1.TE 基本概念
1.1 TE基础
TE隧道的主备路径实质是两条独立的lsp,隧道lsp是根据配置的显式路径规则在igp协议中进行cspf计算出来的最短的可达路径。
TE隧道的建立由以下四个部件组成:
- 信息发布部件:负责搜集网络信息,通过 IS-IS/OSPF TE来实现。
- 路径选择部件:负责路径的计算,通过 CSPF来实现。
- 信令协议部件:通过 RSVP TE或 CR-LDP协议建立 LSP。
- 数据转发部件:实现 MPLS转发。
以上四大部件对日常维护可见的只有前面两个,即IGP可达+TE配置完整隧道才能cspf计算成功,对应以下四个配置模块
- IGP完整路由可达;
- IGP协议使能TE;
- TE全局使能;
- 三层接口使能TE。
显式路径(Explicit Path)功能在于隧道进行CSPF计算时,约束路径必须经过的链路或路由器,不经过的链路或路由器,使隧道按照期望的路径建立。即Explicit Path仅仅是CSPF计算中的约束条件。
- 严格Strict显式路径指定接口ip地址,下一跳路由器必须和上一跳路由器直连;
- 松散loose显式路径指定环回ip地址,到下一跳路由器中间可以经过多个路由器。
- 排除exclude显式路径指定环回ip地址,指定不经过的路由器。
1.2 Tunnel配置
Tunnel基本配置
Y31_Burgos_9KE#show running-config mpls-te
!<mpls-te>
mpls traffic-eng
router-id 10.0.31.195
reoptimize timers delay installation-delay-time 600
reoptimize timers frequency 7200 //自动重优化时间为2小时
signalling graceful-restart //使能GR
signalling graceful-restart extend recovery-path
signalling retransmit
signalling refresh reduction
explicit-path name Y31_527_W //配置显示路径
index 1 next-address loose 10.0.46.117
index 2 next-address loose 10.0.46.113
index 3 next-address loose 10.0.46.109
index 4 next-address loose 10.0.46.106
index 5 next-address loose 10.0.18.101
index 6 next-address loose 10.0.19.93
index 7 next-address loose 10.0.9.7
$
tunnel te_tunnel2843
tunnel destination ipv4 10.0.9.7
tunnel mpls traffic-eng auto-reoptimize main-lsp
tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name Y31_527_W
tunnel mpls traffic-eng hot-standby protect 1 dynamic prefer
tunnel mpls traffic-eng reference hot-standby //HSB独立UP
$
interface loopback1 //接口使能TE
$
interface xgei-0/2/0/1.1455 //接口使能TE
$
$
!</mpls-te>
Y31_Burgos_9KE#
使能ISIS/OSPF TE
Y31_Burgos_9KE#show running-config isis
!<isis>
router isis 0
area 00.000a
system-id 0000.0031.0195
metric-style wide
disable-snp-authentication
lsp-size receive 1497
lsp-size originate 1497
spf-interval 3 level-1
mpls traffic-eng level-1 //ISIS使能TE
mpls traffic-eng level-2 //ISIS使能TE
restart enable
restart t2-timer 60 level-1
restart t3-timer adjacency
interface loopback1
ip router isis
$
interface xgei-0/2/0/1.1455
ip router isis
circuit-type level-1
authentication-type hmac-md5
authentication encrypted 1zoaSVXijwEym/2jCaUqpA==
$
$
!</isis>
Y31_Burgos_9KE#
Tunnel接口化
Y31_Burgos_9KE#show running-config-interface te_tunnel2843
!<if-intf>
interface te_tunnel2843
$
interface te_tunnel2843
ip unnumbered loopback1 //借用loopback1地址
$
!</if-intf>
Y31_Burgos_9KE
用静态路由引流到隧道
Y31_Burgos_9KE#show running-config static
!<static>
ip route 10.0.9.7 255.255.255.255 te_tunnel2843 //BFD报文引流到Tunnel
ip route 10.0.10.7 255.255.255.255 te_tunnel2843 //BGP报文引流到Tunnel
ip route 10.0.31.191 255.255.255.255 te_tunnel4000 //PW流量引流到Tunnel
!</static>
Y31_Burgos_9KE#
1.3 Tunnel状态
9004#show mpls traffic-eng tunnels tunnel-id 2
9000E#sh mpls traffic-eng tunnels te_tunnel 2
Name: tunnel_2 (Tunnel2) Destination: 100.1.1.2
Status:
Admin: up Oper: up Path: valid Signaling: connected //[显式当前隧道状态]
Path option: 1, type explicit name: lsp12b (Basis for Setup) //[Basis for setup表明当前隧道是使用哪条pathoption创建的]
Path option: 2, type explicit name: lsp1
Hot-standby protection:
protect option: 1, type explicit name: lsp123b //[表明当前的hsb配置,可以查看当前是否形成hsb保护]
Config Parameters:
Bandwidth: 0 kbps (Global) Priority: 7 7 Affinity: 0x0/0x0
Resv-Style: SE
Metric Type: IGP (default) Upper Limit: 4294967295
Fast-reroute: disabled //[隧道是否使能FRR]
BFD: disabled
Auto-bw: disabled
CAC: disabled
Auto-reoptimize: disable //[隧道是否使能自动重优化]
Bidirect: disabled
InLabel: -
OutLabel: vlan2, 3
RSVP Signaling Info :
Src 100.1.1.1, Dst 100.1.1.2, Tun_Id 2, Tun_Instance 2
RSVP Path Info:
Explicit Route: 20.1.1.1 20.1.1.2 100.1.1.2 //[隧道实际经过的路径]
Exclude Route: NULL
Record Route: 100.1.1.1 20.1.1.1
Tspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
RSVP Resv Info:
Record Route: 100.1.1.2(3) 20.1.1.2(3)
Fspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
History:
Tunnel:
Time since created: 0 days, 0 hours, 4 minutes //[当前隧道创建的时间]
Prior LSP: path option 1
Current LSP: Uptime:0 days, 0 hours, 0 minutes //[当前inuse lsp UP的时间]
Last tnnl down information:
None log record.
1.4 HSB状态
9004#show mpls traffic-eng tunnels tunnel-id 3 hot-standby
9000E#sh mpls traffic-eng tunnels te_tunnel 3 hot-standby
Name: tunnel_3 (Tunnel3) Destination: 100.1.1.2
Status:
Admin: up Oper: up Path: valid Signaling: connected
Fast Reroute Protection: None
Hot-standby Protection: Ready //[当前hsb的状态,状态可能是ready(处于保护状态);也可能是backup in use(保护处于切换状态);也可能是none(没有形成保护)]
InLabel: -
OutLabel: vlan2, 3
RSVP Signaling Info :
Src 100.1.1.1, Dst 100.1.1.2, Tun_Id 3, Tun_Instance 4
RSVP Path Info:
Explicit Route: 20.1.1.1 20.1.1.2 100.1.1.2 //[当前hsb备份lsp经过的路径]
Exclude Route: NULL
Record Route: 100.1.1.1 20.1.1.1
Tspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
RSVP Resv Info:
Record Route: 100.1.1.2(3) 20.1.1.2(3)
Fspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
9K_1(config-if-vlan1)#show mpls traffic-eng tunnels tunnel-id 3 hot-standby
Name: tunnel_3 (Tunnel3) Destination: 100.1.1.2
Status:
Admin: up Oper: up Path: valid Signaling: connected
Fast Reroute Protection: None
Hot-standby Protection: Backup lsp in use
1.5 MBB的概念
MBB(make before break)的含义是在维持原来LSP UP的情况下,建立新的LSP。以这种形式进行的包括:切换之后的回切,重优化(寻找更好的路径),配置改变后引起的MBB等多种情况。只要是MBB,肯定就会走WTR流程(mpls traffic-eng switch-delay)
Y31_Burgos_9KE#show mpls traffic-eng tunnels te_tunnel 4001
Name: tunnel_4001
(Tunnel4001) Destination: 10.0.9.237
Status:
Admin: up Oper: up Path: valid Signalling: MBB(WTR)
Path option: 1, type explicit name: TEST1
Actual Bandwidth: N/A Tunnel Utilize: N/A
Actual Bandwidth In: N/A Tunnel Utilize In: N/A
Hot-standby protection:
protect option: 1, type explicit name: TEST3 (Basis for Protect)
PCE-authorized: NO
Config Parameters:
Resv-Style: SE
Metric Type: IGP (default) Upper Limit: 4294967295
Hop Prior: disabled Upper Limit: -
Record-Route: enabled
Facility Fast-reroute: disabled
Detour Fast-reroute: disabled
Bandwidth Protection: disabled
Hot-standby-lsp Fast-reroute: disabled
E2E: disabled
BFD: disabled
Policy Class: Default
……
Y31_Burgos_9KE#
1.6 HSB独立up
原来TE隧道如果主备都down掉,而主由于某种原因【比如:严格或者松散指定路径等】未能够建立起来,这个时候即使备能够计算出来,隧道也无法up起来;后来开发了备独立up功能,配置如下:
tunnel mpls traffic-eng reference hot-standby
关于什么时候开始计算option 1的HSB
如果隧道配置了备独立up功能,当隧道down掉后,先进行option1的重算,如果算不出来30秒会算option1的HSB;
如果隧道目前在option2上,只有定时重优化时间到,隧道重优化到option1以后,才会算option 1的HSB;
Y31_Burgos_9KE#show mpls traffic-eng tunnels te_tunnel 4001
Name: tunnel_4001
(Tunnel4001) Destination: 10.0.9.237
Status:
Admin: up Oper: up Path: valid Signalling: connected
Path option: 1, type explicit name: TEST1
Actual Bandwidth: N/A Tunnel Utilize: N/A
Actual Bandwidth In: N/A Tunnel Utilize In: N/A
Hot-standby protection:
protect option: 1, type explicit name: TEST3 (Basis for Protect)
PCE-authorized: NO
Config Parameters:
Resv-Style: SE
Metric Type: IGP (default) Upper Limit: 4294967295
Hop Prior: disabled Upper Limit: -
Record-Route: enabled
Facility Fast-reroute: disabled
Detour Fast-reroute: disabled
Bandwidth Protection: disabled
Hot-standby-lsp Fast-reroute: disabled
E2E: disabled
BFD: disabled
Policy Class: Default
……
Y31_Burgos_9KE#
1.7 隧道重建
- 隧道down掉后,立即进行第一次重建(500ms)
- 第一次重建失败,根据第二次重建delay时间,进行第二次重建
ROSNG:cspf delay reactive 10 //默认10s
ROS:mpls traffic-eng reactive-delay 10
- 第二次重建失败,根据一个稳定周期尝试重建,直到重建成功
ROSNG:unactive timer 30 //默认30s
ROS:mpls traffic-eng unactive timer 30 //默认30s
- 在之后的周期性重建期间,如果IGP链路up触发重建,不用等待30s,根据link up delay的时间进行再次重建
ROSNG:cspf delay link-up 0
ROS: mpls traffic-eng link-up-delay
1.8 隧道切换
前置条件:隧道配置了option1,option1的HSB,option2;
隧道正常运行在option1上,当option1上的BFD检测到隧道出现问题后,隧道立即切换到HSB上,此时隧道会尝试立即重算option1,如果算不出来,会尝试算option2,如果option2能够算成功,隧道等WTR(一般5分钟)时间后会从HSB切换到option2,业务一直运行在隧道的option2上,直到定时重优化时间到或者有其它link-up事件触发隧道的重优化,隧道才会被重优化到option1上;
1.9 隧道重优化
自动重优化:从隧道UP时刻开始每间隔1小时进行1次自动重优化,重优化过程从op1开始遍历检测是否有更优的LSP路径,对主用和HSB lsp均会计算。自动重优化间隔设置
ROS:reoptimize timers frequency 3600
ROSNG:mpls traffic-eng auto-reoptimize interval 3600 //reoptimize tunnel all立即进行重优化
IGP linkup触发隧道的重优化:对于隧道的主以及HSB都会触发重优化,link-up触发的重优化优先级要高,会立即响应;这个功能是先会触发主,如果主没有更优的话,再触发备,如果主有更优的话,那么备就会走reactive流程(相当于在重新建个备)。
mpls traffic-eng link-up-delay 30
mpls traffic-eng link-up-reoptimize
该命令全局配置,一般与link-up延迟配合使用,延迟时间的长短根据路由和隧道的数量做适当调整,工程统部署为延迟30秒;
1.10 BFD检测
主路径BFD检测
tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3 //隧道使能
只检测主路径,隧道HSB切换状态中,BFD一直处于down;直到再次切换到option1主路径,HSB切换告警消失,之后在新的主lsp上尝试重建BFD;
HSB路径检测
bfd-on-hotstandby-lsp enable //全局使能
主隧道和HSB都会检测来回路径,必须保证BFD检测报文来回所走隧道的状态对称;
主隧道的BFD与HSB的BFD共用一个BFD资源,所以同时只有一个BFD能够up起来;
注意事项:如果隧道配置了两个option,又开启了HSB上启用BFD功能和备独立up功能,当隧道主备都down,备先起来的情况下,隧道从HSB往option 2切换的过程中MBB(WTR),HSB上是没有BFD的,此时如果备down掉是没有办法快速切换到主路径上去的,所以备上启BFD时建议不要和两个option一起使用
2 基于TE的VPLS网络
2.1 VPLS网络架构
image
如图所示,VPLS网络主要包括以下几个重要的组成部分:
- AC:接入电路,用户与服务提供商之间的连接,即连接CE与PE的链路。对应的接口只能是以太网接口。
- PW:虚链路,两个PE设备上的VSI之间的一条双向虚拟连接。它由一对方向相反的单向的MPLS VC(Virtual Circuit,虚电路)组成,也称为仿真电路。
- Tunnel:隧道,用于承载PW,一条隧道上可以承载多条PW。隧道是一条本地PE与对端PE之间的直连通道,完成PE之间的数据透明传输,可以是MPLS或GRE隧道等。
- PW Signaling:PW信令协议,VPLS实现的基础,用于创建和维护PW。PW信令协议还可用于自动发现VSI的对端PE设备。目前,PW信令协议主要有LDP和BGP。
- VSI:虚拟交换实例,VPLS实例在一台PE设备上的一个以太网桥功能实体,根据MAC地址和VLAN TAG进行二层报文转发
2.2 PW的创建
PW是VPLS在公网上的通信隧道,它建立在MPLS(包括普通LSP和CR-LSP)或GRE等隧道之上。创建PW需要:
- 首先在本端和对端PE之间建立MPLS或GRE等隧道。
- 确定对端PE的地址。对于同一个VSI内的PE设备,可以通过手工配置来指定对端PE地址,也可以通过信令协议自动发现对端PE。
- 利用LDP或BGP信令协议为PW分配多路复用分离标记(VC标签),并将分配的VC标签通告给对端PE,建立单向的VC,从而创建PW。如果PW建立在MPLS隧道之上,则PW上传输的报文将包括两层
标签:内层标签为VC标签,用来判断报文属于的VC,从而将报文转发给正确的CE;外层标签为公网MPLS隧道标签,用来保证报文在MPLS隧道上的正确传输。
2.3 LDP信令协议
采用扩展LDP(远端LDP会话)作为PW信令协议的VPLS,称为Martini方式的VPLS。
image
如图所示,利用LDP信令协议建立PW的过程为:
- PE和特定的VSI关联后,采用LDP的DU(Downstream unsolicited,下游自主)方式主动向对端PE发送标签映射消息,该消息中包含PWID FEC和与该PWID FEC绑定的VC标签,以及接口参数(如最大传输单元等)。
- 如果对端PE和这个特定的PWID关联,它将接受标签映射消息,并回应自己的标签映射消息。
- 一对单向的VC建立成功后,它们组合起来形成双向的PW,这个双向的PW可以看作是VSI上的一个虚拟以太网接口。
Martini方式实现简单。但是LDP不能提供VPLS成员的自动发现机制,需要手工指定PE的各个对等体。新的PE加入时,每个PE上都要修改配置。
2.4 BGP信令协议
采用扩展BGP作为PW信令协议的VPLS,称为Kompella方式的VPLS。
image
如图所示,利用BGP信令协议建立PW的过程为:
- PE利用BGP的Update消息向所有对端PE设备发送VE ID和标签块信息。其中,VE ID为与PE相连的每个Site在VPN内的唯一编号,由服务供应商统一规划;标签块包含一组连续的标签。
- 接收到Update消息的PE设备,根据自己的VE ID和报文中的标签块,计算出唯一的一个标签值,作为VC标签。同时,接收Update消息的PE设备,根据报文中的VE ID和本地的标签块,也可以得知对端PE的VC标签值等信息。
- 两个PE设备互相发送Update消息,并计算出VC标签后,两台设备间的PW创建成功。
Kompella方式中,通过配置VPN Target实现了VPLS成员的自动发现,增加或删除PE时,无需手工配置,具有较好的可扩展性,但BGP协议本身比较复杂。
2.5 AC报文封装方式
AC上的报文封装方式分为两种:VLAN接入和Ethernet接入。其含义如下:
- VLAN接入:CE发送给PE或PE发送给CE的以太网帧头带有一个VLAN TAG,该TAG是一个服务提供商网络为了区分用户而压入的“服务界定符”。服务界定符一般是服务提供商设备添加的,我们把这个作为服务界定符的TAG称为P-TAG。
- Ethernet接入:CE发送给PE或PE发送给CE的以太网帧头中没有服务界定符,如果此时帧头中有VLAN TAG,则说明它只是用户报文的内部VLAN TAG,对于PE设备没有意义。这种用户内部VLAN的TAG称为U-TAG。
2.6 PW报文封装方式
PW由PWID和PW封装类型唯一标识。两端PE设备通告的PWID和PW封装类型必须相同。
PW上的报文封装方式分为两种:Raw模式和Tagged模式。
- Raw模式下,PW上传输的帧不能带P-TAG:对于CE侧的报文,如果收到带有服务界定符的报文,则将其去除后再压入PW标签和隧道标签后转发;如果收到不带服务界定符的报文,则直接压入PW标签和隧道标签后转发。对于PE侧的下行报文,根据实际配置选择添加或不添加服务界定符后转发给CE,但是它不允许重写或去除已经存在的任何TAG。
- Tagged模式下,PW上传输的帧必须带P-TAG:对于CE侧的报文,如果收到带有服务界定符的报文,保留P-TAG,或者将P-TAG改写为对端PE期望的VLAN TAG或者空TAG(TAG值为0),再压入PW标签和隧道标签后转发;如果收到不带服务界定符的报文,则添加一个对端PE期望的VLAN TAG或空TAG后,再压入PW标签和隧道标签后转发。对于PE侧的下行报文,根据实际配置选择重写、去除或保留服务界定符后转发给CE。
2.7 报文转发过程
3 业务配置举例
3.1 VPWS(VLL)
3.1.1 本端配置(ROSNG)
Step 1:ISIS使能TE
V90_PLDT_SFP#show running-config isis
!<isis>
router isis 0
area 00.000a
system-id 0000.0009.0012
metric-style wide
disable-snp-authentication
fast-flood 6
i-spf
lsp-size receive 1497
lsp-size originate 1497
lsp-gen-interval 1 50 50
spf-interval 1 50 50
mpls traffic-eng level-1
mpls traffic-eng level-2
redistribute static route-map redistrbute_loopback1
restart enable
restart t2-timer 60 level-2
restart t3-timer adjacency
……
$
$
!</isis>
V90_PLDT_SFP#
Step 2:互联接口使能TE
V90_PLDT_SFP#show running-config mpls-te
!<mpls-te>
mpls traffic-eng
interface xgei-0/7/1/2.1330
$
$
!</mpls-te>
V90_PLDT_SFP#
Step 3:Tunnel基本配置
!<mpls-te>
mpls traffic-eng
router-id 10.0.9.12
reoptimize timers delay installation-delay-time 600
reoptimize timers frequency 7200
signalling graceful-restart
signalling graceful-restart extend recovery-path
signalling retransmit
signalling refresh reduction
tunnel te_tunnel606
tunnel destination ipv4 10.0.9.186
tunnel mpls traffic-eng auto-reoptimize main-lsp
tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
tunnel mpls traffic-eng reference hot-standby
$
$
!</mpls-te>
Step 4:配置TE接口化
V90_PLDT_SFP#show running-config-interface te_tunnel606
!<if-intf>
interface te_tunnel606
$
interface te_tunnel606
ip unnumbered loopback1
$
!</if-intf>
V90_PLDT_SFP#
Step 5:配置静态路由引流到Tunnel,确保BFD走Tunnel
V90_PLDT_SFP#show running-config static
!<static>
ip route 10.0.9.186 255.255.255.255 te_tunnel606
!</static>
V90_PLDT_SFP#
Step 6:配置CIP
V90_PLDT_SFP(config)#show running-config cip
!<cip>
interface cip600
bind interface ce1-0/0/1/22:1
$
!</cip>
V90_PLDT_SFP(config)#
Step 7:配置L2VPN VPWS
!<l2vpn>
mpls l2vpn enable
pw pw600
vpws 600
access-point cip600
access-params tdm
distribute-period 8
jitter-buffer 80
traffic-statistics enable
$
$
pseudo-wire pw600
neighbour 10.0.9.186 vcid 1861201 cw-preferred
control-word sequence-enable
vccv bfd capability status encapsulation ip compatible cc cw
$
$
default-cw-preferred
$
!<l2vpn>
Step 7:查看VPLS状态
V90_PLDT_SFP#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
MO - MONITOR, AL - Admin-VPLS, $pw - auto_pw, R - RING-TREE
PWName PeerIP FEC PWType State Llabel Rlabel VPNowner
pw600 10.0.9.186 128 SAToP_E1 UP 163940 524400 W:600
V90_PLDT_SFP#
3.1.2 远端配置(ROS)
Step 1:ISIS使能TE
PRC00O66ZTCN001#show running-config module isis
Building configuration...
!
router isis process_tag default
area 00.000a
system-id 0000.0009.0186
is-type level-1-2
distance 115
metric-style wide
disable-snp-authentication
maximum-paths 1
lsp-mtu 1497
max-lsp-lifetime 1200
lsp-refresh-time 900
spf-interval 3 level-2
mpls traffic-eng router-id loopback1
mpls traffic-eng level-1
mpls traffic-eng level-2
restart enable
restart t2-timer 60 level-2
restart t3-timer adjacency
!
!
end
PRC00O66ZTCN001#
Step 2:互联接口使能TE
PRC00O66ZTCN001#show running-config interface vlan1359
Building configuration...
interface vlan 1359
ip address 10.0.45.2 255.255.255.252
description link to N2962 SUN-PORAC-MOUNTAINS - 10.0.45.1
out_index 187
ip router isis process_tag default
isis circuit-type level-1
isis authentication-type MD5
isis authentication PH3CEN
mpls traffic-eng tunnels
!
end
PRC00O66ZTCN001#
Step 3:配置Tunnel
PRC00O66ZTCN001#show running-config section | include tunnel 606
tunnel 606
tunnel mode traffic-engineer dynamic
tunnel enable
tunnel destination 10.0.9.12
oam-propagate auto immediately
flowstat enable
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
tunnel mpls traffic-eng bfd interval 50 min_rx 50 multiplier 3
tunnel mpls traffic-eng auto-reoptimize
tunnel mpls traffic-eng reference hot-standby
!
PRC00O66ZTCN001#
Step 4:配置Tunnel接口化
PRC00O66ZTCN001#show running-config interface tunnel606
Building configuration...
interface tunnel606
ip unnumbered loopback1
out_index 91
tunnel mode mpls traffic-eng
!
end
PRC00O66ZTCN001#
Step 5:配置静态路由引流到Tunnel,确保BFD报文走Tunnel
PRC00O66ZTCN001#show running-config | include ip route 10.0.9.12
ip route 10.0.9.12 255.255.255.255 tunnel606
PRC00O66ZTCN001#
Step 6:配置VLL
PRC00O66ZTCN001#show running-config section | include pw 609|cip 609
Building configuration...
pw 609
mode dynamic pwe3
pwtype e1
peer 10.0.9.12 vcid 1861201
tunnel 606
apply pw-class 1:0:0
status-notification
sequence enable
!
vll 609
service-type tdm
mpls xconnect pw 609
!
cip 609
service-type tdm ce1_7/2/22 agnostic
description O66_Porac<>V90PLDTSFP_GSM-01-STARITAPMP2-SFP_BSC_CAO_14-1485
xconnect 609
flowstat enable
!
PRC00O66ZTCN001#
Step 7:查看VLL状态
PRC00O66ZTCN001#show mpls l2transport vc vll vcid 1861201
LocalIntf LocalCircuit DestAddress VCID Status M/S
cip:609 TDM 10.0.9.12 1861201 up null
PRC00O66ZTCN001#
3.2 VPLS(VFI)
3.2.1 本端配置(ROSNG)
Step 1:ISIS使能TE
V90_PLDT_SFP#show running-config isis
!<isis>
router isis 0
area 00.000a
system-id 0000.0009.0012
metric-style wide
disable-snp-authentication
fast-flood 6
i-spf
lsp-size receive 1497
lsp-size originate 1497
lsp-gen-interval 1 50 50
spf-interval 1 50 50
mpls traffic-eng level-1
mpls traffic-eng level-2
redistribute static route-map redistrbute_loopback1
restart enable
restart t2-timer 60 level-2
restart t3-timer adjacency
……
$
$
!</isis>
V90_PLDT_SFP#
Step 2:互联接口使能TE
V90_PLDT_SFP#show running-config mpls-te
!<mpls-te>
mpls traffic-eng
interface xgei-0/7/1/2.1330
$
$
!</mpls-te>
V90_PLDT_SFP#
Step 3:Tunnel基本配置
!<mpls-te>
mpls traffic-eng
router-id 10.0.9.12
reoptimize timers delay installation-delay-time 600
reoptimize timers frequency 7200
signalling graceful-restart
signalling graceful-restart extend recovery-path
signalling retransmit
signalling refresh reduction
tunnel te_tunnel606
tunnel destination ipv4 10.0.9.186
tunnel mpls traffic-eng auto-reoptimize main-lsp
tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
tunnel mpls traffic-eng reference hot-standby
$
$
!</mpls-te>
Step 4:配置TE接口化
V90_PLDT_SFP#show running-config-interface te_tunnel606
!<if-intf>
interface te_tunnel606
$
interface te_tunnel606
ip unnumbered loopback1
$
!</if-intf>
V90_PLDT_SFP#
Step 5:配置扩展LDP(PW信令协议)
V90_PLDT_SFP#show running-config ldp
!<ldp>
mpls ldp instance 1
graceful-restart
label-advertise for 1
label-advertise disable
router-id loopback1
target-session 10.0.9.186
$
!</ldp>
V90_PLDT_SFP#
Step 6:配置静态路由引流到Tunnel,确保BFD走Tunnel
V90_PLDT_SFP#show running-config static
!<static>
ip route 10.0.9.186 255.255.255.255 te_tunnel606
!</static>
V90_PLDT_SFP#
Step 7:AC接口配置
V90_PLDT_SFP#show running-config-interface gei-0/7/0/4
!<if-intf>
interface gei-0/7/0/4
description Supreme Court Reqt_WO_17-08745
mtu 9216
mpls mtu 9216
no shutdown
$
!</if-intf>
V90_PLDT_SFP#
Step 8:配置L2VPN VPLS
!<l2vpn>
pw pw100
vpls 100
access-point gei-0/7/0/4
description Supreme Court Reqt_WO_17-08745
access-params ethernet
traffic-statistics enable
$
$
pseudo-wire pw100 split-horizon
neighbour 10.0.9.186 vcid 1861212 cw-preferred
encapsulation tagged
vccv bfd capability status encapsulation ip compatible cc cw
$
$
$
!</l2vpn>
Step 9:查看VPLS状态
V90_PLDT_SFP#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
MO - MONITOR, AL - Admin-VPLS, $pw - auto_pw, R - RING-TREE
PWName PeerIP FEC PWType State Llabel Rlabel VPNowner
pw100 10.0.9.186 128 VLAN H UP 163970 524552 L:100
V90_PLDT_SFP#
3.2.2 远端配置(ROS)
Step 1:ISIS使能TE
PRC00O66ZTCN001#show running-config module isis
Building configuration...
!
router isis process_tag default
area 00.000a
system-id 0000.0009.0186
is-type level-1-2
distance 115
metric-style wide
disable-snp-authentication
maximum-paths 1
lsp-mtu 1497
max-lsp-lifetime 1200
lsp-refresh-time 900
spf-interval 3 level-2
mpls traffic-eng router-id loopback1
mpls traffic-eng level-1
mpls traffic-eng level-2
restart enable
restart t2-timer 60 level-2
restart t3-timer adjacency
!
!
end
PRC00O66ZTCN001#
Step 2:互联接口使能TE
PRC00O66ZTCN001#show running-config interface vlan1359
Building configuration...
interface vlan 1359
ip address 10.0.45.2 255.255.255.252
description link to N2962 SUN-PORAC-MOUNTAINS - 10.0.45.1
out_index 187
ip router isis process_tag default
isis circuit-type level-1
isis authentication-type MD5
isis authentication PH3CEN
mpls traffic-eng tunnels
!
end
PRC00O66ZTCN001#
Step 3:配置Tunnel
PRC00O66ZTCN001#show running-config section | include tunnel 606
tunnel 606
tunnel mode traffic-engineer dynamic
tunnel enable
tunnel destination 10.0.9.12
oam-propagate auto immediately
flowstat enable
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
tunnel mpls traffic-eng bfd interval 50 min_rx 50 multiplier 3
tunnel mpls traffic-eng auto-reoptimize
tunnel mpls traffic-eng reference hot-standby
!
PRC00O66ZTCN001#
Step 4:配置Tunnel接口化
PRC00O66ZTCN001#show running-config interface tunnel606
Building configuration...
interface tunnel606
ip unnumbered loopback1
out_index 91
tunnel mode mpls traffic-eng
!
end
PRC00O66ZTCN001#
Step 5:配置扩展LDP(PW信令协议)
PRC00O66ZTCN001#show running-config module ldp
Building configuration...
mpls label range-dynamic config 0 16 131071
mpls ip
mpls ldp router-id loopback1
mpls ldp access-fec for 1
mpls ldp graceful-restart
mpls l2vpn graceful-restart
mpls ldp target-session 10.0.9.10
!
!
end
PRC00O66ZTCN001#
Step 6:配置静态路由引流到Tunnel,确保BFD报文走Tunnel
PRC00O66ZTCN001#show running-config | include ip route 10.0.9.12
ip route 10.0.9.12 255.255.255.255 tunnel606
PRC00O66ZTCN001#
Step 7:配置VFI
pw 100
mode dynamic pwe3
pwtype ethernet-vlan
peer 10.0.9.12 vcid 1861212
tunnel 606
apply pw-class 1:0:0
status-notification
!
vfi 100
service-type ethernet
mode vlan-all
mpls xconnect pw 100
!
cip 100
service-type ethernet gei_5/4
description Supreme Court Reqt_WO_17-08745
xconnect 100
flowstat enable
broadcast-limit cir 512 cbs 1000 pir 512 pbs 1000
!
PRC00O66ZTCN001#
Step 8:查看VFI状态
PRC00O66ZTCN001#show mpls l2transport vc vfi vcid 1861212
VFI Name LocalCircuit DestAddress VCID Status M/S
100 VFI 10.0.9.12 1861212 up null
PRC00O66ZTCN001#
3.3 MSPW配置
3.4 L2/L3层桥接
4 故障分析方法
4.1 LSP创建失败原因
4.1.1 基本拓扑
graph LR
A[Y31]-->B[Y17]
B[Y17]-->C[Y37]
C[Y17]-->D[536]
B[Y17]-->E[Y46]
E[Y46]-->C[Y37]
Y31站点为ISIS Level-1,其它站点为ISIS Level-1-2
4.1.2 基本配置
Y31_Burgos_9KE#show running-config mpls-te
!<mpls-te>
mpls traffic-eng
router-id 10.0.31.195
reoptimize timers delay installation-delay-time 600
signalling graceful-restart
signalling graceful-restart extend recovery-path
signalling retransmit
signalling refresh reduction
explicit-path name TEST1
index 1 next-address loose 10.0.46.134
index 2 next-address strict 10.0.20.157
index 3 next-address strict 10.0.20.154
index 4 next-address strict 10.0.19.93
$
explicit-path name TEST2
index 1 next-address loose 10.0.46.134 //Y17
index 2 next-address strict 10.0.18.101 //Y37
index 3 next-address strict 10.0.19.193 //536,正确的接口地址为93
$
explicit-path name TEST3
index 1 next-address loose 10.0.9.245
$
tunnel te_tunnel4001
tunnel destination ipv4 10.0.9.237
tunnel mpls traffic-eng auto-reoptimize main-lsp
tunnel mpls traffic-eng record-route
tunnel mpls traffic-eng path-option 1 explicit-path name TEST2
$
interface loopback1
$
interface xgei-0/2/0/1.1455
$
interface xgei-0/2/0/2.1459
$
interface xgei-0/5/0/1.1458
$
interface xgei-0/5/0/2.1466
$
$
!</mpls-te>
Y31_Burgos_9KE#
4.1.3 故障现象
Y31_Burgos_9KE#terminal monitor
A notification 250317 ID 3320 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% LSP reactive. Tunnel4001 reactive,reason:reactive timer
A notification 250336 ID 3321 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% Tunnel state changed. Local tunnel 4001, LSP 173 is in signal.
A notification 250309 ID 3322 level 5 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% LSP deleted. Delete LSP 173 (Main) in local tunnel 4001 on out_interface: by path_option 1.
A notification 250316 ID 3323 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% Tunnel create fail. Tunnel4001 LSP173 create fail, reason:Cspf fail
Y31_Burgos_9KE#no terminal monitor
Tunnel4001 LSP创建失败, 原因是Cspf fail
4.1.4 故障分析
头结点诊断模式下查看LSP创建失败的节点和原因
Y31_Burgos_9KE#diag
Test commands Password:ZXR10
Y31_Burgos_9KE(diag)#diag all
Y31_Burgos_9KE(diag-all)#execute 203402 204 ,4001
=============================tecp MPU-0/10/0 begin==============================
****************************not up lsp log info show:***************************
time2(s) :0 time1(s) :563064479
lsp_id :173 role :1 (inuse)
path_option :1
mbb_source :0x0
happen_time(s) :563064479 (2017-11-03 22:47:59)
err_node :10.0.46.134 //失败的节点
err_flag :3 (lsp path-err del)
err_code :24 (Routing Problem)
err_value :5 (No route available toward destination) //失败的原因
LSP DOWN RESEAON :Path error:routing error,no route to destination
----------------------------------------------
由于LSP需要经过L1-2的IS,头结点为L1的IS,只能诊断到L1-2节点,需要在L1-2节点继续debug
############## 10.0.46.134 #######################
STC00Y17ZTCN001#debug isis mpls traffic-eng events
…………
Nov 3 23:16:20: ISIS-Cspf: (default)Start Compute L1 CSPF
Nov 3 23:16:20: ISIS-Cspf: (default)Add head node 0000.0009.0245-00 to L1 Path,router-id is 10.0.9.245
Nov 3 23:16:20: ISIS-Cspf:(default) Isis cspf begin strict next-hop calculate
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-00, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Not find neighbor match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Cannot find node match strict next-hop 10.0.18.101, isis cspf calculate failed!
Nov 3 23:16:20: ISIS-Cspf: (default)Start Compute L2 CSPF
Nov 3 23:16:20: ISIS-Cspf: (default)Add head node 0000.0009.0245-00 to L2 Path,router-id is 10.0.9.245
Nov 3 23:16:20: ISIS-Cspf:(default) Isis cspf begin strict next-hop calculate
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-00, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Find neighbor 0000.0009.0245-02 match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Add node 0000.0009.0245-02 to L2 Path
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-02, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Can't find bidirection, don't consider 0000.0009.0245-00
Nov 3 23:16:20: ISIS-Cspf:(default) Find neighbor 0000.0009.0246-00 match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Add node 0000.0009.0246-00 to L2 Path
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0246-00, search strict address 10.0.19.193
Nov 3 23:16:20: ISIS-Cspf: (default)Not find neighbor match strict address 10.0.19.193
Nov 3 23:16:20: ISIS-Cspf: (default)Cannot find node match strict next-hop 10.0.19.193, isis cspf calculate failed!
//显示路径错误
…………
4.2 基本命令
diag命令
ROS:
diag mode mp ma rsvpshowlspdowninfo te_id
prjexec drv mp master cmdname rsvpshowlspdowninfo te_id
ROSNG:
execute 203402 204 ,tunnel id
Debug命令
debug isis mpls traffic-eng events---------debug cspf calculation
debug ip rsvp temg-------------------------debug mpls-te tunnel-management
debug ip rsvp path-compute-----------------debug mpls-te path-compute
debug ip rsvp hot-standby------------------debug mpls-te hot-standby
debug ip rsvp path-err---------------------debug mpls-te path-err
debug ip rsvp path-tear--------------------debug mpls-te path-tear
debug ip rsvp resv-err---------------------debug mpls-te resv-err
debug ip rsvp resv-tear -------------------debug mpls-te resv-tear
debug ip rsvp toplogy-chang----------------debug mpls-te topology-change
网友评论