华为路由器实验指导 | 配置EVdPdNd VPLS over SR-MPLS BE(BFD EVdPdNd)

组网需求

图1所示,为了实现通过骨干网使不同Site间相互通信,可以在网络中配置EVPN,实现二层流量业务的传输。当Site之间为同一子网时,各个PE设备上创建EVPN实例,存储EVPN路由,匹配MAC信息进行二层转发。本例中PE之间将使用SR-MPLS BE隧道承载业务流量的传输。

图1 配置EVPN VPLS over SR-MPLS BE组网图

华为路由器实验指导 | 配置EVdPdNd VPLS over SR-MPLS BE(BFD EVdPdNd)

配置思路

  1. 配置接口IP地址。

  2. 配置IGP实现PE1、PE2以及P设备之间的两两互通。

  3. 配置骨干网上的SR-MPLS BE隧道。

  4. 配置PE上的EVPN实例。

  5. 配置PE上的EVPN源地址。

  6. 配置PE与CE相连的二层以太子接口。

  7. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道。

  8. 配置PE间的BGP EVPN对等体关系。

  9. 配置CE与PE之间相互通信。

操作步骤

1. 按图1配置PE和P设备之间的接口地址

# 配置PE1。

<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.1 32
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet2/0/0
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit

# 配置P。

<HUAWEI> system-view
[~HUAWEI] sysname P
[*HUAWEI] commit
[~P] interface loopback 1
[*P-LoopBack1] ip address 2.2.2.2 32
[*P-LoopBack1] quit
[*P] interface gigabitethernet1/0/0
[*P-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet2/0/0
[*P-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*P-GigabitEthernet2/0/0] quit
[*P] commit

# 配置PE2。

<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.3 32
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet2/0/0
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit

2. 配置IGP实现PE1、PE2以及P设备之间的互通。本例中IGP使用IS-IS为例进行说明

# 配置PE1。

[~PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] network-entity 00.1111.1111.1111.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface GigabitEthernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit

# 配置P。

[~P] isis 1
[*P-isis-1] is-level level-2
[*P-isis-1] network-entity 00.1111.1111.2222.00
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis enable 1
[*P-LoopBack1] quit
[*P] interface GigabitEthernet 1/0/0
[*P-GigabitEthernet1/0/0] isis enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface GigabitEthernet 2/0/0
[*P-GigabitEthernet2/0/0] isis enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] commit

# 配置PE2。

[~PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] network-entity 00.1111.1111.3333.00
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface GigabitEthernet 2/0/0
[*PE2-GigabitEthernet2/0/0] isis enable 1
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit

配置完成后,PE1、PE2和P之间应能建立IS-IS邻居关系,执行display isis peer命令可以看到邻居状态为Up。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。

以PE1的显示为例:

[~PE1] display isis peer
                          Peer information for ISIS(1)
                         
  System Id     Interface          Circuit Id        State HoldTime Type     PRI
--------------------------------------------------------------------------------
1111.1111.2222  GE2/0/0            1111.1111.2222.01  Up   8s       L2       64 

Total Peer(s): 1
[~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 11       Routes : 11        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        1.1.1.1/32  Direct  0    0             D   127.0.0.1       LoopBack1
        2.2.2.2/32  ISIS-L2 15   10            D   10.1.1.2        GigabitEthernet2/0/0
        3.3.3.3/32  ISIS-L2 15   20            D   10.1.1.2        GigabitEthernet2/0/0
       10.1.1.0/24  Direct  0    0             D   10.1.1.1        GigabitEthernet2/0/0
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
     10.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
       10.2.1.0/24  ISIS-L2 15   20            D   10.1.1.2        GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

3. (可选)在骨干网上配置MPLS基本能力

当接口下使能IS-IS功能后,接口自动使能MPLS能力,所以也可以忽略此步骤。

# 配置PE1。

[~PE1] mpls lsr-id 1.1.1.1
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit

# 配置P。

[~P] mpls lsr-id 2.2.2.2
[*P] mpls
[*P-mpls] commit
[~P-mpls] quit

# 配置PE2。

[~PE2] mpls lsr-id 3.3.3.3
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit

4. 配置骨干网上的SR-MPLS BE隧道

# 配置PE1。

[~PE1] segment-routing
[*PE1-segment-routing] quit
[*PE1] isis 1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] segment-routing global-block 153616 153800
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis prefix-sid absolute 153700
[*PE1-LoopBack1] quit
[*PE1] commit

# 配置P。

[~P] segment-routing
[*P-segment-routing] quit
[*P] isis 1
[*P-isis-1] cost-style wide
[*P-isis-1] segment-routing mpls
[*P-isis-1] segment-routing global-block 153616 153800
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis prefix-sid absolute 153710
[*P-LoopBack1] quit
[*P] commit

# 配置PE2。

[~PE2] segment-routing
[*PE2-segment-routing] quit
[*PE2] isis 1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] segment-routing global-block 153616 153800
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis prefix-sid absolute 153720
[*PE2-LoopBack1] quit
[*PE2] commit

# 配置完成后,在PE设备上执行display tunnel-info all命令,可以看到SR LSP已建立。以PE1的显示为例。

[~PE1] display tunnel-info all         
Tunnel ID            Type                Destination                             Status              
---------------------------------------------------------------------------------------- 
0x000000002900000004 srbe-lsp            2.2.2.2                                 UP             
0x000000002900000005 srbe-lsp            3.3.3.3                                 UP 

# 在PE1上使用Ping检测SR LSP连通性,例如:

[~PE1] ping lsp segment-routing ip 3.3.3.3 32 version draft2                          
  LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100  data bytes, press CTRL_C to break      
    Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms                               
    Reply from 3.3.3.3: bytes=100 Sequence=2 time=3 ms                                 
    Reply from 3.3.3.3: bytes=100 Sequence=3 time=3 ms                                      
    Reply from 3.3.3.3: bytes=100 Sequence=4 time=3 ms                                        
    Reply from 3.3.3.3: bytes=100 Sequence=5 time=3 ms
  --- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics ---                 
    5 packet(s) transmitted               
    5 packet(s) received   
    0.00% packet loss 
    round-trip min/avg/max = 3/3/6 ms 

5. 配置PE上的EVPN实例

# 配置PE1。

[~PE1] evpn vpn-instance evrf1 bd-mode
[*PE1-evpn-instance-evrf1] route-distinguisher 100:1
[*PE1-evpn-instance-evrf1] vpn-target 1:1
[*PE1-evpn-instance-evrf1] quit
[*PE1] bridge-domain 10
[*PE1-bd10] evpn binding vpn-instance evrf1
[*PE1-bd10] quit
[*PE1] commit

# 配置PE2。

[~PE2] evpn vpn-instance evrf1 bd-mode
[*PE2-evpn-instance-evrf1] route-distinguisher 200:1
[*PE2-evpn-instance-evrf1] vpn-target 1:1
[*PE2-evpn-instance-evrf1] quit
[*PE2] bridge-domain 10
[*PE2-bd10] evpn binding vpn-instance evrf1
[*PE2-bd10] quit
[*PE2] commit

6. 配置PE上的EVPN源地址

# 配置PE1。

[~PE1] evpn source-address 1.1.1.1
[*PE1] commit

# 配置PE2。

[~PE2] evpn source-address 3.3.3.3
[*PE2] commit

7. 配置PE与CE相连的二层以太子接口

# 配置PE1。

[~PE1] interface GigabitEthernet 1/0/0
[*PE1-Gigabitethernet1/0/0] undo shutdown
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] interface GigabitEthernet 1/0/0.1 mode l2
[*PE1-GigabitEthernet 1/0/0.1] encapsulation dot1q vid 10
[*PE1-GigabitEthernet 1/0/0.1] rewrite pop single
[*PE1-GigabitEthernet 1/0/0.1] bridge-domain 10
[*PE1-GigabitEthernet 1/0/0.1] quit
[*PE1] commit

# 配置PE2。

[~PE2] interface GigabitEthernet 1/0/0
[*PE2-Gigabitethernet1/0/0] undo shutdown
[*PE2-Gigabitethernet1/0/0] quit
[*PE2] interface GigabitEthernet 1/0/0.1 mode l2
[*PE2-GigabitEthernet 1/0/0.1] encapsulation dot1q vid 10
[*PE2-GigabitEthernet 1/0/0.1] rewrite pop single
[*PE2-GigabitEthernet 1/0/0.1] bridge-domain 10
[*PE2-GigabitEthernet 1/0/0.1] quit
[*PE2] commit

8. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道

# 配置PE1。

[~PE1] tunnel-policy srbe
[*PE1-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1 
[*PE1-tunnel-policy-srbe] quit
[*PE1] evpn vpn-instance evrf1 bd-mode
[*PE1-evpn-instance-evrf1] tnl-policy srbe
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit

# 配置PE2。

[~PE2] tunnel-policy srbe
[*PE2-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1 
[*PE2-tunnel-policy-srbe] quit
[*PE2] evpn vpn-instance evrf1 bd-mode
[*PE2-evpn-instance-evrf1] tnl-policy srbe
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit

9. 配置PE间的BGP EVPN对等体关系

# 配置PE1。

[~PE1] bgp 100
[*PE1-bgp] peer 3.3.3.3 as-number 100
[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 3.3.3.3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit

# 配置PE2。

[~PE2] bgp 100
[*PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 1.1.1.1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit

配置完成后,执行display bgp evpn peer命令,可以看到PE间的BGP对等体关系已建立,并达到Established状态。以PE1为例:

[~PE1] display bgp evpn peer

 BGP local router ID : 10.1.1.1            
 Local AS number : 100                                                                    
 Total number of peers : 1                 Peers in established state : 1                           

  Peer                             V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv        
  3.3.3.3                          4         100       43       44     0 00:34:03 Established        1 

10. 配置CE与PE之间相互通信

# 配置CE1。

[~CE1] interface GigabitEthernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE1-GigabitEthernet1/0/0.1] ip address 172.16.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit

# 配置CE2。

[~CE2] interface GigabitEthernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE2-GigabitEthernet1/0/0.1] ip address 172.16.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit

11. 检查配置结果

在PE设备上执行display bgp evpn all routing-table命令,可以看到远端PE发来的EVPN路由。以PE1为例:

[~PE1] display bgp evpn all routing-table

 Local AS number : 100                                                  

 BGP Local router ID is 10.1.1.1                                        
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,                                                    
               h - history,  i - internal, s - suppressed, S - Stale    
               Origin : i - IGP, e - EGP, ? - incomplete                


 EVPN address family:                                                   
 Number of Mac Routes: 2                                                
 Route Distinguisher: 100:1                                             
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop   
 *>    0:48:00e0-fc21-0302:0:0.0.0.0                          0.0.0.0   
 Route Distinguisher: 200:1                                             
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop   
 *>i   0:48:00e0-fc61-0300:0:0.0.0.0                          3.3.3.3   


 EVPN-Instance evrf1:                                                   
 Number of Mac Routes: 2                                                
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop  
 Number of Mac Routes: 2                                                
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop   
 *>    0:48:00e0-fc21-0302:0:0.0.0.0                          0.0.0.0   
 *>i   0:48:00e0-fc61-0300:0:0.0.0.0                          3.3.3.3   

 EVPN address family:                                                   
 Number of Inclusive Multicast Routes: 2                                
 Route Distinguisher: 100:1                                             
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop   
 *>    0:32:1.1.1.1                                           127.0.0.1 
 Route Distinguisher: 200:1                                             
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop   
 *>i   0:32:3.3.3.3                                           3.3.3.3   


 EVPN-Instance evrf1:                                                   
 Number of Inclusive Multicast Routes: 2                                
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop   
 *>    0:32:1.1.1.1                                           127.0.0.1 
 *>i   0:32:3.3.3.3                                           3.3.3.3

在PE1上执行命令display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0查看MAC Route的详细信息。

[~PE1] display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0  

 BGP local router ID : 10.1.1.1                                         
 Local AS number : 100                                                  
 Total routes of Route Distinguisher(200:1): 1                          
 BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:  
 Label information (Received/Applied): 48090/NULL                       
 From: 3.3.3.3 (10.2.1.2)                                               
 Route Duration: 0d00h03m20s                                            
 Relay IP Nexthop: 10.1.1.2                                             
 Relay IP Out-Interface: GigabitEthernet2/0/0                                  
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                              
 Original nexthop: 3.3.3.3                                              
 Qos information : 0x0                                                  
 Ext-Community: RT <1 : 1>                                              
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20   
 Route Type: 2 (MAC Advertisement Route)                                
 Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000   
 Not advertised to any peer yet                                         



 EVPN-Instance evrf1:                                                   
 Number of Mac Routes: 1                                                
 BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:  
 Route Distinguisher: 200:1                                             
 Remote-Cross route                                                     
 Label information (Received/Applied): 48090/NULL                       
 From: 3.3.3.3 (10.2.1.2)                                               
 Route Duration: 0d00h03m21s                                            
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                              
 Original nexthop: 3.3.3.3                                              
 Qos information : 0x0                                                  
 Ext-Community: RT <1 : 1>                                              
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20        
 Route Type: 2 (MAC Advertisement Route)                                
 Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000      
 Not advertised to any peer yet

在PE1上执行命令display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3查看Inclusive Multicast Route的详细信息。

[~PE1] display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3

 BGP local router ID : 10.1.1.1       
 Local AS number : 100                
 Total routes of Route Distinguisher(200:1): 1                                       
 BGP routing table entry information of 0:32:3.3.3.3:                                
 Label information (Received/Applied): 48123/NULL                                    
 From: 3.3.3.3 (3.3.3.3)    
 Route Duration: 0d01h33m44s
 Relay IP Nexthop: 10.1.1.2           
 Relay IP Out-Interface: GigabitEthernet2/0/0
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                                           
 Original nexthop: 3.3.3.3  
 Qos information : 0x0      
 Ext-Community: RT <1 : 1>  
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20       
 PMSI: Flags 0, Ingress Replication, Label 0:0:0(48123), Tunnel Identifier:3.3.3.3   
 Route Type: 3 (Inclusive Multicast Route)                                           
 Ethernet Tag ID: 0, Originator IP:3.3.3.3/32                                        
 Not advertised to any peer yet 



 EVPN-Instance evrf1:       
 Number of Inclusive Multicast Routes: 1                                             
 BGP routing table entry information of 0:32:3.3.3.3:                                
 Route Distinguisher: 200:1 
 Remote-Cross route         
 Label information (Received/Applied): 48123/NULL                                    
 From: 3.3.3.3 (3.3.3.3)    
 Route Duration: 0d01h33m44s
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                                           
 Original nexthop: 3.3.3.3  
 Qos information : 0x0      
 Ext-Community: RT <1 : 1>  
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
 PMSI: Flags 0, Ingress Replication, Label 0:0:0(48123), Tunnel Identifier:3.3.3.3   
 Route Type: 3 (Inclusive Multicast Route)                                           
 Ethernet Tag ID: 0, Originator IP:3.3.3.3/32                                        
 Not advertised to any peer yet

在CE上执行ping命令,同一VPN的CE能够相互Ping通,例如:

[~CE1] ping 172.16.1.2                                     
  PING 172.16.1.2: 56  data bytes, press CTRL_C to break                             
    Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=7 ms                     
    Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms                    
    Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=6 ms                     
    Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms                     
    Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=5 ms                     

  --- 172.16.1.2 ping statistics ---  
    5 packet(s) transmitted 
    5 packet(s) received    
    0.00% packet loss       
    round-trip min/avg/max = 2/6/10 ms

上一篇:[LeetCode] 159. Longest Substring with At Most Two Distinct Characters


下一篇:Win7下硬盘安装fedora17