一、组网需求:
客户使用两台SR66设备(SR66-1、SR66-2)做为PE、两台MSR设备(MSR-1、MSR-3)做为CE搭建了MPLS L3VPN网络,用来运行业务。其中PE设备与CE设备之间使用OSPF路由协议。
为了保证业务的可靠性,客户在两台CE设备间添加了另外一台MSR设备(MSR-2),三台MSR设备之间运行OSPF协议,做为后门链路。正常情况下,业务从MPLS L3VPN中运行;如果MPLS L3VPN网络故障,则业务切至后门链路。这样可以保证业务不中断。
实现以上需求需要在两台PE设备上配置OSPF Sham-link功能。
设备及版本:SR6602路由器2台(版本为R2604P10)、MSR30-20路由器3台(版本为R2209P15)。
二、组网图:
三、配置步骤:
MSR-1 配置 |
# sysname MSR-1 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface GigabitEthernet0/0 port link-mode route ip address 11.0.0.2 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route ip address 20.0.0.1 255.255.255.0 ospf cost 20 # ospf 1 area 0.0.0.0 network 11.0.0.0 0.0.0.255 network 3.3.3.3 0.0.0.0 network 20.0.0.0 0.0.0.255 # |
MSR-2 配置 |
# sysname MSR-2 # interface GigabitEthernet0/0 port link-mode route ip address 20.0.0.2 255.255.255.0 ospf cost 20 # interface GigabitEthernet0/1 port link-mode route ip address 21.0.0.2 255.255.255.0 ospf cost 20 # ospf 1 area 0.0.0.0 network 20.0.0.0 0.0.0.255 network 21.0.0.0 0.0.0.255 # |
MSR-3 配置 |
# sysname MSR-3 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface GigabitEthernet0/0 port link-mode route ip address 12.0.0.2 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route ip address 21.0.0.1 255.255.255.0 ospf cost 20 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 12.0.0.0 0.0.0.255 network 21.0.0.0 0.0.0.255 # |
SR66-1 配置 |
# sysname SR66-1 # mpls lsr-id 1.1.1.1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls # mpls ldp # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 1.1.1.2 255.255.255.255 //Sham-link的源地址,此接口需加入VPN1中 # interface GigabitEthernet0/0 ip binding vpn-instance vpn1 ip address 11.0.0.1 255.255.255.0 # interface GigabitEthernet0/1 ip address 10.0.0.1 255.255.255.0 mpls mpls ldp # bgp 100 undo synchronization peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 # ipv4-family vpn-instance vpn1 import-route direct import-route ospf 10 # ipv4-family vpnv4 peer 2.2.2.2 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.0.0.0 0.0.0.255 # ospf 10 vpn-instance vpn1 area 0.0.0.0 network 11.0.0.0 0.0.0.255 sham-link 1.1.1.2 2.2.2.1 cost 10 //Sham-link配置,需保证此处的cost值小于后门链路的cost值 # |
SR66-2 配置 |
# sysname SR66-2 # mpls lsr-id 2.2.2.2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls # mpls ldp # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 2.2.2.1 255.255.255.255 //Sham-link的源地址,此接口需加入VPN1中 # interface GigabitEthernet0/0 ip binding vpn-instance vpn1 ip address 12.0.0.1 255.255.255.0 # interface GigabitEthernet0/1 ip address 10.0.0.2 255.255.255.0 mpls mpls ldp # bgp 100 undo synchronization peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 # ipv4-family vpn-instance vpn1 import-route direct import-route ospf 10 # ipv4-family vpnv4 peer 1.1.1.1 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.0.0.0 0.0.0.255 # ospf 10 vpn-instance vpn1 area 0.0.0.0 network 12.0.0.0 0.0.0.255 sham-link 2.2.2.1 1.1.1.2 cost
10 //Sham-link配置,需保证此处的cost值小于后门链路的cost值 # |
四、功能测试:
配置完成后,在SR66-1上查看Sham-link信息:
dis ospf sham-link
OSPF Process 10 with Router ID 11.0.0.1
Sham Link:
Area NeighborId Source-IP Destination-IP State Cost
0.0.0.0 12.0.0.1 1.1.1.2 2.2.2.1 P-2-P 10
display ospf sham-link area 0
OSPF Process 10 with Router ID 11.0.0.1
Sham-Link: 1.1.1.2 --> 2.2.2.1
Neighbor ID: 12.0.0.1 State: Full //对端状态为Full
Area: 0.0.0.0
Cost: 10 State: P-2-P Type: Sham
Timers: Hello 10, Dead 40, Retransmit 5, Transmit Delay 1
此时查看MSR-1上去往4.4.4.4/32以及12.0.0.0/24网段的路由表:
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 OSPF 10 12 11.0.0.1 GE0/0
12.0.0.0/24 OSPF 10 12 11.0.0.1 GE0/0
……
然后,将SR66-1的G0/0口shutdown掉,再次查看MSR-1上去往4.4.4.4/32以及12.0.0.0/24网段的路由表,可见业务已经切至后门链路:
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 OSPF 10 40 20.0.0.2 GE0/1
12.0.0.0/24 OSPF 10 41 20.0.0.2 GE0/1
……
五、配置关键点:
1、 Sham-link的端点地址被BGP做为VPN-IPv4地址发布,如果路由经过了Sham-link,它就不能再以VPN-IPv4路由的形式被引入到BGP。
2、 配置Sham-link时,需要在PE上配置BGP引入OSPF的私网路由,但不能配置OSPF引入BGP路由,否则会引起路由环路。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作