MPLS-TE在L2VPN中的应用
实验拓扑:
实验需求:
要求VPC-A1到VPC-A2的流量经过R1-R2-R3-R5-R6
VPC-B1到VPC-B2 的流量经过R1-R2-R4-R5-R6
地址规划:VPC-A1:2001:db8:cafe:FFFF::1/120
VPC-A2:2001:db8:cafe:FFFF::2/120
VPC-B1:1.1.1.1/24
VPC-B2:1.1.1.2/24
使用协议:MPLS-TE tunnel(流量工程隧道),用于操纵LSP转发路径
RSVP(资源预留协议),用于信令建立、标签分发
AtoM(VPWS中的一种),用于建立二层的隧道,转发ES-ES之间的流量
ISIS(集成的ISIS),用于IS-IS之间underlay的路由控制
基本配置:接口地址;ISIS;MPLS-TE(IGP扩展);RSVP
!
mpls traffic-eng tunnels //全局配置模式下开启MPLS-TE
!
interface GigabitEthernet1
ip address 192.168.0.1 255.255.255.252 //配置互联地址
ip router isis underlay //将接口加入ISIS协议
no shutdown
mpls traffic-eng tunnels //接口使能MPLS-TE
ip rsvp bandwidth percent 100 //接口使能RSVP
!
interface Loopback0
ip address 192.168.255.1 255.255.255.255
ip router isis underlay
!
router isis underlay
net 49.0192.0000.0000.0001.00 //配置net地址,区域49.0192
is-type level-1 //更改路由器为level-1 only
metric-style wide //更改metric类型wide
log-adjacency-changes //邻居变更通知
mpls traffic-eng router-id Loopback0 //扩展IGP协议支持MPLS-TE
mpls traffic-eng level-1 ///扩展IGP协议支持MPLS-TE
!
检查underlay路由;检查MPLS-TE扩展
LSR6#sh ip route isis
...
i L1 192.168.255.1 [115/40] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.2 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.3 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.4 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.5 [115/20] via 192.168.0.26,00:01:31, GigabitEthernet1
LSR6#sh mpls traffic-eng topologybrief
...
IGP Id: 0000.0000.0001.00, MPLS TEId:192.168.255.1 Router Node (isis level-1)
link[0]: Broadcast, DR:0000.0000.0002.01, nbr_node_id:5, gen:3
frag_id: 0, Intf Address: 192.168.0.1
TE metric: 10, IGP metric: 10, attributeflags: 0x0
SRLGs: None
流量工程及L2VPN配置
1、 在PE设备上建立环回接口用于L2VPN的伪线建立:
R1
interfaceLoopback1
description for VPC-A
ip address 192.168.1.1 255.255.255.255
!
interfaceLoopback2
description for VPC-B
ip address 192.168.1.2 255.255.255.255
!
R6
interfaceLoopback1
description for VPC-A
ip address 192.168.6.1 255.255.255.255
!
interfaceLoopback2
description for VPC-B
ip address 192.168.6.2 255.255.255.255
!
2、 在PE设备上建立静态LSP隧道并且用于TE隧道,使用静态路由引入VPN流量:
R6
ipexplicit-path name LSP-A enable
index 1 next-address 192.168.0.26
index 2 next-address 192.168.0.17
index 3 next-address 192.168.0.6
index 4 next-address 192.168.0.1
!
ipexplicit-path name LSP-B enable
index 1 next-address 192.168.0.26
index 2 next-address 192.168.0.21
index 3 next-address 192.168.0.10
index 4 next-address 192.168.0.1
!
interfaceTunnel1
description for VPC-A
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 192.168.255.1
tunnel mpls traffic-eng path-option 1 explicitname LSP-A
!
interfaceTunnel2
description for VPC-B
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 192.168.255.1
tunnel mpls traffic-eng path-option 1 explicitname LSP-B
!
ip route192.168.1.1 255.255.255.255 Tunnel1
ip route192.168.1.2 255.255.255.255 Tunnel2
R1配置同上
检查标签建立情况:
LSR6#shmpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 1/1[TE-Bind] 0 Tu1 point2point
17 Pop Label 2/1[TE-Bind] 0 Tu2 point2point
25 Pop Label 192.168.1.1/32 0 Tu1 point2point
26 Pop Label 192.168.1.2/32 0 Tu2 point2point
LSR6#shmpls forwarding-table labels 25 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
25 Pop Label 192.168.1.1/32 0 Tu1 point2point
MAC/Encaps=14/18, MRU=1500, LabelStack{18}, via Gi1
5000000400025000000600008847 00012000
No output feature configured
LSR6#traceroute192.168.1.1 source lo1 numeric
...
1 192.168.0.26 [MPLS: Label 18 Exp 0] 3 msec3 msec 3 msec
2 192.168.0.17 [MPLS: Label 17 Exp 0] 3 msec3 msec 3 msec
3 192.168.0.6 [MPLS: Label 18 Exp 0] 3 msec 2msec 2 msec
4 192.168.0.1 3 msec * 3 msec
LSR6#traceroute192.168.1.2 source lo2 numeric
...
1 192.168.0.26 [MPLS: Label 19 Exp 0] 2 msec2 msec 2 msec
2 192.168.0.21 [MPLS: Label 17 Exp 0] 14 msec3 msec 2 msec
3 192.168.0.10 [MPLS: Label 19 Exp 0] 3 msec2 msec 2 msec
4 192.168.0.1 2 msec * 2 msec
至此LSP隧道外层标签完整
3、 在PE设备上建立静态L2VPN隧道
R1
pseudowire-classAToM
encapsulation mpls
protocol ldp
!
interfaceGigabitEthernet3
no shutdown
xconnect 192.168.6.1 1 encapsulation mplspw-class AToM
!
interfaceGigabitEthernet4
no shutdown
xconnect 192.168.6.2 2 encapsulation mplspw-class AToM
!
R6配置同上
4、 在终端设备上ping对端测试发现不通,这是由于我们之前使用RSVP+MPLS-TE只是分发了外层标签,但是AtoM建立时我们配置了使用LDP分发内层VPN标签,需要建立target-LDP的邻居,这时候需要在PE设备的tunnel接口下使能MPLS IP
Interface tunnel1
mpls ip
Interface tunnel2
mpls ip
检查MPLS L2vpn的内层及外层标签情况
LSR1#shmpls l2transport vc 1 detail | inc stack
Output interface: Tu1,imposed label stack {16 18} //外层标签16,由P设备分发,内层标签18,由对端PE分发
5、 在P设备上抓包分析:
实现ipv4 ipv6走不通路径