CE-B-1(10.0.255.8)至CE-B-2(10.0.255.9)走FAST PATH (即P-1),反向也如此
CE-A-1(10.0.255.1)至CE-A-2(10.0.255.4)走LOW PATH(即P-2和P-3),反向也如此
root@PE-1# run show configuration | display set
set version 14.1R4.8
set system host-name PE-1
set system root-authentication encrypted-password "$1$iwX8Oear$UbqXYDjJQikoqARR/KrI91"
set system services ssh root-login allow
set system services ssh protocol-version v2
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis network-services enhanced-ip
set interfaces ge-0/0/0 description "link to PE-2"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.2/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 description "link to CE-1"
set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.2/24
set interfaces ge-0/0/2 description "LINK TO P-2"
set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.2/24
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/3 description "LINK TO CE-B-1"
set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.2/24
set interfaces lo0 unit 0 family inet address 10.0.255.2/32
set routing-options router-id 10.0.255.2
set routing-options autonomous-system 65000
set routing-options forwarding-table export MAP-VPN-TO-LSP
set protocols rsvp interface ge-0/0/0.0
set protocols rsvp interface ge-0/0/2.0
set protocols mpls no-cspf
set protocols mpls label-switched-path PE1-PE2 from 10.0.255.2
set protocols mpls label-switched-path PE1-PE2 to 10.0.255.3
set protocols mpls label-switched-path PE1-PE2 ultimate-hop-popping
set protocols mpls label-switched-path PE1-fast-PE2 from 10.0.255.2
set protocols mpls label-switched-path PE1-fast-PE2 to 10.0.255.3
set protocols mpls label-switched-path PE1-fast-PE2 ultimate-hop-popping
set protocols mpls label-switched-path PE1-fast-PE2 primary path-p2-p3
set protocols mpls path path-p2-p3 10.0.255.6 strict
set protocols mpls path path-p2-p3 10.0.255.7 strict
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/2.0
set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 10.0.255.2
set protocols bgp group IBGP family inet-vpn unicast
set protocols bgp group IBGP neighbor 10.0.255.3 description peer-to-PE2
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A
set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE1-PE2
set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept
set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B
set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE1-fast-PE2
set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept
set policy-options community CUST-A members target:65000:1
set policy-options community CUST-B members target:65000:2
set routing-instances cust-A instance-type vrf
set routing-instances cust-A interface ge-0/0/1.0
set routing-instances cust-A route-distinguisher 65000:1
set routing-instances cust-A vrf-target target:65000:1
set routing-instances cust-A vrf-table-label
set routing-instances cust-A protocols bgp group EBGP-A type external
set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.12.1 peer-as 65001
set routing-instances cust-B instance-type vrf
set routing-instances cust-B interface ge-0/0/3.0
set routing-instances cust-B route-distinguisher 65000:2
set routing-instances cust-B vrf-target target:65000:2
set routing-instances cust-B vrf-table-label
set routing-instances cust-B protocols bgp group EBGP-B type external
set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.28.8 peer-as 65008
root@PE-2# run show configuration | display set
set version 14.1R4.8
set system host-name PE-2
set system root-authentication encrypted-password "$1$o5wG8uFd$SZB3YeoWMcLoQWQwzhBXf1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis network-services enhanced-ip
set interfaces ge-0/0/0 description "link to PE-1"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.35.3/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 description "link to CE-2"
set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.3/24
set interfaces ge-0/0/2 description "LINK TO CE-B-2"
set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.3/24
set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.3/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.255.3/32
set routing-options router-id 10.0.255.3
set routing-options autonomous-system 65000
set routing-options forwarding-table export MAP-VPN-TO-LSP
set protocols rsvp interface ge-0/0/0.0
set protocols rsvp interface ge-0/0/3.0
set protocols mpls no-cspf
set protocols mpls label-switched-path PE2-PE1 from 10.0.255.3
set protocols mpls label-switched-path PE2-PE1 to 10.0.255.2
set protocols mpls label-switched-path PE2-PE1 ultimate-hop-popping
set protocols mpls label-switched-path PE2-fast-PE1 from 10.0.255.3
set protocols mpls label-switched-path PE2-fast-PE1 to 10.0.255.2
set protocols mpls label-switched-path PE2-fast-PE1 ultimate-hop-popping
set protocols mpls label-switched-path PE2-fast-PE1 primary path-p3-p2
set protocols mpls path path-p3-p2 10.0.255.7 strict
set protocols mpls path path-p3-p2 10.0.255.6 strict
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/3.0
set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 10.0.255.3
set protocols bgp group IBGP family inet-vpn unicast
set protocols bgp group IBGP neighbor 10.0.255.2 description peer-to-PE1
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p
set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A
set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE2-PE1
set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept
set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B
set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE2-fast-PE1
set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept
set policy-options community CUST-A members target:65000:1
set policy-options community CUST-B members target:65000:2
set routing-instances cust-A instance-type vrf
set routing-instances cust-A interface ge-0/0/1.0
set routing-instances cust-A route-distinguisher 65000:1
set routing-instances cust-A vrf-target target:65000:1
set routing-instances cust-A vrf-table-label
set routing-instances cust-A protocols bgp group EBGP-A type external
set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.34.4 peer-as 65002
set routing-instances cust-B instance-type vrf
set routing-instances cust-B interface ge-0/0/2.0
set routing-instances cust-B route-distinguisher 65000:2
set routing-instances cust-B vrf-target target:65000:2
set routing-instances cust-B vrf-table-label
set routing-instances cust-B protocols bgp group EBGP-B type external
set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.39.9 peer-as 65009
root@P-1# run show configuration | display set
set version 14.1R4.8
set system host-name P-1
set system root-authentication encrypted-password "$1$TE3BdGbx$zBpONGKtzW8f8rGZT45uf1"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.5/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 10.0.35.5/24
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.255.5/32
set routing-options router-id 10.0.255.5
set protocols rsvp interface ge-0/0/0.0
set protocols rsvp interface ge-0/0/1.0
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/1.0
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
root@P-2# run show configuration | display set
set version 14.1R4.8
set system host-name P-2
set system root-authentication encrypted-password "$1$DVY55Nb3$1Go7qPH1MA3OmJK3GBUTG1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set interfaces ge-0/0/0 description "LINK TO P-3"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.6/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/2 description TO-PE-1
set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.6/24
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.255.6/32
set routing-options router-id 10.0.255.6
set protocols rsvp interface ge-0/0/0.0
set protocols rsvp interface ge-0/0/2.0
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/2.0
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
root@P-3# run show configuration | display set
set version 14.1R4.8
set system host-name P-3
set system root-authentication encrypted-password "$1$9pP21lyC$TXXVoOrkvDbxVzyzqY76k."
set interfaces ge-0/0/0 description "LINK TO P-2"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.7/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/3 description "LINK TO PE-2"
set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.7/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.255.7/32
set routing-options router-id 10.0.255.7
set protocols rsvp interface ge-0/0/0.0
set protocols rsvp interface ge-0/0/3.0
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/3.0
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p
root@CE-A-1# run show configuration | display set
set version 14.1R4.8
set system host-name CE-A-1
set system root-authentication encrypted-password "$1$tpZplKaf$blPObwswtRewyjOwcWuI2/"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 description "link to PE-1"
set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.1/24
set interfaces em0 mac 50:00:00:01:00:11
set interfaces em0 unit 0 family inet address 10.5.245.11/24
set interfaces lo0 unit 0 family inet address 10.0.255.1/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options router-id 10.0.255.1
set routing-options autonomous-system 65001
set protocols bgp group EBGP type external
set protocols bgp group EBGP export send_direct
set protocols bgp group EBGP neighbor 10.0.12.2 peer-as 65000
set policy-options policy-statement send_direct term 1 from protocol direct
set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.1/32 exact
set policy-options policy-statement send_direct term 1 then accept
set policy-options policy-statement send_direct term last then reject
root@CE-A-2# run show configuration | display set
set version 14.1R4.8
set system host-name CE-A-2
set system root-authentication encrypted-password "$1$AOxzqe9V$JM27aMK/m6OoUAn9Kky/C1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 description "link to PE-2"
set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.4/24
set interfaces em0 mac 50:00:00:01:00:16
set interfaces em0 unit 0 family inet address 10.5.245.14/24
set interfaces lo0 unit 0 family inet address 10.0.255.4/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options router-id 10.0.255.4
set routing-options autonomous-system 65002
set protocols bgp group EBGP type external
set protocols bgp group EBGP export send_direct
set protocols bgp group EBGP neighbor 10.0.34.3 peer-as 65000
set policy-options policy-statement send_direct term 1 from protocol direct
set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.4/32 exact
set policy-options policy-statement send_direct term 1 then accept
set policy-options policy-statement send_direct term last then reject
root@CE-B-1# run show configuration | display set
set version 14.1R4.8
set system host-name CE-B-1
set system root-authentication encrypted-password "$1$0xhgi7lA$Sf50cDbwCXfygBypVGZl1."
set interfaces ge-0/0/3 description "LINK TO PE-1"
set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.8/24
set interfaces lo0 unit 0 family inet address 10.0.255.8/32
set routing-options router-id 10.0.255.8
set routing-options autonomous-system 65008
set protocols bgp group EBGP type external
set protocols bgp group EBGP export send_direct
set protocols bgp group EBGP neighbor 10.0.28.2 peer-as 65000
set policy-options policy-statement send_direct term 1 from interface lo0.0
set policy-options policy-statement send_direct term 1 then accept
set policy-options policy-statement send_direct term 2 then reject
root@CE-B-2# run show configuration | display set
set version 14.1R4.8
set system host-name CE-B-2
set system root-authentication encrypted-password "$1$nyp9EEd.$TdJvhrjbMEYEMGJegpGFg."
set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.9/24
set interfaces lo0 unit 0 family inet address 10.0.255.9/32
set routing-options router-id 10.0.255.9
set routing-options autonomous-system 65009
set protocols bgp group EBGP type external
set protocols bgp group EBGP export send_direct
set protocols bgp group EBGP neighbor 10.0.39.3 peer-as 65000
set policy-options policy-statement send_direct term 1 from interface lo0.0
set policy-options policy-statement send_direct term 1 then accept
set policy-options policy-statement send_direct term 2 then reject
验证:
root@PE-1> show route table cust-A
cust-A.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.12.0/24 *[Direct/0] 01:21:28
> via ge-0/0/1.0
10.0.12.2/32 *[Local/0] 01:21:28
Local via ge-0/0/1.0
10.0.34.0/24 *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3
AS path: I, validation-state: unverified
to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2
10.0.255.1/32 *[BGP/170] 01:21:24, localpref 100
AS path: 65001 I, validation-state: unverified
> to 10.0.12.1 via ge-0/0/1.0
10.0.255.4/32 *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3
AS path: 65002 I, validation-state: unverified
to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2
root@PE-1> show route table cust-B
cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.28.0/24 *[Direct/0] 01:21:33
> via ge-0/0/3.0
10.0.28.2/32 *[Local/0] 01:21:33
Local via ge-0/0/3.0
10.0.255.8/32 *[BGP/170] 01:21:25, localpref 100
AS path: 65008 I, validation-state: unverified
> to 10.0.28.8 via ge-0/0/3.0
10.0.255.9/32 *[BGP/170] 00:17:48, localpref 100, from 10.0.255.3
AS path: 65009 I, validation-state: unverified
to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2
root@PE-1> show route 10.0.255.9/32 table cust-B
cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.9/32 *[BGP/170] 19:10:01, localpref 100, from 10.0.255.3
AS path: 65009 I, validation-state: unverified
to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2
root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2
Ingress LSP: 2 sessions
To From State Packets Bytes LSPname
10.0.255.3 10.0.255.2 Up 428 35424 PE1-fast-PE2
Total 1 displayed, Up 1, Down 0
root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2
Ingress LSP: 2 sessions
To From State Packets Bytes LSPname
10.0.255.3 10.0.255.2 Up 491 40716 PE1-fast-PE2
Total 1 displayed, Up 1, Down 0
root@CE-B-1> ping source 10.0.255.8 10.0.255.9 rapid count 4
PING 10.0.255.9 (10.0.255.9): 56 data bytes
!!!!
--- 10.0.255.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.157/9.331/10.959/1.121 ms
root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2
Ingress LSP: 2 sessions
To From State Packets Bytes LSPname
10.0.255.3 10.0.255.2 Up 495 41052 PE1-fast-PE2
Total 1 displayed, Up 1, Down 0
REF:
https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/map-vpn-to-lsp-route-policy.pdf
网友评论