在MPLS L3VPN解决方案中,PE设备最为关键,它完成两方面的功能:首先是为用户提供接入功能,这需要PE具有大量接口;然后是管理和发布VPN路由,处理用户报文,这需要PE设备具有大容量存储和高转发能力。
而MPLS L3VPN是一种平面模型,对网络中所有PE设备的性能要求相同,当网络中某些PE在性能和可扩展性方面存在问题时,整个网络的性能和可扩展性将受到影响。
在MPLS L3VPN领域,HoVPN(Hierarchy of VPN,分层VPN)解决方案的提出,实现了将PE的功能分布到多个PE设备上,多个PE承担不同的角色,并形成层次结构,共同完成一个PE的功能。
HoVPN对处于较高层次的设备的路由能力和转发性能要求较高,而对处于较低层次的设备的相应要求也较低,符合典型的分层网络模型。
SPE配置:
[SPE]display current-configuration
#
version 5.20, Release 2507, Standard
#
sysname SPE
#
mpls lsr-id 7.175.20.4
#
ip vpn-instance sifaju
route-distinguisher 65000:657
vpn-target 65000:657 export-extcommunity
vpn-target 65000:657 import-extcommunity
#
mpls
#
mpls ldp
#
interface LoopBack0
ip address 7.175.20.4 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 7.175.20.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/1
port link-mode route
nat outbound static
ip binding vpn-instance sifaju
ip address 10.0.0.254 255.255.255.0
#
bgp 65000
synchronization
peer 7.218.20.4 as-number 65000
peer 7.218.20.4 connect-interface LoopBack0
#
ipv4-family vpn-instance sifaju
network 0.0.0.0
import-route direct
#
ipv4-family vpnv4
peer 7.218.20.4 enable
peer 7.218.20.4 upe
peer 7.218.20.4 default-route-advertise vpn-instance sifaju
#
ospf 1 router-id 7.175.20.4
area 0.0.0.0
network 7.175.20.4 0.0.0.3
UPE配置:
[R3]display current-configuration
#
version 5.20, Release 2509, Standard
#
sysname R3
#
mpls lsr-id 7.218.20.4
#
ip vpn-instance sifaju
route-distinguisher 65000:657
vpn-target 65000:657 export-extcommunity
vpn-target 65000:657 import-extcommunity
#
vlan 1
#
mpls
#
mpls ldp
#
interface LoopBack0
ip address 7.218.20.4 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip binding vpn-instance sifaju
ip address 20.0.0.254 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 7.218.20.2 255.255.255.0
mpls
mpls ldp
#
bgp 65000
network 0.0.0.0
undo synchronization
peer 7.175.20.4 as-number 65000
peer 7.175.20.4 connect-interface LoopBack0
#
ipv4-family vpn-instance sifaju
import-route direct
#
ipv4-family vpnv4
peer 7.175.20.4 enable
#
ospf 1 router-id 7.218.20.4
area 0.0.0.0
network 7.218.20.0 0.0.0.3
network 7.218.20.4 0.0.0.0
#
P设备配置:
[P]display current-configuration
#
version 5.20, Release 2509P01, Standard
#
sysname P
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls ldp
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 7.175.20.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/1
port link-mode route
ip address 7.218.20.3 255.255.255.0
mpls
mpls ldp
#
ospf 1
area 0.0.0.0
network 7.218.20.0 0.0.0.255
network 7.175.20.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
结果显示
[SPE]display ip routing-table vpn-instance sifaju
Routing Tables: sifaju
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.0/24 Direct 0 0 10.0.0.254 GE0/1
10.0.0.254/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.0/24 BGP 255 0 7.218.20.4 NULL0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]display ip routing-table vpn-instance sifaju
Routing Tables: sifaju
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 BGP 255 0 7.175.20.4 NULL0
20.0.0.0/24 Direct 0 0 20.0.0.254 GE0/0
20.0.0.254/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
说明:HOPE方式,是为了减轻PE设备的工作负担,同时不改变原有的公私网边界,故此处UPE只有一条默认路由
1. SPE/UPE/P设备的mpls lsr-id直接必须是可达的,即需要将三个设备的loopback通告进OSPF,否则直连设备之间是无法正确建立LDP session的
2. 如果P设备的3.3.3.3是未进行通告的,则在SPE和UPE中,对应的路由在BGP路由表中不是最优的(同步/下一跳),此处同步已经关闭,因此影响路由不是最优的因素就是下一跳不可达(指的是MPLS下一跳不可达),
即:ping lsp ipv47.218.20.4是不可达的
3. [SPE]display mpls ldp peer
LDP Peer Information in Public network
Total number of peers: 1
------------------------------------------------------------------------------
Peer-ID Transport-Address Discovery-Source
------------------------------------------------------------------------------
3.3.3.3:0 3.3.3.3 GigabitEthernet0/0
------------------------------------------------------------------------------
说明:在P设备即使不通告3.3.3.3,此时在SPE上执行display mpls ldp peer也是存在此表象的,原因在于P设备已经从G0/0和G0/1发出了LDP的hello报文
而正确查看LDP邻居是否正常的命令为:
[SPE]display mpls ldp session
LDP Session(s) in Public Network
Total number of sessions: 1
------------------------------------------------------------------------------
Peer-ID Status SsnRole FT MD5 KA-Sent/Rcv
------------------------------------------------------------------------------
3.3.3.3:0 Operational Active Off Off 11/11
------------------------------------------------------------------------------
FT : Fault Tolerance
如果此处显示:operational,则表示正常,否则显示为:Non Existent(尚未建立TCP连接)
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作