Print

SR66-F系列路由器VE-L3VPN接口超规格时临时规避典型配置案例

2017-05-15 发表

VE-L3VPN接口在IPRAN组网中至关重要,他作为L2VPN接入L3VPN的中转站起到了承上启下的作用;同时VE-L3VPN接口也作为下联基站的网关,业务下发后检测L2VPN连通性测试以及与基站互通的情况,B设备VE-L3VPN接口可以作为一个很好的节点;但是VE-L3VPN接口规格限制为255个,所以最多在B设备上配置255个网关,在部分局点实施过程中,因为各种原因可能需要临时新增业务,可以通过本案例的临时规避办法新增业务,但是在运维及规范上不符合要求,需要尽快将新业务迁移到扩容B设备;

如上图所示,我们通过该简化拓扑介绍一下配置关键点;

前面我们已经了解,目前VE-L2VPN/VE-L3VPN已经满规格,新增的基站2无法新建网关,所以规避方式是在B设备上共用已有的VSI/VE-L2VPN/VE-L3VPN接口,配置示例如下:

 

基础配置省略:

 

B设备配置:

 

pw-class 121

control-word enable

pw-type ethernet

vccv cc control-word

vccv bfd

#//

vsi 1 hub-spoke

pwsignaling ldp

  peer 2.2.2.2 pw-id 11 pw-class 1

  peer 2.2.2.2 pw-id 22 pw-class 1

 

interface VE-L2VPN1

xconnect vsi 1 hub

 

interface VE-L3VPN1

ip binding vpn-instance 2

ip address 100.1.1.1 255.255.255.252

ip address 100.1.2.1 255.255.255.252 sub

 

A配置:

 

pw-class 1

control-word enable

pw-type ethernet

vccv cc control-word

 

xconnect-group 1

connection 1

  ac interface GigabitEthernet1/0/14 service-instance 1 access-mode ethernet

  arp suppression enable

  peer 1.1.1.1 pw-id 11 pw-class 1

#

xconnect-group 2

connection 1

  ac interface GigabitEthernet1/0/15 service-instance 1 access-mode ethernet

  arp suppression enable

  peer 1.1.1.1 pw-id 22 pw-class 1

 

interface GigabitEthernet1/0/14

port link-mode bridge

service-instance 1

  encapsulation default

#

interface GigabitEthernet1/0/15

port link-mode bridge

service-instance 1

  encapsulation default

 

模拟基站配置:

 

interface GigabitEthernet1/0/0

port link-mode route

ip address 100.1.1.2 255.255.255.252

 

interface GigabitEthernet1/0/0

port link-mode route

ip address 100.1.2.2 255.255.255.252

 

查看PW状态信息:

 

[B2]dis l2v pw

Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon

Total number of PWs: 3

2 up, 0 blocked, 1 down, 0 defect, 0 idle, 0 duplicate

 

VSI Name: 1

Peer            PW ID/Rmt Site    In/Out Label    Proto   Flag  Link ID  State 

2.2.2.2         11                133758/65663    LDP     MS    8        Up    

2.2.2.2         22                133757/65662    LDP     MS    9        Up    

 

[H3C]dis l2v pw

Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon

Total number of PWs: 2

2 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

 

Xconnect-group Name: 1

Peer            PW ID/Rmt Site    In/Out Label    Proto   Flag  Link ID  State 

1.1.1.1         11                65663/133758    LDP     M     0        Up    

 

Xconnect-group Name: 2

Peer            PW ID/Rmt Site    In/Out Label    Proto   Flag  Link ID  State 

1.1.1.1         22                65662/133757    LDP     M     1        Up    

ARP

 

[B2]dis arp interface VE-L3VPN 1

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VLAN     Interface                Aging Type

100.1.1.2       487a-dafe-79ed N/A      L3VE1                    10    D   

100.1.2.2       487a-dafe-7cbd N/A      L3VE1                    11    D  

 

[H3C]dis arp suppression xconnect-group

IP address      MAC address    Xconnect-group       Connection           Aging

100.1.1.1       3c8c-405e-cfd1 1                    1                    14   

100.1.2.1       3c8c-405e-cfd1 1                    1                    15   

100.1.2.2       487a-dafe-7cbd 1                    1                    16   

100.1.1.1       3c8c-405e-cfd1 2                    1                    14   

100.1.2.1       3c8c-405e-cfd1 2                    1                    15   

100.1.1.2       487a-dafe-79ed 2                    1                    15

 

互通测试:

 

[B2]ping -vpn-instance 2 100.1.1.2

Ping 100.1.1.2 (100.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=1.035 ms

56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=0.823 ms

56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=0.797 ms

56 bytes from 100.1.1.2: icmp_seq=3 ttl=255 time=0.961 ms

56 bytes from 100.1.1.2: icmp_seq=4 ttl=255 time=0.785 ms

 

--- Ping statistics for 100.1.1.2 in VPN instance 2 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.785/0.880/1.035/0.100 ms

[B2]

[B2]ping -vpn-instance 2 100.1.2.2

Ping 100.1.2.2 (100.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.1.2.2: icmp_seq=0 ttl=255 time=0.977 ms

56 bytes from 100.1.2.2: icmp_seq=1 ttl=255 time=0.826 ms

56 bytes from 100.1.2.2: icmp_seq=2 ttl=255 time=0.847 ms

56 bytes from 100.1.2.2: icmp_seq=3 ttl=255 time=0.839 ms

56 bytes from 100.1.2.2: icmp_seq=4 ttl=255 time=0.803 ms

 

--- Ping statistics for 100.1.2.2 in VPN instance 2 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.803/0.858/0.977/0.061 ms

 

1.  新增基站共用已有基站VSI/VE-L2VPN/VE-L3VPN接口;

2.  新增网关配置为VE-L3VPN SUB地址;

3.  该方案为临时规避方案,不建议长期使用,需尽快切换;