评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置OptionB方式跨域BGP VPLS示例(ASBR兼做PE)
骨干网跨越两个AS,ASBR间通过MP-EBGP连接,且ASBR同时兼做PE。
组网需求
如图10-29,在OptionB方式的跨域BGP VPLS中,ASBR一方面作为跨域设备,传递路由;另一方面作为PE,管理VPN路由。这样可以减少PE的部署,但同时会提高对ASBR的性能要求。
配置思路
采用如下的思路配置OptionB方式跨域BGP VPLS示例
在跨域ASBR之间建立EBGP,使能L2VPN-AD地址族,触发建立Localifnet隧道。并配置普通Kompella VPLS,并与AC接口绑定。
PE与域内的ASBR建立MP-IBGP对等体关系。
数据准备
为完成此配置例,需准备如下的数据:
PE和ASBR的MPLS LSR ID。
PE上VSI的RD和VPN-Target,VSI所属的Site ID。
- PE上使能VPN-Target过滤功能,ASBR上取消使能VPN-Target过滤功能。
操作步骤
- 配置各设备接口的IP地址
# 配置CE1。
<HUAWEI> system-view[~HUAWEI] sysname CE1
[*HUAWEI] commit
[~CE1] interface gigabitethernet 1/0/0
[*CE1-GigabitEthernet1/0/0] undo shutdown
[*CE1-GigabitEthernet1/0/0] quit
[*CE1] interface gigabitethernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit# 配置PE1。
<HUAWEI> system-view[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback1[*PE1-Loopback1] ip address 1.1.1.1 32[*PE1-Loopback1] quit[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] undo shutdown
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] undo shutdown
[*PE1-GigabitEthernet2/0/0] ip address 10.10.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置ASBR1。
<HUAWEI> system-view[~HUAWEI] sysname ASBR1
[*HUAWEI] commit
[~ASBR1] interface loopback1[*ASBR1-Loopback1] ip address 2.2.2.2 32[*ASBR1-Loopback1] quit[*ASBR1] interface gigabitethernet 1/0/0
[*ASBR1-GigabitEthernet1/0/0] undo shutdown
[*ASBR1-GigabitEthernet1/0/0] ip address 10.10.2.2 24
[*ASBR1-GigabitEthernet1/0/0] quit
[*ASBR1] interface gigabitethernet 2/0/0
[*ASBR1-GigabitEthernet2/0/0] undo shutdown
[*ASBR1-GigabitEthernet2/0/0] ip address 10.10.1.2 24
[*ASBR1-GigabitEthernet2/0/0] quit
[*ASBR1] interface gigabitethernet 2/0/0.1
[*ASBR1-GigabitEthernet2/0/0.1] quit
[*ASBR1] commit# 配置ASBR2。
<HUAWEI> system-view[~HUAWEI] sysname ASBR2
[*HUAWEI] commit
[~ASBR2] interface loopback1[*ASBR2-Loopback1] ip address 3.3.3.3 32[*ASBR2-Loopback1] quit[*ASBR2] interface gigabitethernet 1/0/0
[*ASBR2-GigabitEthernet1/0/0] undo shutdown
[*ASBR2-GigabitEthernet1/0/0] ip address 10.10.3.3 24
[*ASBR2-GigabitEthernet1/0/0] quit
[*ASBR2] interface gigabitethernet 1/0/0.1
[*ASBR2-GigabitEthernet1/0/0.1] quit
[*ASBR2] interface gigabitethernet 2/0/0
[*ASBR2-GigabitEthernet2/0/0] undo shutdown
[*ASBR2-GigabitEthernet2/0/0] ip address 10.10.2.3 24
[*ASBR2-GigabitEthernet2/0/0] quit
[*ASBR2] commit# 配置CE2。
<HUAWEI> system-view[~HUAWEI] sysname CE2
[~HUAWEI] commit
[~CE2] interface gigabitethernet 1/0/0
[*CE2-GigabitEthernet1/0/0] undo shutdown
[*CE2-GigabitEthernet1/0/0] quit
[*CE2] interface gigabitethernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit - 配置骨干网的IGP协议
# 配置PE1。
[~PE1] ospf 1[*PE1-ospf-1] bgp-ls enable[*PE1-ospf-1] area 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255[*PE1-ospf-1-area-0.0.0.0] quit[*PE1-ospf-1] quit[*PE1] commit# 配置ASBR1。
[~ASBR1] ospf 1[*ASBR1-ospf-1] bgp-ls enable[*ASBR1-ospf-1] area 0.0.0.0[*ASBR1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0[*ASBR1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255[*ASBR1-ospf-1-area-0.0.0.0] network 10.10.2.0 0.0.0.255[*ASBR1-ospf-1-area-0.0.0.0] quit[*ASBR1-ospf-1] quit[*ASBR1] commit# 配置ASBR2。
[~ASBR2] ospf 1[*ASBR2-ospf-1] bgp-ls enable[*ASBR2-ospf-1] area 0.0.0.0[*ASBR2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0[*ASBR2-ospf-1-area-0.0.0.0] network 10.10.2.0 0.0.0.255[*ASBR2-ospf-1-area-0.0.0.0] network 10.10.3.0 0.0.0.255[*ASBR2-ospf-1-area-0.0.0.0] quit[*ASBR2-ospf-1] quit[*ASBR2] commit - 使能MPLS,建立LSP隧道
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.1[*PE1] mpls[*PE1-mpls] quit[*PE1] mpls ldp[*PE1-mpls-ldp] quit[*PE1] commit# 配置ASBR1。
[~ASBR1] mpls lsr-id 2.2.2.2[*ASBR1] mpls[*ASBR1-mpls] quit[*ASBR1] mpls ldp[*ASBR1-mpls-ldp] quit[*ASBR1] interface gigabitethernet 2/0/0
[*ASBR1-GigabitEthernet2/0/0] mpls
[*ASBR1-GigabitEthernet2/0/0] mpls ldp
[*ASBR1-GigabitEthernet2/0/0] quit
[*ASBR1] commit# 配置ASBR2。
[~ASBR2] mpls lsr-id 3.3.3.3[*ASBR2] mpls[*ASBR2-mpls] quit[*ASBR2] mpls ldp[*ASBR2-mpls-ldp] quit[*ASBR2] interface gigabitethernet 2/0/0
[*ASBR2-GigabitEthernet2/0/0] mpls
[*ASBR2-GigabitEthernet2/0/0] quit
[*ASBR2] interface gigabitethernet 1/0/0
[*ASBR2-GigabitEthernet1/0/0] mpls
[*ASBR2-GigabitEthernet1/0/0] quit
[*ASBR2] commit - 配置域内的MP-IBGP连接
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 2.2.2.2 as-number 100[*PE1-bgp] peer 2.2.2.2 connect-interface loopback 1[*PE1-bgp] l2vpn-ad-family[*PE1-bgp-af-l2vpn-ad] policy vpn-target[*PE1-bgp-af-l2vpn-ad] tunnel-selector s1[*PE1-bgp-af-l2vpn-ad] signaling vpls[*PE1-bgp-af-l2vpn-ad] peer 2.2.2.2 enableWarning: This operation will reset the peer session. Continue? [Y/N]:y
[*PE1-bgp-af-l2vpn-ad] quit[*PE1-bgp] quit[*PE1] commit# 配置ASBR1。
[~ASBR1] bgp 100[*ASBR1-bgp] peer 1.1.1.1 as-number 100[*ASBR1-bgp] peer 1.1.1.1 connect-interface loopback 1[*ASBR1-bgp] peer 10.10.2.3 as-number 200[*ASBR1-bgp] peer 10.10.2.3 connect-interface gigabitethernet 1/0/0
[*ASBR1-bgp] l2vpn-ad-family[*ASBR1-bgp-af-l2vpn-ad] undo policy vpn-target[*ASBR1-bgp-af-l2vpn-ad] tunnel-selector s1[*ASBR1-bgp-af-l2vpn-ad] signaling vpls[*ASBR1-bgp-af-l2vpn-ad] peer 1.1.1.1 enableWarning: This operation will reset the peer session. Continue? [Y/N]:y
[*ASBR1-bgp-af-l2vpn-ad] peer 10.10.2.3 enableWarning: This operation will reset the peer session. Continue? [Y/N]:y
[*ASBR1-bgp-af-l2vpn-ad] quit[*ASBR1-bgp] quit[*ASBR1] commit# 配置ASBR2。
[~ASBR2] bgp 200[*ASBR2-bgp] peer 10.10.2.2 as-number 200[*ASBR2-bgp] peer 10.10.2.2 connect-interface gigabitethernet 1/0/0
[*ASBR2-bgp] l2vpn-ad-family[*ASBR2-bgp-af-l2vpn-ad] undo policy vpn-target[*ASBR2-bgp-af-l2vpn-ad] tunnel-selector s1[*ASBR2-bgp-af-l2vpn-ad] signaling vpls[*ASBR2-bgp-af-l2vpn-ad] peer 10.10.2.2 enableWarning: This operation will reset the peer session. Continue? [Y/N]:y
[*ASBR2-bgp-af-l2vpn-ad] quit[*ASBR2-bgp] quit[*ASBR2] commit完成此步骤后,在PE或ASBR上执行display bgp l2vpn-ad peer命令,可看到MP-IBGP对等体连接状态为“Established”。
以PE1的显示为例:
[~PE1] display bgp l2vpn-ad peerBGP local router ID : 3.3.3.3 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.4 4 200 8 8 0 00:02:32 Established 1 10.10.2.2 4 100 189 187 0 02:39:53 Established 1
- 配置BGP方式VPLS
# 配置PE1。
[~PE1] mpls l2vpn[*PE1-l2vpn] quit[*PE1-tunnel-policy-p1] tunnel-policy p1[*PE1-tunnel-policy-p1] tunnel select-seq bgp ldp load-balance-number 1[*PE1-tunnel-policy-p1] tunnel-selector s1 permit node 10[*PE1-tunnel-selector] apply tunnel-policy p1[*PE1-tunnel-selector] quit[*PE1] vsi v1[*PE1-vsi-v1] pwsignal bgp[*PE1-vsi-v1-bgp] route-distinguisher 10.10.1.1:1[*PE1-vsi-v1-bgp] vpn-target 100:1 import-extcommunity[*PE1-vsi-v1-bgp] vpn-target 100:1 export-extcommunity[*PE1-vsi-v1-bgp] site 1 range 10 default-offset 0[*PE1-vsi-v1-bgp] mpls ldp[*PE1-mpls-ldp] ipv4-family[*PE1-mpls-ldp-ipv4] quit[*PE1-mpls-ldp] quit[*PE1] interface gigabitethernet1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] shutdown
[*PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1
[*PE1-GigabitEthernet1/0/0.1] undo shutdown
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] commit# 配置ASBR1。
[~ASBR1] mpls l2vpn[*ASBR1-l2vpn] quit[*ASBR1-tunnel-policy-p1] tunnel-policy p1[*ASBR1-tunnel-policy-p1] tunnel select-seq ldp bgp load-balance-number 1[*ASBR1-tunnel-policy-p1] tunnel-selector s1 permit node 10[*ASBR1-tunnel-selector] apply tunnel-policy p1[*ASBR1-tunnel-selector] quit[*ASBR1] commit# 配置ASBR2。
[~ASBR2] mpls l2vpn[*ASBR2-l2vpn] quit[*ASBR2-tunnel-policy-p1] tunnel-policy p1[*ASBR2-tunnel-policy-p1] tunnel select-seq ldp bgp load-balance-number 1[*ASBR2-tunnel-policy-p1] tunnel-selector s1 permit node 10[*ASBR2-tunnel-selector] apply tunnel-policy p1[*ASBR2-tunnel-selector] quit[*ASBR2] vsi v1[*ASBR2-vsi-v1] pwsignal bgp[*ASBR2-vsi-v1-bgp] route-distinguisher 10.10.3.3:1[*ASBR2-vsi-v1-bgp] vpn-target 100:1 import-extcommunity[*ASBR2-vsi-v1-bgp] vpn-target 100:1 export-extcommunity[*ASBR2-vsi-v1-bgp] site 2 range 10 default-offset 0[*ASBR2-vsi-v1-bgp] mpls ldp[*ASBR2-mpls-ldp] ipv4-family[*ASBR2-mpls-ldp-ipv4] quit[*ASBR2-mpls-ldp] quit[*ASBR2] interface gigabitethernet1/0/0.1
[*ASBR2-GigabitEthernet1/0/0.1] shutdown
[*ASBR2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*ASBR2-GigabitEthernet1/0/0.1] l2 binding vsi v1
[*ASBR2-GigabitEthernet1/0/0.1] undo shutdown
[*ASBR2-GigabitEthernet1/0/0.1] quit
[*ASBR2] commit - 配置CE允许VLAN 10的报文通过
# 配置CE1。
[~CE1] interface gigabitethernet1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit# 配置CE2。
[~CE2] interface gigabitethernet1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit - 检验配置结果
在PE上执行display vpls connection bgp verbose命令查看VSI信息,可发现VSI状态为Up。
以PE1的显示为例:
[~PE1] display vpls connection bgp verboseVSI Name: v1 Signaling: bgp **Remote Site ID : 2 VC State : up RD : 10.10.3.4:1 Encapsulation : bgp vpls MTU : 1500 Peer Ip Address : 2.2.2.2 PW Type : label Local VC Label : 368642 Remote VC Label : 368649 Tunnel Policy : -- Tunnel ID : 0x0000000001004c4b42 Remote Label Block : 368648/8/0 Export vpn target : 100:1CE1与CE2可以相互ping通。
[~CE1] ping 10.1.1.2PING 10.10.1.2: 56 data bytes, press CTRL_C to break Reply from 10.10.1.2: bytes=56 Sequence=1 ttl=255 time=149 ms Reply from 10.10.1.2: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.10.1.2: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.10.1.2: bytes=56 Sequence=4 ttl=255 time=4 ms Reply from 10.10.1.2: bytes=56 Sequence=5 ttl=255 time=4 ms --- 10.10.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/33/149 ms在PE或ASBR上执行命令display vsi name v1 verbose,可以查看指定VSI的VPLS实例信息。以PE1的显示为例:
[~PE1] display vsi name v1 verbose***VSI Name : v1 Work Mode : normal Administrator VSI : no Isolate Spoken : disable VSI Index : 1 PW Signaling : bgp Member Discovery Style : -- Bridge-domain Mode : disable PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode : uniform Service Class : -- Color : -- DomainId : 255 Domain Name : Ignore AcState : disable P2P VSI : disable Multicast Fast Switch : disable Create Time : 0 days, 9 hours, 8 minutes, 35 seconds VSI State : up Resource Status : -- BGP RD : 10.10.1.1:1 SiteID/Range/Offset : 1/10/0 Import vpn target : 100:1 Export vpn target : 100:1 Remote Label Block : 368648/8/0 Local Label Block : 0/368640/8/0 Interface Name : GigabitEthernet2/0/0.1 State : up Ac Block State : unblocked Access Port : false Last Up Time : 2019/08/26 03:56:35 Total Up Time : 0 days, 8 hours, 51 minutes, 8 seconds Interface Name : GigabitEthernet1/0/0.1 State : up Ac Block State : unblocked Access Port : false Last Up Time : 2019/08/26 12:07:53 Total Up Time : 0 days, 0 hours, 39 minutes, 50 seconds **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 368642 Remote VC Label : 368649 Remote Control Word : disable Negotiated Control Word: disable PW Type : label Tunnel ID : 0x0000000001004c4b42 Broadcast Tunnel ID : -- Broad BackupTunnel ID : -- Ckey : 1 Nkey : 16777327 Main PW Token : 0x0 Slave PW Token : 0x0 Tnl Type : ldp OutInterface : -- Backup OutInterface : -- Stp Enable : 0 Mac Flapping : 0 Monitor Group Name : -- PW Last Up Time : 2019/08/26 06:06:19 PW Total Up Time : 0 days, 6 hours, 41 minutes, 25 seconds任务示例
配置文件
CE1的配置文件
# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return
PE1的配置文件
# sysname name PE1 # router id 1.1.1.1 # tunnel-selector s1 permit node 10 apply tunnel-policy p1 # mpls lsr-id 1.1.1.1 # mpls # mpls l2vpn # vsi v1 pwsignal bgp route-distinguisher 10.10.1.1:1 vpn-target 100:1 import-extcommunity vpn-target 100:1 export-extcommunity site 1 range 10 default-offset 0 # mpls ldp # ipv4-family # interface GigabitEthernet2/0/0 undo shutdown ip address 10.10.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # l2vpn-ad-family policy vpn-target tunnel-selector s1 signaling vpls peer 2.2.2.2 enable # ospf 1 bgp-ls enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.10.1.0 0.0.0.255 # route-policy p1 permit node 10 apply mpls-label # tunnel-policy p1 tunnel select-seq bgp ldp load-balance-number 1 # returnASBR1的配置文件
# sysname name ASBR1 # router id 2.2.2.2 # tunnel-selector s1 permit node 10 # mpls lsr-id 2.2.2.2 # mpls # mpls l2vpn # mpls ldp # ipv4-family # interface GigabitEthernet1/0/0 undo shutdown ip address 10.10.2.2 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown ip address 10.10.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 10.10.2.3 as-number 200 peer 10.10.2.3 connect-interface GigabitEthernet1/0/0 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 10.10.2.3 enable # l2vpn-ad-family undo policy vpn-target tunnel-selector s1 signaling vpls peer 1.1.1.1 enable peer 10.10.2.3 enable # ospf 1 bgp-ls enable area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.10.1.0 0.0.0.255 network 10.10.2.0 0.0.0.255 # tunnel-policy p1 tunnel select-seq ldp bgp load-balance-number 1 # return
ASBR2的配置文件
# sysname name ASBR2 # router id 3.3.3.3 # tunnel-selector s1 permit node 10 # mpls lsr-id 3.3.3.3 # mpls # mpls l2vpn # vsi v1 pwsignal bgp route-distinguisher 10.10.3.3:1 vpn-target 100:1 import-extcommunity vpn-target 100:1 export-extcommunity site 2 range 10 default-offset 0 # mpls ldp # ipv4-family # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi 2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.10.3.3 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown ip address 10.10.2.3 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 200 peer 10.10.2.2 as-number 100 peer 10.10.2.2 connect-interface Ethernet1/0/0 # l2vpn-ad-family undo policy vpn-target tunnel-selector s1 signaling vpls peer 10.10.2.2 enable # ospf 1 bgp-ls enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.10.2.0 0.0.0.255 network 10.10.3.0 0.0.0.255 # tunnel-policy p1 tunnel select-seq ldp bgp load-balance-number 1 # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return
