 配置ASBR1。
[~ASBR1] route-policy policy1 permit node 1[*ASBR1-route-policy] if-match mpls-label[*ASBR1-route-policy] apply mpls-label[*ASBR1-route-policy] quit[*ASBR1] route-policy policy2 permit node 1[*ASBR1-route-policy] apply mpls-label[*ASBR1-route-policy] quit[*ASBR1] bgp 100[*ASBR1-bgp] network 1.1.1.9 255.255.255.255[*ASBR1-bgp] peer 1.1.1.9 as-number 100[*ASBR1-bgp] peer 1.1.1.9 route-policy policy1 export[*ASBR1-bgp] peer 1.1.1.9 label-route-capability[*ASBR1-bgp] peer 1.1.1.9 connect-interface loopback 1[*ASBR1-bgp] peer 10.20.1.2 as-number 200[*ASBR1-bgp] peer 10.20.1.2 route-policy policy2 export[*ASBR1-bgp] peer 10.20.1.2 label-route-capability check-tunnel-reachable[*ASBR1-bgp] peer 10.20.1.2 connect-interface gigabitethernet 2/0/0
[*ASBR1-bgp]quit[*ASBR1]commit# 配置ASBR2。
[~ASBR2] route-policy policy1 permit node 1[*ASBR2-route-policy] if-match mpls-label[*ASBR2-route-policy] apply mpls-label[*ASBR2-route-policy] quit[*ASBR2] route-policy policy2 permit node 1[*ASBR2-route-policy] apply mpls-label[*ASBR2-route-policy] quit[*ASBR2] bgp 200[*ASBR2-bgp] network 4.4.4.9 255.255.255.255[*ASBR2-bgp] peer 4.4.4.9 as-number 200[*ASBR2-bgp] peer 4.4.4.9 route-policy policy1 export[*ASBR2-bgp] peer 4.4.4.9 label-route-capability[*ASBR2-bgp] peer 4.4.4.9 connect-interface loopback 1[*ASBR2-bgp] peer 10.20.1.1 as-number 100[*ASBR2-bgp] peer 10.20.1.1 route-policy policy2 export[*ASBR2-bgp] peer 10.20.1.1 label-route-capability check-tunnel-reachable[*ASBR2-bgp] peer 10.20.1.1 connect-interface gigabitethernet 1/0/0
[*ASBR2-bgp] quit[*ASBR2] commit# 配置PE2。
[~PE2] bgp 200[*PE2-bgp] peer 3.3.3.9 as-number 200[*PE2-bgp] peer 3.3.3.9 label-route-capability[*PE2-bgp] peer 3.3.3.9 connect-interface loopback 1[*PE2-bgp] quit[*PE2] commit - PE1和PE2之间建立MP-EBGP对等体
注意需要在L2VPN-AD地址族视图下使能BGP对等体功能,以互相传递VPWS标签块信息。
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 4.4.4.9 as-number 200[*PE1-bgp] peer 4.4.4.9 ebgp-max-hop 255[*PE1-bgp] peer 4.4.4.9 connect-interface loopback 1[*PE1-bgp] l2vpn-ad-family[*PE1-bgp-af-l2vpn-ad] peer 4.4.4.9 enable[*PE1-bgp-af-l2vpn-ad] peer 4.4.4.9 signaling VPWS[*PE1-bgp-af-l2vpn-ad] quit[*PE1-bgp] quit[*PE1] commit# 配置PE2。
[~PE2] bgp 200[*PE2-bgp] peer 1.1.1.9 as-number 100[*PE2-bgp] peer 1.1.1.9 ebgp-max-hop 255[*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1[*PE2-bgp] l2vpn-ad-family[*PE2-bgp-af-l2vpn-ad] peer 1.1.1.9 enable[*PE2-bgp-af-l2vpn-ad] peer 1.1.1.9 signaling VPWS[*PE2-bgp-af-l2vpn-ad] quit[*PE2-bgp] quit[*PE2] commit完成此步配置,在PE上执行display tunnel-info all命令,可发现跨域隧道建立成功。以PE1的显示为例:
[~PE1] display tunnel-info allTunnel ID Type Destination Status ----------------------------------------------------------------------------- 0x0000000001004c8b42 ldp 2.2.2.9 UP 0x000000000201040000 bgp 4.4.4.9 UP
- 配置BGP方式连接
# 配置PE1。
[~PE1] mpls l2vpn[*PE1-l2vpn] quit[*PE1] mpls l2vpn vpn1 encapsulation ethernet[*PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1[*PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both[*PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10[*PE1-mpls-l2vpn-vpn1-ce-ce1] connection ce-offset 2 interface gigabitethernet 1/0/0
[*PE1-mpls-l2vpn-vpn1-ce-ce1] quit[*PE1-mpls-l2vpn-vpn1] quit[*PE1] commit# 配置PE2。
[~PE2] mpls l2vpn[*PE2-l2vpn] quit[*PE2] mpls l2vpn vpn1 encapsulation ethernet[*PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1[*PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both[*PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10[*PE2-mpls-l2vpn-vpn1-ce-ce2] connection ce-offset 1 interface gigabitethernet 2/0/0
[*PE2-mpls-l2vpn-vpn1-ce-ce2] quit[*PE2-mpls-l2vpn-vpn1] quit[*PE2] commit - 验证配置结果
在PE上查看VPWS信息,可以看到VSI状态为Up。到远端PE的PW状态也为Up。使用的隧道为之前建立的跨域LSP。以PE1显示为例:
[~PE1] display mpls l2vpn connection interface gigabitethernet 1/0/0
conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): GigabitEthernet1/0/0(up,ethernet) peer id: 4.4.4.9 route-distinguisher: 100:1 local vc label: 294930 remote vc label: 294929 tunnel policy: default CKey: 129 NKey: 3841982621 primary or secondary: primary forward entry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -- BFD for PW state: invalid BFD for LSP state: true Local C bit is not set Remote C bit is not set tunnel type: bgp tunnel id: 0x000000000201040000CE1与CE2能互相ping通。
[~CE1] ping 10.1.1.2PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=8 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=7 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/5/8 ms
配置文件
CE1的配置文件
# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return
PE1的配置文件
# sysname PE1 # mpls lsr-id 1.1.1.9 # mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.10.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # # mpls l2vpn vpn1 encapsulation ethernet route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface GigabitEthernet1/0/0 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 4.4.4.9 as-number 200 peer 4.4.4.9 ebgp-max-hop 255 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability peer 4.4.4.9 enable # l2vpn-ad-family policy vpn-target peer 4.4.4.9 enable peer 4.4.4.9 signaling vpws # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.10.1.0 0.0.0.255 # return
ASBR1的配置文件
# sysname ASBR1 # mpls lsr-id 2.2.2.9 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.10.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.20.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 10.20.1.2 as-number 200 peer 10.20.1.2 connect-interface GigabitEthernet2/0/0 # ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy1 export peer 1.1.1.9 label-route-capability peer 10.20.1.2 enable peer 10.20.1.2 route-policy policy2 export peer 10.20.1.2 label-route-capability check-tunnel-reachable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.10.1.0 0.0.0.255 # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return
ASBR2的配置文件
# sysname ASBR2 # mpls lsr-id 3.3.3.9 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.20.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 10.30.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.0 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 peer 10.20.1.1 as-number 100 peer 10.20.1.1 connect-interface GigabitEthernet1/0/0 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy1 export peer 4.4.4.9 label-route-capability peer 10.20.1.1 enable peer 10.20.1.1 route-policy policy2 export peer 10.20.1.1 label-route-capability check-tunnel-reachable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.30.1.0 0.0.0.255 # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return
PE2的配置文件
# sysname PE2 # mpls lsr-id 4.4.4.9 # mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.30.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.0 # mpls l2vpn vnp1 encapsulation ethernet route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface GigabitEthernet2/0/0 # bgp 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 ebgp-max-hop 255 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # l2vpn-ad-family policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 signaling vpws # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 10.30.1.0 0.0.0.255 # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return
