NESTA PÁGINA
Exemplo: configurar redundância pseudowire em um cenário de backhaul móvel
Este exemplo mostra como configurar a redundância pseudowire onde segmentos de Camada 2 e Camada 3 estão interconectados em um cenário de backhaul móvel.
Requisitos
Este exemplo pode ser configurado usando os seguintes componentes de hardware e software:
Junos OS Versão 13.2 ou posterior
Linha de roteadores ACX5000 como roteadores de acesso (A)
Plataformas de roteamento universal 5G da Série MX ou roteadores de borda multisserviço da Série M para roteadores de borda de provedor (PE)
Roteadores de transporte de pacotes da Série PTX atuando como roteadores comutados por rótulos de trânsito
Roteadores núcleo da Série T para os roteadores de núcleo
Os roteadores PE também podem ser roteadores de núcleo da Série T, mas isso não é típico. Dependendo de seus requisitos de escalabilidade, os roteadores de núcleo também podem ser plataformas de roteamento universal 5G da Série MX ou roteadores de borda multisserviços da Série M. Os dispositivos Customer Edge (CE) podem ser outros roteadores ou switches da Juniper Networks ou de outro fornecedor.
Nenhuma configuração especial além da inicialização do dispositivo é necessária antes de configurar este exemplo.
Visão geral
O dispositivo CE1 é um roteador de borda simples com uma interface IPv4 e uma rota estática apontando para os dispositivos PE. O dispositivo A1 estabelece dois circuitos virtuais (VCs) em direção ao Dispositivo PE1 e ao Dispositivo PE2, fazendo uso da hot-standby declaração. O DISPOSITIVO PE1 e o Dispositivo PE2 terminam esses VCs e aplicam uma condição de política pela sub-rede IPv4 do túnel lógico. O Dispositivo PE3 funciona como um dispositivo de borda de provedor de VPN de Camada 3 por ter uma interface IPv4 em uma VPN de Camada 3 compartilhada com o Dispositivo PE1 e o Dispositivo PE2.
A configuração rápida da CLI mostra a configuração para todos os dispositivos da Figura 1.
O procedimento passo a passo da seção descreve as etapas do Dispositivo A1 e do Dispositivo PE1.
de exemplo de backhaul móvel
Configuração
Procedimento
Configuração rápida da CLI
Para configurar rapidamente este exemplo, copie os seguintes comandos, cole-os em um arquivo de texto, remova quaisquer quebras de linha, altere os detalhes necessários para combinar com a configuração de sua rede e, em seguida, copie e cole os comandos na CLI no nível de [edit] hierarquia.
Dispositivo CE1
set interfaces ge-1/3/3 vlan-tagging set interfaces ge-1/3/3 unit 600 vlan-id 600 set interfaces ge-1/3/3 unit 600 family inet address 10.41.0.104/24 set interfaces lo0 unit 0 family inet address 192.168.0.104/32 primary set protocols ospf area 0.0.0.0 interface ge-1/3/3.600 set protocols ospf area 0.0.0.0 interface lo0.0 set routing-options static route 192.168.0.0/8 next-hop 10.41.0.1 set routing-options static route 10.53.0.0/16 next-hop 10.41.0.1 set routing-options router-id 192.168.0.104
Dispositivo A1
set interfaces ge-1/3/0 unit 0 family inet address 10.20.0.100/24 set interfaces ge-1/3/0 unit 0 family iso set interfaces ge-1/3/0 unit 0 family mpls set interfaces ge-1/3/1 unit 0 family inet address 10.10.0.100/24 set interfaces ge-1/3/1 unit 0 family iso set interfaces ge-1/3/1 unit 0 family mpls set interfaces ge-1/3/2 vlan-tagging set interfaces ge-1/3/2 encapsulation vlan-ccc set interfaces ge-1/3/2 unit 600 encapsulation vlan-ccc set interfaces ge-1/3/2 unit 600 vlan-id 600 set interfaces ge-1/3/2 unit 600 family ccc set interfaces lo0 unit 0 family inet address 192.168.0.100/32 primary set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0100.00 set routing-options router-id 192.168.0.100 set routing-options autonomous-system 64510 set routing-options forwarding-table export pplb set protocols rsvp interface ge-1/3/0.0 set protocols rsvp interface ge-1/3/1.0 set protocols rsvp interface lo0.0 set protocols mpls interface ge-1/3/0.0 set protocols mpls interface ge-1/3/1.0 set protocols isis interface ge-1/3/0.0 set protocols isis interface ge-1/3/1.0 set protocols isis interface lo0.0 set protocols ldp interface ge-1/3/0.0 set protocols ldp interface ge-1/3/1.0 set protocols ldp interface lo0.0 set protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600 virtual-circuit-id 1 set protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600 pseudowire-status-tlv set protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600 revert-time 10 maximum 60 set protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600 backup-neighbor 192.168.0.102 virtual-circuit-id 2 set protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600 backup-neighbor 192.168.0.102 hot-standby set policy-options policy-statement pplb then load-balance per-packet
Dispositivo PE1
set interfaces ge-0/1/1 unit 0 family inet address 10.21.0.101/24 set interfaces ge-0/1/1 unit 0 family iso set interfaces ge-0/1/1 unit 0 family mpls set interfaces ge-0/1/2 unit 0 family inet address 10.31.0.101/24 set interfaces ge-0/1/2 unit 0 family iso set interfaces ge-0/1/2 unit 0 family mpls set interfaces ge-0/1/3 unit 0 family inet address 10.10.0.101/24 set interfaces ge-0/1/3 unit 0 family iso set interfaces ge-0/1/3 unit 0 family mpls set interfaces lt-1/2/0 unit 600 encapsulation vlan-ccc set interfaces lt-1/2/0 unit 600 vlan-id 600 set interfaces lt-1/2/0 unit 600 peer-unit 601 set interfaces lt-1/2/0 unit 601 encapsulation vlan set interfaces lt-1/2/0 unit 601 vlan-id 600 set interfaces lt-1/2/0 unit 601 peer-unit 600 set interfaces lt-1/2/0 unit 601 family inet filter input icmp_inet set interfaces lt-1/2/0 unit 601 family inet filter output icmp_inet set interfaces lt-1/2/0 unit 601 family inet address 10.41.0.101/24 vrrp-group 0 virtual-address 10.41.0.1 set interfaces lt-1/2/0 unit 601 family inet address 10.41.0.101/24 vrrp-group 0 accept-data set interfaces lo0 unit 0 family inet address 192.168.0.101/32 primary set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0003.00 set interfaces lo0 unit 1 family inet address 192.168.1.101/32 set routing-options router-id 192.168.0.101 set routing-options autonomous-system 64511 set protocols rsvp interface ge-0/1/1.0 set protocols rsvp interface ge-0/1/2.0 set protocols rsvp interface ge-0/1/3.0 set protocols rsvp interface lo0.0 set protocols mpls label-switched-path to_PE3 to 192.168.0.103 set protocols mpls label-switched-path to_PE2 to 192.168.0.102 set protocols mpls interface ge-0/1/1.0 set protocols mpls interface ge-0/1/2.0 set protocols mpls interface ge-0/1/3.0 set protocols bgp local-address 192.168.0.101 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp peer-as 64511 set protocols bgp group ibgp neighbor 192.168.0.102 set protocols bgp group ibgp neighbor 192.168.0.103 set protocols isis interface ge-0/1/1.0 set protocols isis interface ge-0/1/2.0 set protocols isis interface ge-0/1/3.0 set protocols isis interface lo0.0 set protocols ldp interface ge-0/1/1.0 set protocols ldp interface ge-0/1/2.0 set protocols ldp interface ge-0/1/3.0 set protocols ldp interface lo0.0 set protocols l2circuit neighbor 192.168.0.100 interface lt-1/2/0.600 virtual-circuit-id 1 set protocols l2circuit neighbor 192.168.0.100 interface lt-1/2/0.600 pseudowire-status-tlv hot-standby-vc-on set policy-options policy-statement l3vpn_export term primary from condition primary set policy-options policy-statement l3vpn_export term primary then local-preference add 300 set policy-options policy-statement l3vpn_export term primary then community set l3vpn set policy-options policy-statement l3vpn_export term primary then accept set policy-options policy-statement l3vpn_export term standby from condition standby set policy-options policy-statement l3vpn_export term standby then local-preference add 30 set policy-options policy-statement l3vpn_export term standby then community set l3vpn set policy-options policy-statement l3vpn_export term standby then accept set policy-options policy-statement l3vpn_export term default then community set l3vpn set policy-options policy-statement l3vpn_export term default then accept set policy-options policy-statement l3vpn_import term 1 from community l3vpn set policy-options policy-statement l3vpn_import term 1 then accept set policy-options policy-statement l3vpn_import term default then reject set policy-options policy-statement ospf_export term 0 from community l3vpn set policy-options policy-statement ospf_export term 0 then accept set policy-options community l3vpn members target:64511:600 set policy-options condition primary if-route-exists address-family ccc lt-1/2/0.600 set policy-options condition primary if-route-exists address-family ccc table mpls.0 set policy-options condition primary if-route-exists address-family ccc peer-unit 601 set policy-options condition standby if-route-exists address-family ccc lt-1/2/0.600 set policy-options condition standby if-route-exists address-family ccc table mpls.0 set policy-options condition standby if-route-exists address-family ccc standby set policy-options condition standby if-route-exists address-family ccc peer-unit 601 set firewall family inet filter icmp_inet interface-specific set firewall family inet filter icmp_inet term 0 from source-address 10.41.0.101/32 except set firewall family inet filter icmp_inet term 0 from source-address 10.0.0.0/8 set firewall family inet filter icmp_inet term 0 from protocol icmp set firewall family inet filter icmp_inet term 0 then count icmp_inet set firewall family inet filter icmp_inet term 0 then log set firewall family inet filter icmp_inet term 0 then accept set firewall family inet filter icmp_inet term 1 then accept set routing-instances l3vpn instance-type vrf set routing-instances l3vpn interface lt-1/2/0.601 set routing-instances l3vpn interface lo0.1 set routing-instances l3vpn route-distinguisher 192.168.1.101:64511 set routing-instances l3vpn vrf-import l3vpn_import set routing-instances l3vpn vrf-export l3vpn_export set routing-instances l3vpn vrf-table-label set routing-instances l3vpn protocols ospf export ospf_export set routing-instances l3vpn protocols ospf area 0.0.0.0 lt-1/2/0.601 set routing-instances l3vpn protocols ospf area 0.0.0.0 lo0.1
Pe2 do dispositivo
set interfaces ge-0/3/0 unit 0 family inet address 10.20.0.102/24 set interfaces ge-0/3/0 unit 0 family iso set interfaces ge-0/3/0 unit 0 family mpls set interfaces ge-0/3/1 unit 0 family inet address 10.21.0.102/24 set interfaces ge-0/3/1 unit 0 family iso set interfaces ge-0/3/1 unit 0 family mpls set interfaces ge-0/3/3 unit 0 family inet address 10.32.0.102/24 set interfaces ge-0/3/3 unit 0 family iso set interfaces ge-0/3/3 unit 0 family mpls set interfaces lt-1/2/0 unit 600 encapsulation vlan-ccc set interfaces lt-1/2/0 unit 600 vlan-id 600 set interfaces lt-1/2/0 unit 600 peer-unit 601 set interfaces lt-1/2/0 unit 601 encapsulation vlan set interfaces lt-1/2/0 unit 601 vlan-id 600 set interfaces lt-1/2/0 unit 601 peer-unit 600 set interfaces lt-1/2/0 unit 601 family inet filter input icmp_inet set interfaces lt-1/2/0 unit 601 family inet filter output icmp_inet set interfaces lt-1/2/0 unit 601 family inet address 10.41.0.102/24 vrrp-group 0 virtual-address 10.41.0.1 set interfaces lt-1/2/0 unit 601 family inet address 10.41.0.102/24 vrrp-group 0 accept-data set interfaces lo0 unit 0 family inet address 192.168.0.102/32 primary set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0102.00 set interfaces lo0 unit 1 family inet address 192.168.1.102/32 set routing-options router-id 192.168.0.102 set routing-options autonomous-system 64511 set protocols rsvp interface ge-0/3/0.0 set protocols rsvp interface ge-0/3/1.0 set protocols rsvp interface ge-0/3/3.0 set protocols rsvp interface lo0.0 set protocols mpls label-switched-path to_PE1 to 192.168.0.101 set protocols mpls label-switched-path to_PE3 to 192.168.0.103 set protocols mpls interface ge-0/3/0.0 set protocols mpls interface ge-0/3/1.0 set protocols mpls interface ge-0/3/3.0 set protocols bgp local-address 192.168.0.102 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp peer-as 64511 set protocols bgp group ibgp neighbor 192.168.0.101 set protocols bgp group ibgp neighbor 192.168.0.103 set protocols isis interface ge-0/3/0.0 set protocols isis interface ge-0/3/1.0 set protocols isis interface ge-0/3/3.0 set protocols isis interface lo0.0 set protocols ldp interface ge-0/3/0.0 set protocols ldp interface ge-0/3/1.0 set protocols ldp interface ge-0/3/3.0 set protocols ldp interface lo0.0 set protocols l2circuit neighbor 192.168.0.100 interface lt-1/2/0.600 virtual-circuit-id 2 set protocols l2circuit neighbor 192.168.0.100 interface lt-1/2/0.600 pseudowire-status-tlv hot-standby-vc-on set policy-options policy-statement l3vpn_export term primary from condition primary set policy-options policy-statement l3vpn_export term primary then local-preference add 300 set policy-options policy-statement l3vpn_export term primary then community set l3vpn set policy-options policy-statement l3vpn_export term primary then accept set policy-options policy-statement l3vpn_export term standby from condition standby set policy-options policy-statement l3vpn_export term standby then local-preference add 30 set policy-options policy-statement l3vpn_export term standby then community set l3vpn set policy-options policy-statement l3vpn_export term standby then accept set policy-options policy-statement l3vpn_export term default then community set l3vpn set policy-options policy-statement l3vpn_export term default then accept set policy-options policy-statement l3vpn_import term 1 from community l3vpn set policy-options policy-statement l3vpn_import term 1 then accept set policy-options policy-statement l3vpn_import term default then reject set policy-options policy-statement ospf_export term 0 from community l3vpn set policy-options policy-statement ospf_export term 0 then accept set policy-options community l3vpn members target:64511:600 set policy-options condition primary if-route-exists address-family ccc lt-1/2/0.600 set policy-options condition primary if-route-exists address-family ccc table mpls.0 set policy-options condition primary if-route-exists address-family ccc peer-unit 601 set policy-options condition standby if-route-exists address-family ccc lt-1/2/0.600 set policy-options condition standby if-route-exists address-family ccc table mpls.0 set policy-options condition standby if-route-exists address-family ccc standby set policy-options condition standby if-route-exists address-family ccc peer-unit 601 set firewall family inet filter icmp_inet interface-specific set firewall family inet filter icmp_inet term 0 from source-address 10.41.0.102/32 except set firewall family inet filter icmp_inet term 0 from source-address 10.0.0.0/8 set firewall family inet filter icmp_inet term 0 from protocol icmp set firewall family inet filter icmp_inet term 0 then count icmp_inet set firewall family inet filter icmp_inet term 0 then log set firewall family inet filter icmp_inet term 0 then accept set firewall family inet filter icmp_inet term 1 then accept set routing-instances l3vpn instance-type vrf set routing-instances l3vpn interface lt-1/2/0.601 set routing-instances l3vpn interface lo0.1 set routing-instances l3vpn route-distinguisher 192.168.1.102:64511 set routing-instances l3vpn vrf-import l3vpn_import set routing-instances l3vpn vrf-export l3vpn_export set routing-instances l3vpn vrf-table-label set routing-instances l3vpn protocols ospf export ospf_export set routing-instances l3vpn protocols ospf area 0.0.0.0 interface lt-1/2/0.601 set routing-instances l3vpn protocols ospf area 0.0.0.0 interface lo0.1
Dispositivo PE3
set interfaces ge-2/0/3 unit 0 family inet address 10.32.0.103/24 set interfaces ge-2/0/3 unit 0 family iso set interfaces ge-2/0/3 unit 0 family mpls set interfaces ge-2/0/5 unit 0 family inet address 10.53.0.103/24 set interfaces ge-2/0/5 unit 0 family mpls set interfaces ge-2/1/8 unit 0 family inet address 10.31.0.103/24 set interfaces ge-2/1/8 unit 0 family iso set interfaces ge-2/1/8 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.168.0.103/32 primary set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0103.00 set interfaces lo0 unit 1 family inet address 192.168.1.103/32 set routing-options router-id 192.168.0.103 set routing-options autonomous-system 64511 set protocols rsvp interface ge-2/0/3.0 set protocols rsvp interface ge-2/1/8.0 set protocols rsvp interface lo0.0 set protocols mpls label-switched-path to_PE1 to 192.168.0.101 set protocols mpls label-switched-path to_PE2 to 192.168.0.102 set protocols mpls interface ge-2/0/3.0 set protocols mpls interface ge-2/1/8.0 set protocols bgp local-address 192.168.0.103 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp peer-as 64511 set protocols bgp group ibgp neighbor 192.168.0.101 set protocols bgp group ibgp neighbor 192.168.0.102 set protocols isis interface ge-2/0/3.0 set protocols isis interface ge-2/1/8.0 set protocols isis interface lo0.0 set protocols ldp interface ge-2/0/3.0 set protocols ldp interface ge-2/1/8.0 set protocols ldp interface lo0.0 set policy-options policy-statement l3vpn_ospf_export term 0 from protocol direct set policy-options policy-statement l3vpn_ospf_export term 0 then accept set policy-options policy-statement l3vpn_ospf_import term 0 from protocol bgp set policy-options policy-statement l3vpn_ospf_import term 0 from community l3vpn set policy-options policy-statement l3vpn_ospf_import term 0 then accept set policy-options policy-statement ospf_export term 0 from community l3vpn set policy-options policy-statement ospf_export term 0 then accept set policy-options community l3vpn members target:64511:600 set routing-instances l3vpn instance-type vrf set routing-instances l3vpn interface ge-2/0/5.0 set routing-instances l3vpn interface lo0.1 set routing-instances l3vpn route-distinguisher 192.168.0.103:64511 set routing-instances l3vpn vrf-target target:64511:600 set routing-instances l3vpn vrf-table-label set routing-instances l3vpn protocols ospf export ospf_export set routing-instances l3vpn protocols ospf area 0.0.0.0 interface ge-2/0/5.0 set routing-instances l3vpn protocols ospf area 0.0.0.0 interface lo0.1
Dispositivo CE2
set interfaces ge-2/0/8 unit 0 family inet address 10.53.0.105/24 set interfaces lo0 unit 0 family inet address 192.168.0.105/32 primary set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 set routing-options router-id 192.168.0.105
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar pela CLI, consulte o uso do Editor de CLI no modo de configuração no guia de usuário da CLI.
Para configurar o dispositivo A1:
-
Configure as interfaces.
Habilite o MPLS nas interfaces voltadas para o núcleo. A família de endereços ISO também está habilitada, porque o IS-IS é usado como o protocolo de gateway interior (IGP) na rede do provedor.
Na interface voltada para o cliente, você não precisa habilitar o MPLS. Nesta interface, habilite o encapsulamento de CCC e endereçar o CCC da família.
[edit interfaces] user@A1# set ge-1/3/0 unit 0 family inet address 10.20.0.100/24 user@A1# set ge-1/3/0 unit 0 family iso user@A1# set ge-1/3/0 unit 0 family mpls user@A1# set ge-1/3/1 unit 0 family inet address 10.10.0.100/24 user@A1# set ge-1/3/1 unit 0 family iso user@A1# set ge-1/3/1 unit 0 family mpls user@A1# set ge-1/3/2 vlan-tagging user@A1# set ge-1/3/2 encapsulation vlan-ccc user@A1# set ge-1/3/2 unit 600 encapsulation vlan-ccc user@A1# set ge-1/3/2 unit 600 vlan-id 600 user@A1# set ge-1/3/2 unit 600 family ccc user@A1# set lo0 unit 0 family inet address 192.168.0.100/32 primary user@A1# set lo0 unit 0 family iso address 49.0002.0192.0168.0100.00
-
Configure o RSVP nas interfaces voltadas para o núcleo e na interface de loopback.
RSVP é usado no domínio de Camada 3.
[edit protocols rsvp] user@A1# set interface ge-1/3/0.0 user@A1# set interface ge-1/3/1.0 user@A1# set interface lo0.0
-
Configure o LDP nas interfaces voltadas para o núcleo e na interface de loopback.
O LDP é usado em domínio de Camada 2.
[edit protocols ldp] user@A1# set interface ge-1/3/0.0 user@A1# set interface ge-1/3/1.0 user@A1# set interface lo0.0
-
Configure o MPLS nas interfaces voltadas para o núcleo.
[edit protocols mpls] user@A1# set interface ge-1/3/0.0 user@A1# set interface ge-1/3/1.0
-
Configure um protocolo de gateway interno, como IS-IS ou OSPF, nas interfaces voltadas para o núcleo e na interface de loopback.
[edit protocols isis] user@A1# set interface ge-1/3/0.0 user@A1# set interface ge-1/3/1.0 user@A1# set interface lo0.0
-
Na interface que enfrenta a borda do cliente, configure o circuito de Camada 2.
Configure a
hot-standbydeclaração nesses roteadores com circuitos virtuais ativos e de espera (VCs) (Dispositivo A1 em nossa topologia). Você deve incluir apseudowire-status-tlvdeclaração sobre roteadores de acesso. Sem o status TLV sinalização, a bandeira de espera não pode ser anunciada em dispositivos de borda de provedor remoto (PE).A
revert-timedeclaração e a opçãomaximumtambém devem ser configuradas em roteadores de acesso. Sem arevert-timedeclaração, o tráfego de todos os VCs não será transicionado para o caminho principal após a conclusão da restauração. Se umrevert-timeatraso for definido, mas ummaximumatraso não for, os VCs serão restaurados imediatamente após a expiração do temporizador reverso. A opção máxima permite que os VCs sejam restaurados de forma dispersa, em vez de tudo de uma só vez.[edit protocols l2circuit neighbor 192.168.0.101 interface ge-1/3/2.600] user@A1# set virtual-circuit-id 1 user@A1# set pseudowire-status-tlv user@A1# set revert-time 10 maximum 60 user@A1# set backup-neighbor 192.168.0.102 virtual-circuit-id 2 user@A1# set backup-neighbor 192.168.0.102 hot-standby
-
Para que o próximo hop unilist seja empurrado para outros roteadores de acesso, configure o balanceamento de carga por pacote.
[edit policy-options policy-statement pplb] user@A1# set then load-balance per-packet
-
Aplique a política de balanceamento de carga por pacote.
[edit routing-options forwarding-table] user@A1# set export pplb
-
Configure o ID do sistema autônomo (AS) e o ID do roteador.
[edit routing-options] user@A1# set router-id 192.168.0.100 user@A1# set autonomous-system 64510
Da mesma forma, configure quaisquer outros dispositivos de acesso.
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar pela CLI, consulte o uso do Editor de CLI no modo de configuração no guia de usuário da CLI.
Para configurar o dispositivo PE1:
Configure as interfaces.
Habilite o MPLS nas interfaces voltadas para o núcleo.
[edit interfaces] user@PE1# set ge-0/1/1 unit 0 family inet address 10.21.0.101/24 user@PE1# set ge-0/1/1 unit 0 family iso user@PE1# set ge-0/1/1 unit 0 family mpls user@PE1# set ge-0/1/2 unit 0 family inet address 10.31.0.101/24 user@PE1# set ge-0/1/2 unit 0 family iso user@PE1# set ge-0/1/2 unit 0 family mpls user@PE1# set ge-0/1/3 unit 0 family inet address 10.10.0.101/24 user@PE1# set ge-0/1/3 unit 0 family iso user@PE1# set ge-0/1/3 unit 0 family mpls user@PE1# set lo0 unit 0 family inet address 192.168.0.101/32 primary user@PE1# set lo0 unit 0 family iso address 49.0002.0192.0168.0003.00 user@PE1# set lo0 unit 1 family inet address 192.168.1.101/32
No dispositivo PE1 e no dispositivo PE2, que são roteadores de agregação, configure um par de interfaces lógicas de túnel para representar LT(x) e LT(y).
A solução usa interfaces combinadas de túnel lógico (lt-) para costurar os domínios de Camada 2 e Camada 3.
Um pseudowire de Camada 2 termina em uma das interfaces lógicas de túnel, LT(x), definida com a família de endereços de conexão cruzada (CCC) do circuito. Uma VPN de Camada 3 encerra a segunda interface lógica de túnel, LT(y), definida com a família de endereços IPv4 (inet). LT(x) e LT(y) estão em pares.
[edit interfaces] user@PE1# set lt-1/2/0 unit 600 encapsulation vlan-ccc user@PE1# set lt-1/2/0 unit 600 vlan-id 600 user@PE1# set lt-1/2/0 unit 600 peer-unit 601 user@PE1# set lt-1/2/0 unit 601 encapsulation vlan user@PE1# set lt-1/2/0 unit 601 vlan-id 600 user@PE1# set lt-1/2/0 unit 601 peer-unit 600 user@PE1# set lt-1/2/0 unit 601 family inet filter input icmp_inet user@PE1# set lt-1/2/0 unit 601 family inet filter output icmp_inet
(Opcional) Associe um endereço VRRP exclusivo com o Dispositivo PE1 e o Dispositivo PE2.
Nesse caso, tanto o Dispositivo PE1 quanto o Dispositivo PE2 assumem o estado principal para o endereço VIP IPv4 definido, portanto, nenhuma mensagem de olá vrRP é trocada entre os roteadores.
[edit interfaces lt-1/2/0 unit 601 family inet address 10.41.0.101/24] user@PE1# set vrrp-group 0 virtual-address 10.41.0.1 user@PE1# set vrrp-group 0 accept-data
Configure o IS-IS ou outro IGP.
[edit protocols isis] user@PE1# set interface ge-0/1/1.0 user@PE1# set interface ge-0/1/2.0 user@PE1# set interface ge-0/1/3.0 user@PE1# set interface lo0.0
Configure o MPLS nas interfaces voltadas para o núcleo.
[edit protocols mpls] user@PE1# set interface ge-0/1/1.0 user@PE1# set interface ge-0/1/2.0 user@PE1# set interface ge-0/1/3.0
Configure caminhos comutados por rótulos para outros dispositivos PE.
O BGP é um protocolo orientado por políticas, então também configure e aplique todas as políticas de roteamento necessárias. Por exemplo, você pode querer exportar rotas estáticas para BGP.
[edit protocols mpls] user@PE1# set label-switched-path to_PE3 to 192.168.0.103 user@PE1# set label-switched-path to_PE2 to 192.168.0.102
Configure o LDP nas interfaces voltadas para o núcleo e na interface de loopback.
[edit protocols ldp] user@PE1# set interface ge-0/1/1.0 user@PE1# set interface ge-0/1/2.0 user@PE1# set interface ge-0/1/3.0 user@PE1# set interface lo0.0
Configure o RSVP nas interfaces voltadas para o núcleo e na interface de loopback.
[edit protocols rsvp] user@PE1# set interface ge-0/1/1.0 user@PE1# set interface ge-0/1/2.0 user@PE1# set interface ge-0/1/3.0 user@PE1# set interface lo0.0
Configure o BGP interno (IBGP).
[edit protocols bgp] user@PE1# set local-address 192.168.0.101 user@PE1# set group ibgp family inet-vpn any user@PE1# set group ibgp peer-as 64511 user@PE1# set group ibgp neighbor 192.168.0.102 user@PE1# set group ibgp neighbor 192.168.0.103
Configure o circuito de Camada 2 na interface lógica do túnel.
Configure a
hot-standby-vc-ondeclaração se você quiser que um pseudowire de espera quente seja estabelecido na chegada de PW_FWD_STDBY status TLV.[edit protocols l2circuit neighbor 192.168.0.100 interface lt-1/2/0.600] user@PE1# set virtual-circuit-id 1 user@PE1# set pseudowire-status-tlv hot-standby-vc-on
Defina um par de condições a serem aplicadas à política de saída definida na instância vpn de Camada 3.
Em condições
primarye condiçõesstandby, a rota correspondente corresponde à interface lt-1/2/0,600 (y), pois este é o formato em que as rotas de saída aparecem na tabela de roteamento mpls.0 para representar qualquer pseudowire.A diferença entre essas condições está no
standbyatributo. Após a chegada do status PW_FWD_STDBY TLV ao Dispositivo PE1 ou Dispositivo PE2, o Junos OS corresponde à condiçãostandbye, em consequência, somente o termostandbydentro dal3vpnpolítica será executado. Por outro lado, se o status PW_FWD_STDBY TLV não estiver presente, a política apenas corresponde à condiçãoprimary, que então executa o termoprimarynal3vpnpolítica. Além disso, para serviços lógicos de CCC baseados em túnel, você deve especificar a interface lógica do túnel, LT(y), associada à interface CCC do túnel lógico, LT(x). (Veja os cenários de backhaul móvel de redundância pseudowire.)Por fim, para condições baseadas em CCC, o Junos OS só permite mpls.0 como a tabela de roteamento correspondente. Para o atributo, o
addressJunos OS só permite strings com um formato de unidade de interface lógica (por exemplo, lt-0/0/0.0).[edit policy-options condition primary if-route-exists address-family ccc] user@PE1# set lt-1/2/0.600 user@PE1# set table mpls.0 user@PE1# set peer-unit 601 [edit policy-options condition standby if-route-exists address-family ccc] user@PE1# set lt-1/2/0.600 user@PE1# set table mpls.0 user@PE1# set standby user@PE1# set peer-unit 601
Configure a política de exportação de VPN de Camada 3.
Se o circuito virtual de Camada 2 (VC) for primário, o dispositivo de roteamento de borda de provedor correspondente (PE) anuncia a sub-rede do circuito de anexo (AC) com a maior preferência local. Todos os dispositivos PE de agregação anunciam inicialmente a sub-rede do AC com a mesma preferência local.
Essa política de roteamento permite que um valor de preferência local mais alto seja anunciado se o VC de Camada 2 estiver ativo.
[edit policy-options policy-statement l3vpn_export] user@PE1# set term primary from condition primary user@PE1# set term primary then local-preference add 300 user@PE1# set term primary then community set l3vpn user@PE1# set term primary then accept user@PE1# set term standby from condition standby user@PE1# set term standby then local-preference add 30 user@PE1# set term standby then community set l3vpn user@PE1# set term standby then accept user@PE1# set term default then community set l3vpn user@PE1# set term default then accept
Configure os membros da comunidade VPN de Camada 3.
[edit policy-options community l3vpn] user@PE1# set members target:64511:600
Configure a política de importação de VPN de Camada 3 com base na comunidade VPN de Camada 3.
[edit policy-options policy-statement l3vpn_import] user@PE1# set term 1 from community l3vpn user@PE1# set term 1 then accept user@PE1# set term default then reject
Configure a política de exportação do OSPF com base na comunidade VPN de Camada 3.
[edit policy-options policy-statement ospf_export term 0] user@PE1# set from community l3vpn user@PE1# set then accept
(Opcional) Configure um filtro de firewall para verificar o caminho tomado pelo tráfego.
[edit firewall family inet filter icmp_inet] user@PE1# set interface-specific user@PE1# set term 0 from source-address 10.41.0.101/32 except user@PE1# set term 0 from source-address 10.0.0.0/8 user@PE1# set term 0 from protocol icmp user@PE1# set term 0 then count icmp_inet user@PE1# set term 0 then log user@PE1# set term 0 then accept user@PE1# set term 1 then accept
Configure a instância de roteamento.
Esta instância de roteamento está no domínio de Camada 2, onde o Dispositivo PE1 e o Dispositivo PE2 estão interconectados ao anel metro por meio de mídia multiacesso (Ethernet). Você deve incluir a
vrf-table-labeldeclaração do dispositivo PE1 e do dispositivo PE2 para habilitar a publicidade do prefixo de sub-rede direto correspondente à interface do túnel lógico (lt-) em direção ao domínio da Camada 3.O PE1 do dispositivo e o dispositivo PE2 usam OSPF para comunicação vpn de Camada 3 com o dispositivo CE1.
[edit routing-instances l3vpn] user@PE1# set instance-type vrf user@PE1# set interface lt-1/2/0.601 user@PE1# set interface lo0.1 user@PE1# set route-distinguisher 192.168.1.101:64511 user@PE1# set vrf-import l3vpn_import user@PE1# set vrf-export l3vpn_export user@PE1# set vrf-table-label user@PE1# set protocols ospf export ospf_export user@PE1# set protocols ospf area 0.0.0.0 interface lt-1/2/0.601 user@PE1# set protocols ospf area 0.0.0.0 interface lo0.1
Configure o ID do sistema autônomo (AS) e o ID do roteador.
[edit routing-options] user@PE1# set router-id 192.168.0.101 user@PE1# set autonomous-system 64511
Da mesma forma, configure o dispositivo PE2.
Resultados
A partir do modo de configuração, confirme sua configuração entrando nosshow interfaces, show firewall, show protocols, , show policy-optionsshow routing-optionse show routing-instances comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
Dispositivo A1
user@A1# show interfaces
ge-1/3/0 {
unit 0 {
family inet {
address 10.20.0.100/24;
}
family iso;
family mpls;
}
}
ge-1/3/1 {
unit 0 {
family inet {
address 10.10.0.100/24;
}
family iso;
family mpls;
}
}
ge-1/3/2 {
vlan-tagging;
encapsulation vlan-ccc;
unit 600 {
encapsulation vlan-ccc;
vlan-id 600;
family ccc;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.100/32 {
primary;
}
}
family iso {
address 49.0002.0192.0168.0100.00;
}
}
}
user@A1# show protocols
rsvp {
interface ge-1/3/0.0;
interface ge-1/3/1.0;
interface lo0.0;
}
mpls {
interface ge-1/3/0.0;
interface ge-1/3/1.0;
}
isis {
interface ge-1/3/0.0;
interface ge-1/3/1.0;
interface lo0.0;
}
ldp {
interface ge-1/3/0.0;
interface ge-1/3/1.0;
interface lo0.0;
}
l2circuit {
neighbor 192.168.0.101 {
interface ge-1/3/2.600 {
virtual-circuit-id 1;
pseudowire-status-tlv;
backup-neighbor 192.168.0.102 {
virtual-circuit-id 2;
hot-standby;
}
}
}
}
user@A1# show policy-options
policy-statement pplb {
then {
load-balance per-packet;
}
}
user@A1# show routing-options
autonomous-system 64510;
router-id 192.168.0.100;
forwarding-table {
export pplb;
}
Dispositivo PE1
user@PE1# show interfaces
ge-0/1/1 {
unit 0 {
family inet {
address 10.21.0.101/24;
}
family iso;
family mpls;
}
}
ge-0/1/2 {
unit 0 {
family inet {
address 10.31.0.101/24;
}
family iso;
family mpls;
}
}
ge-0/1/3 {
unit 0 {
family inet {
address 10.10.0.101/24;
}
family iso;
family mpls;
}
}
lt-1/2/0 {
unit 600 {
encapsulation vlan-ccc;
vlan-id 600;
peer-unit 601;
}
unit 601 {
encapsulation vlan;
vlan-id 600;
peer-unit 600;
family inet {
filter {
input icmp_inet;
output icmp_inet;
}
address 10.41.0.101/24 {
vrrp-group 0 {
virtual-address 10.41.0.1;
accept-data;
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.101/32 {
primary;
}
}
family iso {
address 49.0002.0192.0168.0003.00;
}
}
unit 1 {
family inet {
address 192.168.1.101/32;
}
}
}
user@PE1# show firewall
family inet {
filter icmp_inet {
interface-specific;
term 0 {
from {
source-address {
10.41.0.101/32 except;
10.0.0.0/8;
}
protocol icmp;
}
then {
count icmp_inet;
log;
accept;
}
}
term 1 {
then accept;
}
}
}
user@PE1# show protocols
rsvp {
interface ge-0/1/1.0;
interface ge-0/1/2.0;
interface ge-0/1/3.0;
interface lo0.0;
}
mpls {
label-switched-path to_PE3 {
to 192.168.0.103;
}
label-switched-path to_PE2 {
to 192.168.0.102;
}
interface ge-0/1/1.0;
interface ge-0/1/2.0;
interface ge-0/1/3.0;
}
bgp {
local-address 192.168.0.101;
group ibgp {
family inet-vpn {
any;
}
peer-as 64511;
neighbor 192.168.0.102;
neighbor 192.168.0.103;
}
}
isis {
interface ge-0/1/1.0;
interface ge-0/1/2.0;
interface ge-0/1/3.0;
interface lo0.0;
}
ldp {
interface ge-0/1/1.0;
interface ge-0/1/2.0;
interface ge-0/1/3.0;
interface lo0.0;
}
l2circuit {
neighbor 192.168.0.100 {
interface lt-1/2/0.600 {
virtual-circuit-id 1;
pseudowire-status-tlv hot-standby-vc-on;
}
}
}
user@PE1# show policy-options
policy-statement l3vpn_export {
term primary {
from condition primary;
then {
local-preference add 300;
community set l3vpn;
accept;
}
}
term standby {
from condition standby;
then {
local-preference add 30;
community set l3vpn;
accept;
}
}
term default {
then {
community set l3vpn;
accept;
}
}
}
policy-statement l3vpn_import {
term 1 {
from community l3vpn;
then accept;
}
term default {
then reject;
}
}
policy-statement ospf_export {
term 0 {
from community l3vpn;
then accept;
}
}
community l3vpn members target:64511:600;
condition primary {
if-route-exists {
address-family {
ccc {
lt-1/2/0.600;
table mpls.0;
peer-unit 601;
}
}
}
}
condition standby {
if-route-exists {
address-family {
ccc {
lt-1/2/0.600;
table mpls.0;
standby;
peer-unit 601;
}
}
}
}
user@PE1# show routing-options
router-id 192.168.0.101;
autonomous-system 64511;
user@PE1# show routing-instances
l3vpn {
instance-type vrf;
interface lt-1/2/0.601;
interface lo0.1;
route-distinguisher 192.168.1.101:64511;
vrf-import l3vpn_import;
vrf-export l3vpn_export;
vrf-table-label;
protocols {
ospf {
export ospf_export;
area 0.0.0.0 {
interface lt-1/2/0.601;
interface lo0.1;
}
}
}
}
Se você terminar de configurar os dispositivos, entre no commit modo de configuração.
Verificação
Confirme que a configuração está funcionando corretamente.
Verificando circuitos de Camada 2
Propósito
Após o estabelecimento do circuito virtual (VC) da Camada 2, a saída do show l2circuit connections comando mostra o VC ativo e o hot-standby. Além disso, os detalhes do plano de controle são mostrados para o VC de espera quente.
Ação
Do modo operacional, entre no show l2circuit connections extensive comando.
user@A1> show l2circuit connections extensive
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration
BK -- Backup Connection ST -- Standby Connection
CB -- rcvd cell-bundle size bad SP -- Static Pseudowire
LD -- local site signaled down RS -- remote site standby
RD -- remote site signaled down HS -- Hot-standby Connection
XX -- unknown
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 192.168.0.101
Interface Type St Time last up # Up trans
ge-1/3/2.600(vc 1) rmt Up Jan 24 11:00:26 2013 1
Remote PE: 192.168.0.101, Negotiated control-word: Yes (Null)
Incoming label: 299776, Outgoing label: 299776
Negotiated PW status TLV: Yes
local PW status code: 0x00000000, Neighbor PW status code: 0x00000000
Local interface: ge-1/3/2.600, Status: Up, Encapsulation: VLAN
Connection History:
Jan 24 11:00:26 2013 status update timer
Jan 24 11:00:26 2013 PE route changed
Jan 24 11:00:26 2013 Out lbl Update 299776
Jan 24 11:00:26 2013 In lbl Update 299776
Jan 24 11:00:26 2013 loc intf up ge-1/3/2.600
Neighbor: 192.168.0.102
Interface Type St Time last up # Up trans
ge-1/3/2.600(vc 2) rmt HS ----- ----
Remote PE: 192.168.0.102, Negotiated control-word: Yes (Null)
Incoming label: 299792, Outgoing label: 299776
Negotiated PW status TLV: Yes
local PW status code: 0x00000020, Neighbor PW status code: 0x00000000
Local interface: ge-1/3/2.600, Status: Up, Encapsulation: VLAN
user@PE1> show l2circuit connections extensive
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration
BK -- Backup Connection ST -- Standby Connection
CB -- rcvd cell-bundle size bad SP -- Static Pseudowire
LD -- local site signaled down RS -- remote site standby
RD -- remote site signaled down HS -- Hot-standby Connection
XX -- unknown
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 192.168.0.100
Interface Type St Time last up # Up trans
lt-1/2/0.600(vc 1) rmt Up Jan 24 11:06:36 2013 1
Remote PE: 192.168.0.100, Negotiated control-word: Yes (Null)
Incoming label: 299776, Outgoing label: 299776
Negotiated PW status TLV: Yes
local PW status code: 0x00000000, Neighbor PW status code: 0x00000000
Local interface: lt-1/2/0.600, Status: Up, Encapsulation: VLAN
Connection History:
Jan 24 11:06:36 2013 status update timer
Jan 24 11:06:36 2013 PE route changed
Jan 24 11:06:36 2013 Out lbl Update 299776
Jan 24 11:06:36 2013 In lbl Update 299776
Jan 24 11:06:36 2013 loc intf up lt-1/2/0.600
user@PE2> show l2circuit connections extensive
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration
BK -- Backup Connection ST -- Standby Connection
CB -- rcvd cell-bundle size bad SP -- Static Pseudowire
LD -- local site signaled down RS -- remote site standby
RD -- remote site signaled down HS -- Hot-standby Connection
XX -- unknown
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 192.168.0.100
Interface Type St Time last up # Up trans
lt-1/2/0.600(vc 2) rmt Up Jan 24 10:55:31 2013 1
Remote PE: 192.168.0.100, Negotiated control-word: Yes (Null)
Incoming label: 299776, Outgoing label: 299792
Negotiated PW status TLV: Yes
local PW status code: 0x00000000, Neighbor PW status code: 0x00000020
Local interface: lt-1/2/0.600, Status: Up, Encapsulation: VLAN
Connection History:
Jan 24 10:55:31 2013 status update timer
Jan 24 10:55:31 2013 PE route changed
Jan 24 10:55:31 2013 Out lbl Update 299792
Jan 24 10:55:31 2013 In lbl Update 299776
Jan 24 10:55:31 2013 loc intf up lt-1/2/0.600
Significado
Da perspectiva do Dispositivo PE1 e do Dispositivo PE2, um único circuito de Camada 2 está estabelecido em direção aos roteadores de acesso, de modo que não haja informações de dispositivos de espera na saída CLI do show l2circuit connections comando. Observe que nenhuma informação de tempo e flapping é fornecida para o VC atuando como o hot-standby. O Junos OS só permite que esses contadores sejam rastreados para o VC ativo.
Verificando as condições da política
Propósito
Nos dispositivos PE, verifique o estado das diferentes condições definidas como parte da política de saída da VPN de Camada3, onde 10.41.0.0/24 corresponde à sub-rede lógica (y).
Ação
Do modo operacional, entre no show policy conditions detail comando.
user@PE1> show policy conditions detail Configured conditions: Condition primary (static), event: Existence of a route in a specific routing table Dependent routes: 10.41.0.0/24, generation 8 192.168.0.104/32, generation 8 Condition standby (static), event: Existence of a route in a specific routing table Dependent routes: None Condition tables: Table mpls.0, generation 0, dependencies 0, If-route-exists conditions: primary (static) standby (static) Table l3vpn.inet.0, generation 12, dependencies 2
user@PE2> show policy conditions detail Configured conditions: Condition primary (static), event: Existence of a route in a specific routing table Dependent routes: 10.41.0.0/24, generation 18 Condition standby (static), event: Existence of a route in a specific routing table Dependent routes: 10.41.0.0/24, generation 18 Condition tables: Table mpls.0, generation 0, dependencies 0, If-route-exists conditions: primary (static) standby (static) Table l3vpn.inet.0, generation 367, dependencies 2