Como habilitar a medição de atraso no enlace e a publicidade no IS-IS
Entendendo a medição de atraso do link e a publicidade no IS-IS
- Benefícios da medição de atraso no enlace e publicidade no IS-IS
- Visão geral da medição de atraso do link e publicidade no IS-IS
Benefícios da medição de atraso no enlace e publicidade no IS-IS
A medição de atraso no link e a publicidade no IS-IS fornecem os seguintes benefícios:
- Altamente benéfico em determinadas redes, como provedores de dados do mercado de ações, onde é crucial ter acesso a dados de mercado em tempo real para tornar as negociações mais rápidas do que a concorrência. É aí que os critérios de desempenho ou latência da rede estão se tornando críticos para a seleção de caminhos de dados.
- Ajuda a tomar decisões de seleção de caminhos com base em dados de desempenho (como latência) de uma maneira econômica e escalável.
- Alternativa superior ao uso de métricas como contagem de saltos ou custo como métricas de roteamento.
Visão geral da medição de atraso do link e publicidade no IS-IS
O desempenho da rede é medido usando o TWAMP-Light. A partir do Junos OS Release 21.1R1, você pode obter a medição de várias métricas de desempenho em redes IP, usando mensagens de sondagem. As extensões de engenharia de tráfego IS-IS ajudam a distribuir informações de desempenho de rede de forma escalável. Essas informações podem então ser usadas para tomar decisões de seleção de caminhos com base no desempenho da rede.
O Border Gateway Protocol Link-State (BGP-LS) permite que o BGP carregue informações de estado de enlace adquiridas de IGPs, o que permite que provedores de serviços de internet (ISP) exponham seletivamente as informações com outros ISPs, provedores de serviços, CDNs e assim por diante, por meio de peering BGP normal. Novas TLVs BGP-Link State (BGP-LS) são definidas para transportar as extensões métricas de engenharia de tráfego IGP.
A ilustração a seguir mostra a métrica mínima de IGP e a métrica mínima de atraso em redes que consistem em uma rede de núcleo, metro e acesso.
Nesse cenário, a rede principal é mais barata, mas tem um atraso maior. O atalho de acesso, com a menor latência, custa caro. Como a rede principal é mais barata, a maioria do tráfego normalmente passa de 1>2>3>4>5> para 6 usando métrica mínima de IGP. Conforme exibido no cenário a), você pode alcançar o requisito mínimo de IGP executando o IS-IS com o custo apropriado configurado e o algoritmo IS-IS padrão definido para zero. Em empresas onde a latência ultraba baixa é crucial, os pacotes precisam ir de 1 a 6. Conforme exibido no cenário b), você pode alcançar uma métrica mínima de atraso definindo o algoritmo flex IS-IS com latência mínima, o que minimiza o atraso no endpoint. Este algoritmo flex consiste apenas em nós 1 e nó 6.
Exemplo: habilite o atraso no enlace IS-IS com o roteamento de pacotes de origem em redes (SPRING) em uma rede privada virtual (VPN) de Camada 3
Este exemplo mostra como configurar o atraso do enlace IS-IS com a SPRING em um cenário de VPN de Camada3. No exemplo, você pode criar duas VPNs entre PE1 e PE2. VPN1 otimiza o atraso do link e VPN2 otimiza a métrica de IGP. Embora você possa configurar o recurso para permitir tráfego bidirecional na topologia de teste, estamos focando em um cenário de tráfego unidirecional neste exemplo. Especificamente, sua tarefa é controlar o caminho de encaminhamento para o tráfego VPN de Camada 3 enviado pelo PE1 para destinos anunciados pelo PE2.
Requisitos
Este exemplo usa os seguintes componentes de hardware e software:
-
Quatro roteadores da Série MX
-
Junos OS Release 21.1R1 ou posterior em execução em todos os dispositivos
Topologia
de atraso de enlace IS-IS
Na topologia, a maioria dos links tem uma métrica IGP (padrão) de 10, medições dinâmicas de atraso e coloração azul. As exceções são o caminho de cor vermelha entre PE1 e P1 e a configuração de atraso estático no link P2 para PE2.
Configuramos a topologia de teste para oferecer suporte ao atraso no link IS-IS para IPv4 e IPv6. Configuramos o roteador P2 como um refletor de rota com os dispositivos PE como seus clientes. Para manter a topologia simples, estamos usando rotas estáticas nos VRFs do roteador PE2. Isso elimina a necessidade de dispositivos CE e um protocolo de roteamento PE-CE, como o EBGP.
Seu objetivo é configurar a rede para que as rotas anunciadas pelo PE2 para VPN1 tomem um caminho que otimize o atraso, ao mesmo tempo em que se limita a usar apenas links azuis. Por outro lado, o tráfego enviado para as rotas associadas à VPN2 pode utilizar um enlace azul ou vermelho com otimização de caminho com base em sua métrica IGP.
- A definição do algoritmo Flex (FAD) para VPN1 usa o algoritmo 128. Nós o configuramos para usar apenas links de cor azul (PE1>P2>P1>PE2) em um caminho otimizado para reduzir o atraso. Para ajudar a demonstrar a seleção adequada do caminho, você configura um atraso estático de 20000 microssegundos entre P2 e PE2. Esse atraso é significativamente maior do que o atraso dinâmico medido nos links restantes. Como resultado, você espera que o algoritmo flex 128 tráfego evite o link P2 para PE2, preferindo saltos adicionais ao longo do caminho de cores azuis (PE1>P2>P1>PE2).
- A definição do algoritmo Flex (FAD) para VPN2 usa o algoritmo 129. Nós o configuramos para usar links azuis ou vermelhos (PE1>P1>PE2 ou PE1>P2>PE2), com o caminho otimizado na métrica IGP. Como resultado, o tráfego usando o algoritmo flex 129 tem dois caminhos de custo igual entre PE1 e PE2, ambos incorrendo em dois saltos e uma métrica resultante de 20.
Visão geral
Nas redes IP, a maior parte do tráfego costuma passar pela rede principal, o que reduz custos, mas pode resultar em uma latência maior. O tráfego de negócios, no entanto, muitas vezes se beneficia da capacidade de tomar decisões de seleção de caminhos com base em outras métricas de desempenho, como latência de caminho, em vez de retransmitir na otimização de caminho tradicional com base simplesmente em métricas de IGP. Otimizar um caminho para reduzir a latência pode beneficiar muito aplicativos como voz e vídeo em tempo real. Também pode permitir acesso de alto desempenho a dados do mercado financeiro onde milissegundos podem se traduzir em ganhos ou perdas significativos.
A partir da versão 21.1R1 do Junos OS, você pode ativar o atraso no link IS-IS em redes IP. Você pode alcançar caminhos métricas mínimos de IGP configurando o IS-IS com o custo de link apropriado usando o algoritmo IS-IS padrão (0). Isso otimiza caminhos para o endpoint que se baseiam estritamente na soma das métricas do link. Ao usar o algoritmo is-IS delay flex, você pode otimizar caminhos com base em seu atraso de ponta a ponta.
O atraso no enlace pode ser medido dinamicamente usando sondas de medição ativa de duas vias (TWAMP). Os roteadores então inundam os parâmetros de atraso do enlace. Os roteadores da área armazenam esses parâmetros no banco de dados de estado de link compartilhado (LSDB). Nós de entrada executam um algoritmo SPF contra o LSDB para computar caminhos otimizados em vários atributos, como cores de link, métrica de IGP, métrica de engenharia de tráfego (TE) ou, como mostrado neste exemplo, atraso no link.
O roteador de saída sinaliza qual algoritmo flex é desejado anexando uma comunidade de cores associada a rotas anunciadas através do BGP. No final do envio (o PE local que recebeu as rotas marcadas anunciadas pelo PE remoto), essas comunidades de cores são usadas para indexar em uma tabela de cores que resolve o protocolo remoto próximo salto (endereço loopback do PE) para um identificador de algoritmo flex. No contexto das VPNs de Camada 3, uma política de mapeamento de cores é usada no nó de entrada para selecionar quais prefixos devem ter seus próximos saltos resolvidos pela tabela de cores.
O PE local então usa sua definição local de algoritmo flex (FAD) para mapear o identificador de algoritmo flex em um conjunto de critérios de seleção de caminhos, por exemplo, "use links azuis e otimize no atraso". O PE de entrada calcula o caminho ideal com base nos valores do LSDB, empurra a pilha de rótulo MPLS relacionada para o pacote e o envia para o próximo salto associado. Isso resulta em caminhos MPLS projetados por tráfego usando o IS-IS como protocolo de sinalização.
Configuração
Configuração rápida da CLI
Para configurar rapidamente este exemplo, copie os seguintes comandos, cole-os em um arquivo de texto, remova qualquer quebra de linha, altere os detalhes necessários para combinar com a configuração da sua rede e, em seguida, copie e cole os comandos no CLI no nível de hierarquia [editar].
Dependendo do tipo de MPCs em seus roteadores da Série MX, você pode precisar habilitar explicitamente serviços IP aprimorados para oferecer suporte ao recurso de atraso IS-IS. Quando você confirmar a declaração de set chassis network-services enhanced-ip configuração, você será solicitado a reiniciar o sistema.
PE1
set system host-name PE1 set chassis network-services enhanced-ip set services rpm twamp server authentication-mode none set services rpm twamp server light set interfaces ge-0/0/0 description To_R1 set interfaces ge-0/0/0 unit 0 family inet address 10.0.1.10/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8:10:0:1::10/80 set interfaces ge-0/0/0 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/1 description To_R2 set interfaces ge-0/0/1 unit 0 family inet address 10.0.2.10/24 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8:10:0:2::10/80 set interfaces ge-0/0/1 unit 0 family mpls maximum-labels 16 set interfaces lo0 unit 0 family inet address 192.168.255.10/32 set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set interfaces lo0 unit 0 family iso address 49.0001.000a.0a0a.0a00 set interfaces lo0 unit 0 family inet6 address 2001:db8:192:168:255::10/128 set interfaces lo0 unit 1 family inet address 172.16.10.1/32 set interfaces lo0 unit 1 family inet6 address 2001:db8:172:16:10::1/128 set interfaces lo0 unit 2 family inet address 172.16.10.2/32 set interfaces lo0 unit 2 family inet6 address 2001:db8:172:16:10::2/128 set policy-options policy-statement pplb then load-balance per-packet set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.10/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1280 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1290 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1000 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::10/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4280 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4290 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4000 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept set policy-options policy-statement v6vpn1_res_map1 from route-filter 2001:db8:172:16:1::/80 orlonger set policy-options policy-statement v6vpn1_res_map1 then accept set policy-options policy-statement v6vpn1_res_map1 then resolution-map map1 set policy-options policy-statement v6vpn2_res_map1 from route-filter 2001:db8:172:16:2::/80 orlonger set policy-options policy-statement v6vpn2_res_map1 then accept set policy-options policy-statement v6vpn2_res_map1 then resolution-map map1 set policy-options policy-statement vpn1_res_map1 term 1 from route-filter 172.16.1.0/24 orlonger set policy-options policy-statement vpn1_res_map1 term 1 then accept set policy-options policy-statement vpn1_res_map1 term 1 then resolution-map map1 set policy-options policy-statement vpn2_res_map1 term 1 from route-filter 172.16.2.0/24 orlonger set policy-options policy-statement vpn2_res_map1 term 1 then accept set policy-options policy-statement vpn2_res_map1 term 1 then resolution-map map1 set policy-options resolution-map map1 mode ip-color set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 64512:1 set routing-instances vpn1 vrf-target target:64512:1 set routing-instances vpn1 vrf-table-label set routing-instances vpn2 instance-type vrf set routing-instances vpn2 interface lo0.2 set routing-instances vpn2 route-distinguisher 64512:2 set routing-instances vpn2 vrf-target target:64512:2 set routing-instances vpn2 vrf-table-label set protocols bgp group to-RRv6 type internal set protocols bgp group to-RRv6 local-address 2001:db8:192:168:255::10 set protocols bgp group to-RRv6 import v6vpn1_res_map1 set protocols bgp group to-RRv6 import v6vpn2_res_map1 set protocols bgp group to-RRv6 family inet6 unicast extended-nexthop-color set protocols bgp group to-RRv6 family inet6-vpn unicast set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::2 set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.10 set protocols bgp group to-RR import vpn1_res_map1 set protocols bgp group to-RR import vpn2_res_map1 set protocols bgp group to-RR family inet unicast extended-nexthop-color set protocols bgp group to-RR family inet-vpn unicast set protocols bgp group to-RR family traffic-engineering unicast set protocols bgp group to-RR neighbor 192.168.255.2 set protocols bgp group to-RR vpn-apply-export set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/0.0 point-to-point set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 point-to-point set protocols isis interface lo0.0 passive set protocols isis source-packet-routing srgb start-label 80000 set protocols isis source-packet-routing srgb index-range 5000 set protocols isis source-packet-routing flex-algorithm 128 set protocols isis source-packet-routing flex-algorithm 129 set protocols isis level 1 disable set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8 set protocols isis backup-spf-options use-source-packet-routing set protocols isis traffic-engineering l3-unicast-topology set protocols isis traffic-engineering advertisement always set protocols isis export prefix-sid set protocols mpls traffic-engineering set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls interface ge-0/0/0.0 admin-group RED set protocols mpls interface ge-0/0/1.0 admin-group BLUE set routing-options flex-algorithm 128 definition metric-type delay-metric set routing-options flex-algorithm 128 definition spf set routing-options flex-algorithm 128 definition admin-group include-any BLUE set routing-options flex-algorithm 129 definition metric-type igp-metric set routing-options flex-algorithm 129 definition spf set routing-options flex-algorithm 129 definition admin-group include-any RED set routing-options flex-algorithm 129 definition admin-group include-any BLUE set routing-options router-id 192.168.255.10 set routing-options autonomous-system 64512 set routing-options forwarding-table export pplb set routing-options forwarding-table ecmp-fast-reroute set routing-options forwarding-table chained-composite-next-hop ingress l3vpn
P1
set system host-name P1 set chassis network-services enhanced-ip set services rpm twamp server authentication-mode none set services rpm twamp server light set interfaces ge-0/0/0 description To_R0 set interfaces ge-0/0/0 unit 0 family inet address 10.0.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8:10:0:1::1/80 set interfaces ge-0/0/0 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/1 description To_R2 set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.1/24 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8:10:0:12::1/80 set interfaces ge-0/0/1 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/2 description To_R3 set interfaces ge-0/0/2 unit 0 family inet address 10.0.13.1/24 set interfaces ge-0/0/2 unit 0 family iso set interfaces ge-0/0/2 unit 0 family inet6 address 2001:db8:10:0:13::1/80 set interfaces ge-0/0/2 unit 0 family mpls maximum-labels 16 set interfaces lo0 unit 0 family inet address 192.168.255.1/32 set interfaces lo0 unit 0 family iso address 49.0001.0005.0505.0500 set interfaces lo0 unit 0 family inet6 address 2001:db8:192:168:255::1/128 set policy-options policy-statement pplb then load-balance per-packet set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.1/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1281 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1291 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1001 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::1/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4281 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4291 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4001 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/0.0 point-to-point set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 point-to-point set protocols isis interface ge-0/0/2.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/2.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/2.0 point-to-point set protocols isis interface lo0.0 passive set protocols isis source-packet-routing srgb start-label 80000 set protocols isis source-packet-routing srgb index-range 5000 set protocols isis source-packet-routing flex-algorithm 128 set protocols isis source-packet-routing flex-algorithm 129 set protocols isis level 1 disable set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8 set protocols isis backup-spf-options use-source-packet-routing set protocols isis traffic-engineering l3-unicast-topology set protocols isis traffic-engineering advertisement always set protocols isis export prefix-sid set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls interface ge-0/0/0.0 admin-group RED set protocols mpls interface ge-0/0/1.0 admin-group BLUE set protocols mpls interface ge-0/0/2.0 admin-group BLUE set routing-options router-id 192.168.255.1 set routing-options autonomous-system 65412 set routing-options forwarding-table export pplb
P2
set system host-name P2 set chassis network-services enhanced-ip set services rpm twamp server authentication-mode none set services rpm twamp server light set interfaces ge-0/0/0 unit 0 family inet address 10.0.2.2/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8:10:0:2::2/80 set interfaces ge-0/0/0 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/1 description To_R1 set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.2/24 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8:10:0:12::2/80 set interfaces ge-0/0/1 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/2 description To_R3 set interfaces ge-0/0/2 unit 0 family inet address 10.0.23.2/24 set interfaces ge-0/0/2 unit 0 family iso set interfaces ge-0/0/2 unit 0 family inet6 address 2001:db8:10:0:23::2/80 set interfaces ge-0/0/2 unit 0 family mpls maximum-labels 16 set interfaces lo0 unit 0 family inet address 192.168.255.2/32 set interfaces lo0 unit 0 family iso address 49.0001.0002.0202.0200 set interfaces lo0 unit 0 family inet6 address 2001:db8:192:168:255::2/128 set policy-options policy-statement pplb then load-balance per-packet set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.2/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1282 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1292 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1002 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::2/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4282 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4292 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4002 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept set policy-options policy-statement ted2nlri_igp term 1 from family traffic-engineering set policy-options policy-statement ted2nlri_igp term 1 from protocol isis set policy-options policy-statement ted2nlri_igp term 1 then accept set protocols bgp group to-RRv6 type internal set protocols bgp group to-RRv6 local-address 2001:db8:192:168:255::2 set protocols bgp group to-RRv6 family inet6 unicast set protocols bgp group to-RRv6 family inet6-vpn unicast set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::10 set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::3 set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.2 set protocols bgp group to-RR family inet unicast set protocols bgp group to-RR family inet-vpn unicast set protocols bgp group to-RR neighbor 192.168.255.10 set protocols bgp group to-RR neighbor 192.168.255.3 set protocols bgp cluster 192.168.255.2 set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/0.0 point-to-point set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 point-to-point set protocols isis interface ge-0/0/2.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/2.0 delay-metric 20000 set protocols isis interface ge-0/0/2.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/2.0 point-to-point set protocols isis interface lo0.0 passive set protocols isis source-packet-routing srgb start-label 80000 set protocols isis source-packet-routing srgb index-range 5000 set protocols isis source-packet-routing flex-algorithm 128 set protocols isis source-packet-routing flex-algorithm 129 set protocols isis level 1 disable set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8 set protocols isis backup-spf-options use-source-packet-routing set protocols isis traffic-engineering l3-unicast-topology set protocols isis traffic-engineering advertisement always set protocols isis export prefix-sid set protocols mpls traffic-engineering set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls interface ge-0/0/0.0 admin-group BLUE set protocols mpls interface ge-0/0/1.0 admin-group BLUE set protocols mpls interface ge-0/0/2.0 admin-group BLUE set routing-options router-id 192.168.255.2 set routing-options autonomous-system 64512 set routing-options forwarding-table export pplb
PE2
set system host-name PE2 set chassis network-services enhanced-ip set services rpm twamp server authentication-mode none set services rpm twamp server light set interfaces ge-0/0/0 description To_R1 set interfaces ge-0/0/0 unit 0 family inet address 10.0.13.3/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8:10:0:13::3/80 set interfaces ge-0/0/0 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/1 description To_R2 set interfaces ge-0/0/1 unit 0 family inet address 10.0.23.3/24 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8:10:0:23::364/128 set interfaces ge-0/0/1 unit 0 family mpls maximum-labels 16 set interfaces lo0 unit 0 family inet address 192.168.255.3/32 set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set interfaces lo0 unit 0 family iso address 49.0001.0007.0707.0700 set interfaces lo0 unit 0 family inet6 address 2001:db8:192:168:255::3/128 set interfaces lo0 unit 1 family inet address 172.16.3.1/32 set interfaces lo0 unit 1 family inet6 address 2001:db8:172:16:3::1/128 set interfaces lo0 unit 2 family inet address 172.16.3.2/32 set interfaces lo0 unit 2 family inet6 address 2001:db8:172:16:3::2/128 set policy-options policy-statement pplb then load-balance per-packet set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.3/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1283 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1293 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1003 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::3/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4283 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4293 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4003 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept set policy-options policy-statement vpn_1_export term 1 from route-filter 172.16.1.0/24 orlonger set policy-options policy-statement vpn_1_export term 1 then community add color128 set policy-options policy-statement vpn_1_export term 1 then next-hop 192.168.255.3 set policy-options policy-statement vpn_1_export term 1 then accept set policy-options policy-statement vpn_1_export_v6 term 1 from route-filter 2001:db8:172:16:1::/80 orlonger set policy-options policy-statement vpn_1_export_v6 term 1 then community add color128 set policy-options policy-statement vpn_1_export_v6 term 1 then next-hop 2001:db8:192:168:255::3 set policy-options policy-statement vpn_1_export_v6 term 1 then accept set policy-options policy-statement vpn_1_export_v6 term 2 from route-filter 2001:db8:172:16:3::1/128 exact set policy-options policy-statement vpn_1_export_v6 term 2 then community add color128 set policy-options policy-statement vpn_1_export_v6 term 2 then next-hop 2001:db8:192:168:255::3 set policy-options policy-statement vpn_1_export_v6 term 2 then accept set policy-options policy-statement vpn_2_export term 1 from route-filter 172.16.2.0/24 orlonger set policy-options policy-statement vpn_2_export term 1 then community add color129 set policy-options policy-statement vpn_2_export term 1 then next-hop 192.168.255.3 set policy-options policy-statement vpn_2_export term 1 then accept set policy-options policy-statement vpn_2_export_v6 term 1 from route-filter 2001:db8:172:16:2::/80 orlonger set policy-options policy-statement vpn_2_export_v6 term 1 then community add color129 set policy-options policy-statement vpn_2_export_v6 term 1 then next-hop 2001:db8:192:168:255::3 set policy-options policy-statement vpn_2_export_v6 term 1 then accept set policy-options community color128 members color:0:128 set policy-options community color129 members color:0:129 set policy-options resolution-map map1 mode ip-color set routing-instances vpn1 instance-type vrf set routing-instances vpn1 routing-options rib vpn1.inet6.0 static route 2001:db8:172:16:1::/80 receive set routing-instances vpn1 routing-options static route 172.16.1.0/24 receive set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 64512:1 set routing-instances vpn1 vrf-target target:64512:1 set routing-instances vpn1 vrf-table-label set routing-instances vpn2 instance-type vrf set routing-instances vpn2 routing-options rib vpn2.inet6.0 static route 2001:db8:172:16:2::/80 receive set routing-instances vpn2 routing-options static route 172.16.2.0/24 receive set routing-instances vpn2 interface lo0.2 set routing-instances vpn2 route-distinguisher 64512:2 set routing-instances vpn2 vrf-target target:64512:2 set routing-instances vpn2 vrf-table-label set protocols bgp group to-RRv6 type internal set protocols bgp group to-RRv6 local-address 2001:db8:192:168:255::3 set protocols bgp group to-RRv6 family inet6 unicast extended-nexthop-color set protocols bgp group to-RRv6 family inet6-vpn unicast set protocols bgp group to-RRv6 export vpn_1_export_v6 set protocols bgp group to-RRv6 export vpn_2_export_v6 set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::2 set protocols bgp group to-RRv6 vpn-apply-export set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.3 set protocols bgp group to-RR family inet unicast extended-nexthop-color set protocols bgp group to-RR family inet-vpn unicast set protocols bgp group to-RR export vpn_1_export set protocols bgp group to-RR export vpn_2_export set protocols bgp group to-RR neighbor 192.168.255.2 set protocols bgp group to-RR vpn-apply-export set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/0.0 point-to-point set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 point-to-point set protocols isis interface ge-0/0/2.0 delay-metric 20000 set protocols isis interface lo0.0 passive set protocols isis source-packet-routing srgb start-label 80000 set protocols isis source-packet-routing srgb index-range 5000 set protocols isis source-packet-routing flex-algorithm 128 set protocols isis source-packet-routing flex-algorithm 129 set protocols isis level 1 disable set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8 set protocols isis backup-spf-options use-source-packet-routing set protocols isis traffic-engineering l3-unicast-topology set protocols isis traffic-engineering advertisement always set protocols isis export prefix-sid set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls interface ge-0/0/0.0 admin-group BLUE set protocols mpls interface ge-0/0/1.0 admin-group BLUEset routing-options router-id 192.168.255.3 set routing-options autonomous-system 64512 set routing-options forwarding-table export pplb set routing-options forwarding-table ecmp-fast-reroute set routing-options forwarding-table chained-composite-next-hop ingress l3vpn
Procedimento passo a passo
-
Configure as configurações básicas do dispositivo, como nome de host, IPv4, endereços IPv6, endereços de interface de loopback,
enhanced-ipmodo e habilite as famílias de protocolo ISO e MPLS em todas as interfaces dos 4 roteadores.user@PE1# set system host-name PE1 set chassis network-services enhanced-ip set interfaces ge-0/0/0 description To_R1 set interfaces ge-0/0/0 unit 0 family inet address 10.0.1.10/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8:10:0:1::10/80 set interfaces ge-0/0/0 unit 0 family mpls maximum-labels 16 set interfaces ge-0/0/1 description To_R2 set interfaces ge-0/0/1 unit 0 family inet address 10.0.2.10/24 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8:10:0:2::10/80 set interfaces ge-0/0/1 unit 0 family mpls maximum-labels 16 set interfaces lo0 unit 0 family inet address 192.168.255.10/32 set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set interfaces lo0 unit 0 family iso address 49.0001.000a.0a0a.0a00 set interfaces lo0 unit 0 family inet6 address 2001:db8:192:168:255::10/128 set interfaces lo0 unit 1 family inet address 172.16.10.1/32 set interfaces lo0 unit 1 family inet6 address 2001:db8:172:16:10::1/128 set interfaces lo0 unit 2 family inet address 172.16.10.2/32 set interfaces lo0 unit 2 family inet6 address 2001:db8:172:16:10::2/128
-
Configure o número de ID do roteador, sistema autônomo (AS) e aplique uma política de exportação de balanceamento de carga à tabela de encaminhamento em todos os roteadores para permitir o balanceamento de carga do tráfego.
user@PE1# set routing-options router-id 192.168.255.10 set routing-options autonomous-system 64512 set routing-options forwarding-table export pplb
-
No PE1 e pe2, configure multicaminho de igual custo (ECMP) para permitir uma proteção rápida de redirecionamento. Configure também o próximo salto composto encadeado para permitir que os roteadores apontem rotas que compartilham o mesmo destino para um próximo salto de encaminhamento comum. Essa opção melhora o dimensionamento da base de informações de encaminhamento (FIB).
user@PE1# set routing-options forwarding-table ecmp-fast-reroute set routing-options forwarding-table chained-composite-next-hop ingress l3vpn
-
Habilite o processamento de protocolo MPLS em todas as interfaces em todos os roteadores. Também habilite a engenharia de tráfego.
user@PE1# set protocols mpls interface fxp0.0 disable set protocols mpls interface all set protocols mpls traffic-engineering
-
Habilite sondas TWAMP em todos os roteadores. Essas sondas suportam a medição dinâmica do atraso do enlace entre cada par de roteadores.
user@PE1# set services rpm twamp server authentication-mode none set services rpm twamp server light
-
Configure o protocolo IS-IS para a operação ponto a ponto (as medições de atraso baseadas em TWAMP não são suportadas em links de vários pontos) e habilite o modo de proteção de nós para a operação de suplente sem loop independente de topologia (TILFA) em todas as interfaces. Você também habilita o modo passivo IS-IS na interface de loopback e desativa o nível 1 is-IS para usar apenas o nível 2 is-IS. Habilite a engenharia de tráfego com topologia unicast de camada 3 para baixar a topologia de IGP no TED. Configure o IS-IS para oferecer suporte a caminhos roteados por SPRING. A prefix-sid política de exportação é definida em uma etapa posterior. Essa política é usada para que o nó local anuncie seu endereço loopback com um mapeamento para um ou mais algoritmos flex.
user@PE1# set protocols isis level 1 disable set protocols isis interface ge-0/0/0.0 point-to-point set protocols isis interface ge-0/0/0.0 level 2 post-convergence-lfa node-protection set protocols isis interface ge-0/0/1.0 point-to-point set protocols isis interface ge-0/0/1.0 level 2 post-convergence-lfa node-protection set protocols isis interface lo0.0 passive set protocols isis backup-spf-options use-post-convergence-lfa maximum-backup-paths 8 set protocols isis backup-spf-options use-source-packet-routing set protocols isis traffic-engineering l3-unicast-topology set protocols isis traffic-engineering advertisement always set protocols isis export prefix-sid
-
Configure a medição de atraso dinâmica do link IS-IS usando sondas TWAMP em todas as interfaces IS-IS em todos os roteadores (exceto pelo enlace entre P2 e PE2, que usa um valor de atraso estático neste exemplo).
user@PE1# set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100
user@P1# set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/2.0 delay-measurement advertisement periodic threshold 100
user@P2# set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/2.0 delay-measurement advertisement periodic threshold 100
user@PE2# set protocols isis interface ge-0/0/0.0 delay-measurement advertisement periodic threshold 100 set protocols isis interface ge-0/0/1.0 delay-measurement advertisement periodic threshold 100
-
Configure a métrica de atraso estática no enlace entre P2 e PE2.
user@P2# set protocols isis interface ge-0/0/2.0 delay-metric 20000
user@PE2# set protocols isis interface ge-0/0/1.0 delay-metric 20000
-
Configure PE1 e PE2 para oferecer suporte a duas VPNs de Camada 3 (VPN1 e VPN2).
user@PE1# set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 64512:1 set routing-instances vpn1 vrf-target target:64512:1 set routing-instances vpn1 vrf-table-label set routing-instances vpn2 instance-type vrf set routing-instances vpn2 interface lo0.2 set routing-instances vpn2 route-distinguisher 64512:2 set routing-instances vpn2 vrf-target target:64512:2 set routing-instances vpn2 vrf-table-label
Nota:Observe que as instâncias de roteamento no PE2 estão configuradas com rotas estáticas IPv4 e IPv6. Essas rotas estão configuradas com a opção
receivede permitir que você teste a conectividade usando ping. O recurso de atraso IS-IS opera da mesma forma se a VPN de Camada 3 usar um protocolo de roteamento dinâmico entre o PE e um dispositivo CE conectado. Usamos rotas estáticas neste exemplo para manter a topologia simples para permitir o foco no recurso de otimização de atraso IS-IS.user@PE2# set routing-instances vpn1 instance-type vrf set routing-instances vpn1 routing-options rib vpn1.inet6.0 static route 2001:db8:172:16:1::/80 receive set routing-instances vpn1 routing-options static route 172.16.1.0/24 receive set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 64512:1 set routing-instances vpn1 vrf-target target:64512:1 set routing-instances vpn1 vrf-table-label set routing-instances vpn2 instance-type vrf set routing-instances vpn2 routing-options rib vpn2.inet6.0 static route 2001:db8:172:16:2::/80 receive set routing-instances vpn2 routing-options static route 172.16.2.0/24 receive set routing-instances vpn2 interface lo0.2 set routing-instances vpn2 route-distinguisher 64512:2 set routing-instances vpn2 vrf-target target:64512:2 set routing-instances vpn2 vrf-table-label
-
Configure uma política de mapa no PE1 para permitir a resolução de rotas de VPN para combinar prefixos com a tabela de cores BGP. Isso permite evocar algoritmos de encaminhamento de caminhos flex em uma base por prefixo. A map1 política de resolução está definida para o
ip-colormodo de resolução.Nota:Em um contexto VPN de Camada 3, uma política de mapeamento é necessária para selecionar quais prefixos podem ter seu próximo salto resolvido na tabela de cores. Simplesmente ter rotas com próximos saltos estendidos e comunidades de cores anexadas não resulta no uso da tabela de cores, a menos que uma política de mapeamento seja usada.
user@PE1# set policy-options policy-statement vpn1_res_map1 term 1 from route-filter 172.16.1.0/24 orlonger set policy-options policy-statement vpn1_res_map1 term 1 then accept set policy-options policy-statement vpn1_res_map1 term 1 then resolution-map map1 set policy-options policy-statement vpn2_res_map1 term 1 from route-filter 172.16.2.0/24 orlonger set policy-options policy-statement vpn2_res_map1 term 1 then accept set policy-options policy-statement vpn2_res_map1 term 1 then resolution-map map1 set policy-options policy-statement v6vpn1_res_map1 from route-filter 2001:db8:172:16:1::/80 orlonger set policy-options policy-statement v6vpn1_res_map1 then accept set policy-options policy-statement v6vpn1_res_map1 then resolution-map map1 set policy-options policy-statement v6vpn2_res_map1 from route-filter 2001:db8:172:16:2::/80 orlonger set policy-options policy-statement v6vpn2_res_map1 then accept set policy-options policy-statement v6vpn2_res_map1 then resolution-map map1 set policy-options resolution-map map1 mode ip-color
-
Configure as políticas de exportação de rota VPN no PE2 para anexar as comunidades de cores desejadas às rotas de VPN que anuncia para PE1 (pelo refletor de rota). O importante aqui é como as rotas da VPN1 têm a comunidade de cores para o caminho flex 128 (otimize o atraso), enquanto as rotas anunciadas da VPN2 têm a comunidade de cores 129 anexada (otimize a métrica IGP).
user@PE2# set policy-options policy-statement vpn_1_export term 1 from route-filter 172.16.1.0/24 orlonger set policy-options policy-statement vpn_1_export term 1 then community add color128 set policy-options policy-statement vpn_1_export term 1 then next-hop 192.168.255.3 set policy-options policy-statement vpn_1_export term 1 then accept set policy-options policy-statement vpn_2_export term 1 from route-filter 172.16.2.0/24 orlonger set policy-options policy-statement vpn_2_export term 1 then community add color129 set policy-options policy-statement vpn_2_export term 1 then next-hop 192.168.255.3 set policy-options policy-statement vpn_2_export term 1 then accept set policy-options policy-statement vpn_1_export_v6 term 1 from route-filter 2001:db8:172:16:1::/80 orlonger set policy-options policy-statement vpn_1_export_v6 term 1 then community add color128 set policy-options policy-statement vpn_1_export_v6 term 1 then next-hop 2001:db8:192:168:255::3 set policy-options policy-statement vpn_1_export_v6 term 1 then accept set policy-options policy-statement vpn_2_export_v6 term 1 from route-filter 2001:db8:172:16:2::/80 orlonger set policy-options policy-statement vpn_2_export_v6 term 1 then community add color129 set policy-options policy-statement vpn_2_export_v6 term 1 then next-hop 2001:db8:192:168:255::3 set policy-options policy-statement vpn_2_export_v6 term 1 then accept set policy-options community color128 members color:0:128 set policy-options community color129 members color:0:129
-
Configure o peering BGP entre os dispositivos PE e o refletor de rota. Configure as informações de acessibilidade da camada de rede (NLRI) unicast para oferecer suporte a saltos próximos de cores estendidos nos dispositivos PE. Habilitar essa opção permite que rotas com comunidades de cores tenham seu próximo salto resolvido através da tabela de cores. Sem a rota de configuração de próximo salto estendida, com comunidades de cores passando por uma resolução normal de próximo salto e não usará caminhos de algoritmo flex.
-
Você também permite o suporte para rotas unicast VPN de Camada 3 e IPv6 e IPv6. No PE1 você aplica as políticas de mapeamento de cores como importação, para que ele possa agir nas rotas recebidas do dispositivo pe remoto.
user@PE1# set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.10 set protocols bgp group to-RR neighbor 192.168.255.2 set protocols bgp group to-RR family inet unicast extended-nexthop-color set protocols bgp group to-RR family inet-vpn unicast set protocols bgp group to-RR family traffic-engineering unicast set protocols bgp group to-RR import vpn1_res_map1 set protocols bgp group to-RR import vpn2_res_map1 set protocols bgp group to-RRv6 type internal set protocols bgp group to-RRv6 local-address 2001:db8:192:168:255::10 set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::2 set protocols bgp group to-RRv6 family inet6 unicast extended-nexthop-color set protocols bgp group to-RRv6 family inet6-vpn unicast set protocols bgp group to-RRv6 import v6vpn1_res_map1 set protocols bgp group to-RRv6 import v6vpn2_res_map1
user@P2# set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.2 set protocols bgp group to-RR neighbor 192.168.255.10 set protocols bgp group to-RR neighbor 192.168.255.3 set protocols bgp cluster 192.168.255.2 set protocols bgp group to-RR family inet unicast set protocols bgp group to-RR family inet-vpn unicast
No PE 2, você aplica política de exportação para anexar a comunidade de cores desejada aos anúncios de rota VPN enviados ao PE1. A opção
vpn-apply-exporté necessária no PE2 para permitir que as políticas de exportação ajam em rotas de VPN anunciadas para PEs remotos.user@PE2# set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address 192.168.255.3 set protocols bgp group to-RR neighbor 192.168.255.2 set protocols bgp group to-RR family inet unicast extended-nexthop-color set protocols bgp group to-RR family inet-vpn unicast set protocols bgp group to-RR export vpn_1_export set protocols bgp group to-RR export vpn_2_export set protocols bgp group to-RR vpn-apply-export set protocols bgp group to-RRv6 type internal set protocols bgp group to-RRv6 local-address 2001:db8:192:168:255::3 set protocols bgp group to-RRv6 neighbor 2001:db8:192:168:255::2 set protocols bgp group to-RRv6 family inet6 unicast extended-nexthop-color set protocols bgp group to-RRv6 family inet6-vpn unicast set protocols bgp group to-RRv6 export vpn_1_export_v6 set protocols bgp group to-RRv6 export vpn_2_export_v6 set protocols bgp group to-RRv6 vpn-apply-export
-
Defina a política de balanceamento de carga por pacote em todos os roteadores.
user@PE1# set policy-options policy-statement pplb then load-balance per-packet
-
Configure o suporte para o roteamento por segmentos com dois algoritmos flex (128 e 129) em todos os roteadores.
user@PE1# set protocols isis source-packet-routing srgb start-label 80000 set protocols isis source-packet-routing srgb index-range 5000 set protocols isis source-packet-routing flex-algorithm 128 set protocols isis source-packet-routing flex-algorithm 129
-
Configure todos os roteadores para anunciar seu endereço de loopback com suporte para os algoritmos 128 e 129 flex. A opção
prefix-segment indexdefine o rótulo base para o endereço loopback de cada roteador. Neste exemplo, o índice base IPv4 e o índice base IPv6 estão definidos para refletir o número do roteador. Como resultado, r0 (PE1) usa 1000 para IPv4, enquanto R1 (P1) usa 1001.user@PE1# set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.10/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1280 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1290 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1000 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::10/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4280 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4290 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4000 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept
user@P1# set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.1/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1281 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1291 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1001 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::1/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4281 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4291 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4001 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept
user@P2# set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.2/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1282 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1292 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1002 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::2/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4282 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4292 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4002 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept
user@PE2# set policy-options policy-statement prefix-sid term 1 from route-filter 192.168.255.3/32 exact set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 index 1283 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 index 1293 set policy-options policy-statement prefix-sid term 1 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1003 set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 1 then accept set policy-options policy-statement prefix-sid term 2 from route-filter 2001:db8:192:168:255::3/128 exact set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 index 4283 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 128 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 index 4293 set policy-options policy-statement prefix-sid term 2 then prefix-segment algorithm 129 node-segment set policy-options policy-statement prefix-sid term 2 then prefix-segment index 4003 set policy-options policy-statement prefix-sid term 2 then prefix-segment node-segment set policy-options policy-statement prefix-sid term 2 then accept
-
Em todos os roteadores, defina os RED grupos de administração e BLUE MPLS e atribua a cor desejada a cada interface. Você também permite que o tunelamento ICMP permita o suporte de rota de rastreamento no contexto das VPNs de Camada 3 baseadas em MPLS.
user@PE1# set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface ge-0/0/0.0 admin-group RED set protocols mpls interface ge-0/0/1.0 admin-group BLUE
user@P1# set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface ge-0/0/0.0 admin-group RED set protocols mpls interface ge-0/0/1.0 admin-group BLUE set protocols mpls interface ge-0/0/2.0 admin-group BLUE
user@P2# set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface ge-0/0/0.0 admin-group BLUE set protocols mpls interface ge-0/0/1.0 admin-group BLUE set protocols mpls interface ge-0/0/2.0 admin-group BLUE
user@PE2# set protocols mpls admin-groups RED 0 set protocols mpls admin-groups BLUE 1 set protocols mpls icmp-tunneling set protocols mpls interface ge-0/0/0.0 admin-group BLUE set protocols mpls interface ge-0/0/1.0 admin-group BLUE
-
Configure as FADs no dispositivo PE (PE1) de entrada sob a
routing-optionshierarquia. Neste caso, você atribui o algoritmo flex 128 para otimizar o caminho com base nodelay-metric129 para otimizar aigp-metric. Neste exemplo, o algoritmo flex 128 deve seguir apenas caminhos de cores azuis, enquanto o algoritmo flex 129 pode tomar um caminho de cores azul ou vermelho. Neste exemplo, você define as FADs no PE1 apenas porque nos concentramos apenas no caminho de encaminhamento de PE1 para PE2.Para dar suporte ao encaminhamento do caminho flex bidirecional, você precisará definir as FADs desejadas no dispositivo PE2. Os roteadores P não exigem uma definição de FAD, pois a FAD só é usada pelo nó de entrada ao calcular um caminho para o nó de saída.
user@PE1# set routing-options flex-algorithm 128 definition metric-type delay-metric set routing-options flex-algorithm 128 definition spf set routing-options flex-algorithm 128 definition admin-group include-any BLUE set routing-options flex-algorithm 129 definition metric-type igp-metric set routing-options flex-algorithm 129 definition spf set routing-options flex-algorithm 129 definition admin-group include-any RED set routing-options flex-algorithm 129 definition admin-group include-any BLUE
-
Entre no
commitmodo de configuração.
Resultados
Confira os resultados da configuração:
user@PE1# show interfaces
ge-0/0/0 {
description To_R1;
unit 0 {
family inet {
address 10.0.1.10/24;
}
family iso;
family inet6 {
address 2001:db8:10:0:1::10/80;
}
family mpls {
maximum-labels 16;
}
}
}
ge-0/0/1 {
description To_R2;
unit 0 {
family inet {
address 10.0.2.10/24;
}
family iso;
family inet6 {
address 2001:db8:10:0:2::10/80;
}
family mpls {
maximum-labels 16;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.255.10/32;
address 127.0.0.1/32;
}
family iso {
address 49.0001.000a.0a0a.0a00;
}
family inet6 {
address 2001:db8:192:168:255::10/128;
}
}
unit 1 {
family inet {
address 172.16.10.1/32;
}
family inet6 {
address 2001:db8:172:16:10::1/128;
}
}
unit 2 {
family inet {
address 172.16.10.2/32;
}
family inet6 {
address 2001:db8:172:16:10::2/128;
}
}
}
user@PE1# show policy-options
policy-statement pplb {
then {
load-balance per-packet;
}
}
policy-statement prefix-sid {
term 1 {
from {
route-filter 192.168.255.10/32 exact;
}
then {
prefix-segment {
algorithm 128 index 1280 node-segment;
algorithm 129 index 1290 node-segment;
index 1000;
node-segment;
}
accept;
}
}
term 2 {
from {
route-filter 2001:db8:192:168:255::10/128 exact;
}
then {
prefix-segment {
algorithm 128 index 4280 node-segment;
algorithm 129 index 4290 node-segment;
index 4000;
node-segment;
}
accept;
}
}
}
policy-statement v6vpn1_res_map1 {
from {
route-filter 2001:db8:172:16:1::/80 orlonger;
}
then {
accept;
resolution-map map1;
}
}
policy-statement v6vpn2_res_map1 {
from {
route-filter 2001:db8:172:16:2::/80 orlonger;
}
then {
accept;
resolution-map map1;
}
}
policy-statement vpn1_res_map1 {
term 1 {
from {
route-filter 172.16.1.0/24 orlonger;
}
then {
accept;
resolution-map map1;
}
}
}
policy-statement vpn2_res_map1 {
term 1 {
from {
route-filter 172.16.2.0/24 orlonger;
}
then {
accept;
resolution-map map1;
}
}
}
resolution-map map1 {
mode ip-color;
}
user@PE1# show protocols
bgp {
group to-RRv6 {
type internal;
local-address 2001:db8:192:168:255::10;
import [ v6vpn1_res_map1 v6vpn2_res_map1 ];
family inet6 {
unicast {
extended-nexthop-color;
}
}
family inet6-vpn {
unicast;
}
neighbor 2001:db8:192:168:255::2;
}
group to-RR {
type internal;
local-address 192.168.255.10;
import [ vpn1_res_map1 vpn2_res_map1 ];
family inet {
unicast {
extended-nexthop-color;
}
}
family inet-vpn {
unicast;
}
family traffic-engineering {
unicast;
}
neighbor 192.168.255.2;
}
}
isis {
interface ge-0/0/0.0 {
level 2 {
post-convergence-lfa {
node-protection;
}
}
delay-measurement {
advertisement {
periodic {
threshold 100;
}
}
}
point-to-point;
}
interface ge-0/0/1.0 {
level 2 {
post-convergence-lfa {
node-protection;
}
}
delay-measurement {
advertisement {
periodic {
threshold 100;
}
}
}
point-to-point;
}
interface lo0.0 {
passive;
}
source-packet-routing {
srgb start-label 80000 index-range 5000;
flex-algorithm [ 128 129 ];
}
level 1 disable;
backup-spf-options {
use-post-convergence-lfa maximum-backup-paths 8;
use-source-packet-routing;
}
traffic-engineering {
l3-unicast-topology;
advertisement always;
}
export prefix-sid;
}
mpls {
traffic-engineering;
admin-groups {
RED 0;
BLUE 1;
}
icmp-tunneling;
interface all;
interface fxp0.0 {
disable;
}
interface ge-0/0/0.0 {
admin-group RED;
}
interface ge-0/0/1.0 {
admin-group BLUE;
}
}
user@PE1# show routing-options
flex-algorithm 128 {
definition {
metric-type delay-metric;
spf;
admin-group include-any BLUE;
}
}
flex-algorithm 129 {
definition {
metric-type igp-metric;
spf;
admin-group include-any [ RED BLUE ];
}
}
router-id 192.168.255.10;
autonomous-system 64512;
forwarding-table {
export pplb;
ecmp-fast-reroute;
chained-composite-next-hop {
ingress {
l3vpn;
}
}
}
user@PE1# show routing-instances
vpn1 {
instance-type vrf;
interface lo0.1;
route-distinguisher 64512:1;
vrf-target target:64512:1;
vrf-table-label;
}
vpn2 {
instance-type vrf;
interface lo0.2;
route-distinguisher 64512:2;
vrf-target target:64512:2;
vrf-table-label;
}
user@PE1# show services rpm
twamp {
server {
authentication-mode none;
light;
}
}
Verificação
- Verificar as Adjacências IS-IS
- Verifique o banco de dados IS-IS
- Verifique o peering do BGP
- Verifique a comunidade de cores em rotas de VPN
- Verificar a tabela de roteamento inetcolor.0
- Verificar a operação do TWAMP
- Verificar a resolução da rota
- Verificar caminhos de encaminhamento
Verificar as Adjacências IS-IS
Propósito
Verifique as adjacências IS-IS esperadas nos dispositivos de roteamento.
Ação
A partir do modo operacional, entre no show isis adjacency comando.
user@PE1> show isis adjacency
Interface System L State Hold (secs) SNPA ge-0/0/0.0 P1 2 Up 26 ge-0/0/1.0 P2 2 Up 25
Significado
A saída de th indica que o PE1 formou com sucesso as adjacências IS-IS em suas ge-0/0/0.0 interfaces e ge-0/0/1.0 interfaces, que se conectam aos seus roteadores P1 e P2, respectivamente.
Verifique o banco de dados IS-IS
Propósito
Verifique se os parâmetros de atraso do link estão presentes no banco de dados IS-IS.
Ação
Use o show isis database extensive | match delay comando operacional.
user@PE1> show isis database extensive | match delay
Unidirectional link delay: 1041
Min unidirectional link delay: 841
Max unidirectional link delay: 1885
Unidirectional delay variation: 71
Unidirectional link delay: 2469
Min unidirectional link delay: 766
Max unidirectional link delay: 15458
Unidirectional delay variation: 129
Unidirectional link delay: 20000
Min unidirectional link delay: 20000
Max unidirectional link delay: 20000
Unidirectional delay variation: 20000
Unidirectional link delay: 1272
Min unidirectional link delay: 628
Max unidirectional link delay: 3591
Unidirectional delay variation: 1559
Unidirectional link delay: 8470
Min unidirectional link delay: 855
Max unidirectional link delay: 52934
Unidirectional delay variation: 7900
Unidirectional link delay: 5736
Min unidirectional link delay: 3650
Max unidirectional link delay: 7946
Unidirectional delay variation: 4416
Unidirectional link delay: 2312
Min unidirectional link delay: 740
Max unidirectional link delay: 14227
Unidirectional delay variation: 3144
Unidirectional link delay: 1233
Min unidirectional link delay: 711
Max unidirectional link delay: 2833
Unidirectional delay variation: 366
Unidirectional link delay: 928
Min unidirectional link delay: 844
Max unidirectional link delay: 1042
Unidirectional delay variation: 143
Unidirectional link delay: 7570
Min unidirectional link delay: 761
Max unidirectional link delay: 61926
Unidirectional delay variation: 27290
Significado
A saída exibe o atraso dinâmico associado às várias interfaces da topologia. A parte destacada da saída especifica o atraso estático de 20000 microssegundos que está configurado no link P2 para PE2. O valor de atraso configurado estaticamente é significativamente maior do que qualquer uma das medições dinâmicas de atraso. Esse grande atraso está configurado para facilitar a previsão do atraso otimizado para o caminho azul pela rede.
Verifique o peering do BGP
Propósito
Verifique se ambos os PEs estabeleceram com sucesso as sessões de peering IPv4 e IPv6 para o refletor de rota.
Ação
Use o show bgp summary comando operacional. Neste caso, executamos o comando em P2, o refletor de rota, pois ele fornece um local conveniente para confirmar ambas as sessões de peering de ambos os PEs usando um único comando.
user@P2 show bgp summary
Threading mode: BGP I/O
Default eBGP mode: advertise - accept, receive - accept
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet6.0
0 0 0 0 0 0
bgp.l3vpn-inet6.0
6 6 0 0 0 0
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
6 6 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.255.3 64512 2511 2489 0 0 18:49:42 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 4/4/4/0
192.168.255.10 64512 2511 2491 0 0 18:49:46 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 2/2/2/0
2001:db8:192:168:255::3 64512 2512 2490 0 0 18:49:46 Establ
inet6.0: 0/0/0/0
bgp.l3vpn-inet6.0: 4/4/4/0
2001:db8:192:168:255::10 64512 2510 2490 0 0 18:49:42 Establ
inet6.0: 0/0/0/0
bgp.l3vpn-inet6.0: 2/2/2/0
Significado
A saída confirma que todas as sessões de peering BGP estão estabelecidas corretamente. O display também confirma que as rotas de VPN de Camada 3 estão sendo anunciadas/aprendidas nessas sessões de peering.
Verifique a comunidade de cores em rotas de VPN
Propósito
Verifique se as rotas de VPN anunciadas pelo PE2 estão corretamente marcadas com uma comunidade de cores.
Ação
Use o show route detail <prefix> table <table-name> comando operacional no PE1 para exibir detalhes sobre uma rota VPN de Camada 3 aprendida com PE2.
user@PE1 show route detail 172.16.1.0 table vpn1
vpn1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
172.16.1.0/24 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 64512:1
Next hop type: Indirect, Next hop index: 0
Address: 0xc5b9d5c
Next-hop reference count: 3
Source: 192.168.255.2
Next hop type: Router, Next hop index: 0
Next hop: 10.0.2.2 via ge-0/0/1.0 weight 0x1, selected
Label operation: Push 81282
Label TTL action: prop-ttl
Load balance label: Label 81282: None;
Label element ptr: 0xcbf1440
Label parent element ptr: 0x0
Label element references: 2
Label element child references: 0
Label element lsp id: 0
Session Id: 0x0
Protocol next hop: 192.168.255.3-128<c>
Label operation: Push 16
Label TTL action: prop-ttl
Load balance label: Label 16: None;
Composite next hop: 0xbd50440 665 INH Session ID: 0x0
Indirect next hop: 0xc74e684 1048588 INH Session ID: 0x0
State: <Secondary Active Int Ext ProtectionCand>
Local AS: 64512 Peer AS: 64512
Age: 19:10:35 Metric2: 2204
Validation State: unverified
ORR Generation-ID: 0
Task: BGP_64512.192.168.255.2
Announcement bits (1): 0-KRT
AS path: I (Originator)
Cluster list: 192.168.255.2
Originator ID: 192.168.255.3
Communities: target:64512:1 color:0:128
Import Accepted
VPN Label: 16
Localpref: 100
Router ID: 192.168.255.2
Primary Routing Table: bgp.l3vpn.0
Thread: junos-main
Significado
A saída confirma que um prefixo VPN na instância de roteamento VPN1 tem uma comunidade color:0:128 de cores anexada. Além disso, você pode confirmar que o próximo salto de protocolo para esta rota é o endereço loopback do roteador PE2 com um próximo salto estendido que indexa uma entrada correspondente na tabela de cores.
Embora não mostre, você pode repetir este comando para um prefixo na tabela VPN2. Você espera descobrir que essas rotas têm o color:0:129 anexo.
Verificar a tabela de roteamento inetcolor.0
Propósito
Verifique se a inetcolor.0 tabela de roteamento está corretamente povoada com todos os IDs de roteador (endereços loopback) mostrando suporte para os algoritmos 128 e 129 flex.
As rotas IPv6 são suportadas pela inet6color.0 tabela. Você pode verificar esta tabela usando a mesma abordagem mostrada nesta seção para a tabela de cores IPv4.
Ação
Use o show route table inetcolor.0 comando operacional.
user@PE1> show route table inetcolor.0
inetcolor.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.255.1-128<c>/64
*[L-ISIS/14] 6d 14:40:37, metric 1527
> to 10.0.2.2 via ge-0/0/1.0, Push 81281
192.168.255.1-129<c>/64
*[L-ISIS/14] 6d 14:40:35, metric 10
> to 10.0.1.1 via ge-0/0/0.0
to 10.0.2.2 via ge-0/0/1.0, Push 81291
192.168.255.2-128<c>/64
*[L-ISIS/14] 6d 14:40:40, metric 761
> to 10.0.2.2 via ge-0/0/1.0
192.168.255.2-129<c>/64
*[L-ISIS/14] 6d 14:40:35, metric 10
> to 10.0.2.2 via ge-0/0/1.0
to 10.0.1.1 via ge-0/0/0.0, Push 81292
192.168.255.3-128<c>/64
*[L-ISIS/14] 6d 14:40:37, metric 2382
> to 10.0.2.2 via ge-0/0/1.0, Push 81283
192.168.255.3-129<c>/64
*[L-ISIS/14] 6d 14:40:35, metric 20
> to 10.0.1.1 via ge-0/0/0.0, Push 81293
to 10.0.2.2 via ge-0/0/1.0, Push 81293
Significado
A saída exibe as rotas na tabela de inetcolor.0 rotas. A porção destacada indica que as duas rotas são originárias do PE2. A 192.168.255.3-128<c> rota tem apenas um caminho possível e leva a ge-0/0/1.0 interface para P2 como um próximo salto. Lembre-se que o algoritmo 128 flex deve usar links azuis, e da perspectiva do PE1, o que deixa apenas a interface de cor ge-0/0/1 azul como um caminho viável.
Por outro lado, a rota para 192.168.255.3-129<c> é capaz de carregar o ge-0/0/0.0 equilíbrio tanto nas interfaces para P1 quanto ge-0/0/1.0 para P2. Lembre-se que esse caminho para o algoritmo flex pode tomar qualquer caminho que seja azul ou vermelho, podendo assim usar qualquer uma de suas interfaces ao encaminhar para o seu destino associado.
Verificar a operação do TWAMP
Propósito
Verifique se as sondas TWAMP estão operando entre roteadores com atraso dinâmico no enlace configurado.
Ação
Use o comando do show services rpm twamp client modo operacional.
user@PE1> show services rpm twamp client
Connection Session Sender Sender Reflector Reflector Name Name address port address port __r__8 __r__9 10.0.1.10 56570 10.0.1.1 862 __r__10 __r__11 10.0.2.10 64074 10.0.2.2 862
Significado
A parte destacada da saída indica que o PE1 tem dois vizinhos TWAMP: P2 (10,0,1,2) e P1 (10,0,1,1).
Se desejado, use o comando do show services rpm twamp client probe-results modo operacional para ver os valores atuais e históricos de medição de atraso.
user@PE1> show services rpm twamp client probe-results
root@PE1# run show services rpm twamp client probe-results
Owner: __r__12, Test: __r__13
TWAMP-Server-Status: Light, Number-Of-Retries-With-TWAMP-Server: 0
Reflector address: 10.0.2.2, Reflector port: 862, Sender address: 10.0.2.10, sender-port: 57270
Test size: 10 probes
Probe results:
Response received
Probe sent time: Thu May 6 14:43:26 2021
Probe rcvd/timeout time: Thu May 6 14:43:26 2021
Rtt: 1931 usec, Egress jitter: 259 usec, Ingress jitter: 96 usec, Round trip jitter: 353 usec
Egress interarrival jitter: 5489 usec, Ingress interarrival jitter: 855 usec, Round trip interarrival jitter: 6076 usec
Results over current test:
Probes sent: 8, Probes received: 8, Loss percentage: 0.000000
Measurement: Round trip time
Samples: 8, Minimum: 1576 usec, Maximum: 13289 usec, Average: 6100 usec, Peak to peak: 11713 usec, Stddev: 4328 usec,
Sum: 48797 usec
Measurement: Ingress delay
Samples: 2, Minimum: 8466 usec, Maximum: 8488 usec, Average: 8477 usec, Peak to peak: 22 usec, Stddev: 11 usec,
Sum: 16954 usec
Measurement: Egress delay
Samples: 2, Minimum: 118 usec, Maximum: 4801 usec, Average: 2460 usec, Peak to peak: 4683 usec, Stddev: 2342 usec,
Sum: 4919 usec
Measurement: Positive egress jitter
Samples: 4, Minimum: 259 usec, Maximum: 11250 usec, Average: 4465 usec, Peak to peak: 10991 usec, Stddev: 4225 usec,
Sum: 17859 usec
Measurement: Negative egress jitter
Samples: 4, Minimum: 201 usec, Maximum: 6564 usec, Average: 4467 usec, Peak to peak: 6363 usec, Stddev: 2566 usec,
Sum: 17869 usec
Measurement: Positive ingress jitter
Samples: 5, Minimum: 96 usec, Maximum: 4954 usec, Average: 1431 usec, Peak to peak: 4858 usec, Stddev: 1843 usec,
Sum: 7155 usec
Measurement: Negative ingress jitter
Samples: 3, Minimum: 202 usec, Maximum: 4990 usec, Average: 2340 usec, Peak to peak: 4788 usec, Stddev: 1988 usec,
Sum: 7021 usec
Measurement: Positive round trip jitter
Samples: 4, Minimum: 353 usec, Maximum: 11585 usec, Average: 5827 usec, Peak to peak: 11232 usec, Stddev: 4797 usec,
Sum: 23309 usec
Measurement: Negative round trip jitter
Samples: 4, Minimum: 2056 usec, Maximum: 9734 usec, Average: 5831 usec, Peak to peak: 7678 usec, Stddev: 2776 usec,
Sum: 23325 usec
Results over last test:
. . .
Verificar a resolução da rota
Propósito
Verifique as rotas para que a VPN1 e a VPN2 se resolvam nos caminhos de algoritmo flex esperados.
Ação
Use o comando do show route modo operacional.
user@PE1> show route 172.16.1.0
inet.0: 18 destinations, 18 routes (17 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
. . .
vpn1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.1.0/24 *[BGP/170] 6d 16:32:32, localpref 100, from 192.168.255.2
AS path: I, validation-state: unverified
> to 10.0.2.2 via ge-0/0/1.0, Push 16, Push 81287(top)
user@PE1> show route 172.16.2.0
inet.0: 18 destinations, 18 routes (17 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both. . .
vpn2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.2.0/24 *[BGP/170] 6d 16:36:02, localpref 100, from 192.168.255.2
AS path: I, validation-state: unverified
to 10.0.1.1 via ge-0/0/0.0, Push 17, Push 81297(top)
> to 10.0.2.2 via ge-0/0/1.0, Push 17, Push 81297(top)
Significado
A saída destacada indica que no dispositivo PE1, a rota 172.16.1.0 para VPN1 usa a FAD 128 tomando apenas o caminho de cor azul, o que faz do P1 (10.0.2.2) seu próximo salto enquanto a rota para VPN2, O 172.16.2.0 usa o FAD 129, o que significa que ele pode tomar o caminho de cor vermelha através da interface ge-0/0/0,0 para P1>PE2 ou através da interface ge-0/0/1.0 para P2> PE2. Isso também vale para as rotas IPv6, como mostrado aqui para VPN1:
user@PE1> show route 2001:db8:172:16:1::/80
vpn1.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2001:db8:172:16:1::/80
*[BGP/170] 01:26:27, localpref 100, from 2001:db8:192:168:255::2
AS path: I, validation-state: unverified
> to fe80::5668:a5ff:fed1:21d9 via ge-0/0/1.0, Push 16, Push 84287(top)
A rota IPv6 da VPN1 resolve para o mesmo caminho de encaminhamento que sua contraparte IPv4, o que faz sentido, pois ambos estão usando o algoritmo flex 128 para forçar o uso de links azuis com otimização de atraso. Lembre-se que você configurou o PE2, a fonte dessas rotas, para usar uma base de rótulos de 1287 para rotas IPv4 e 4287 para rotas IPv6, e que a source-packet-routing srgb start-label 8000. Como resultado, a rota IPv4 da VPN1 tem um rótulo de 81287, enquanto a rota IPv6 da VPN1 usa 84287.
Verificar caminhos de encaminhamento
Propósito
Verifique se as rotas para VPN1 e VPN2 são encaminhadas pelos caminhos de algoritmo flex esperados.
Ação
Use os comandos de ping modo operacional e trace route operacional para verificar a acessibilidade e confirmar o caminho de encaminhamento IPv4 usado pelo PE1 ao enviar tráfego para destinos VPN como PE2.
O uso de rotas estáticas com um próximo salto recebido no PE2 permite que você faça ping nas rotas remotas. Você pode esperar o último salto da rota de rastreamento para o tempo limite, no entanto, já que o processamento de rota de rastreamento não é suportado ao atingir uma rota de recebimento estático IPv4.
user@PE1> ping 172.16.1.0 routing-instance vpn1 count 2
PING 172.16.1.0 (172.16.1.0): 56 data bytes 64 bytes from 172.16.1.0: icmp_seq=0 ttl=63 time=6.617 ms 64 bytes from 172.16.1.0: icmp_seq=1 ttl=63 time=33.849 ms --- 172.16.1.0 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 6.617/20.233/33.849/13.616 ms
user@PE1> traceroute 172.16.1.0 routing-instance vpn1 no-resolve
traceroute to 172.16.1.0 (172.16.1.0), 30 hops max, 52 byte packets
1 10.0.2.2 (10.0.2.2) 4.729 ms 4.698 ms 4.559 ms
MPLS Label=81282 CoS=0 TTL=1 S=0
MPLS Label=16 CoS=0 TTL=1 S=1
2 10.0.12.1 (10.0.12.1) 8.524 ms 7.780 ms 4.338 ms
MPLS Label=81282 CoS=0 TTL=1 S=0
MPLS Label=16 CoS=0 TTL=2 S=1
3 * * *
*^C
user@PE1>
user@PE1> ping 172.16.2.0 routing-instance vpn1 count 2
PING 172.16.2.0 (172.16.2.0): 56 data bytes 64 bytes from 172.16.2.0: icmp_seq=0 ttl=63 time=31.723 ms 64 bytes from 172.16.2.0: icmp_seq=1 ttl=63 time=3.873 ms --- 172.16.2.0 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.873/17.798/31.723/13.925 ms
user@PE1> traceroute 172.16.2.0 routing-instance vpn2 no-resolve
traceroute to 172.16.2.0 (172.16.2.0), 30 hops max, 52 byte packets
1 10.0.1.1 7.102 ms 8.746 ms 7.820 ms
MPLS Label=81292 CoS=0 TTL=1 S=0
MPLS Label=17 CoS=0 TTL=1 S=1
2 * * *
*^C
user@PE1>
Significado
A saída indica que os caminhos de encaminhamento esperados são usados. Por exemplo, a rota de rastreamento para a rota 172.16.1.0/24 em VPN1 mostra que caminhos azuis são usados, e que o elo de alto atraso entre P2 e PE2 é evitado. Isso confirma que o algoritmo flex prefere um caminho com um salto extra se resultar em uma redução da latência de caminho de ponta a ponta. Neste caso, o enlace de 10.0.12.0 entre P2 e P1 é usado, enquanto o enlace direto entre P2 e PE2 é evitado.
Em contraste, o caminho trilhado para a rota 172.16.2.0/24, associada a VPN2 e algoritmo flex 129, é capaz de tomar qualquer um dos caminhos diretos entre PE1 e PE2. Neste caso, o caminho de encaminhamento é de PE1 para P1 e depois para o destino (PE2), onde, como observado nos últimos tempos de salto. Esse tempo limite no último salto não ocorre para rotas que apontam para um dispositivo CE (em oposição às rotas de recebimento estáticas usadas neste exemplo).
Embora não mostrem aqui pela brevidade, você espera os mesmos caminhos de encaminhamento para rotas de rastreamento para as rotas VPN IPv6 com base em se eles são mapeados para o algoritmo flex 128 ou 129, o que neste exemplo significa associado com VPN1 versus VPN2, respectivamente.