评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置静态PW FRR保护示例
在静态PW FRR场景中,PW为静态多段,通过动态BFD检测PW状态,实现当主用PW故障时流量切换到备份PW的功能。
组网需求
如图9-35所示,公网的四台设备之间部署了动态双向关联LSP隧道。要求CE1和CE2通过公网的四台设备互通,并保证可靠性。
为保证可靠性,PE1和PE2之间通过主备PW保证业务不中断。对于同源同宿的主备PW和动态双向关联LSP隧道,可以部署静态PW FRR保护。由于四台设备在不同的IGP域内,因此需要部署多段PW。
配置思路
采用如下的思路配置静态PW FRR保护:
配置各接口的IP地址和路由协议
配置MPLS和公网隧道
配置PW保护组,本示例配置多段静态PW,具体包括:
配置VPN隧道绑定
配置静态PW:在PE1和PE2上配置主备静态PW,SPE1和SPE2上配置纯静态交换PW
配置BFD检测PW状态
配置回切策略
数据准备
为完成此配置例,需准备如下的数据:
CE1、CE2、PE1、PE2、SPE1和SPE2接口编号、接口IP地址,详见图9-35。
- PE1、PE2、SPE1和SPE2的OSPF进程号1。
PE1、PE2、SPE1和SPE2的LSR ID。
L2VC本地和远端的IP地址、VC ID、VC Type。
操作步骤
- 配置各接口的IP地址,具体配置过程请参考配置文件。
- 在PE、SPE上配置路由协议,具体配置过程请参考配置文件。
- 配置MPLS和公网隧道
- 配置静态多段PW保护组
- 配置静态PW
在配置静态PW FRR场景下,需要配置主备PW的双收功能,如果不配置,在切换后可能会出现长时间丢包,甚至断流。
# 在PE1上配置主备静态PW。
[~PE1] mpls l2vpn[*PE1-l2vpn] quit[*PE1] interface GigabitEthernet1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1
[*PE1-GigabitEthernet1/0/0.1] mpls static-l2vc destination 6.6.6.6 1 transmit-vpn-label 1001 receive-vpn-label 1001 tunnel-policy bind control-word
[*PE1-GigabitEthernet1/0/0.1] mpls static-l2vc destination 2.2.2.2 3 transmit-vpn-label 1003 receive-vpn-label 1003 tunnel-policy bind control-word secondary
[*PE1-GigabitEthernet1/0/0.1] mpls l2vpn stream-dual-receiving
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] commit# 在PE2上配置主备静态PW。
[~PE2] mpls l2vpn[*PE2-l2vpn] quit[*PE2] interface GigabitEthernet1/0/2.1
[*PE2-GigabitEthernet1/0/2.1] vlan-type dot1q 1
[*PE2-GigabitEthernet1/0/2.1] mpls static-l2vc destination 6.6.6.6 2 transmit-vpn-label 1002 receive-vpn-label 1002 tunnel-policy bind control-word
[*PE2-GigabitEthernet1/0/2.1] mpls static-l2vc destination 2.2.2.2 4 transmit-vpn-label 1004 receive-vpn-label 1004 tunnel-policy bind control-word secondary
[*PE2-GigabitEthernet1/0/2.1] mpls l2vpn stream-dual-receiving
[*PE2-GigabitEthernet1/0/2.1] quit
[*PE2] commit# 在SPE1上配置纯静态交换PW。
[~SPE1] mpls l2vpn[*SPE1-l2vpn] quit[*SPE1] mpls switch-l2vc 3.3.3.3 1 trans 1001 recv 1001 tunnel-policy bind between 5.5.5.5 2 trans 1002 recv 1002 tunnel-policy bind encapsulation vlan control-word[*SPE1] commit# 在SPE2上配置纯静态交换PW。
[~SPE2] mpls l2vpn[*SPE2-l2vpn] quit[*SPE2] mpls switch-l2vc 3.3.3.3 3 trans 1003 recv 1003 tunnel-policy bind between 5.5.5.5 4 trans 1004 recv 1004 tunnel-policy bind encapsulation vlan control-word[*SPE2] commit
- 配置静态PW
- 配置动态BFD会话检测主备PW
# 配置PE1。
[~PE1] bfd[*PE1-bfd] quit[*PE1] interface GigabitEthernet1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd remote-vcid 2
[*PE1-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd remote-vcid 4 secondary
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] commit# 配置PE2。
[~PE2] bfd[*PE2-bfd] quit[*PE2] interface GigabitEthernet1/0/2.1
[*PE2-GigabitEthernet1/0/2.1] mpls l2vpn pw bfd remote-vcid 1
[*PE2-GigabitEthernet1/0/2.1] mpls l2vpn pw bfd remote-vcid 3 secondary
[*PE2-GigabitEthernet1/0/2.1] quit
[*PE2] commit - 配置回切策略
# 配置PE1。
[~PE1] interface GigabitEthernet1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] mpls l2vpn reroute delay 40
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] commit# 配置PE2。
[~PE2] interface GigabitEthernet1/0/2.1
[*PE2-GigabitEthernet1/0/2.1] mpls l2vpn reroute delay 40
[*PE2-GigabitEthernet1/0/2.1] quit
[*PE2] commit - 检查配置结果
配置完成后,各设备上的PW状态均为up。以PE1的显示为例:
[~PE1] display mpls static-l2vc interface gigabitethernet1/0/0.1
*Client Interface : GigabitEthernet1/0/0.1 is up AC Status : up VC State : up VC ID : 1 VC Type : VLAN Destination : 6.6.6.6 Transmit VC Label : 1001 Receive VC Label : 1001 Label Status : 0 Token Status : 0 Control Word : Enable VCCV Capabilty : cw alert ttl lsp-ping bfd active state : active OAM Protocol : -- OAM Status : -- OAM Fault Type : -- PW APS ID : -- PW APS Status : -- TTL Value : 1 Link State : up Tunnel Policy : bind PW Template Name : -- Main or Secondary : Main load balance type : flow Access-port : false VC tunnel info : 1 tunnels NO.0 TNL Type : te , TNL ID : 0x000000000300000001 Create time : 0 days, 0 hours, 41 minutes, 49 seconds UP time : 0 days, 0 hours, 40 minutes, 12 seconds Last change time : 0 days, 0 hours, 40 minutes, 12 seconds VC last up time : 2015/08/04 07:35:02 VC total up time : 0 days, 0 hours, 40 minutes, 12 seconds CKey : 1 NKey : 3506438260 Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 10 Min Receive Interval : 10 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : -- BFD state : up *Client Interface : GigabitEthernet1/0/0.1 is up AC Status : up VC State : up VC ID : 3 VC Type : VLAN Destination : 2.2.2.2 Transmit VC Label : 1003 Receive VC Label : 1003 Label Status : 0 Token Status : 0 Control Word : Enable VCCV Capabilty : cw alert ttl lsp-ping bfd active state : inactive OAM Protocol : -- OAM Status : -- OAM Fault Type : -- PW APS ID : -- PW APS Status : -- TTL Value : 1 Link State : up Tunnel Policy : bind PW Template Name : -- Main or Secondary : Secondary load balance type : flow Access-port : false VC tunnel info : 1 tunnels NO.0 TNL Type : te , TNL ID : 0x000000000300000002 Create time : 0 days, 0 hours, 41 minutes, 49 seconds UP time : 0 days, 0 hours, 40 minutes, 31 seconds Last change time : 0 days, 0 hours, 40 minutes, 31 seconds VC last up time : 2015/08/04 07:34:43 VC total up time : 0 days, 0 hours, 40 minutes, 31 seconds CKey : 2 NKey : 3506438259 Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 10 Min Receive Interval : 10 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : -- BFD state : up Reroute policy : delay 40 seconds Reason of last reroute: -- Time of last reroute : -- days, -- hours, -- minutes, -- seconds Delay timer ID : -- Residual time :--
CE1能够Ping通CE2。以CE1的显示为例:
[~CE1] ping 192.168.1.2PING 192.168.1.2: 56 data bytes, press CTRL_C to break Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=55 ms Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 192.168.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/55 ms
配置文件
CE1的配置文件
# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 ip address 192.168.1.1 255.255.255.0 # return
PE1的配置文件
# sysname PE1 # bfd # mpls lsr-id 3.3.3.3 # mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls te cspf # mpls l2vpn # explicit-path PE1toSPE1 next hop 10.1.2.2 next hop 6.6.6.6 # explicit-path PE1toSPE2 next hop 10.1.3.2 next hop 2.2.2.2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 mpls static-l2vc destination 6.6.6.6 1 transmit-vpn-label 1001 receive-vpn-label 1001 tunnel-policy bind control-word mpls l2vpn pw bfd remote-vcid 2 mpls static-l2vc destination 2.2.2.2 3 transmit-vpn-label 1003 receive-vpn-label 1003 tunnel-policy bind control-word secondary mpls l2vpn pw bfd remote-vcid 4 secondary mpls l2vpn reroute delay 40 mpls l2vpn stream-dual-receiving # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.3.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Tunnel11 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 6.6.6.6 mpls te reserved-for-binding mpls te tunnel-id 1 mpls te path explicit-path PE1toSPE1 # interface Tunnel13 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 2.2.2.2 mpls te reserved-for-binding mpls te tunnel-id 3 mpls te path explicit-path PE1toSPE2 # ospf 1 opaque-capability enable graceful-restart area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255 mpls-te enable # tunnel-policy bind tunnel binding destination 2.2.2.2 te Tunnel13 tunnel binding destination 6.6.6.6 te Tunnel11 # return
SPE1的配置文件
# sysname SPE1 # mpls lsr-id 6.6.6.6 # mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls te cspf # mpls l2vpn # mpls switch-l2vc 3.3.3.3 1 trans 1001 recv 1001 tunnel-policy bind between 5.5.5.5 2 trans 1002 recv 1002 tunnel-policy bind encapsulation vlan control-word # explicit-path SPE1toPE1 next hop 10.1.2.1 next hop 3.3.3.3 # explicit-path SPE1toPE2 next hop 10.1.4.1 next hop 5.5.5.5 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.4.2 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.2 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 # interface Tunnel11 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 3.3.3.3 mpls te reserved-for-binding mpls te tunnel-id 1 mpls te path explicit-path SPE1toPE1 # interface Tunnel12 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 5.5.5.5 mpls te reserved-for-binding mpls te tunnel-id 2 mpls te path explicit-path SPE1toPE2 # ospf 1 opaque-capability enable graceful-restart area 0.0.0.0 network 6.6.6.6 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.4.0 0.0.0.255 mpls-te enable # tunnel-policy bind tunnel binding destination 3.3.3.3 te Tunnel11 tunnel binding destination 5.5.5.5 te Tunnel12 # return
SPE2的配置文件
# sysname SPE2 # mpls lsr-id 2.2.2.2 # mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls te cspf # mpls l2vpn # mpls switch-l2vc 3.3.3.3 3 trans 1003 recv 1003 tunnel-policy bind between 5.5.5.5 4 trans 1004 recv 1004 tunnel-policy bind encapsulation vlan control-word # explicit-path SPE2toPE1 next hop 10.1.3.1 next hop 3.3.3.3 # explicit-path SPE2toPE2 next hop 10.1.5.2 next hop 5.5.5.5 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.3.2 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.5.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface Tunnel13 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 3.3.3.3 mpls te reserved-for-binding mpls te tunnel-id 3 mpls te path explicit-path SPE2toPE1 # interface Tunnel14 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 5.5.5.5 mpls te reserved-for-binding mpls te tunnel-id 4 mpls te path explicit-path SPE2toPE2 # ospf 1 opaque-capability enable graceful-restart area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.1.5.0 0.0.0.255 mpls-te enable # tunnel-policy bind tunnel binding destination 3.3.3.3 te Tunnel13 tunnel binding destination 5.5.5.5 te Tunnel14 # return
PE2的配置文件
# sysname PE2 # bfd # mpls lsr-id 5.5.5.5 # mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls te cspf # mpls l2vpn # explicit-path PE2toSPE1 next hop 10.1.4.2 next hop 6.6.6.6 # explicit-path PE2toSPE2 next hop 10.1.5.1 next hop 2.2.2.2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.4.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.5.2 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/2.1 vlan-type dot1q 1 mpls static-l2vc destination 6.6.6.6 2 transmit-vpn-label 1002 receive-vpn-label 1002 tunnel-policy bind control-word mpls l2vpn pw bfd remote-vcid 1 mpls static-l2vc destination 2.2.2.2 4 transmit-vpn-label 1004 receive-vpn-label 1004 tunnel-policy bind control-word secondary mpls l2vpn pw bfd remote-vcid 3 secondary mpls l2vpn reroute delay 40 mpls l2vpn stream-dual-receiving # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # interface Tunnel12 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 6.6.6.6 mpls te reserved-for-binding mpls te tunnel-id 2 mpls te path explicit-path PE2toSPE1 # interface Tunnel14 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 2.2.2.2 mpls te reserved-for-binding mpls te tunnel-id 4 mpls te path explicit-path PE2toSPE2 # ospf 1 opaque-capability enable graceful-restart area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 10.1.4.0 0.0.0.255 network 10.1.5.0 0.0.0.255 mpls-te enable # tunnel-policy bind tunnel binding destination 2.2.2.2 te Tunnel14 tunnel binding destination 6.6.6.6 te Tunnel12 # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 ip address 192.168.1.2 255.255.255.0 # return
