中国联通集团和中国电信集团正就全方位战略合作进行安排部署和积极推进。双方进一步加速推进移动和传输专业建设领域方面的深度合作,其中实现4G基站共享是重中之重:即将单个基站同时虚拟为联通和电信的基站,同时为双方用户服务。4G基站共享可大幅节省网络建设投资成本,同时加快实现目标网。
中国联通和中国电信4G 深度合作采用MOCN(Multi-Operator CoreNetwork)方式,即两运营商仅共享RAN,核心网独立。单个基站同时虚拟为联通和电信的基站,通过基站回传网络分别接入各自的核心网,同时为双方用户服务。
各地市移动回传承载网(IPRAN)通过“Option A”方式与对方运营商的移动回传承载网在本地核心层面连接,实现共享业务的互联。联通UTN 与电信IPRAN 的一对ASBR 设备间通过新增物理接口和传输电路,在回传网间建立“口字形”连接;根据传输情况,通过L3VPN 跨域互通“Option A”方式实现VPN的互通;互联链路链路建议采用10GE光口互联,主备链路要保证在不同的物理路径上。如下图所示:
如图所示,电信IPRAN网络下有一个共享基站,电信的业务地址为7.1.1.0/30,联通业务地址为8.1.1.0/30;同样联通IPRAN网络中也存在一个共享基站,其中电信业务地址为7.1.1.4/30,联通业务地址为8.1.1.4/30;因为电信联通仅共享RAN网络,所以存在跨AS流量需求;
此时我们需要新增一对B设备作为ASBR设备与联通的ASBR设备实现Option-A跨域,从而实现VPN流量的跨AS转发;
以下仅介绍部分设备关键配置,接口及公网路由配置省略;
汇聚B设备及A环配置:
1. 汇聚B设备上新增联通VPN实例,配置相应的RD、RT;
2. 汇聚B设备上BGP视图下,配置联通BGP-VPN实例并引入直连路由,相应配置通电信CDMA-RAN配置;
3. 与联通基站L2VPN配置同电信配置,注意此时VE-L3VPN接口需要绑定对应联通VPN实例;
ASBR设备配置:
1. 配置新增ASBR,首先需要实现这对ASBR与ER设备之间ISIS路由互通以及BGP VPNV4邻居的建立;
2. 配置电信及联通对应VPN实例以及BGP-VPN实例;
3. 与对端ASBR互联链路使用两个子接口互联,分别绑定电信以及联通的VPN实例,并配置对应的IP地址;
4. 在BGP-VPN视图下,与对端ASBR设备建立EBGP对等体,并使能交换ipv4路由的能力;
A1设备配置:
//AC接口配置
interface GigabitEthernet1/0/4
port link-mode bridge
description 4G
qos trust dscp
qos apply policy remark_exp inbound
//电信基站使用VLAN 100
service-instance 100
encapsulation s-vid 100
//联通基站使用VLAN 200
service-instance 200
encapsulation s-vid 200
//电信基站PW配置
xconnect-group 4G_chinatelecom
connection 1
mtu 1560
revertive wtr 300
protection dual-receive
ac interface GigabitEthernet1/0/4 service-instance 100
arp suppression enable
peer 2.2.2.2 pw-id 1211 pw-class class
backup-peer 3.3.3.3 pw-id 1311 pw-class class
//联通基站PW配置
xconnect-group 4G_chinaunicom
connection 1
mtu 1560
revertive wtr 300
protection dual-receive
ac interface GigabitEthernet1/0/4 service-instance 200
arp suppression enable
peer 2.2.2.2 pw-id 1222 pw-class class
backup-peer 3.3.3.3 pw-id 1322 pw-class class
B1设备配置
//配置电信4G VPN实例,即CDMA-RAN
ip vpn-instance chinatelecom
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
//配置联通4G VPN实例
ip vpn-instance chinaunicom
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
//配置BGP100进程完成与ER VPNV4邻居对接
bgp 100
group RR-1 internal
peer RR-1 connect-interface LoopBack0
group RR-2 internal
peer RR-2 connect-interface LoopBack0
peer 4.4.4.4 group RR-1
peer 5.5.5.5 group RR-2
#
address-family vpnv4
peer RR-1 enable
peer RR-2 enable
//电信vpn实例chinatelecom
ip vpn-instance chinatelecom
#
address-family ipv4 unicast
import-route direct
balance eibgp 8
pic
//新增联通vpn实例chinaunicom
ip vpn-instance chinaunicom
#
address-family ipv4 unicast
import-route direct
balance eibgp 8
pic
vsi vsi_1000 hub-spoke
description chinatelecom
mtu 1560
undo mac-learning enable
pwsignaling ldp
peer 1.1.1.1 pw-id 1211 pw-class class
#
vsi vsi_2000 hub-spoke
description chinaunicom
mtu 1560
undo mac-learning enable
pwsignaling ldp
peer 1.1.1.1 pw-id 1222 pw-class class
interface VE-L2VPN1000
description chinatelecom
xconnect vsi vsi_1000 hub track 1 2
#
interface VE-L2VPN2000
description chinaunicom
xconnect vsi vsi_2000 hub track 1 2
//电信基站网关配置
interface VE-L3VPN1000
description chinatelecom
mtu 1560
ip binding vpn-instance chinatelecom
ip address 7.1.1.1 30
mac-address 586a-b100-0001
local-proxy-arp enable
arp route-direct advertise
//联通基站网关配置
interface VE-L3VPN2000
description chinaunicom
mtu 1560
ip binding vpn-instance chinaunicom
ip address 8.1.1.1 30
mac-address 586a-b100-0001
local-proxy-arp enable
arp route-direct advertise
ASBR1配置:
ip vpn-instance chinatelecom
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance chinaunicom
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
interface GigabitEthernet0/1
port link-mode route
combo enable copper
//创建.100子接口,并绑定电信VPN实例
interface GigabitEthernet0/1.100
ip binding vpn-instance chinatelecom
ip address 70.0.0.1 255.255.255.252
vlan-type dot1q vid 100
//创建.200子接口,并绑定联通VPN实例
interface GigabitEthernet0/1.200
ip binding vpn-instance chinaunicom
ip address 70.0.0.5 255.255.255.252
vlan-type dot1q vid 200
bgp 100
group RR-1 internal
peer RR-1 connect-interface LoopBack0
group RR-2 internal
peer RR-2 connect-interface LoopBack0
peer 4.4.4.4 group RR-1
peer 5.5.5.5 group RR-2
#
address-family vpnv4
peer RR-1 enable
peer RR-2 enable
//在电信BGP-VPN视图下配置与对端ASBR建立EBGP对等体
ip vpn-instance chinatelecom
peer 70.0.0.2 as-number 200
#
address-family ipv4 unicast
peer 70.0.0.2 enable
//在联通BGP-VPN视图下配置与对端ASBR建立EBGP对等体
ip vpn-instance chinaunicom
peer 70.0.0.6 as-number 200
#
address-family ipv4 unicast
peer 70.0.0.6 enable
ASBR3配置:
ip vpn-instance chinatelecom
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance chinaunicom
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
//创建.100子接口,并绑定电信VPN实例
interface GigabitEthernet0/0.100
ip binding vpn-instance chinatelecom
ip address 70.0.0.2 255.255.255.252
vlan-type dot1q vid 100
//创建.200子接口,并绑定联通VPN实例
interface GigabitEthernet0/0.200
ip binding vpn-instance chinaunicom
ip address 70.0.0.6 255.255.255.252
vlan-type dot1q vid 200
bgp 200
group RR-1 internal
peer RR-1 connect-interface LoopBack0
group RR-2 internal
peer RR-2 connect-interface LoopBack0
peer 10.10.10.10 group RR-1
peer 11.11.11.11 group RR-2
#
address-family vpnv4
peer RR-1 enable
peer RR-2 enable
//在电信BGP-VPN视图下配置与对端ASBR建立EBGP对等体
ip vpn-instance chinatelecom
peer 70.0.0.1 as-number 100
#
address-family ipv4 unicast
peer 70.0.0.1 enable
//在电信BGP-VPN视图下配置与对端ASBR建立EBGP对等体
ip vpn-instance chinaunicom
peer 70.0.0.5 as-number 100
#
address-family ipv4 unicast
peer 70.0.0.5 enable
其余配置为以上对称设备,按照以上配置配置即可;
在B1上查看BGP邻居状态:
[B1]display bgp peer vpnv4
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
4.4.4.4 100 391 440 0 6 06:00:50 Established
5.5.5.5 100 382 427 0 0 05:58:24 Established
查看chinatelecom VPN路由表如下,可以看到基站网关地址7.1.1.1以及联通侧电信基站网关地址7.1.1.5:
[PE2]dis ip routing-table vpn-instance chinatelecom
Destinations : 20 Routes : 20
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
7.1.1.0/30 Direct 0 0 7.1.1.1 L3VE1000
7.1.1.0/32 Direct 0 0 7.1.1.1 L3VE1000
7.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
7.1.1.3/32 Direct 0 0 7.1.1.1 L3VE1000
7.1.1.5/32 BGP 255 0 4.4.4.4 GE0/2
10.0.0.0/30 Direct 0 0 10.0.0.1 GE0/0.100
10.0.0.0/32 Direct 0 0 10.0.0.1 GE0/0.100
10.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
10.0.0.3/32 Direct 0 0 10.0.0.1 GE0/0.100
20.0.0.0/30 O_INTRA 10 2 10.0.0.2 GE0/0.100
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
140.0.0.0/30 BGP 255 0 4.4.4.4 GE0/2
150.0.0.0/30 BGP 255 0 4.4.4.4 GE0/2
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
连通性测试,从B1上ping测试与联通侧电信基站或者网关是否可达:
[PE2]ping -vpn-instance chinatelecom 7.1.1.5
Ping 7.1.1.5 (7.1.1.5): 56 data bytes, press CTRL_C to break
56 bytes from 7.1.1.5: icmp_seq=0 ttl=252 time=11.952 ms
56 bytes from 7.1.1.5: icmp_seq=1 ttl=252 time=5.980 ms
56 bytes from 7.1.1.5: icmp_seq=2 ttl=252 time=8.282 ms
56 bytes from 7.1.1.5: icmp_seq=3 ttl=252 time=5.881 ms
56 bytes from 7.1.1.5: icmp_seq=4 ttl=252 time=3.951 ms
--- Ping statistics for 7.1.1.5 in VPN instance ct ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.951/7.209/11.952/2.740 ms
[PE2]%Apr 14 15:54:58:534 2016 PE2 PING/6/PING_VPN_STATISTICS: Ping statistics for 7.1.1.5 in VPN instance ct: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 3.951/7.209/11.952/2.740 ms.
在ASBR 4上查看相关路由:
[ASBR4]dis ip routing-table vpn-instance chinatelecom
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
7.1.1.0/30 BGP 255 0 2.2.2.2 GE0/0
7.1.1.5/32 BGP 255 0 70.0.0.2 GE0/1.100
10.0.0.0/30 BGP 255 0 2.2.2.2 GE0/0
20.0.0.0/30 BGP 255 3 2.2.2.2 GE0/0
70.0.0.0/30 Direct 0 0 70.0.0.1 GE0/1.100
70.0.0.0/32 Direct 0 0 70.0.0.1 GE0/1.100
70.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
70.0.0.3/32 Direct 0 0 70.0.0.1 GE0/1.100
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
140.0.0.0/30 BGP 255 0 70.0.0.2 GE0/1.100
150.0.0.0/30 BGP 255 0 70.0.0.2 GE0/1.100
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
同理可得联通相关路由表项;
1. 基站共享的本质,是需要通过option-a方式实现相同VPN跨域互访;
2. 因为VPN业务只有两类即电信基站以及联通基站,所以采用option-a类跨域方式;配置起来比较简单;
3. 因为有两个VPN业务,所以四个ASBR跨域互联是需要配置两个子接口,分别绑定对应的VPN实例;
4. 跨域ASBR之间无需开启MPLS以及LDP协议;
5. 基站共享配置主要涉及的为L3VPN部分配置,L2VPN部分无变化;
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作