取消
显示结果 
搜索替代 
您的意思是: 
cancel
5515
查看次数
12
有帮助
9
评论
Kagamigawa
Spotlight
Spotlight
MPLS-TEL2VPN中的应用
实验拓扑:
123723hu64y355t3665k67.png
实验需求:
要求VPC-A1VPC-A2的流量经过R1-R2-R3-R5-R6
VPC-B1VPC-B2 的流量经过R1-R2-R4-R5-R6

地址规划:VPC-A1:2001:db8:cafe:FFFF::1/120
VPC-A2:2001:db8:cafe:FFFF::2/120
VPC-B1:1.1.1.1/24
VPC-B2:1.1.1.2/24

使用协议:MPLS-TE tunnel(流量工程隧道),用于操纵LSP转发路径
RSVP(资源预留协议),用于信令建立、标签分发
AtoMVPWS中的一种),用于建立二层的隧道,转发ES-ES之间的流量
ISIS(集成的ISIS),用于IS-IS之间underlay的路由控制

基本配置:接口地址;ISISMPLS-TEIGP扩展);RSVP
!
mpls traffic-eng tunnels //全局配置模式下开启MPLS-TE
!
interface GigabitEthernet1
ip address 192.168.0.1 255.255.255.252 //配置互联地址
ip router isis underlay //将接口加入ISIS协议
no shutdown
mpls traffic-eng tunnels //接口使能MPLS-TE
ip rsvp bandwidth percent 100 //接口使能RSVP
!
interface Loopback0
ip address 192.168.255.1 255.255.255.255
ip router isis underlay
!
router isis underlay
net 49.0192.0000.0000.0001.00 //配置net地址,区域49.0192
is-type level-1 //更改路由器为level-1 only
metric-style wide //更改metric类型wide
log-adjacency-changes //邻居变更通知
mpls traffic-eng router-id Loopback0 //扩展IGP协议支持MPLS-TE
mpls traffic-eng level-1 ///扩展IGP协议支持MPLS-TE
!

检查underlay路由;检查MPLS-TE扩展
LSR6#sh ip route isis
...
i L1 192.168.255.1 [115/40] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.2 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.3 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.4 [115/30] via 192.168.0.26,00:01:31, GigabitEthernet1
i L1 192.168.255.5 [115/20] via 192.168.0.26,00:01:31, GigabitEthernet1

LSR6#sh mpls traffic-eng topologybrief
...
IGP Id: 0000.0000.0001.00, MPLS TEId:192.168.255.1 Router Node (isis level-1)
link[0]: Broadcast, DR:0000.0000.0002.01, nbr_node_id:5, gen:3
frag_id: 0, Intf Address: 192.168.0.1
TE metric: 10, IGP metric: 10, attributeflags: 0x0
SRLGs: None

流量工程及L2VPN配置

1、 在PE设备上建立环回接口用于L2VPN的伪线建立:
R1
interfaceLoopback1
description for VPC-A
ip address 192.168.1.1 255.255.255.255
!
interfaceLoopback2
description for VPC-B
ip address 192.168.1.2 255.255.255.255
!

R6
interfaceLoopback1
description for VPC-A
ip address 192.168.6.1 255.255.255.255
!
interfaceLoopback2
description for VPC-B
ip address 192.168.6.2 255.255.255.255
!
2、 在PE设备上建立静态LSP隧道并且用于TE隧道,使用静态路由引入VPN流量:
R6
ipexplicit-path name LSP-A enable
index 1 next-address 192.168.0.26
index 2 next-address 192.168.0.17
index 3 next-address 192.168.0.6
index 4 next-address 192.168.0.1
!
ipexplicit-path name LSP-B enable
index 1 next-address 192.168.0.26
index 2 next-address 192.168.0.21
index 3 next-address 192.168.0.10
index 4 next-address 192.168.0.1
!
interfaceTunnel1
description for VPC-A
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 192.168.255.1
tunnel mpls traffic-eng path-option 1 explicitname LSP-A
!
interfaceTunnel2
description for VPC-B
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 192.168.255.1
tunnel mpls traffic-eng path-option 1 explicitname LSP-B
!
ip route192.168.1.1 255.255.255.255 Tunnel1
ip route192.168.1.2 255.255.255.255 Tunnel2
R1配置同上

检查标签建立情况:
LSR6#shmpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 1/1[TE-Bind] 0 Tu1 point2point
17 Pop Label 2/1[TE-Bind] 0 Tu2 point2point
25 Pop Label 192.168.1.1/32 0 Tu1 point2point
26 Pop Label 192.168.1.2/32 0 Tu2 point2point

LSR6#shmpls forwarding-table labels 25 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
25 Pop Label 192.168.1.1/32 0 Tu1 point2point
MAC/Encaps=14/18, MRU=1500, LabelStack{18}, via Gi1
5000000400025000000600008847 00012000
No output feature configured

LSR6#traceroute192.168.1.1 source lo1 numeric
...
1 192.168.0.26 [MPLS: Label 18 Exp 0] 3 msec3 msec 3 msec
2 192.168.0.17 [MPLS: Label 17 Exp 0] 3 msec3 msec 3 msec
3 192.168.0.6 [MPLS: Label 18 Exp 0] 3 msec 2msec 2 msec
4 192.168.0.1 3 msec * 3 msec

LSR6#traceroute192.168.1.2 source lo2 numeric
...
1 192.168.0.26 [MPLS: Label 19 Exp 0] 2 msec2 msec 2 msec
2 192.168.0.21 [MPLS: Label 17 Exp 0] 14 msec3 msec 2 msec
3 192.168.0.10 [MPLS: Label 19 Exp 0] 3 msec2 msec 2 msec
4 192.168.0.1 2 msec * 2 msec
至此LSP隧道外层标签完整

3、 在PE设备上建立静态L2VPN隧道
R1
pseudowire-classAToM
encapsulation mpls
protocol ldp
!
interfaceGigabitEthernet3
no shutdown
xconnect 192.168.6.1 1 encapsulation mplspw-class AToM
!
interfaceGigabitEthernet4
no shutdown
xconnect 192.168.6.2 2 encapsulation mplspw-class AToM
!
R6配置同上

4、 在终端设备上ping对端测试发现不通,这是由于我们之前使用RSVP+MPLS-TE只是分发了外层标签,但是AtoM建立时我们配置了使用LDP分发内层VPN标签,需要建立target-LDP的邻居,这时候需要在PE设备的tunnel接口下使能MPLS IP
Interface tunnel1
mpls ip
Interface tunnel2
mpls ip
检查MPLS L2vpn的内层及外层标签情况
LSR1#shmpls l2transport vc 1 detail | inc stack
Output interface: Tu1,imposed label stack {16 18} //外层标签16,由P设备分发,内层标签18,由对端PE分发

5、 在P设备上抓包分析:
123917h2dowwto5kvkwiiz.png
实现ipv4 ipv6走不通路径
评论
one-time
Level 13
Level 13
感谢楼主分享,谢谢~
Kagamigawa
Spotlight
Spotlight
管理员 发表于 2019-11-8 17:15
感谢楼主分享,谢谢~

版主大大永远都是第一个回复的:lol
wuhao0015
Spotlight
Spotlight
支持一下楼主的实验~!
Kagamigawa
Spotlight
Spotlight
wuhao0015 发表于 2019-11-11 09:31
支持一下楼主的实验~!

多谢支持哈,还有三个没审核估计今天能出来
one-time
Level 13
Level 13
zylccna2015 发表于 2019-11-11 10:03
多谢支持哈,还有三个没审核估计今天能出来

您的三个原创内容已经通过审核并发布,谢谢楼主实力分享~
freebird2992
Spotlight
Spotlight
写得特别好,值重推荐!
robortlin
Spotlight
Spotlight
支持一下楼主
wx_NLKCLl5b
Community Member
支持一下原创,赞
likuo
Spotlight
Spotlight
确实是精华。
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接