VE-L3VPN接口在IPRAN组网中至关重要,他作为L2VPN接入L3VPN的中转站起到了承上启下的作用;同时VE-L3VPN接口也作为下联基站的网关,业务下发后检测L2VPN连通性测试以及与基站互通的情况,B设备VE-L3VPN接口可以作为一个很好的节点;但是VE-L3VPN接口规格限制为255个,所以最多在B设备上配置255个网关,在部分局点实施过程中,因为各种原因可能需要临时新增业务,可以通过本案例的临时规避办法新增业务,但是在运维及规范上不符合要求,需要尽快将新业务迁移到扩容B设备;
如上图所示,我们通过该简化拓扑介绍一下配置关键点;
前面我们已经了解,目前VE-L2VPN/VE-L3VPN已经满规格,新增的基站2无法新建网关,所以规避方式是在B设备上共用已有的VSI/VE-L2VPN/VE-L3VPN接口,配置示例如下:
基础配置省略:
B设备配置:
pw-class 121
control-word enable
pw-type ethernet
vccv cc control-word
vccv bfd
#//
vsi 1 hub-spoke
pwsignaling ldp
peer 2.2.2.2 pw-id 11 pw-class 1
peer 2.2.2.2 pw-id 22 pw-class 1
interface VE-L2VPN1
xconnect vsi 1 hub
interface VE-L3VPN1
ip binding vpn-instance 2
ip address 100.1.1.1 255.255.255.252
ip address 100.1.2.1 255.255.255.252 sub
A配置:
pw-class 1
control-word enable
pw-type ethernet
vccv cc control-word
xconnect-group 1
connection 1
ac interface GigabitEthernet1/0/14 service-instance 1 access-mode ethernet
arp suppression enable
peer 1.1.1.1 pw-id 11 pw-class 1
#
xconnect-group 2
connection 1
ac interface GigabitEthernet1/0/15 service-instance 1 access-mode ethernet
arp suppression enable
peer 1.1.1.1 pw-id 22 pw-class 1
interface GigabitEthernet1/0/14
port link-mode bridge
service-instance 1
encapsulation default
#
interface GigabitEthernet1/0/15
port link-mode bridge
service-instance 1
encapsulation default
模拟基站配置:
interface GigabitEthernet1/0/0
port link-mode route
ip address 100.1.1.2 255.255.255.252
interface GigabitEthernet1/0/0
port link-mode route
ip address 100.1.2.2 255.255.255.252
查看PW状态信息:
[B2]dis l2v pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 3
2 up, 0 blocked, 1 down, 0 defect, 0 idle, 0 duplicate
VSI Name: 1
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
2.2.2.2 11 133758/65663 LDP MS 8 Up
2.2.2.2 22 133757/65662 LDP MS 9 Up
[H3C]dis l2v pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2
2 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate
Xconnect-group Name: 1
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
1.1.1.1 11 65663/133758 LDP M 0 Up
Xconnect-group Name: 2
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
1.1.1.1 22 65662/133757 LDP M 1 Up
ARP:
[B2]dis arp interface VE-L3VPN 1
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN Interface Aging Type
100.1.1.2 487a-dafe-79ed N/A L3VE1 10 D
100.1.2.2 487a-dafe-7cbd N/A L3VE1 11 D
[H3C]dis arp suppression xconnect-group
IP address MAC address Xconnect-group Connection Aging
100.1.1.1 3c8c-405e-cfd1 1 1 14
100.1.2.1 3c8c-405e-cfd1 1 1 15
100.1.2.2 487a-dafe-7cbd 1 1 16
100.1.1.1 3c8c-405e-cfd1 2 1 14
100.1.2.1 3c8c-405e-cfd1 2 1 15
100.1.1.2 487a-dafe-79ed 2 1 15
互通测试:
[B2]ping -vpn-instance 2 100.1.1.2
Ping 100.1.1.2 (100.1.1.2): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=1.035 ms
56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=0.823 ms
56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=0.797 ms
56 bytes from 100.1.1.2: icmp_seq=3 ttl=255 time=0.961 ms
56 bytes from 100.1.1.2: icmp_seq=4 ttl=255 time=0.785 ms
--- Ping statistics for 100.1.1.2 in VPN instance 2 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.785/0.880/1.035/0.100 ms
[B2]
[B2]ping -vpn-instance 2 100.1.2.2
Ping 100.1.2.2 (100.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.2.2: icmp_seq=0 ttl=255 time=0.977 ms
56 bytes from 100.1.2.2: icmp_seq=1 ttl=255 time=0.826 ms
56 bytes from 100.1.2.2: icmp_seq=2 ttl=255 time=0.847 ms
56 bytes from 100.1.2.2: icmp_seq=3 ttl=255 time=0.839 ms
56 bytes from 100.1.2.2: icmp_seq=4 ttl=255 time=0.803 ms
--- Ping statistics for 100.1.2.2 in VPN instance 2 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.803/0.858/0.977/0.061 ms
1. 新增基站共用已有基站VSI/VE-L2VPN/VE-L3VPN接口;
2. 新增网关配置为VE-L3VPN SUB地址;
3. 该方案为临时规避方案,不建议长期使用,需尽快切换;