「HUAWEI-ENSP」- 实验学习:L3VPN over SR MPLS BE | 域内

实验拓扑

  • PE1 和 PE2 设备各有一个 CE 属于 VPN 实例 vpna;

实验需求

在骨干网络中,部署 L3VPN 迭代 SR-MPLS BE 隧道,使得 PC1 和 PC2 可以相互通信;

实验过程

配置过程

# ----------------------------------------------------------------------------- # SR MPLS BE LSP

[CX1]mpls lsr-id 1.1.1.1
[CX1]mpls
[CX1]segment-routing

[CX1]ospf 1	
[CX1-ospf-1]opaque-capability enable 
[CX1-ospf-1]segment-routing mpls 
[CX1-ospf-1]segment-routing global-block 16000 17000

[CX1]interface LoopBack 0
[CX1-LoopBack0]ospf prefix-sid index 1

.... CX2 CX3 CX3 CX7

[CX5]mpls lsr-id 5.5.5.5
[CX5]mpls
[CX5]segment-routing

[CX5]ospf 1
[CX5-ospf-1]opaque-capability enable 
[CX5-ospf-1]segment-routing mpls 
[CX5-ospf-1]segment-routing global-block 16000 17000

[CX5]interface LoopBack 0 
[CX5-LoopBack0]ospf prefix-sid index 5

# ----------------------------------------------------------------------------- # BGP VPNv4

[CX1]bgp 200
[CX1-bgp]peer 5.5.5.5 as-number 200
[CX1-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[CX1-bgp]ipv4-family vpnv4 unicast 
[CX1-bgp-af-vpnv4]peer 5.5.5.5 enable 

[CX5]bgp 200
[CX5-bgp]peer 1.1.1.1 as-number 200
[CX5-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[CX5-bgp]ipv4-family vpnv4 unicast 
[CX5-bgp-af-vpnv4]peer 1.1.1.1 enable 

# ----------------------------------------------------------------------------- # 流量接入

[CX1]ip vpn-instance SiteA
[CX1-vpn-instance-SiteA]ipv4-family unicast 
[CX1-vpn-instance-SiteA-af-ipv4]route-distinguisher 100:1
[CX1-vpn-instance-SiteA-af-ipv4]vpn-target 100:1

[CX1]interface Ethernet 1/0/1
[CX1-Ethernet1/0/1]ip binding vpn-instance SiteA
[CX1-Ethernet1/0/1]ip address 192.168.20.254 24

[CX1]bgp 200
[CX1-bgp]ipv4-family vpn-instance SiteA
[CX1-bgp-SiteA]network 192.168.20.0 24

[CX5]ip vpn-instance SiteB
[CX5-vpn-instance-SiteB]ipv4-family unicast 
[CX5-vpn-instance-SiteB-af-ipv4]route-distinguisher 100:1
[CX5-vpn-instance-SiteB-af-ipv4]vpn-target 100:1

[CX5]interface  Ethernet 1/0/1
[CX5-Ethernet1/0/1]ip binding vpn-instance SiteB
[CX5-Ethernet1/0/1]ip address 192.168.10.254 24

[CX5]bgp 200
[CX5-bgp]ipv4-family vpn-instance SiteB
[CX5-bgp-SiteB]network 192.168.10.0 24

测试方法:

  • PC1 ping PC2 能够成功,
  • 抓包能够看到报文中的两层标签
    • 最外层为 SR MPLS BE 分配的标签;
    • 最内层为 BGP VPNv4 分配的标签,通过 display bgp vpnv4 all routing-table x.x.x.x 查看 Label information 字段。
  • 通过 display ip routing-table vpn-instance SiteA x.x.x.x verbose 命令,查看路由所使用的隧道。
    • 通过 display tunnel-info all 命令,来查看隧道信息。

排查访问:

  • 检查 LSP 路径:[CX1]tracert lsp segment-routing ip 5.5.5.5 32 version draft2

补充说明

该技术 L3VPN over SR MPLS BE 能够替代 L2VPN over MPLS LDP 技术;

Filed under: K4NZDROID - @ 11:09 PM