- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
03-H3C_MPLS_L2VPN典型配置舉例
本章節下載: 03-H3C_MPLS_L2VPN典型配置舉例 (399.40 KB)
H3C MPLS L2VPN典型配置舉例
資料版本:6W100-20190330
產品版本:Release 7577P04
Copyright © 2019 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
目 錄
MPLS L2VPN提供基於MPLS(Multiprotocol Label Switching,多協議標簽交換)網絡的二層VPN服務,使運營商可以在統一的MPLS網絡上提供基於不同數據鏈路層的二層VPN。本文介紹了通過以下四種方式實現MPLS L2VPN的典型配置案例:
· CCC方式
· 靜態方式
· LDP方式
· BGP方式
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解MPLS L2VPN特性。
如圖1所示,位於不同物理位置的用戶網絡站點Site1和Site2分別通過CE1和CE2設備接入運營商MPLS網絡。用戶希望兩個站點間的主機通信時,感知不到MPLS網絡的存在,就像通信雙方位於同一個局域網中。要求通過配置CCC方式的MPLS L2VPN,實現Site1的VLAN 100和Site2的VLAN 100可以通信,Site 1的VLAN 101和 Site 2的VLAN 101可以通信,不同VLAN之間不能通信。
圖1 配置CCC方式的MPLS L2VPN組網示意圖
為了實現通過CCC方式建立MPLS L2VPN連接,需要在PE上為每個CCC連接配置入標簽和出標簽,在P上配置雙向靜態LSP,出標簽必須與下一跳的入標簽相同。以VLAN 100的流量為例,如圖2所示,在PE 1 to PE 2方向上,PE 1的出標簽和P的入標簽為101,P的出標簽和PE 2的入標簽為110,在PE 2 to PE 1方向上,PE 2的出標簽和P的入標簽為111,P的出標簽和PE 1的入標簽為100。
圖2 VLAN100流量的標簽轉換示意圖
· 配置PE 1
# 配置LSR ID。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 1.1.1.9
# 全局使能MPLS L2VPN。
[PE1] l2vpn enable
# 創建VLAN2,並將Ten-GigabitEthernet1/0/2端口加入VLAN2。
[PE1] vlan 2
[PE1-vlan2] port Ten-GigabitEthernet 1/0/2
[PE1-vlan2] quit
# 創建接口Vlan-interface2,並在該接口上使能MPLS。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] mpls enable
[PE1-Vlan-interface2] quit
· 配置P
# 配置LSR ID。
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
[P] mpls lsr-id 2.2.2.9
# 創建VLAN3,將端口Ten-GigabitEthernet1/0/1加入VLAN3。
[P] vlan3
[P-vlan3] port Ten-GigabitEthernet1/0/1
[P-vlan3] quit
# 配置接口Vlan-interface3,並在該接口上使能MPLS。
[P] interface vlan-interface 3
[P-Vlan-interface3] ip address 10.1.2.1 24
[P-Vlan-interface3] mpls enable
[P-Vlan-interface3] quit
# 創建VLAN2,將端口Ten-GigabitEthernet1/0/2加入VLAN2。
[P] vlan2
[P-vlan2] port Ten-GigabitEthernet1/0/2
[P-vlan2] quit
# 配置接口Vlan-interface2,並在該接口上使能MPLS。
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] mpls enable
[P-Vlan-interface2] quit
· 配置PE 2
# 配置LSR ID。
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 3.3.3.9
# 全局使能MPLS L2VPN。
[PE2] l2vpn enable
# 創建VLAN3,將Ten-GigabitEthernet1/0/2端口加入VLAN3。
[PE2] vlan 3
[PE2-vlan3] port Ten-GigabitEthernet 1/0/2
[PE2-vlan3] quit
# 配置接口Vlan-interface3,並在該接口上使能MPLS。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] ip address 10.1.2.2 24
[PE2-Vlan-interface3] mpls enable
[PE2-Vlan-interface3] quit
· 配置PE 1
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE1] interface ten-gigabitethernet1/0/1
[PE1-Ten-GigabitEthernet1/0/1] service-instance 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] quit
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例101,用來匹配VLAN tag為101的報文。
[PE1-Ten-GigabitEthernet1/0/1] service-instance 101
[PE1-Ten-GigabitEthernet1/0/1-srv101] encapsulation s-vid 101
[PE1-Ten-GigabitEthernet1/0/1-srv101] quit
[PE1-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建CCC遠程連接ccc(入標簽為100、出標簽為101、下一跳地址為10.1.1.2),並將Ten-GigabitEthernet1/0/1接口上的服務實例100與此CCC遠程連接關聯。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] connection ccc
[PE1-xcg-vpna-ccc] ccc in-label 100 out-label 101 nexthop 10.1.1.2
[PE1-xcg-vpna-ccc] ac interface ten-gigabitethernet 1/0/1 service-instance 100
[PE1-xcg-vpna-ccc] quit
[PE1-xcg-vpna] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建CCC遠程連接ccc(入標簽為200、出標簽為201、下一跳地址為10.1.1.2),並將Ten-GigabitEthernet1/0/1接口上的服務實例101與此CCC遠程連接關聯。
[PE1] xconnect-group vpnb
[PE1-xcg-vpnb] connection ccc
[PE1-xcg-vpnb-ccc] ccc in-label 200 out-label 201 nexthop 10.1.1.2
[PE1-xcg-vpnb-ccc] ac interface ten-gigabitethernet 1/0/1 service-instance 101
[PE1-xcg-vpnb-ccc] quit
[PE1-xcg-vpnb] quit
· 配置P
# 配置一條靜態LSP用於轉發由PE 1去往PE 2,承載了用戶VLAN100流量的報文。
[P] static-lsp transit pe1-pe2-100 in-label 101 nexthop 10.1.2.2 out-label 110
# 配置一條靜態LSP用於轉發由PE 1去往PE 2,承載了用戶VLAN101流量的報文。
[P] static-lsp transit pe1-pe2-101 in-label 201 nexthop 10.1.2.2 out-label 210
# 配置一條靜態LSP用於轉發由PE 2去往PE 1,承載了用戶VLAN100流量的報文。
[P] static-lsp transit pe2-pe1-100 in-label 111 nexthop 10.1.1.1 out-label 100
# 配置一條靜態LSP用於轉發由PE 2去往PE 1,承載了用戶VLAN101流量的報文。
[P] static-lsp transit pe2-pe1-101 in-label 211 nexthop 10.1.1.1 out-label 200
· 配置PE 2
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE2] interface ten-gigabitethernet1/0/1
[PE2-Ten-GigabitEthernet1/0/1] service-instance 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] quit
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例101,用來匹配VLAN tag為101的報文。
[PE2-Ten-GigabitEthernet1/0/1] service-instance 101
[PE2-Ten-GigabitEthernet1/0/1-srv101] encapsulation s-vid 101
[PE2-Ten-GigabitEthernet1/0/1-srv101] quit
[PE2-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建CCC遠程連接ccc(入標簽為110、出標簽為111、下一跳地址為10.1.2.1),並將Ten-GigabitEthernet1/0/1接口上的服務實例100與此CCC遠程連接關聯。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] connection ccc
[PE2-xcg-vpna-ccc] ccc in-label 110 out-label 111 nexthop 10.1.2.1
[PE2-xcg-vpna-ccc] ac interface ten-gigabitethernet 1/0/1 service-instance 100
[PE2-xcg-vpna-ccc] quit
[PE2-xcg-vpna] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建CCC遠程連接ccc(入標簽為210、出標簽為211、下一跳地址為10.1.2.1),並將Ten-GigabitEthernet1/0/1接口上的服務實例101與此CCC遠程連接關聯。
[PE2] xconnect-group vpnb
[PE2-xcg-vpnb] connection ccc
[PE2-xcg-vpnb-ccc] ccc in-label 210 out-label 211 nexthop 10.1.2.1
[PE2-xcg-vpnb-ccc] ac interface ten-gigabitethernet 1/0/1 service-instance 101
[PE2-xcg-vpnb-ccc] quit
[PE2-xcg-vpnb] quit
· 配置CE 1
# 配置上行端口Ten-GigabitEthernet1/0/1為Trunk端口,允許VLAN100和VLAN101的報文攜帶Tag通過。
<CE1> system-view
[CE1] vlan 100 to 101
[CE1] interface Ten-GigabitEthernet 1/0/1
[CE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 101
· 配置CE 2
# 配置上行端口Ten-GigabitEthernet1/0/1為Trunk端口,允許VLAN100和VLAN101的報文攜帶Tag通過。
<CE2> system-view
[CE2] vlan 100 to 101
[CE2] interface Ten-GigabitEthernet 1/0/1
[CE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 101
# 在PE 1上查看PW信息,可以看到建立了兩條PW連接。PW ID/Rmt Site字段為“-”,Proto字段為“Static”,表示該PW連接為CCC遠程連接。
[PE1] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
10.1.1.2 - 100/101 Static M 1 Up
Xconnect-group Name: vpnb
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
10.1.1.2 - 200/201 Static M 1 Up
# 在PE 2上也可以看到PW信息。
[PE2] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
10.1.2.1 - 110/111 Static M 1 Up
Xconnect-group Name: vpnb
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
10.1.2.1 - 210/211 Static M 1 Up
# 檢測Host A和Server之間,以及兩端站點內VLAN101的主機間是否可以Ping通,如果成功,則表示L2VPN已經建立成功。
· CE1
#
vlan 100 to 101
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 100 to 101
#
· PE1
mpls lsr-id 1.1.1.9
#
vlan 2
#
l2vpn enable
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
service-instance 101
encapsulation s-vid 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
xconnect-group vpna
connection ccc
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
ccc in-label 100 out-label 101 nexthop 10.1.1.2
#
xconnect-group vpnb
connection ccc
ac interface Ten-GigabitEthernet1/0/1 service-instance 101
ccc in-label 200 out-label 201 nexthop 10.1.1.2
#
· P
mpls lsr-id 2.2.2.9
#
vlan 2
#
vlan 3
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls enable
#
interface Vlan-interface3
ip address 10.1.2.1 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
static-lsp transit pe1-pe2-100 in-label 101 nexthop 10.1.2.2 out-label 110
static-lsp transit pe1-pe2-101 in-label 201 nexthop 10.1.2.2 out-label 210
static-lsp transit pe2-pe1-100 in-label 111 nexthop 10.1.1.1 out-label 100
static-lsp transit pe2-pe1-101 in-label 211 nexthop 10.1.1.1 out-label 200
#
· PE2
mpls lsr-id 3.3.3.9
#
vlan 3
#
l2vpn enable
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface3
ip address 10.1.2.2 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
service-instance 101
encapsulation s-vid 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
xconnect-group vpna
connection ccc
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
ccc in-label 110 out-label 111 nexthop 10.1.2.1
#
xconnect-group vpnb
connection ccc
ac interface Ten-GigabitEthernet1/0/1 service-instance 101
ccc in-label 210 out-label 211 nexthop 10.1.2.1
#
· CE2
#
vlan 100 to 101
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 100 to 101
#
如圖3所示,MPLS網絡分別為用戶A和用戶B提供不同站點間的L2VPN服務。每個用戶分別隻有位置固定的兩個站點。要求通過配置靜態方式的MPLS L2VPN,使用戶A的站點1和站點2的VLAN200之間可以通信,用戶B的站點1和站點2的VLAN100之間可以通信。
圖3 配置靜態方式的MPLS L2VPN組網示意圖
· 靜態方式的MPLS L2VPN采用兩層標簽結構,本例中內層標簽通過手工靜態配置生成,外層標簽使用LDP協議動態生成。
· 為了保證標簽正常交換,在配置同一用戶的靜態連接時,本端PE配置的入標簽需要與對端PE配置的出標簽保持一致:用戶A在站點1側的出標簽和站點2側的入標簽為200,站點1側的入標簽和站點2側的出標簽為201;用戶B在站點1側的出標簽和站點2側的入標簽為100,站點1側的入標簽和站點2側的出標簽為101。
· 配置PE 1
# 配置環回口地址。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
# 創建VLAN2,並將Ten-GigabitEthernet1/0/2端口加入VLAN2。
[PE1] vlan 2
[PE1-vlan2] port Ten-GigabitEthernet 1/0/2
[PE1-vlan2] quit
# 配置接口Vlan-interface2。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] quit
# 在PE 1上運行OSPF。
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
· 配置P
# 配置環回口地址。
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
# 創建VLAN2,將端口Ten-GigabitEthernet1/0/2加入VLAN2。
[P] vlan 2
[P-vlan2] port Ten-GigabitEthernet1/0/2
[P-vlan2] quit
# 配置接口Vlan-interface2。
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] quit
# 創建VLAN3,將端口Ten-GigabitEthernet1/0/1加入VLAN3。
[P] vlan 3
[P-vlan3] port Ten-GigabitEthernet1/0/1
[P-vlan3] quit
# 配置接口Vlan-interface3。
[P] interface vlan-interface 3
[P-Vlan-interface3] ip address 10.1.2.1 24
[P-Vlan-interface3] quit
# 在P上運行OSPF。
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
· 配置PE 2
# 配置環回口地址。
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
# 創建VLAN3,並將Ten-GigabitEthernet1/0/2端口加入VLAN3。
[PE2] vlan 3
[PE2-vlan3] port Ten-GigabitEthernet 1/0/2
[PE2-vlan3] quit
# 配置接口Vlan-interface3。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] ip address 10.1.2.2 24
[PE2-Vlan-interface3] quit
# 在PE 2上運行OSPF。
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
· 配置PE 1
# 配置LSR ID。
[PE1] mpls lsr-id 1.1.1.9
# 全局使能LDP。
[PE1] mpls ldp
[PE1-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] mpls enable
[PE1-Vlan-interface2] mpls ldp enable
[PE1-Vlan-interface2] quit
· 配置P
# 配置LSR ID。
[P] mpls lsr-id 2.2.2.9
# 全局使能LDP。
[P] mpls ldp
[P-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[P] interface vlan-interface 2
[P-Vlan-interface2] mpls enable
[P-Vlan-interface2] mpls ldp enable
[P-Vlan-interface2] quit
# 配置接口Vlan-interface3使能MPLS和LDP。
[P] interface vlan-interface 3
[P-Vlan-interface3] mpls enable
[P-Vlan-interface3] mpls ldp enable
[P-Vlan-interface3] quit
· 配置PE 2
# 配置LSR ID。
[PE2] mpls lsr-id 3.3.3.9
# 全局使能LDP。
[PE2] mpls ldp
[PE2-ldp] quit
#配置接口Vlan-interface3使能MPLS和LDP。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] mpls enable
[PE2-Vlan-interface3] mpls ldp enable
[PE2-Vlan-interface3] quit
· 配置PE 1
# 全局使能MPLS L2VPN。
[PE1] l2vpn enable
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE1] interface ten-gigabitethernet1/0/1
[PE1-Ten-GigabitEthernet1/0/1] service-instance 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] quit
[PE1-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建名稱為svc的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例100與此交叉連接關聯,並在交叉連接內創建靜態PW,以便將AC和PW關聯。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] connection svc
[PE1-xcg-vpna-svc] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE1-xcg-vpna-svc] peer 3.3.3.9 pw-id 100 in-label 101 out-label 100
[PE1-xcg-vpna-svc-3.3.3.9-100] quit
[PE1-xcg-vpna-svc] quit
[PE1-xcg-vpna] quit
# 在接口Ten-GigabitEthernet1/0/4上創建服務實例200,用來匹配VLAN tag為200的報文。
[PE1] interface ten-gigabitethernet1/0/4
[PE1-Ten-GigabitEthernet1/0/4] service-instance 200
[PE1-Ten-GigabitEthernet1/0/4-srv200] encapsulation s-vid 200
[PE1-Ten-GigabitEthernet1/0/4-srv200] quit
[PE1-Ten-GigabitEthernet1/0/4] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建名稱為svc的交叉連接,將Ten-GigabitEthernet1/0/4接口上的服務實例200與此交叉連接關聯,並在交叉連接內創建靜態PW,以便將AC和PW關聯。
[PE1] xconnect-group vpnb
[PE1-xcg-vpnb] connection svc
[PE1-xcg-vpnb-svc] ac interface Ten-GigabitEthernet 1/0/4 service-instance 200
[PE1-xcg-vpnb-svc] peer 3.3.3.9 pw-id 200 in-label 201 out-label 200
[PE1-xcg-vpnb-svc-3.3.3.9-200] quit
[PE1-xcg-vpnb-svc] quit
[PE1-xcg-vpnb] quit
· 配置PE 2
# 全局使能MPLS L2VPN。
[PE2] l2vpn enable
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE2] interface ten-gigabitethernet1/0/1
[PE2-Ten-GigabitEthernet1/0/1] service-instance 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] quit
[PE2-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/4上創建服務實例200,用來匹配VLAN tag為200的報文。
[PE2] interface ten-gigabitethernet1/0/4
[PE2-Ten-GigabitEthernet1/0/4] service-instance 200
[PE2-Ten-GigabitEthernet1/0/4-srv200] encapsulation s-vid 200
[PE2-Ten-GigabitEthernet1/0/4-srv200] quit
[PE2-Ten-GigabitEthernet1/0/4] quit
# 創建交叉連接組vpna,在該交叉連接組內創建名稱為svc的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例100與此交叉連接關聯,並在交叉連接內創建靜態PW,以便將AC和PW關聯。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] connection svc
[PE2-xcg-vpna-svc] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE2-xcg-vpna-svc] peer 1.1.1.9 pw-id 100 in-label 100 out-label 101
[PE2-xcg-vpna-svc-1.1.1.9-100] quit
[PE2-xcg-vpna-svc] quit
[PE2-xcg-vpna] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建名稱為svc的交叉連接,將Ten-GigabitEthernet1/0/4接口上的服務實例200與此交叉連接關聯,並在交叉連接內創建靜態PW,以便將AC和PW關聯。
[PE2] xconnect-group vpnb
[PE2-xcg-vpnb] connection svc
[PE2-xcg-vpnb-svc] ac interface Ten-GigabitEthernet 1/0/4 service-instance 200
[PE2-xcg-vpnb-svc] peer 1.1.1.9 pw-id 200 in-label 200 out-label 201
[PE2-xcg-vpnb-svc-1.1.1.9-200] quit
[PE2-xcg-vpnb-svc] quit
[PE2-xcg-vpnb] quit
# 對於各個CE來說,隻要配置上行到PE的端口允許本站點內的報文攜帶Tag通過即可,這裏以CE1為例,其餘CE請參考進行配置,這裏不再贅述。
<CE1> system-view
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface Ten-GigabitEthernet 1/0/1
[CE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
# 在PE 1上查看PW信息,可以看到建立了兩條靜態PW。
[PE1] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID In/Out Label Proto Flag Link ID State
3.3.3.9 100 101/100 Static M 1 Up
Xconnect-group Name: vpnb
Peer PW ID In/Out Label Proto Flag Link ID State
3.3.3.9 200 201/200 Static M 1 Up
# 在PE 2上也可以看到靜態PW的信息。
[PE2] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID In/Out Label Proto Flag Link ID State
1.1.1.9 100 100/101 Static M 1 Up
Xconnect-group Name: vpnb
Peer PW ID In/Out Label Proto Flag Link ID State
1.1.1.9 200 200/201 Static M 1 Up
# 檢測同一用戶不同站點間的Host和Server是否能夠通信,如能夠通信,則表示L2VPN已經建立成功。
· CE1
#
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 100
#
· CE2
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 200
#
· CE3
#
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 100
#
· CE4
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 200
#
· PE1
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
vlan 2
#
vlan 100
#
vlan 200
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
service-instance 200
encapsulation s-vid 200
#
xconnect-group vpna
connection svc
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
peer 3.3.3.9 pw-id 100 in-label 101 out-label 100
#
xconnect-group vpnb
connection svc
ac interface Ten-GigabitEthernet1/0/4 service-instance 200
peer 3.3.3.9 pw-id 200 in-label 201 out-label 200
#
· P
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
vlan 2 to 3
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface3
ip address 10.1.2.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
· PE2
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
mpls lsr-id 3.3.3.9
#
vlan 3
#
vlan 100
#
vlan 200
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface3
ip address 10.1.2.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
service-instance 200
encapsulation s-vid 200
#
xconnect-group vpna
connection svc
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
peer 1.1.1.9 pw-id 100 in-label 100 out-label 101
#
xconnect-group vpnb
connection svc
ac interface Ten-GigabitEthernet1/0/4 service-instance 200
peer 1.1.1.9 pw-id 200 in-label 200 out-label 201
#
如圖4所示,運營商通過MPLS網絡為某個用戶提供L2VPN服務,該用戶在分支機構和總部內分別有研發部和市場部,現要求通過配置LDP方式的MPLS L2VPN,在研發部和市場部建立不同的VPN連接,實現部門間的數據隔離。
圖4 配置LDP方式的MPLS L2VPN組網示意圖
· LDP方式的MPLS L2VPN采用兩層標簽結構,本例中內層標簽和外層標簽都使用LDP協議動態生成。
· 在PE設備的下行端口上配置服務實例和相應的匹配規則,用來識別用戶網絡中需要使用MPLS L2VPN隧道進行傳輸的報文。
· 配置PE 1
# 配置環回口地址。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
# 創建VLAN2,並將Ten-GigabitEthernet1/0/2端口加入VLAN2。
[PE1] vlan 2
[PE1-vlan2] port Ten-GigabitEthernet 1/0/2
[PE1-vlan2] quit
# 創建接口Vlan-interface2。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] quit
# 在PE 1上運行OSPF。
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
· 配置P
# 配置環回口地址。
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
# 創建VLAN2,將端口Ten-GigabitEthernet1/0/2加入VLAN2。
[P] vlan 2
[P-vlan2] port Ten-GigabitEthernet1/0/2
[P-vlan2] quit
# 配置接口Vlan-interface2。
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] quit
# 創建VLAN3,將端口Ten-GigabitEthernet1/0/1加入VLAN3。
[P] vlan 3
[P-vlan3] port Ten-GigabitEthernet1/0/1
[P-vlan3] quit
# 配置接口Vlan-interface3。
[P] interface vlan-interface 3
[P-Vlan-interface3] ip address 10.1.2.1 24
[P-Vlan-interface3] quit
# 在P上運行OSPF。
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
· 配置PE 2
# 配置環回口地址。
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
# 創建VLAN3,並將Ten-GigabitEthernet1/0/2端口加入VLAN3。
[PE2] vlan 3
[PE2-vlan3] port Ten-GigabitEthernet 1/0/2
[PE2-vlan3] quit
# 創建接口Vlan-interface3。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] ip address 10.1.2.2 24
[PE2-Vlan-interface3] quit
# 在PE 2上運行OSPF。
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
· 配置PE 1
# 配置LSR ID。
[PE1] mpls lsr-id 1.1.1.9
# 全局使能LDP。
[PE1] mpls ldp
[PE1-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] mpls enable
[PE1-Vlan-interface2] mpls ldp enable
[PE1-Vlan-interface2] quit
· 配置P
# 配置LSR ID。
[P] mpls lsr-id 2.2.2.9
# 全局使能LDP。
[P] mpls ldp
[P-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[P] interface vlan-interface 2
[P-Vlan-interface2] mpls enable
[P-Vlan-interface2] mpls ldp enable
[P-Vlan-interface2] quit
# 配置接口Vlan-interface3,使能MPLS和LDP。
[P] interface vlan-interface 3
[P-Vlan-interface3] mpls enable
[P-Vlan-interface3] mpls ldp enable
[P-Vlan-interface3] quit
· 配置PE 2
# 配置LSR ID。
[PE2] mpls lsr-id 3.3.3.9
# 全局使能LDP。
[PE2] mpls ldp
[PE2-ldp] quit
# 配置接口Vlan-interface3使能MPLS和LDP。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] mpls enable
[PE2-Vlan-interface3] mpls ldp enable
[PE2-Vlan-interface3] quit
· 配置PE 1
# 全局使能MPLS L2VPN。
[PE1] l2vpn enable
# 在Ten-GigabitEthernet1/0/1端口上創建服務實例100,匹配VLAN100的報文。
[PE1] interface ten-gigabitethernet1/0/1
[PE1-Ten-GigabitEthernet1/0/1] service-instance 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] quit
# 在Ten-GigabitEthernet1/0/1端口上創建服務實例200,匹配VLAN200的報文。
[PE1-Ten-GigabitEthernet1/0/1] service-instance 200
[PE1-Ten-GigabitEthernet1/0/1-srv200] encapsulation s-vid 200
[PE1-Ten-GigabitEthernet1/0/1-srv200] quit
[PE1-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建名稱為ldp的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例100與此交叉連接關聯,並在交叉連接內創建LDP PW,以便將AC和PW關聯。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] connection ldp
[PE1-xcg-vpna-ldp] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE1-xcg-vpna-ldp] peer 3.3.3.9 pw-id 100
[PE1-xcg-vpna-ldp-3.3.3.9-100] quit
[PE1-xcg-vpna-ldp] quit
[PE1-xcg-vpna] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建名稱為ldp的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例200與此交叉連接關聯,並在交叉連接內創建LDP PW,以便將AC和PW關聯。
[PE1] xconnect-group vpnb
[PE1-xcg-vpnb] connection ldp
[PE1-xcg-vpnb-ldp] ac interface Ten-GigabitEthernet 1/0/1 service-instance 200
[PE1-xcg-vpnb-ldp] peer 3.3.3.9 pw-id 200
[PE1-xcg-vpnb-ldp-3.3.3.9-200] quit
[PE1-xcg-vpnb-ldp] quit
[PE1-xcg-vpnb] quit
· 配置PE 2
# 全局使能MPLS L2VPN。
[PE2] l2vpn enable
# 在Ten-GigabitEthernet1/0/1端口上創建服務實例100,匹配VLAN100的報文。
[PE2] interface ten-gigabitethernet1/0/1
[PE2-Ten-GigabitEthernet1/0/1] service-instance 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] quit
# 在Ten-GigabitEthernet1/0/1端口上創建服務實例200,匹配VLAN200的報文。
[PE2-Ten-GigabitEthernet1/0/1] service-instance 200
[PE2-Ten-GigabitEthernet1/0/1-srv200] encapsulation s-vid 200
[PE2-Ten-GigabitEthernet1/0/1-srv200] quit
[PE2-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建名稱為ldp的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例100與此交叉連接關聯,並在交叉連接內創建LDP PW,以便將AC和PW關聯。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] connection ldp
[PE2-xcg-vpna-ldp] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE2-xcg-vpna-ldp] peer 1.1.1.9 pw-id 100
[PE2-xcg-vpna-ldp-1.1.1.9-100] quit
[PE2-xcg-vpna-ldp] quit
[PE2-xcg-vpna] quit
# 創建交叉連接組vpnb,在該交叉連接組內創建名稱為ldp的交叉連接,將Ten-GigabitEthernet1/0/1接口上的服務實例100與此交叉連接關聯,並在交叉連接內創建LDP PW,以便將AC和PW關聯。
[PE2] xconnect-group vpnb
[PE2-xcg-vpnb] connection ldp
[PE2-xcg-vpnb-ldp] ac interface Ten-GigabitEthernet 1/0/1 service-instance 200
[PE2-xcg-vpnb-ldp] peer 1.1.1.9 pw-id 200
[PE2-xcg-vpnb-ldp-1.1.1.9-200] quit
[PE2-xcg-vpnb-ldp] quit
[PE2-xcg-vpnb] quit
# 對於各個CE來說,隻要配置上行到PE的端口允許本站點內的報文攜帶Tag通過即可,這裏以CE1為例,CE2請參考進行配置,這裏不再贅述。
<CE1> system-view
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] vlan 200
[CE1-vlan200] quit
[CE1] interface Ten-GigabitEthernet 1/0/1
[CE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200
# 在PE 1上查看L2VPN連接信息,可以看到建立了兩條LDP PW。
[PE1] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID In/Out Label Proto Flag Link ID State
3.3.3.9 100 65663/65663 LDP M 1 Up
Xconnect-group Name: vpnb
Peer PW ID In/Out Label Proto Flag Link ID State
3.3.3.9 200 65662/65662 LDP M 1 Up
# 在PE 2上也可以看到LDP PW信息。
[PE2] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID In/Out Label Proto Flag Link ID State
1.1.1.9 100 65663/65663 LDP M 1 Up
Xconnect-group Name: vpnb
Peer PW ID In/Out Label Proto Flag Link ID State
1.1.1.9 200 65662/65662 LDP M 1 Up
# 檢測CustomerA不同站點間的Host和Server是否能夠通信,如能夠通信,則表示L2VPN已經建立成功。
· CE1和CE2
vlan 100
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 100 200
#
· PE1
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
vlan 2
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
service-instance 200
encapsulation s-vid 200
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
xconnect-group vpna
connection ldp
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
peer 3.3.3.9 pw-id 100
#
xconnect-group vpnb
connection ldp
ac interface Ten-GigabitEthernet1/0/1 service-instance 200
peer 3.3.3.9 pw-id 200
#
· P
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
mpls lsr-id 2.2.2.9
#
vlan 2
#
vlan 3
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface3
ip address 10.1.2.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
· PE2
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
mpls lsr-id 3.3.3.9
#
vlan 3
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface3
ip address 10.1.2.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
service-instance 200
encapsulation s-vid 200
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
xconnect-group vpna
connection ldp
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
peer 1.1.1.9 pw-id 100
#
xconnect-group vpnb
connection ldp
ac interface Ten-GigabitEthernet1/0/1 service-instance 200
peer 1.1.1.9 pw-id 200
#
如圖5所示,MPLS網絡為用戶提供MPLS L2VPN服務,該用戶目前部署有2個站點,後續可能增加至10個站點,要求通過配置BGP方式的MPLS L2VPN,實現現有兩個站點間的VPN連接,並為該用戶預留剩餘8個站點的VPN資源。
圖5 配置BGP方式的MPLS L2VPN組網示意圖
· BGP方式的MPLS L2VPN采用兩層標簽結構,本例中內層標簽通過BGP生成,外層標簽使用LDP協議動態生成。
· 為實現PE設備之間能使用BGP傳遞私網標簽,需要在各PE設備上創建服務實例和IBGP連接,並相互配置為BGP對等體。
· 為了減少後續增加至10個站點時的配置工作量,需要配置標簽塊的範圍為10。
· 配置PE 1
# 配置環回口地址。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
# 創建VLAN2,並將Ten-GigabitEthernet1/0/2端口加入VLAN2。
[PE1] vlan 2
[PE1-vlan2] port Ten-GigabitEthernet 1/0/2
[PE1-vlan2] quit
# 創建接口Vlan-interface2。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] quit
# 在PE 1上運行OSPF。
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
· 配置P
# 配置環回口地址。
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
# 創建VLAN2,將端口Ten-GigabitEthernet1/0/2加入VLAN2。
[P] vlan2
[P-vlan2] port Ten-GigabitEthernet1/0/2
[P-vlan2] quit
# 配置接口Vlan-interface2。
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] quit
# 創建VLAN3,將端口Ten-GigabitEthernet1/0/1加入VLAN3。
[P] vlan3
[P-vlan3] port Ten-GigabitEthernet1/0/1
[P-vlan3] quit
# 配置接口Vlan-interface3。
[P] interface vlan-interface 3
[P-Vlan-interface3] ip address 10.1.2.1 24
[P-Vlan-interface3] quit
# 在P上運行OSPF。
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
· 配置PE 2
# 配置環回口地址。
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
# 創建VLAN3,並將Ten-GigabitEthernet1/0/2端口加入VLAN3。
[PE2] vlan 3
[PE2-vlan3] port Ten-GigabitEthernet 1/0/2
[PE2-vlan3] quit
# 創建接口Vlan-interface3。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] ip address 10.1.2.2 24
[PE2-Vlan-interface3] quit
# 在PE 2上運行OSPF,用於建立LSP。
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
· 配置PE 1
# 配置LSR ID。
[PE1] mpls lsr-id 1.1.1.9
# 全局使能MPLS L2VPN和LDP。
[PE1] l2vpn enable
[PE1] mpls ldp
[PE1-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] mpls enable
[PE1-Vlan-interface2] mpls ldp enable
[PE1-Vlan-interface2] quit
· 配置P
# 配置LSR ID。
[P] mpls lsr-id 2.2.2.9
# 全局使能LDP。
[P] mpls ldp
[P-ldp] quit
# 配置接口Vlan-interface2使能MPLS和LDP。
[P] interface vlan-interface 2
[P-Vlan-interface2] mpls enable
[P-Vlan-interface2] mpls ldp enable
[P-Vlan-interface2] quit
# 配置接口Vlan-interface3使能MPLS和LDP。
[P] interface vlan-interface 3
[P-Vlan-interface3] mpls enable
[P-Vlan-interface3] mpls ldp enable
[P-Vlan-interface3] quit
· 配置PE 2
# 配置LSR ID。
[PE2] mpls lsr-id 3.3.3.9
# 全局使能MPLS L2VPN和LDP。
[PE2] l2vpn enable
[PE2] mpls ldp
[PE2-ldp] quit
# 配置接口Vlan-interface3使能MPLS和LDP。
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] mpls enable
[PE2-Vlan-interface3] mpls ldp enable
[PE2-Vlan-interface3] quit
· 配置PE 1
# 在PE 1和PE 2之間建立IBGP連接。
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
# 使能在PE 1和PE 2之間交換BGP L2VPN信息的能力。
[PE1-bgp] address-family l2vpn
[PE1-bgp-l2vpn] peer 3.3.3.9 enable
[PE1-bgp-l2vpn] quit
[PE1-bgp] quit
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE1] interface ten-gigabitethernet1/0/1
[PE1-Ten-GigabitEthernet1/0/1] service-instance 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE1-Ten-GigabitEthernet1/0/1-srv100] quit
[PE1-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建本地站點1,在本地站點1和遠端站點2之間建立BGP PW,並將Ten-GigabitEthernet1/0/1接口上的服務實例100與此PW關聯。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] auto-discovery bgp
[PE1-xcg-vpna-auto] route-distinguisher 2:2
[PE1-xcg-vpna-auto] vpn-target 2:2 export-extcommunity
[PE1-xcg-vpna-auto] vpn-target 2:2 import-extcommunity
[PE1-xcg-vpna-auto] site 1 range 10 default-offset 0
[PE1-xcg-vpna-auto-1] connection remote-site-id 2
[PE1-xcg-vpna-auto-1-2] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE1-xcg-vpna-auto-1-2] return
· 配置PE 2
# 在PE 2和PE 1之間建立IBGP連接,並配置在二者之間通過BGP發布L2VPN信息。
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] address-family l2vpn
[PE2-bgp-l2vpn] peer 1.1.1.9 enable
[PE2-bgp-l2vpn] quit
[PE2-bgp] quit
# 在接口Ten-GigabitEthernet1/0/1上創建服務實例100,用來匹配VLAN tag為100的報文。
[PE2] interface ten-gigabitethernet1/0/1
[PE2-Ten-GigabitEthernet1/0/1] service-instance 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 100
[PE2-Ten-GigabitEthernet1/0/1-srv100] quit
[PE2-Ten-GigabitEthernet1/0/1] quit
# 創建交叉連接組vpna,在該交叉連接組內創建本地站點2,在本地站點2和遠端站點1之間建立BGP PW,並將Ten-GigabitEthernet1/0/1接口上的服務實例100與此PW關聯。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] auto-discovery bgp
[PE2-xcg-vpna-auto] route-distinguisher 2:2
[PE2-xcg-vpna-auto] vpn-target 2:2 export-extcommunity
[PE2-xcg-vpna-auto] vpn-target 2:2 import-extcommunity
[PE2-xcg-vpna-auto] site 2 range 10 default-offset 0
[PE2-xcg-vpna-auto-2] connection remote-site-id 1
[PE2-xcg-vpna-auto-2-1] ac interface Ten-GigabitEthernet 1/0/1 service-instance 100
[PE2-xcg-vpna-auto-2-1] return
# 對於各個CE來說,隻要配置上行到PE的端口允許本站點內的報文攜帶Tag通過即可,這裏以CE1為例,其它CE設備請參考進行配置,這裏不再贅述。
<CE1> system-view
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface Ten-GigabitEthernet 1/0/1
[CE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
# 在PE 1上查看PW信息,可以看到建立了一條BGP PW。
<PE1> display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
3.3.3.9 2 65538/65537 BGP M 1 Up
# 在PE 2上也可以看到PW信息。
<PE2> display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect
Xconnect-group Name: vpna
Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State
1.1.1.9 1 65537/65538 BGP M 1 Up
# 檢測兩個站點內的主機間是否可以ping通,如可以ping通,則表示VPN建立成功。
· CE1和CE2
#
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 100
#
· PE1
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
vlan 2
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family l2vpn
peer 3.3.3.9 enable
#
xconnect-group vpna
auto-discovery bgp
route-distinguisher 2:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
site 1 range 10 default-offset 0
connection remote-site-id 2
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
#
· P
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
mpls lsr-id 2.2.2.9
#
vlan 2
#
vlan 3
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface3
ip address 10.1.2.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
· PE2
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
mpls lsr-id 3.3.3.9
#
vlan 3
#
mpls ldp
#
l2vpn enable
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface3
ip address 10.1.2.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 100
encapsulation s-vid 100
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family l2vpn
peer 1.1.1.9 enable
#
xconnect-group vpna
auto-discovery bgp
route-distinguisher 2:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
site 2 range 10 default-offset 0
connection remote-site-id 1
ac interface Ten-GigabitEthernet1/0/1 service-instance 100
#
· H3C S7600-X係列交換機 MPLS配置指導-R757X
· H3C S7600-X係列交換機 MPLS命令參考-R757X
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
