设备型号和版本:
RT1-MSR3600-V7 0605P13 RT2-MSR2020-V5 2207P38
现场需求:两台设备通过建立MPLS L2VPN BGP PW隧道实现二层互访,目前的问题,隧道建立失败,无法通信。
<RT-1>dis l2vpn xconnect-group //显示L2VPN PW信息
Total number of cross-connections: 1, 0 up, 1 down, 0 admin down
Xconnect-group Name Connection ID MTU State
vpn1 0 1500 Down
<RT-2>dis mpls l2vpn connection //显示Kompella方式的L2VPN连接信息
1 total connections,
connections: 0 up, 1 down, 0 local, 0 remote, 1 unknown
VPN name: vpn1,
1 total connections,
connections: 0 up, 1 down, 0 local, 0 remote, 1 unknown
CE name: cel, id: 1,
Rid type status peer-id route-distinguisher intf
2 --- down --- --- Eth0/1
1、首先查看LDP Remote Peer状态是否建立成功
<RT-1>dis mpls ldp peer
Total number of peers: 1
Peer LDP ID State Role GR MD5 KA Sent/Rcvd
1.1.1.1:0 Operational Active Off Off 24/24
[RT-2]dis mpls ldp session
LDP Session(s) in Public Network
Total number of sessions: 1
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive Off Off 19/19 ------------------------------------------------------------------------------
LAM : Label Advertisement Mode FT : Fault Tolerance
2、查看BGP L2VPN Peer是否建立成功
<RT-1>dis bgp peer l2vpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 1
Peers in established state: 0
* - Dynamically created peer
Peer
AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 4 6 0 0 00:03:03 No Neg
状态为NO Neg,表示地址组能力指定错误,邻居两端的地址组能力不匹配,一般会出现在V5,V7设备对接以及与第三方厂商对接时候出现
核对两台设备的关键配置
RT-1:
bgp 100
router-id 2.2.2.2
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family l2vpn
peer 1.1.1.1 enable
#
connect-group vpn1
auto-discovery bgp
route-distinguisher 3:3
vpn-target 3:3 export-extcommunity
vpn-target 3:3 import-extcommunity
site 2 range 10 default-offset 0
connection remote-site-id 1
ac interface GigabitEthernet5/2
RT-2:
bgp 100 router-id 1.1.1.1
undo synchronization
#
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
l2vpn-family
peer 2.2.2.2 enable
#
mpls l2vpn vpn1 encapsulation ethernet
route-distinguisher 3:3
vpn-target 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
ce cel id 1 range 10 default-offset 0
connection ce-offset 2 interface Ethernet0/1
可以看到RT-2使用的是Kompella方式MPLS L2VPN,而在建立BGP PW的时候,PE设备需要通过MP-BGP协议来交换标签块信息。
在RT-1这侧的BGP L2VPN地址族试图下制定peer 1.1.1.1 enable之后,默认情况下,本地路由器即具有与peer对等体采用RFC 4716中定义的MP_REACH_NLRI格式交换标签信息的能力。所以两端的配置不兼容,需要在RT-1侧添加如下命令:
address-family l2vpn
peer 1.1.1.1 enable
peer 1.1.1.1 signaling non-standard
undo peer 1.1.1.1 auto-discovery
该参数的作用是使能本地路由器与对等体1.1.1.1交换MPLS L2VPN标签块信息的能力,并指定采用draft-kompella-ppvpn-l2vpn-03草案中定义的MP_REACH_NLRI格式交换标签块信息,同时关闭自动发现邻居。
添加改命令之后BGP Peer l2vpn状态变成Establish
添加改命令之后BGP PW仍然没有建立成功,进一步排查发现
RT-2这边mpls l2vpn采用的是Ethernet的封装,RT-1这边没有配置模式,默认是vlan的方式,需要修改为一致。
pw-class pw100
pw-type ethernet
xconnect-group vpn1
auto-discovery bgp
pw-class pw100 //在L2VPN交叉连接组下面调用pw-class
最后需要注意的是查看PW状态前,需要保持AC口的状态是UP,否则即使配置正确,PW的状态也会是down
基于上述三点进行排查修改之后,BGP PW建立成功,测试业务互访正常。
<RT-1> dis l2vpn pw
Flags: M - main, B - backup, BY - bypass, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 1 1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate
Xconnect-group Name: vpn1
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
1.1.1.1 1 917505/20482 BGP M 1 Up
<RT-2>dis mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: cel, id: 1,
Rid type status peer-id route-distinguisher intf
2 rmt up 2.2.2.2 3:3 Eth0/1
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作