APP神圣官网

  1. APP神圣官网  > 热点资讯  > 正文

华为组合示例BGPIPMPLS(企业接口配置文件可以看到业务)「华为bgp的基本配置实例」

阅读
简介BGP/MPLS IP VPN是一种基于MPLS的L3VPN,组网方式灵活,可扩展性好,支持大规模部署
新增一个站点时,只需要修改提供该站点业务的边缘节点的配置
BGP/MPLS IP VPN适用于位于不同地理位置的公司总部和分支之间需要相互通信的场景,由于通信数据需要穿越运营商的骨干网,可以使用BGP在骨干网上发布VPN路由,使用MPLS在骨干网上转发VPN报文;由于公司内部各个部门之间需要相互隔离,可以通过该功能实现不同VPN之间的路由隔离、地址空间隔离和访问隔离
VPLS结合了以太网技术和MPLS技术的优势,是对传统LAN全部功能的仿真,其主要目的是通过运营商提供的IP/MPLS网络连接地域上隔离的多个由以太网构成的LAN,使它们像一个LAN那样工作
目前,很多企业的分布范围日益扩大,公司员工的移动性也不断增加,因此企业中立即消息、网络会议的应用越来越广泛
这些应用对端到端的数据通信技术有了更高的要求
在运营商建立的城域网中,企业的多个分支机构分布在不同区域
此时,需要将企业机构之间的二层业务报文通过城域网传输,可以使用VPLS技术,实现分布在不同地区的企业内部之间的互通
运营商通过使用同一个PE设备同时为企业提供VPLS业务及三层VPN业务来降低网络建设投入成本
说明如需了解交换机软件配套详细信息,请参看华为以太网交换机版本配套速查
组网需求如图所示:l 运营商提供VPLS业务及三层VPN业务;l A企业总部连接的CE1和分支机构连接的CE3属于同一个VPLS,为企业提供二层业务互通,同时CE1和CE3也属于vpna,为企业提供三层数据的安全互通
l B企业总部连接的CE2和分支机构连接的CE4属于同一个VPLS,为企业提供二层业务互通,同时CE2和CE4也属于vpnb,为企业提供三层数据的安全互通
l Switch与CE侧接口配置灵活QinQ,对CE发送过来的报文打上运营商指定允许通过的外层VLAN Tag
当Switch连接多个CE时,对不同CE发送过来的不同的VLANTag报文打上相同的外层VLAN Tag,还可以达到节省公网VLAN数量的目的
配置BGP/MPLS IP VPN 和VPLS 组合应用示例组网图数据规划设备 接口 对应的子接口 IP地址PE1 GigabitEthernet1/0/0 GigabitEthernet1/0/0.1 10.1.1.2/24PE1 GigabitEthernet1/0/0 GigabitEthernet1/0/0.2 -PE1 GigabitEthernet2/0/0 GigabitEthernet2/0/0.1 10.2.1.2/24PE1 GigabitEthernet2/0/0 GigabitEthernet2/0/0.2 -PE2 GigabitEthernet1/0/0 GigabitEthernet1/0/0.1 10.3.1.2/24PE2 GigabitEthernet1/0/0 GigabitEthernet1/0/0.2 -PE2 GigabitEthernet2/0/0 GigabitEthernet2/0/0.1 10.4.1.2/24PE2 GigabitEthernet2/0/0 GigabitEthernet2/0/0.2 -配置思路采用如下的思路配置BGP/MPLS IP VPN和VPLS:1. P、PE之间配置OSPF,实现骨干网的IP连通性
2. PE、P上配置MPLS基本能力和MPLS LDP,建立MPLS LSP公网隧道,传输VPN数据
3. PE1和PE2之间配置MP-IBGP,交换VPN路由信息
4. 配置BGP/MPLS IP VPN
PE1和PE2上配置L3VPN的VPN实例,其中,vpna使用的VPN-target属性为111:1,vpnb使用的VPN-target属性为222:2,以实现相同VPN间互通,不同VPN间隔离
CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE设备
5. 配置VPLS
PE1和PE2上配置VPLS的VSI实例,指定信令为BGP,指定RD、VPNTarget和Site
同时,采用子接口作为AC接口与VSI进行绑定,以接入VPLS用户
CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE
6. 在Switch的接口上配置灵活QinQ和允许通过的VLAN
7. CE与PE之间配置EBGP,交换VPN路由信息
操作步骤步骤1 在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通# 配置PE1
<HUAWEI> system-view[HUAWEI] sysname PE1[PE1] interface loopback 1[PE1-LoopBack1] ip address 1.1.1.9 32[PE1-LoopBack1] quit[PE1] vlan batch 30[PE1] interface gigabitethernet 3/0/0[PE1-GigabitEthernet3/0/0] port link-type hybrid[PE1-GigabitEthernet3/0/0] port hybrid pvid vlan 30[PE1-GigabitEthernet3/0/0] port hybrid untagged vlan 30[PE1-GigabitEthernet3/0/0] quit[PE1] interface vlanif 30[PE1-Vlanif30] ip address 172.1.1.1 24[PE1-Vlanif30] quit[PE1] ospf 1[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit# 配置P
<HUAWEI> system-view[HUAWEI] sysname P[P] interface loopback 1[P-LoopBack1] ip address 2.2.2.9 32[P-LoopBack1] quit[P] vlan batch 30 60[P] interface gigabitethernet 1/0/0[P-GigabitEthernet1/0/0] port link-type hybrid[P-GigabitEthernet1/0/0] port hybrid pvid vlan 30[P-GigabitEthernet1/0/0] port hybrid untagged vlan 30[P-GigabitEthernet1/0/0] quit[P] interface gigabitethernet 2/0/0[P-GigabitEthernet2/0/0] port link-type hybrid[P-GigabitEthernet2/0/0] port hybrid pvid vlan 60[P-GigabitEthernet2/0/0] port hybrid untagged vlan 60[P-GigabitEthernet2/0/0] quit[P] interface vlanif 30[P-Vlanif30] ip address 172.1.1.2 24[P-Vlanif30] quit[P] interface vlanif 60[P-Vlanif60] ip address 172.2.1.1 24[P-Vlanif60] quit[P] ospf 1[P-ospf-1] area 0[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[P-ospf-1-area-0.0.0.0] quit[P-ospf-1] quit# 配置PE2
<HUAWEI> system-view[HUAWEI] sysname PE2[PE2] interface loopback 1[PE2-LoopBack1] ip address 3.3.3.9 32[PE2-LoopBack1] quit[PE2] vlan batch 60[PE2] interface gigabitethernet 3/0/0[PE2-GigabitEthernet3/0/0] port link-type hybrid[PE2-GigabitEthernet3/0/0] port hybrid pvid vlan 60[PE2-GigabitEthernet3/0/0] port hybrid untagged vlan 60[PE2-GigabitEthernet3/0/0] quit[PE2] interface vlanif 60[PE2-Vlanif60] ip address 172.2.1.2 24[PE2-Vlanif60] quit[PE2] ospf 1[PE2-ospf-1] area 0[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0[PE2-ospf-1-area-0.0.0.0] quit[PE2-ospf-1] quit配置完成后,PE1、P、PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full
执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由
以PE1的显示为例:[PE1] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: PublicDestinations : 8 Routes : 8Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack12.2.2.9/32 OSPF 10 1 D 172.1.1.2 Vlanif303.3.3.9/32 OSPF 10 2 D 172.1.1.2 Vlanif30127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0172.1.1.0/24 Direct 0 0 D 172.1.1.1 Vlanif30172.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif30172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Vlanif30[PE1] display ospf peerOSPF Process 1 with Router ID 1.1.1.9NeighborsArea 0.0.0.0 interface 172.1.1.1(Vlanif30)'s neighborsRouter ID: 2.2.2.9 Address: 172.1.1.2State: Full Mode:Nbr is Master Priority: 1DR: 172.1.1.2 BDR: 172.1.1.1 MTU: 0Dead timer due in 37 secRetrans timer interval: 5Neighbor is up for 00:16:21Authentication Sequence: [ 0 ]步骤2 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP# 配置PE1
[PE1] mpls lsr-id 1.1.1.9[PE1] mpls[PE1-mpls] quit[PE1] mpls ldp[PE1-mpls-ldp] quit[PE1] interface vlanif 30[PE1-Vlanif30] mpls[PE1-Vlanif30] mpls ldp[PE1-Vlanif30] quit# 配置P
[P] mpls lsr-id 2.2.2.9[P] mpls[P-mpls] quit[P] mpls ldp[P-mpls-ldp] quit[P] interface vlanif 30[P-Vlanif30] mpls[P-Vlanif30] mpls ldp[P-Vlanif30] quit[P] interface vlanif 60[P-Vlanif60] mpls[P-Vlanif60] mpls ldp[P-Vlanif60] quit# 配置PE2
[PE2] mpls lsr-id 3.3.3.9[PE2] mpls[PE2-mpls] quit[PE2] mpls ldp[PE2-mpls-ldp] quit[PE2] interface vlanif 60[PE2-Vlanif60] mpls[PE2-Vlanif60] mpls ldp[PE2-Vlanif60] quit上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldpsession命令可以看到显示结果中Status项为“Operational”
执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况
以PE1的显示为例:[PE1] display mpls ldp sessionLDP Session(s) in Public NetworkCodes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)A '' before a session means the session is being deleted.------------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv------------------------------------------------------------------------------2.2.2.9:0 Operational DU Active 0000:00:01 6/6------------------------------------------------------------------------------TOTAL: 1 session(s) Found.[PE1] display mpls ldp lspLDP LSP Information-------------------------------------------------------------------------------Flag after Out IF: (I) - LSP Is Only Iterated by RLFA-------------------------------------------------------------------------------DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface-------------------------------------------------------------------------------1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 Inloop01.1.1.9/32 Liberal/1025 DS/2.2.2.92.2.2.9/32 NULL/3 - 172.1.1.2 Vlanif302.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 Vlanif303.3.3.9/32 NULL/1025 - 172.1.1.2 Vlanif303.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 Vlanif30-------------------------------------------------------------------------------TOTAL: 5 Normal LSP(s) Found.TOTAL: 1 Liberal LSP(s) Found.TOTAL: 0 Frr LSP(s) Found.A '' before an LSP means the LSP is not establishedA '' before a Label means the USCB or DSCB is staleA '' before a UpstreamPeer means the session is staleA '' before a DS means the session is staleA '' before a NextHop means the LSP is FRR LSP步骤3 在PE设备上配置L3VPN的VPN实例
vpna为单层tag接入,使用Dot1q终结子接口,vpnb为双层tag接入,使用QinQ终结子接口(用VLAN10、VLAN20标识使用三层业务的用户,PE上VLAN10、VLAN100标识三层业务)
# 配置PE1
[PE1] ip vpn-instance vpna[PE1-vpn-instance-vpna] route-distinguisher 100:1[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[PE1-vpn-instance-vpna-af-ipv4] quit[PE1-vpn-instance-vpna] quit[PE1] ip vpn-instance vpnb[PE1-vpn-instance-vpnb] route-distinguisher 100:2[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[PE1-vpn-instance-vpnb-af-ipv4] quit[PE1-vpn-instance-vpnb] quit[PE1] interface gigabitethernet 1/0/0[PE1-GigabitEthernet1/0/0] port link-type hybrid[PE1-GigabitEthernet1/0/0] quit[PE1] interface gigabitethernet 1/0/0.1[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10[PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24[PE1-GigabitEthernet1/0/0.1] arp broadcast enable[PE1-GigabitEthernet1/0/0.1] quit[PE1] interface gigabitethernet 2/0/0[PE1-GigabitEthernet2/0/0] port link-type hybrid[PE1-GigabitEthernet2/0/0] quit[PE1] interface gigabitethernet 2/0/0.1[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20[PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb[PE1-GigabitEthernet2/0/0.1] ip address 10.2.1.2 24[PE1-GigabitEthernet2/0/0.1] arp broadcast enable[PE1-GigabitEthernet2/0/0.1] quit# 配置PE2
[PE2] ip vpn-instance vpna[PE2-vpn-instance-vpna] route-distinguisher 200:1[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[PE2-vpn-instance-vpna-af-ipv4] quit[PE2-vpn-instance-vpna] quit[PE2] ip vpn-instance vpnb[PE2-vpn-instance-vpnb] route-distinguisher 200:2[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[PE2-vpn-instance-vpnb-af-ipv4] quit[PE2-vpn-instance-vpnb] quit[PE2] interface gigabitethernet 1/0/0[PE2-GigabitEthernet1/0/0] port link-type hybrid[PE2-GigabitEthernet1/0/0] quit[PE2] interface gigabitethernet 1/0/0.1[PE2-GigabitEthernet1/0/0.1] dot1q termination vid 10[PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna[PE2-GigabitEthernet1/0/0.1] ip address 10.3.1.2 24[PE2-GigabitEthernet1/0/0.1] arp broadcast enable[PE2-GigabitEthernet1/0/0.1] quit[PE2] interface gigabitethernet 2/0/0[PE2-GigabitEthernet2/0/0] port link-type hybrid[PE2-GigabitEthernet2/0/0] quit[PE2] interface gigabitethernet 2/0/0.1[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20[PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb[PE2-GigabitEthernet2/0/0.1] ip address 10.4.1.2 24[PE2-GigabitEthernet2/0/0.1] arp broadcast enable[PE2-GigabitEthernet2/0/0.1] quit# 配置A企业总部连接的CE1
按图16-7配置各CE的接口IP地址,其中CE2、CE3和CE4的配置与CE1类似,不再赘述
<HUAWEI> system-view[HUAWEI] sysname CE1[CE1] vlan batch 10 to 11[CE1] interface gigabitethernet 1/0/0[CE1-GigabitEthernet1/0/0] port link-type hybrid[CE1-GigabitEthernet1/0/0] port hybrid tagged vlan 10 to 11[CE1-GigabitEthernet1/0/0] quit[CE1] interface vlanif 10[CE1-Vlanif10] ip address 10.1.1.1 24[CE1-Vlanif10] quit配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况
各PE能ping通自己接入的CE
说明当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ipaddress命令中的参数-a source-ip-address,否则可能ping不通
以PE1和CE1为例:[PE1] display ip vpn-instance verboseTotal VPN-Instances configured : 2Total IPv4 VPN-Instances configured : 2Total IPv6 VPN-Instances configured : 0VPN-Instance Name and ID : vpna, 1Interfaces : Vlanif10Address family ipv4Create date : 2012/07/25 00:58:17 UTC+08:00Up time : 0 days, 22 hours, 24 minutes and 53 secondsRoute Distinguisher : 100:1Export VPN Targets : 111:1Import VPN Targets : 111:1Label Policy : label per instancePer-Instance Label : 4096Log Interval : 5VPN-Instance Name and ID : vpnb, 2Interfaces : Vlanif20Address family ipv4Create date : 2012/07/25 00:58:17 UTC+08:00Up time : 0 days, 22 hours, 24 minutes and 53 secondsRoute Distinguisher : 100:2Export VPN Targets : 222:2Import VPN Targets : 222:2Label Policy : label per instancePer-Instance Label : 4096Log Interval : 5[PE1] ping -vpn-instance vpnb 10.2.1.1PING 10.1.1.1: 56 data bytes, press CTRL_C to breakReply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 msReply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 msReply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 msReply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 msReply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms--- 10.1.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 3/6/16 ms步骤4 在PE设备上配置VPLS的VSI实例,指定信令为BGP,指定RD、VPN-Target和Site
同时,采用子接口作为AC接口与VSI进行绑定,以接入VPLS用户
CE1、CE3用户以单层Tag接入PE,CE2、CE4用户以双层Tag接入PE(CE用VLAN11、VLAN21区分使用二层业务的用户,PE上用VLAN11、VLAN200标识二层业务)
# 配置PE1
[PE1] mpls l2vpn[PE1-l2vpn] quit[PE1] vsi vsi1 auto[PE1-vsi-vsi1] pwsignal bgp[PE1-vsi-vsi1-bgp] route-distinguisher 101:1[PE1-vsi-vsi1-bgp] vpn-target 100:1 import-extcommunity[PE1-vsi-vsi1-bgp] vpn-target 100:1 export-extcommunity[PE1-vsi-vsi1-bgp] site 1 range 5 default-offset 0[PE1-vsi-vsi1-bgp] quit[PE1-vsi-vsi1] quit[PE1] vsi vsi2 auto[PE1-vsi-vsi2] pwsignal bgp[PE1-vsi-vsi2-bgp] route-distinguisher 101:2[PE1-vsi-vsi2-bgp] vpn-target 200:1 import-extcommunity[PE1-vsi-vsi2-bgp] vpn-target 200:1 export-extcommunity[PE1-vsi-vsi2-bgp] site 1 range 5 default-offset 0[PE1-vsi-vsi2-bgp] quit[PE1-vsi-vsi2] quit[PE1] interface gigabitethernet 1/0/0.2[PE1-GigabitEthernet1/0/0.2] dot1q termination vid 11[PE1-GigabitEthernet1/0/0.2] l2 binding vsi vsi1[PE1-GigabitEthernet1/0/0.2] quit[PE1] interface gigabitethernet 2/0/0.2[PE1-GigabitEthernet2/0/0.2] qinq termination pe-vid 200 ce-vid 21[PE1-GigabitEthernet2/0/0.2] l2 binding vsi vsi2[PE1-GigabitEthernet2/0/0.2] quit# 配置PE2
[PE2] mpls l2vpn[PE2-l2vpn] quit[PE2] vsi vsi1 auto[PE2-vsi-vsi1] pwsignal bgp[PE2-vsi-vsi1-bgp] route-distinguisher 201:1[PE2-vsi-vsi1-bgp] vpn-target 100:1 import-extcommunity[PE2-vsi-vsi1-bgp] vpn-target 100:1 export-extcommunity[PE2-vsi-vsi1-bgp] site 2 range 5 default-offset 0[PE2-vsi-vsi1-bgp] quit[PE2-vsi-vsi1] quit[PE2] vsi vsi2 auto[PE2-vsi-vsi2] pwsignal bgp[PE2-vsi-vsi2-bgp] route-distinguisher 201:2[PE2-vsi-vsi2-bgp] vpn-target 200:1 import-extcommunity[PE2-vsi-vsi2-bgp] vpn-target 200:1 export-extcommunity[PE2-vsi-vsi2-bgp] site 2 range 5 default-offset 0[PE2-vsi-vsi2-bgp] quit[PE2-vsi-vsi2] quit[PE2] interface gigabitethernet 1/0/0.2[PE2-GigabitEthernet1/0/0.2] dot1q termination vid 11[PE2-GigabitEthernet1/0/0.2] l2 binding vsi vsi1[PE2-GigabitEthernet1/0/0.2] quit[PE2] interface gigabitethernet 2/0/0.2[PE2-GigabitEthernet2/0/0.2] qinq termination pe-vid 200 ce-vid 21[PE2-GigabitEthernet2/0/0.2] l2 binding vsi vsi2[PE2-GigabitEthernet2/0/0.2] quit步骤5 在PE与CE之间建立EBGP对等体关系,引入L3VPN路由
# 配置A企业总部连接的CE1
CE2、CE3和CE4的配置与CE1类似,不再赘述
[CE1] bgp 65410[CE1-bgp] peer 10.1.1.2 as-number 100[CE1-bgp] import-route direct[CE1-bgp] quit# 配置PE1
PE2的配置与PE1类似,不再赘述
[PE1] bgp 100[PE1-bgp] ipv4-family vpn-instance vpna[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410[PE1-bgp-vpna] import-route direct[PE1-bgp-vpna] quit[PE1-bgp] ipv4-family vpn-instance vpnb[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420[PE1-bgp-vpnb] import-route direct[PE1-bgp-vpnb] quit[PE1-bgp]quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态
以PE1与CE1的对等体关系为例:[PE1] display bgp vpnv4 vpn-instance vpna peerBGP local router ID : 1.1.1.9Local AS number : 100VPN-Instance vpna, Router ID 1.1.1.9:Total number of peers : 1 Peers in established state : 1Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv10.1.1.1 4 65410 11 9 0 00:07:25 Established 1步骤6 在PE之间建立MP-IBGP对等体关系# 配置PE1
[PE1] bgp 100[PE1-bgp] peer 3.3.3.9 as-number 100[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1[PE1-bgp] ipv4-family vpnv4[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable[PE1-bgp-af-vpnv4] quit[PE1-bgp] vpls-family[PE1-bgp-af-vpls] peer 3.3.3.9 enable[PE1-bgp-af-vpls] quit[PE1-bgp] quit# 配置PE2
[PE2] bgp 100[PE2-bgp] peer 1.1.1.9 as-number 100[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1[PE2-bgp] ipv4-family vpnv4[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable[PE2-bgp-af-vpnv4] quit[PE2-bgp] vpls-family[PE2-bgp-af-vpls] peer 1.1.1.9 enable[PE2-bgp-af-vpls] quit[PE2-bgp] quit步骤7 在Switch的接口上配置灵活QinQ和允许通过的VLAN# 配置Switch1
<HUAWEI> system-view[HUAWEI] sysname Switch1[Switch1] vlan batch 100 200[Switch1] interface gigabitethernet 2/0/0[Switch1-GigabitEthernet2/0/0] port link-type hybrid[Switch1-GigabitEthernet2/0/0] port hybrid tagged vlan 100 200[Switch1-GigabitEthernet2/0/0] quit[Switch1] interface gigabitethernet 1/0/0[Switch1-GigabitEthernet1/0/0] port link-type hybrid[Switch1-GigabitEthernet1/0/0] port hybrid untagged vlan 100 200[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 20 stack-vlan 100[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 21 stack-vlan 200[Switch1-GigabitEthernet1/0/0] quit# 配置Switch2
<HUAWEI> system-view[HUAWEI] sysname Switch2[Switch2] vlan batch 100 200[Switch2] interface gigabitethernet 2/0/0[Switch2-GigabitEthernet2/0/0] port link-type hybrid[Switch2-GigabitEthernet2/0/0] port hybrid tagged vlan 100 200[Switch2-GigabitEthernet2/0/0] quit[Switch2] interface gigabitethernet 1/0/0[Switch2-GigabitEthernet1/0/0] port link-type hybrid[Switch2-GigabitEthernet1/0/0] port hybrid untagged vlan 100 200[Switch2-GigabitEthernet1/0/0] port vlan-stacking vlan 20 stack-vlan 100[Switch2-GigabitEthernet1/0/0] port vlan-stacking vlan 21 stack-vlan 200[Switch2-GigabitEthernet1/0/0] quit步骤8 检查配置结果在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的L3VPN路由
以PE1的显示为例:[PE1] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: vpnaDestinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif1010.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif1010.3.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30[PE1] display ip routing-table vpn-instance vpnbRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: vpnbDestinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif2010.2.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif2010.4.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通
例如:A企业总部连接的CE1能够Ping通CE3(10.3.1.1),但不能Ping通B企业分支机构连接的CE4(10.4.1.1)
[CE1] ping 10.3.1.1PING 10.3.1.1: 56 data bytes, press CTRL_C to breakReply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 msReply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 msReply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 msReply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 msReply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms--- 10.3.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 34/48/72 ms[CE1] ping 10.4.1.1PING 10.4.1.1: 56 data bytes, press CTRL_C to breakRequest time outRequest time outRequest time outRequest time outRequest time out--- 10.4.1.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss在PE1上执行display vsi name vsi2 verbose命令,可以看到名字为vsi2的VSI建立了一条到PE2的PW,VSI状态为Up
[PE1] display vsi name vsi2 verboseVSI Name : vsi2Administrator VSI : noIsolate Spoken : disableVSI Index : 1PW Signaling : bgpMember Discovery Style : autoPW MAC Learn Style : unqualifyEncapsulation Type : vlanMTU : 1500Diffserv Mode : uniformMpls Exp : --DomainId : 255Domain Name :Ignore AcState : disableP2P VSI : disableCreate Time : 0 days, 0 hours, 22 minutes, 6 secondsVSI State : upBGP RD : 101:2SiteID/Range/Offset : 1/5/0Import vpn target : 200:1Export vpn target : 200:1Remote Label Block : 35845/5/0Local Label Block : 0/35845/5/0Interface Name : GigabitEthernet2/0/0.2State : upAccess Port : falseLast Up Time : 2012/12/24 21:19:48Total Up Time : 0 days, 0 hours, 20 minutes, 42 secondsPW Information:Peer Ip Address : 3.3.3.9PW State : upLocal VC Label : 35847Remote VC Label : 35846PW Type : labelLocal VCCV : alert lsp-ping bfdRemote VCCV : alert lsp-ping bfdTunnel ID : 0x5Broadcast Tunnel ID : 0x5Broad BackupTunnel ID : 0x0Ckey : 0xcNkey : 0xbMain PW Token : 0x5Slave PW Token : 0x0Tnl Type : LSPOutInterface : Vlanif30Backup OutInterface :Stp Enable : 0PW Last Up Time : 2012/12/24 21:38:43PW Total Up Time : 0 days, 0 hours, 1 minutes, 47 seconds----结束配置文件l PE1的配置文件#sysname PE1#vlan batch 30#ip vpn-instance vpnaipv4-familyroute-distinguisher 100:1vpn-target 111:1 export-extcommunityvpn-target 111:1 import-extcommunity#ip vpn-instance vpnbipv4-familyroute-distinguisher 100:2vpn-target 222:2 export-extcommunityvpn-target 222:2 import-extcommunity#mpls lsr-id 1.1.1.9mpls#mpls l2vpn#vsi vsi1 autopwsignal bgproute-distinguisher 101:1vpn-target 100:1 import-extcommunityvpn-target 100:1 export-extcommunitysite 1 range 5 default-offset 0#vsi vsi2 autopwsignal bgproute-distinguisher 101:2vpn-target 200:1 import-extcommunityvpn-target 200:1 export-extcommunitysite 1 range 5 default-offset 0#mpls ldp#interface Vlanif30ip address 172.1.1.1 255.255.255.0mplsmpls ldp#interface GigabitEthernet1/0/0port link-type hybrid#interface GigabitEthernet1/0/0.1dot1q termination vid 10ip binding vpn-instance vpnaip address 10.1.1.2 255.255.255.0arp broadcast enable#interface GigabitEthernet1/0/0.2dot1q termination vid 11l2 binding vsi vsi1#interface GigabitEthernet2/0/0port link-type hybrid#interface GigabitEthernet2/0/0.1qinq termination pe-vid 100 ce-vid 20ip binding vpn-instance vpnbip address 10.2.1.2 255.255.255.0arp broadcast enable#interface GigabitEthernet2/0/0.2dot1q termination vid 21l2 binding vsi vsi2#interface GigabitEthernet3/0/0port link-type hybridport hybrid pvid vlan 30port hybrid untagged vlan 30#interface LoopBack1ip address 1.1.1.9 255.255.255.255#bgp 100peer 3.3.3.9 as-number 100peer 3.3.3.9 connect-interface LoopBack1#ipv4-family unicastundo synchronizationpeer 3.3.3.9 enable#vpls-familypolicy vpn-targetpeer 3.3.3.9 enable#ipv4-family vpnv4policy vpn-targetpeer 3.3.3.9 enable#ipv4-family vpn-instance vpnapeer 10.1.1.1 as-number 65410import-route direct#ipv4-family vpn-instance vpnbpeer 10.2.1.1 as-number 65420import-route direct#ospf 1area 0.0.0.0network 172.1.1.0 0.0.0.255network 1.1.1.9 0.0.0.0#returnl P的配置文件#sysname P#vlan batch 30 60#mpls lsr-id 2.2.2.9mpls#mpls ldp#interface Vlanif30ip address 172.1.1.2 255.255.255.0mplsmpls ldp#interface Vlanif60ip address 172.2.1.1 255.255.255.0mplsmpls ldp#interface GigabitEthernet1/0/0port link-type hybridport hybrid pvid vlan 30port hybrid untagged vlan 30#interface GigabitEthernet2/0/0port link-type hybridport hybrid pvid vlan 60port hybrid untagged vlan 60#interface LoopBack1ip address 2.2.2.9 255.255.255.255#ospf 1area 0.0.0.0network 172.1.1.0 0.0.0.255network 172.2.1.0 0.0.0.255network 2.2.2.9 0.0.0.0#returnl PE2的配置文件#sysname PE2#vlan batch 60#ip vpn-instance vpnaipv4-familyroute-distinguisher 200:1vpn-target 111:1 export-extcommunityvpn-target 111:1 import-extcommunity#ip vpn-instance vpnbipv4-familyroute-distinguisher 200:2vpn-target 222:2 export-extcommunityvpn-target 222:2 import-extcommunity#mpls lsr-id 3.3.3.9mpls#mpls l2vpn#vsi vsi1 autopwsignal bgproute-distinguisher 201:1vpn-target 100:1 import-extcommunityvpn-target 100:1 export-extcommunitysite 2 range 5 default-offset 0#vsi vsi2 autopwsignal bgproute-distinguisher 201:2vpn-target 200:1 import-extcommunityvpn-target 200:1 export-extcommunitysite 2 range 5 default-offset 0#mpls ldp#interface Vlanif60ip address 172.2.1.2 255.255.255.0mplsmpls ldp#interface GigabitEthernet1/0/0port link-type hybrid#interface GigabitEthernet1/0/0.1dot1q termination vid 10ip binding vpn-instance vpnaip address 10.3.1.2 255.255.255.0arp broadcast enable#interface GigabitEthernet1/0/0.2dot1q termination vid 11l2 binding vsi vsi1#interface GigabitEthernet2/0/0port link-type hybrid#interface GigabitEthernet2/0/0.1qinq termination pe-vid 100 ce-vid 20ip binding vpn-instance vpnbip address 10.4.1.2 255.255.255.0arp broadcast enable#interface GigabitEthernet2/0/0.2dot1q termination vid 21l2 binding vsi vsi2#interface GigabitEthernet3/0/0port link-type hybridport hybrid pvid vlan 60port hybrid untagged vlan 60#interface LoopBack1ip address 3.3.3.9 255.255.255.255#bgp 100peer 1.1.1.9 as-number 100peer 1.1.1.9 connect-interface LoopBack1#ipv4-family unicastundo synchronizationpeer 1.1.1.9 enable#vpls-familypolicy vpn-targetpeer 1.1.1.9 enable#ipv4-family vpnv4policy vpn-targetpeer 1.1.1.9 enable#ipv4-family vpn-instance vpnapeer 10.3.1.1 as-number 65430import-route direct#ipv4-family vpn-instance vpnbpeer 10.4.1.1 as-number 65440import-route direct#ospf 1area 0.0.0.0network 172.2.1.0 0.0.0.255network 3.3.3.9 0.0.0.0#returnl A企业总部连接的CE1的配置文件#sysname CE1#vlan batch 10 to 11#interface Vlanif10ip address 10.1.1.1 255.255.255.0#interface GigabitEthernet1/0/0port link-type hybridport hybrid tagged vlan 10 to 11#bgp 65410peer 10.1.1.2 as-number 100#ipv4-family unicastundo synchronizationimport-route directpeer 10.1.1.2 enable#returnl B企业总部连接的CE2的配置文件#sysname CE2#vlan batch 20 to 21#interface Vlanif20ip address 10.2.1.1 255.255.255.0#interface GigabitEthernet1/0/0port link-type hybridport hybrid tagged vlan 20 to 21#bgp 65420peer 10.2.1.2 as-number 100#ipv4-family unicastundo synchronizationimport-route directpeer 10.2.1.2 enable#returnl A企业分支机构连接的CE3的配置文件#sysname CE3#vlan batch 10 to 11#interface Vlanif10ip address 10.3.1.1 255.255.255.0#interface GigabitEthernet1/0/0port link-type hybridport hybrid tagged vlan 10 to 11#bgp 65430peer 10.3.1.2 as-number 100#ipv4-family unicastundo synchronizationimport-route directpeer 10.3.1.2 enable#returnl B企业分支结构连接的CE4的配置文件#sysname CE4#vlan batch 20 to 21#interface Vlanif20ip address 10.4.1.1 255.255.255.0#interface GigabitEthernet1/0/0port link-type hybridport hybrid tagged vlan 20 to 21#bgp 65440peer 10.4.1.2 as-number 100#ipv4-family unicastundo synchronizationimport-route directpeer 10.4.1.2 enable#returnl Switch1的配置文件#sysname Switch1#vlan batch 100 200#interface GigabitEthernet1/0/0port link-type hybridport hybrid untagged vlan 100 200port vlan-stacking vlan 20 stack-vlan 100port vlan-stacking vlan 21 stack-vlan 200#interface GigabitEthernet2/0/0port link-type hybridport hybrid tagged vlan 100 200#returnl Switch2的配置文件#sysname Switch2#vlan batch 100 200#interface GigabitEthernet1/0/0port link-type hybridport hybrid untagged vlan 100 200port vlan-stacking vlan 20 stack-vlan 100port vlan-stacking vlan 21 stack-vlan 200#interface GigabitEthernet2/0/0port link-type hybridport hybrid tagged vlan 100 200#return
华为组合示例BGPIPMPLS(企业接口配置文件可以看到业务)
(图片来源网络,侵删)
GigabitEthernet interface
机器人可以播放歌曲AIGeminiYouTube(音乐歌曲机器人艺术家播放列表)
上一篇
万元总价子公司知识产权软件系统民太安(公司金融界子公司资产业务)
下一篇

相关推荐

0 评论

gravatar
验证码
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

联系我们

在线咨询:点击这里给我发消息