评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置BFD检测VPN静态路由示例
在CE双归属网络中,CE上的静态路由可以绑定BFD会话,静态路由能够通过跟踪BFD会话状态感知链路故障并刷新路由,实现VPN流量的快速收敛。
组网需求
如图7-59所示,CE1、CE2属于VPNA,在CE1上配置两条默认路由,下一跳分别为PE1和PE2,两条链路形成负载分担。在PE1和PE2上分别配置绑定VPNA的静态路由,并将该静态路由引入BGP。
在PE1和CE1、PE2和CE1之间配置BFD会话。在PE1和PE2上配置BFD检测VPN静态路由。正常情况下,CE1到公网的流量可以通过PE1、PE2转发,形成流量的负载分担,如果CE1与PE1(或PE2)之间的链路故障,静态路由能够通过跟踪BFD会话状态感知链路故障,然后CE1刷新路由,此时流量通过另一条链路转发。
配置思路
采用如下思路配置BFD检测VPN静态路由:
PE之间配置OSPF,实现PE之间的互通。
在PE之间建立MPLS LSP。
PE上配置VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
PE之间配置MP-IBGP交换VPN路由信息。
在CE1上配置两条默认路由,下一跳分别是PE1和PE2,使得PE1和PE2负载分担VPN数据流。
在PE1和PE2上配置绑定VPNA的静态路由,并将路由导入BGP。
在PE3和CE2之间配置MP-EBGP。
在PE1和CE1之间、PE2和CE1之间配置标识符自协商的静态BFD会话
在PE1和PE2上配置BFD检测VPN静态路由。
操作步骤
- 在MPLS骨干网上配置IGP协议,实现骨干网的互通
# 配置PE1。
<HUAWEI> system-view [~HUAWEI] sysname PE1 [*HUAWEI] commit [~PE1] interface loopback 1 [*PE1-LoopBack1] ip address 2.2.2.2 32 [*PE1-LoopBack1] commit [*PE1-LoopBack1] quit [*PE1] interface gigabitethernet 1/0/0 [*PE1-GigabitEthernet1/0/0] ip address 11.11.11.1 24 [*PE1-GigabitEthernet1/0/0] commit [*PE1-GigabitEthernet1/0/0] quit [*PE1] interface gigabitethernet 2/0/0 [*PE1-GigabitEthernet2/0/0] ip address 33.33.33.1 24 [*PE1-GigabitEthernet2/0/0] commit [*PE1-GigabitEthernet2/0/0] quit [*PE1] ospf [*PE1-ospf-1] area 0 [*PE1-ospf-1-area-0.0.0.0] network 11.11.11.0 0.0.0.255 [*PE1-ospf-1-area-0.0.0.0] network 33.33.33.0 0.0.0.255 [*PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [*PE1-ospf-1-area-0.0.0.0] commit [~PE1-ospf-1-area-0.0.0.0] quit [~PE1-ospf-1] quit
配置PE2。
<HUAWEI> system-view [~HUAWEI] sysname PE2 [*HUAWEI] commit [~PE2] interface loopback 1 [*PE2-LoopBack1] ip address 3.3.3.3 32 [*PE2-LoopBack1] commit [*PE2-LoopBack1] quit [*PE2] interface gigabitethernet 1/0/0 [*PE2-GigabitEthernet1/0/0] ip address 22.22.22.1 24 [*PE2-GigabitEthernet1/0/0] commit [*PE2-GigabitEthernet1/0/0] quit [*PE2] interface gigabitethernet 2/0/0 [*PE2-GigabitEthernet2/0/0] ip address 33.33.33.2 24 [*PE2-GigabitEthernet2/0/0] commit [*PE2-GigabitEthernet2/0/0] quit [*PE2] ospf [*PE2-ospf-1] area 0 [*PE2-ospf-1-area-0.0.0.0] network 22.22.22.0 0.0.0.255 [*PE2-ospf-1-area-0.0.0.0] network 33.33.33.0 0.0.0.255 [*PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [*PE2-ospf-1-area-0.0.0.0] commit [~PE2-ospf-1-area-0.0.0.0] quit [~PE2-ospf-1] quit
配置PE3。<HUAWEI> system-view [~HUAWEI] sysname PE3 [*HUAWEI] commit [~PE3] interface loopback 1 [*PE3-LoopBack1] ip address 4.4.4.4 32 [*PE3-LoopBack1] [*PE3-LoopBack1] quit [*PE3-LoopBack1] quit [*PE3] interface gigabitethernet 1/0/0 [*PE3-GigabitEthernet1/0/0] ip address 11.11.11.2 24 [*PE3-GigabitEthernet1/0/0] commit [*PE3-GigabitEthernet1/0/0] quit [*PE3] interface gigabitethernet 2/0/0 [*PE3-GigabitEthernet2/0/0] ip address 22.22.22.2 24 [*PE3-GigabitEthernet2/0/0] commit [*PE3-GigabitEthernet2/0/0] quit [*PE3] ospf [*PE3-ospf-1] area 0 [*PE3-ospf-1-area-0.0.0.0] network 11.11.11.0 0.0.0.255 [*PE3-ospf-1-area-0.0.0.0] network 22.22.22.0 0.0.0.255 [*PE3-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [*PE3-ospf-1-area-0.0.0.0] commit [~PE3-ospf-1-area-0.0.0.0] quit [~PE3-ospf-1] quit
配置完成后,PE1、PE2、PE3之间应能建立OSPF邻居关系,执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
<PE1> display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: _public_ Destinations : 14 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack1 3.3.3.3/32 OSPF 10 2 D 33.33.33.2 GigabitEthernet2/0/0 4.4.4.4/32 OSPF 10 2 D 11.11.11.2 GigabitEthernet1/0/0 11.11.11.0/24 Direct 0 0 D 11.11.11.1 GigabitEthernet1/0/0 11.11.11.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 11.11.11.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 22.22.22.0/24 OSPF 10 2 D 11.11.11.2 GigabitEthernet1/0/0 OSPF 10 2 D 33.33.33.2 GigabitEthernet2/0/0 33.33.33.0/24 Direct 0 0 D 33.33.33.1 GigabitEthernet2/0/0 33.33.33.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 33.33.33.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[~PE1] mpls lsr-id 2.2.2.2 [*PE1] mpls [*PE1-mpls] quit [*PE1] mpls ldp [*PE1-mpls-ldp] quit [*PE1] interface gigabitethernet 1/0/0 [*PE1-GigabitEthernet1/0/0] mpls [*PE1-GigabitEthernet1/0/0] mpls ldp [*PE1-GigabitEthernet1/0/0] commit [*PE1-GigabitEthernet1/0/0] quit [*PE1] interface gigabitethernet2/0/0 [*PE1-GigabitEthernet2/0/0] mpls [*PE1-GigabitEthernet2/0/0] mpls ldp [*PE1-GigabitEthernet2/0/0] commit [~PE1-GigabitEthernet2/0/0] quit
# 配置PE2。
[~PE2] mpls lsr-id 3.3.3.3 [*PE2] mpls [*PE2-mpls] quit [*PE2] mpls ldp [*PE2-mpls-ldp] quit [*PE2] interface gigabitethernet 1/0/0 [*PE2-GigabitEthernet1/0/0] mpls [*PE2-GigabitEthernet1/0/0] mpls ldp [*PE2-GigabitEthernet1/0/0] commit [*PE2-GigabitEthernet1/0/0] quit [*PE2] interface gigabitethernet 2/0/0 [*PE2-GigabitEthernet2/0/0] mpls [*PE2-GigabitEthernet2/0/0] mpls ldp [*PE2-GigabitEthernet2/0/00] commit [~PE2-GigabitEthernet2/0/0] quit
配置PE3。
[~PE3] mpls lsr-id 4.4.4.4 [*PE3] mpls [*PE3-mpls] quit [*PE3] mpls ldp [*PE3-mpls-ldp] quit [*PE3] interface gigabitethernet 1/0/0 [*PE3-GigabitEthernet1/0/0] mpls [*PE3-GigabitEthernet1/0/0] mpls ldp [*PE3-GigabitEthernet1/0/0] commit [*PE3-GigabitEthernet1/0/0] quit [*PE3] interface gigabitethernet 2/0/0 [*PE3-GigabitEthernet2/0/0] mpls [*PE3-GigabitEthernet2/0/0] mpls ldp [*PE3-GigabitEthernet2/0/0] commit [~PE3-GigabitEthernet2/0/0] quit
上述配置完成后,PE1之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。
以PE1的显示为例:
<PE1> display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM) An asterisk (*) before a session means the session is being deleted. ------------------------------------------------------------------------------ Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------------ 3.3.3.3:0 Operational DU Passive 000:02:22 572/572 4.4.4.4:0 Operational DU Passive 000:02:21 566/566 ------------------------------------------------------------------------------ TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM - 在PE设备上配置VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance VPNA [*PE1-vpn-instance-VPNA] ipv4-family [*PE1-vpn-instance-VPNA-af-ipv4] route-distinguisher 100:1 [*PE1-vpn-instance-VPNA-af-ipv4] vpn-target 111:1 both [*PE1-vpn-instance-VPNA-af-ipv4] quit [*PE1-vpn-instance-VPNA] quit [*PE1] interface gigabitethernet 3/0/0 [*PE1-GigabitEthernet3/0/0] ip binding vpn-instance VPNA [*PE1-GigabitEthernet3/0/0] ip address 10.1.1.2 24 [*PE1-GigabitEthernet3/0/0] commit [~PE1-GigabitEthernet3/0/0] quit
# 配置PE2。
[~PE2] ip vpn-instance VPNA [*PE2-vpn-instance-VPNA] ipv4-family [*PE2-vpn-instance-VPNA-af-ipv4] route-distinguisher 100:2 [*PE2-vpn-instance-VPNA-af-ipv4] vpn-target 111:1 both [*PE2-vpn-instance-VPNA-af-ipv4] quit [*PE2-vpn-instance-VPNA] quit [*PE2] interface gigabitethernet 3/0/0 [*PE2-GigabitEthernet3/0/0] ip binding vpn-instance VPNA [*PE2-GigabitEthernet3/0/0] ip address 10.2.1.2 24 [*PE2-GigabitEthernet3/0/0] commit [~PE2-GigabitEthernet3/0/0] quit
# 配置PE3。
[~PE3] ip vpn-instance VPNA [*PE3-vpn-instance-VPNA] ipv4-family [*PE3-vpn-instance-VPNA-af-ipv4] route-distinguisher 100:3 [*PE3-vpn-instance-VPNA-af-ipv4] vpn-target 111:1 both [*PE3-vpn-instance-VPNA-af-ipv4] quit [*PE3-vpn-instance-VPNA] quit [*PE3] interface gigabitethernet 3/0/0 [*PE3-GigabitEthernet3/0/0] ip binding vpn-instance VPNA [*PE3-GigabitEthernet3/0/0] ip address 10.3.1.1 24 [*PE3-GigabitEthernet3/0/0] commit [~PE3-GigabitEthernet3/0/0] quit
配置CE1。
[~CE1] interface gigabitethernet 1/0/0 [~CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [*CE1-GigabitEthernet1/0/0] commit [*CE1-GigabitEthernet1/0/0] quit [*CE1] interface gigabitethernet 2/0/0 [*CE1-GigabitEthernet2/0/0] ip address 10.2.1.1 24 [~CE1-GigabitEthernet2/0/0] quit
# 配置CE2。
[~CE2] interface gigabitethernet 1/0/0 [~CE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24 [*CE2-GigabitEthernet1/0/0] commit [~CE2-GigabitEthernet1/0/0] quit
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
以PE1为例:
<PE1> display ip vpn-instance verbose Total VPN-Instances configured : 1 Total IPv4 VPN-Instances configured : 1 Total IPv6 VPN-Instances configured : 0 VPN-Instance Name and ID : VPNA, 1 Interfaces : GigabitEthernet3/0/0 Address family ipv4 Create date : 2008/09/21 12:18:46 Up time : 0 days, 02 hours, 35 minutes and 58 seconds Vrf Status : UP Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe
[~PE1] ping -vpn-instance VPNA 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=130 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/58/130 ms - 在PE1、PE2与CE1之间引入VPN路由
在CE1上建立两条静态路由,下一跳分别为PE1和PE2,两条链路形成负载分担。在PE1和PE2上为VPN实例建立静态路由,然后将该路由引入BGP。
# 配置CE1
[~CE1] load-balance packet all [*CE1] ip route-static 0.0.0.0 0 10.1.1.2 [*CE1] ip route-static 0.0.0.0 0 10.2.1.2 [*CE1] commit
# 配置PE1
[~PE1] ip route-static vpn-instance VPNA 1.1.1.1 32 10.1.1.1 [*PE1] bgp 100 [*PE1-bgp] ipv4-family vpn-instance VPNA [*PE1-bgp-VPNA] import-route direct [*PE1-bgp-VPNA] import-route static [*PE1-bgp-VPNA] commit [~PE1-bgp-VPNA] quit
# 配置PE2。
[~PE2] ip route-static vpn-instance VPNA 1.1.1.1 32 10.2.1.1 [*PE2] bgp 100 [*PE2-bgp] ipv4-family vpn-instance VPNA [*PE2-bgp-VPNA] import-route direct [*PE2-bgp-VPNA] import-route static [*PE2-bgp-VPNA] commit [*PE2-bgp-VPNA] quit
- 在PE3与CE2之间建立EBGP对等体关系,引入VPN路由
# 配置CE2。
[~CE2] bgp 65410 [*CE2-bgp] peer 10.3.1.1 as-number 100 [*CE2-bgp] import-route direct [*CE2-bgp] commit [~CE2] quit
# 配置PE3。在PE3上配置BGP负载分担的路由条数为2,以便负载分担VPN数据流。
[~PE3] bgp 100 [*PE3-bgp] ipv4-family vpn-instance VPNA [*PE3-bgp-VPNA] peer 10.3.1.2 as-number 65410 [*PE3-bgp-VPNA] import-route direct [*PE3-bgp-VPNA] maximum load-balancing 2 [*PE3-bgp-VPNA] commit [~PE3-bgp-VPNA] quit
- 在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100 [~PE1-bgp] peer 3.3.3.3 as-number 100 [*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1 [*PE1-bgp] peer 4.4.4.4 as-number 100 [*PE1-bgp] peer 4.4.4.4 connect-interface loopback 1 [*PE1-bgp] ipv4-family vpnv4 [*PE1-bgp-af-vpnv4] peer 3.3.3.3 enable [*PE1-bgp-af-vpnv4] peer 4.4.4.4 enable [*PE1-bgp-af-vpnv4] commit [~PE1-bgp-af-vpnv4] quit [~PE1-bgp] quit
# 配置PE2。
[~PE2] bgp 100 [~PE2-bgp] peer 2.2.2.2 as-number 100 [*PE2-bgp] peer 2.2.2.2 connect-interface loopback 1 [*PE2-bgp] peer 4.4.4.4 as-number 100 [*PE2-bgp] peer 4.4.4.4 connect-interface loopback 1 [*PE2-bgp] ipv4-family vpnv4 [*PE2-bgp-af-vpnv4] peer 2.2.2.2 enable [*PE2-bgp-af-vpnv4] peer 4.4.4.4 enable [*PE2-bgp-af-vpnv4] commit [~PE2-bgp-af-vpnv4] quit [~PE2-bgp] quit
# 配置PE3。
[~PE3] bgp 100 [~PE3-bgp] peer 2.2.2.2 as-number 100 [*PE3-bgp] peer 2.2.2.2 connect-interface loopback 1 [*PE3-bgp] peer 3.3.3.3 as-number 100 [*PE3-bgp] peer 3.3.3.3 connect-interface loopback 1 [*PE3-bgp] ipv4-family vpnv4 [*PE3-bgp-af-vpnv4] peer 2.2.2.2 enable [*PE3-bgp-af-vpnv4] peer 3.3.3.3 enable [*PE3-bgp-af-vpnv4] commit [~PE3-bgp-af-vpnv4] quit [~PE3-bgp] quit
配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到“Established”状态。
<PE1> display bgp vpnv4 all peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.4 4 100 205 202 0 03:05:25 Established 0 3.3.3.3 4 100 197 254 0 03:06:54 Established 0
- 配置标识符自协商的静态BFD
在CE1和PE1之间、CE1和PE2之间建立BFD会话。
# 配置PE1。
[~PE1] bfd [*PE1-bfd] quit [*PE1] bfd pe1_to_ce1 bind peer-ip 10.1.1.1 vpn-instance VPNA interface gigabitethernet 3/0/0 source-ip 10.1.1.2 auto [*PE1-bfd-session-pe1_to_ce1] commit [~PE1-bfd-session-pe1_to_ce1] quit
# 配置PE2。
[~PE2] bfd [*PE2-bfd] quit [*PE2] bfd pe2_to_ce1 bind peer-ip 10.2.1.1 vpn-instance VPNA interface gigabitethernet 3/0/0 source-ip 10.2.1.2 auto [*PE2-bfd-session-pe2_to_ce1] commit [~PE2-bfd-session-pe2_to_ce1] quit
# 配置CE1。
[~CE1] bfd [*CE1-bfd] quit [*CE1] bfd ce1_to_pe1 bind peer-ip 10.1.1.2 interface gigabitethernet 1/0/0 source-ip 10.1.1.1 auto [*CE1-bfd-session-ce1_to_pe1] commit [*CE1-bfd-session-ce1_to_pe1] quit [*CE1] bfd ce1_to_pe2 bind peer-ip 10.2.1.2 interface gigabitethernet 2/0/0 source -ip 10.2.1.1 auto [*CE1-bfd-session-ce1_to_pe2] commit [~CE1-bfd-session-ce1_to_pe2] quit
配置完成后,在PE和CE上执行display bfd session all verbose命令,可以看到建立了一个单跳(One Hop)的标识符自协商(Static_Auto)静态BFD会话,状态为“Up”。该会话的本地和远端标识符是通过自协商方式获得。以PE1和CE1为例。
# PE1上的显示。
<PE1> display bfd session all verbose
(w): State in WTR (*): State is invalid -------------------------------------------------------------------------------- (One Hop) State : Up Name : pe1_to_ce1 ------------------------------------------------------------------------------ Local Discriminator : 8192 Remote Discriminator : ce1_to_pe1 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet3/0/0) Bind Session Type : Static_Auto Bind Peer IP Address : 10.1.1.1 Bind Interface : GigabitEthernet3/0/0 FSM Board Id : 3 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): - Actual Rx Interval (ms): - Local Detect Multi : 3 Detect Interval (ms) : - Echo Passive : Disable Acl Number : - Destination Port : 3784 TTL : 254 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : - Config PST : Enable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : - Session Detect TmrID : - Session Init TmrID : - Session WTR TmrID : - Session Echo Tx TmrID : - Session Not Up Reason : In negotiation Session Description : - ------------------------------------------------------------------------------ Total UP/DOWN Session Number : 1/0
# CE1上的显示。
<CE1> display bfd session all verbose
(w): State in WTR (*): State is invalid -------------------------------------------------------------------------------- (One Hop) State : Up Name : ce1_to_pe1 -------------------------------------------------------------------------------- Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static_Auto Bind Peer IP Address : 10.1.1.2 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): - Actual Rx Interval (ms): - Local Detect Multi : 3 Detect Interval (ms) : - Echo Passive : Disable Acl Number : - Destination Port : 3784 TTL : 255 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : - Config PST : Enable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : - Session Detect TmrID : - Session Init TmrID : - Session WTR TmrID : - Session Echo Tx TmrID : - PDT Index : FSM-5020000 | RCV-0 | IF-5020000 | TOKEN-0 Session Description : - -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (One Hop) State : Up Name : ce1_to_pe2 -------------------------------------------------------------------------------- Local Discriminator : 8193 Remote Discriminator : 8193 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/0) Bind Session Type : Static_Auto Bind Peer IP Address : 10.2.1.2 Bind Interface : GigabitEthernet2/0/0 FSM Board Id : 3 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): - Actual Rx Interval (ms): - Local Detect Multi : 3 Detect Interval (ms) : - Echo Passive : Disable Acl Number : - Destination Port : 3784 TTL : 255 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : - Config PST : Enable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : - Session Detect TmrID : - Session Init TmrID : - Session WTR TmrID : - Session Echo Tx TmrID : - PDT Index : FSM-5020000 | RCV-0 | IF-5020000 | TOKEN-0 Session Description : - -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 2/0
- 在PE上配置BFD检测VPN静态路由
# 配置PE1。
[~PE1] ip route-static vpn-instance VPNA 1.1.1.1 255.255.255.255 10.1.1.1 track bfd-session pe1_to_ce1[*PE1] commit# 配置PE2。
[~PE2] ip route-static vpn-instance VPNA 1.1.1.1 255.255.255.255 10.2.1.1 track bfd-session pe2_to_ce1[*PE2] commit - 检查配置结果
# 在PE上查看VPN路由表,静态路由存在于路由表中。
<PE1> display ip routing-table vpn-instance VPNA Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: VPNA Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Static 60 0 RD 10.1.1.1 GigabitEthernet3/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet3/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 10.2.1.0/24 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.3.1.0/24 IBGP 255 0 RD 4.4.4.4 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 在CE1上测试到CE2的报文经过的网关,可以看见在第一跳时流量在PE1和PE2之间分流。
<CE1> tracert 10.3.1.2 traceroute to 10.3.1.2(10.3.1.2), max hops: 30 ,packet length: 40 1 10.1.1.2 20 ms 10.2.1.2 1 ms 10.1.1.2 40 ms 2 10.3.1.1 40 ms 30 ms 50 ms 3 10.3.1.2 80 ms 80 ms 60 ms
# 查看PE3的路由表。可以看见,到PE1(1.1.1.1)的路由有两条,下一跳分别为3.3.3.3和2.2.2.2,这两条BGP路由分担负载。
<PE3> display ip routing-table vpn-instance VPNA Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: VPNA Destinations : 7 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 IBGP 255 0 RD 2.2.2.2 GigabitEthernet1/0/0 10.1.1.0/24 IBGP 255 0 RD 2.2.2.2 GigabitEthernet1/0/0 10.2.1.0/24 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.3.1.0/24 Direct 0 0 D 10.3.1.1 GigabitEthernet3/0/0 10.3.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 10.3.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 在CE2上测试到CE1的流量,可以看见,流量在出PE3时分流。
[~CE2] tracert 1.1.1.1 traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40 1 10.3.1.1 9 ms 2 ms 2 ms 2 10.2.1.2 < AS=100 > 6 ms 5 ms 2 ms 3 10.2.1.1 < AS=100 > 6 ms 6 ms 5 ms# 将CE1的接口GE1/0/0执行shutdown命令模拟链路故障。
[~CE1-GigabitEthernet1/0/0] shutdown
# 此时查看PE1上BFD会话的状态,变为“Down”。
<PE1> display bfd session all verbose
(w): State in WTR (*): State is invalid -------------------------------------------------------------------------------- (One Hop) State : Down Name : pe1_to_ce1 ------------------------------------------------------------------------------ Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet3/0/0) Bind Session Type : Static_Auto Bind Peer IP Address : 10.1.1.1 Bind Interface : GigabitEthernet3/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): - Actual Rx Interval (ms): - Local Detect Multi : 3 Detect Interval (ms) : - Echo Passive : Disable Acl Number : - Destination Port : 3784 TTL : 255 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : - Config PST : Enable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : - Session Detect TmrID : - Session Init TmrID : - Session WTR TmrID : - Session Echo Tx TmrID : - Session Not Up Reason : In negotiation Session Description : - ------------------------------------------------------------------------------ Total UP/DOWN Session Number : 1/0
# 此时再在PE1上查看VPN路由表,可以看到,到CE1的下一跳只剩PE2。
<PE1> display ip routing-table vpn-instance VPNA Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: VPNA Destinations : 4 Routes : 4 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 EBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.2.1.0/24 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.3.1.0/24 IBGP 255 0 RD 4.4.4.4 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 此时在CE1上测试到CE2的报文经过的网关,可以看见在第一跳时流量已不在PE1和PE2之间分流,而是只能走PE2。
<CE3> tracert 10.3.1.2 traceroute to 10.3.1.2(10.3.1.2), max hops: 30 ,packet length: 40 1 10.2.1.2 50 ms 30 ms 10 ms 2 10.3.1.1 110 ms 70 ms 90 ms 3 10.3.1.2 60 ms 70 ms 80 ms
# 查看PE3。可以看见,此时到CE1(1.1.1.1)的路由只有一条,下一跳为PE1(3.3.3.3)。
<PE3> display ip routing-table vpn-instance VPNA Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: VPNA Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.2.1.0/24 IBGP 255 0 RD 3.3.3.3 GigabitEthernet2/0/0 10.3.1.0/24 Direct 0 0 D 10.3.1.1 GigabitEthernet3/0/0 10.3.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 10.3.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 同样,在CE2上测试到CE1的流量,可以看见,流量在出PE3时从GE2/0/0(10.2.1.2)接口发送。
[~CE2] tracert 1.1.1.1 traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40 1 10.3.1.1 9 ms 2 ms 2 ms 2 10.2.1.2 < AS=100 > 6 ms 5 ms 5 ms 3 10.2.1.1 < AS=100 > 6 ms 5 ms 5 ms使用测试仪打流,进行负载分担,再拔出CE1和PE1、PE2之间的任意一条链路,可发现故障倒换时间小于50ms。
配置文件
PE1的配置文件
# sysname PE1 # ip vpn-instance VPNA ipv4-family route-distinguisher 100:1 apply-label per-instance vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # bfd # mpls lsr-id 2.2.2.2 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 11.11.11.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 33.33.33.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip binding vpn-instance VPNA ip address 10.1.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance VPNA import-route direct import-route static # ospf 1 area 0.0.0.0 network 11.11.11.0 0.0.0.255 network 33.33.33.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # ip route-static vpn-instance VPNA 1.1.1.1 255.255.255.255 10.1.1.1 track bfd-session pe1_to_ce1 # bfd pe1_to_ce1 bind peer-ip 10.1.1.1 vpn-instance VPNA interface GigabitEthernet3/0/0 source-ip 10.1.1.2 auto # return
PE2的配置文件
# sysname PE2 # ip vpn-instance VPNA ipv4-family route-distinguisher 100:2 apply-label per-instance vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # bfd # mpls lsr-id 3.3.3.3 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 22.22.22.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 33.33.33.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip binding vpn-instance VPNA ip address 10.2.1.2 255.255.255.0# interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance VPNA import-route direct import-route static # ospf 1 area 0.0.0.0 network 33.33.33.0 0.0.0.255 network 22.22.22.0 0.0.0.255 network 3.3.3.3 0.0.0.0 # ip route-static vpn-instance VPNA 1.1.1.1 255.255.255.255 10.2.1.1 track bfd-session pe2_to_ce1 # bfd pe2_to_ce1 bind peer-ip 10.2.1.1 vpn-instance VPNA interface GigabitEthernet3/0/0 source-ip 10.2.1.2 auto # return
PE3的配置文件
# sysname PE3 # ip vpn-instance VPNA ipv4-family route-distinguisher 100:3 apply-label per-instance vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 4.4.4.4 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 11.11.11.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 22.22.22.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip binding vpn-instance VPNA ip address 10.3.1.1 255.255.255.0 # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpn-instance VPNA peer 10.3.1.2 as-number 65410 import-route direct maximum load-balancing 2 # ospf 1 area 0.0.0.0 network 11.11.11.0 0.0.0.255 network 22.22.22.0 0.0.0.255 network 4.4.4.4 0.0.0.0 # return
CE1的配置文件
# sysname CE1 # bfd # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # load-balance packet all # ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 ip route-static 0.0.0.0 0.0.0.0 10.2.1.2 # bfd ce1_to_pe1 bind peer-ip 10.1.1.2 interface GigabitEthernet1/0/0 source-ip 10.1.1.1 auto # bfd ce1_to_pe2 bind peer-ip 10.2.1.2 interface GigabitEthernet2/0/0 source-ip 10.2.1.1 auto # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.3.1.2 255.255.255.0 # bgp 65410 peer 10.3.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.3.1.1 enable # return
