示例:标记 Diffserv 代码指向 MPLS EXP,以便跨服务提供商的 L3VPN MPLS 网络承载 CoS 配置文件
此示例介绍了如何在客户网络和服务提供商的 MPLS 网络的网络边界重写(标记)DSCP 服务等级 (CoS) 代码点值,同时维护流量的原始 CoS 配置文件,以便在流量退出 MPLS 网络时,可以使用原始 DSCP 代码点进行标记。
要求
为了验证此过程,此示例使用流量生成器。流量生成器可以是基于硬件的,也可以是基于服务器或主机上运行的软件。
运行 Junos OS 的设备上广泛支持此过程中的功能。此处展示的示例已在运行 Junos OS 10.4 版的 MX 系列路由器上进行了测试和验证。
概述
将 IP DSCP 代码点值重写为 MPLS EXP 代码点值的目的是在服务提供商的 MPLS 网络中传输数据包的 CoS 配置文件。重写由位于服务提供商网络边界的提供商边缘 (PE) 路由器执行。请参阅 图 2。
Junos OS 包含多个可能满足您的需求的 DSCP 默认重写规则。您可以使用命令显示它们 show class-of-service rewrite-rule 。下表显示了部分默认重写 DSCP 代码点规则映射。
您还可以定义自己的自定义重写规则表,或者混合使用默认重写规则和您创建的自定义表。此示例使用默认重写规则。
来自转发类的映射 |
PLP 值 |
映射到 DSCP/DSCP IPv6/EXP/IP 代码点别名 |
|---|---|---|
加速转发 |
低 |
英 孚 |
加速转发 |
高 |
英 孚 |
保证转发 |
低 |
af11 |
保证转发 |
高 |
af12 (DSCP/DSCP IPv6/EXP) |
尽力而为 |
低 |
是 |
尽力而为 |
高 |
是 |
网络控制 |
低 |
nc1/cs6 |
网络控制 |
高 |
nc2/cs7 |
Junos OS 使用下表中为 MPLS 表头的 EXP 字段显示的 MPLS CoS 值。
转发类 |
丢失优先级 |
EXP 代码点 |
|---|---|---|
尽力而为 |
低 |
000 |
尽力而为 |
高 |
001 |
加速转发 |
低 |
010 |
加速转发 |
高 |
011 |
保证转发 |
低 |
100 |
保证转发 |
高 |
101 |
网络控制 |
低 |
110 |
网络控制 |
高 |
111 |
图 1 显示了 MPLS 数据包结构。
图 1:MPLS 数据包结构
注意:
除了提供必要的信息以完成此示例的目的外,此示例还包括重新创建第 3 层 VPN (L3VPN) 网络所需的所有命令,如图 2 所示。此示例不包括配置 L3VPN 网络所需的任务的完整说明。如果需要有关配置 L3VPN 网络的更多信息,请参阅 http://juniper.net/documentation 提供的《路由设备第 3 层 VPN 用户指南》。
本文不涉及必要的 CoS 重写和底层算法。有关更多信息,请参阅 Miguel Barreiros 和 Peter Lundqvist 的 QOS 支持网络 — 工具和基础 。许多在线书店和 www.juniper.net/books 都提供这本书。
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层级的 [edit] CLI 中。
设备 CE1
set interfaces ge-1/0/1 unit 0 description to-host set interfaces ge-1/0/1 unit 0 family inet address 172.16.50.2/30 set interfaces ge-1/0/1 unit 0 family inet filter input ip-v4 set interfaces ge-1/0/5 unit 0 description to_Provider set interfaces ge-1/0/5 unit 0 family inet address 10.80.0.1/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.1/32 set protocols bgp group to_Provider type external set protocols bgp group to_Provider export send-direct set protocols bgp group to_Provider peer-as 64511 set protocols bgp group to_Provider neighbor 10.80.0.2 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510 set firewall family inet filter ip-v4 term tcp80 from port 80 set firewall family inet filter ip-v4 term tcp80 then dscp ef set firewall family inet filter ip-v4 term 12345 from port 12345 set firewall family inet filter ip-v4 term 12345 then dscp be set firewall family inet filter ip-v4 term accept then accept
设备 PE1
set interfaces ge-1/0/6 description to_vpna set interfaces ge-1/0/6 unit 0 family inet address 10.80.0.2/30 set interfaces ge-1/0/7 description to_P1 set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.1/30 set interfaces ge-1/0/7 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 10.255.70.31/32 set routing-options router-id 10.255.70.31 set routing-options autonomous-system 64511 set protocols mpls interface ge-1/0/7.0 set protocols bgp group to_PE2 type internal set protocols bgp group to_PE2 local-address 10.255.70.31 set protocols bgp group to_PE2 family inet-vpn unicast set protocols bgp group to_PE2 neighbor 172.30.14.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 set protocols ldp interface ge-1/0/7.0 set protocols ldp interface lo0.0 set routing-instances vpna instance-type vrf set routing-instances vpna interface ge-1/0/6.0 set routing-instances vpna route-distinguisher 64511:1 set routing-instances vpna vrf-target target:64511:1 set routing-instances vpna protocols bgp group to_vpna type external set routing-instances vpna protocols bgp group to_vpna peer-as 64510 set routing-instances vpna protocols bgp group to_vpna neighbor 10.80.0.1 set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 set class-of-service interfaces ge-1/0/6 unit 0 classifiers dscp dscpv4 set class-of-service interfaces ge-1/0/6 unit 0 rewrite-rules dscp dscpv4-rw set class-of-service interfaces ge-1/0/7 unit 0 classifiers exp exp-in set class-of-service interfaces ge-1/0/7 unit 0 rewrite-rules exp exp-out set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
设备 P1
set interfaces ge-1/0/3 description to_P2 set interfaces ge-1/0/3 unit 0 family inet address 10.40.0.1/30 set interfaces ge-1/0/3 unit 0 family mpls set interfaces ge-1/0/7 description to_PE1 set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.2/30 set interfaces ge-1/0/7 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 192.168.16.1/32 set routing-options router-id 10.255.187.32 set protocols mpls interface ge-1/0/7.0 set protocols mpls interface ge-1/0/3.0 set protocols ospf area 0.0.0.0 interface ge-1/0/3.0 set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-1/0/3.0 set protocols ldp interface ge-1/0/7.0 set protocols ldp interface lo0.0
设备 P2
set interfaces ge-2/0/6 description to_P1 set interfaces ge-2/0/6 unit 0 family inet address 10.40.0.2/30 set interfaces ge-2/0/6 unit 0 family mpls set interfaces ge-2/0/8 description to_PE2 set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.1/30 set interfaces ge-2/0/8 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 192.168.13.1/32 set routing-options router-id 192.168.187.3 set protocols mpls interface ge-2/0/6.0 set protocols mpls interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface ge-2/0/6.0 set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-2/0/6.0 set protocols ldp interface ge-2/0/8.0 set protocols ldp interface lo0.0
设备 PE2
set interfaces ge-2/0/8 description to-R1 set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.2/30 set interfaces ge-2/0/8 unit 0 family mpls set interfaces ge-2/1/1 unit 0 description to-vpna set interfaces ge-2/1/1 unit 0 family inet address 10.90.0.1/30 set interfaces ge-2/1/7 unit 0 family inet address 10.0.31.2/30 set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 172.30.14.1 set routing-options router-id 172.30.14.1 set routing-options autonomous-system 64511 set protocols mpls interface ge-2/0/8.0 set protocols bgp group to_PE2 type internal set protocols bgp group to_PE2 local-address 172.30.14.1 set protocols bgp group to_PE2 family inet-vpn unicast set protocols bgp group to_PE2 neighbor 10.255.70.31 set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-2/0/8.0 set protocols ldp interface lo0.0 set routing-instances vpna instance-type vrf set routing-instances vpna interface ge-2/1/1.0 set routing-instances vpna route-distinguisher 64511:1 set routing-instances vpna vrf-target target:64511:1 set routing-instances vpna protocols bgp group to_vpna type external set routing-instances vpna protocols bgp group to_vpna peer-as 64512 set routing-instances vpna protocols bgp group to_vpna neighbor 10.90.0.2 set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 set class-of-service interfaces ge-2/0/8 unit 0 classifiers exp exp-in set class-of-service interfaces ge-2/0/8 unit 0 rewrite-rules exp exp-out set class-of-service interfaces ge-2/1/1 unit 0 classifiers dscp dscpv4 set class-of-service interfaces ge-2/1/1 unit 0 rewrite-rules dscp dscpv4-rw set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
设备 CE2
set interfaces ge-2/0/7 unit 0 description to-host set interfaces ge-2/0/7 unit 0 family inet address 172.16.80.2/30 set interfaces ge-2/0/7 unit 0 family inet filter input ip-v4 set interfaces ge-2/1/2 unit 0 description to-Provider set interfaces ge-2/1/2 unit 0 family inet address 10.90.0.2/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.2/32 set protocols bgp group to_Provider type external set protocols bgp group to_Provider export send-direct set protocols bgp group to_Provider peer-as 64511 set protocols bgp group to_Provider neighbor 10.90.0.1 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64512 set firewall family inet filter ip-v4 term tcp80 from port 80 set firewall family inet filter ip-v4 term tcp80 then dscp ef set firewall family inet filter ip-v4 term 12345 from port 12345 set firewall family inet filter ip-v4 term 12345 then dscp be set firewall family inet filter ip-v4 term accept then accept
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅《Junos OS CLI 用户指南》中的在配置模式下使用 CLI 编辑器。
要配置设备 CE1:
配置设备接口。
[edit ] user@CE1# set interfaces ge-1/0/1 unit 0 description to-host user@CE1# set interfaces ge-1/0/1 unit 0 family inet address 172.16.50.2/30 user@CE1# set interfaces ge-1/0/1 unit 0 family inet filter input ip-v4 user@CE1# set interfaces ge-1/0/5 unit 0 description to_Provider user@CE1# set interfaces ge-1/0/5 unit 0 family inet address 10.80.0.1/30 user@CE1# set interfaces lo0 unit 1 description loopback-interface user@CE1# set interfaces lo0 unit 1 family inet address 192.168.0.1/32
配置 BGP 参数
[edit ] user@CE1# set protocols bgp group to_Provider type external user@CE1# set protocols bgp group to_Provider export send-direct user@CE1# set protocols bgp group to_Provider peer-as 64511 user@CE1# set protocols bgp group to_Provider neighbor 10.80.0.2
配置策略选项参数。
[edit ] user@CE1# set policy-options policy-statement send-direct from protocol direct user@CE1# set policy-options policy-statement send-direct then accept
配置路由选项参数。
[edit ] user@CE1# set routing-options router-id 192.168.0.1 user@CE1# set routing-options autonomous-system 64510
配置 DSCP 代码点重写参数。
[edit ] user@CE1# set firewall family inet filter ip-v4 term tcp80 from port 80 user@CE1# set firewall family inet filter ip-v4 term tcp80 then dscp ef user@CE1# set firewall family inet filter ip-v4 term 12345 from port 12345 user@CE1# set firewall family inet filter ip-v4 term 12345 then dscp be user@CE1# set firewall family inet filter ip-v4 term accept then accept
逐步过程
要配置设备 PE1:
配置设备接口。
[edit ] user@PE1# set interfaces ge-1/0/6 description to_vpna user@PE1# set interfaces ge-1/0/6 unit 0 family inet address 10.80.0.2/30 user@PE1# set interfaces ge-1/0/7 description to_P1 user@PE1# set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.1/30 user@PE1# set interfaces ge-1/0/7 unit 0 family mpls user@PE1# set interfaces lo0 unit 0 description loopback-interface user@PE1# set interfaces lo0 unit 0 family inet address 10.255.70.31/32
配置路由选项参数。
[edit ] user@PE1# set routing-options router-id 10.255.70.31 user@PE1# set routing-options autonomous-system 64511
配置协议参数。
user@PE1# set protocols mpls interface ge-1/0/7.0 user@PE1# set protocols bgp group to_PE2 type internal user@PE1# set protocols bgp group to_PE2 local-address 10.255.70.31 user@PE1# set protocols bgp group to_PE2 family inet-vpn unicast user@PE1# set protocols bgp group to_PE2 neighbor 172.30.14.1 user@PE1# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@PE1# set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 user@PE1# set protocols ldp interface ge-1/0/7.0 user@PE1# set protocols ldp interface lo0.0
配置路由实例参数。
[edit ] user@PE1# set routing-instances vpna instance-type vrf user@PE1# set routing-instances vpna interface ge-1/0/6.0 user@PE1# set routing-instances vpna route-distinguisher 64511:1 user@PE1# set routing-instances vpna vrf-target target:64511:1 user@PE1# set routing-instances vpna protocols bgp group to_vpna type external user@PE1# set routing-instances vpna protocols bgp group to_vpna peer-as 64510 user@PE1# set routing-instances vpna protocols bgp group to_vpna neighbor 10.80.0.1
配置执行 DSCP 代码点 MPLS EXP 重写的服务等级参数。
user@PE1# set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef user@PE1# set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be user@PE1# set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 user@PE1# set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 user@PE1# set class-of-service interfaces ge-1/0/6 unit 0 classifiers dscp dscpv4 user@PE1# set class-of-service interfaces ge-1/0/6 unit 0 rewrite-rules dscp dscpv4-rw user@PE1# set class-of-service interfaces ge-1/0/7 unit 0 classifiers exp exp-in user@PE1# set class-of-service interfaces ge-1/0/7 unit 0 rewrite-rules exp exp-out user@PE1# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef user@PE1# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be user@PE1# set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 user@PE1# set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
逐步过程
要配置设备 P1:
配置设备接口。
[edit ] user@P1# set interfaces ge-1/0/3 description to_P2 user@P1# set interfaces ge-1/0/3 unit 0 family inet address 10.40.0.1/30 user@P1# set interfaces ge-1/0/3 unit 0 family mpls user@P1# set interfaces ge-1/0/7 description to_PE1 user@P1# set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.2/30 user@P1# set interfaces ge-1/0/7 unit 0 family mpls user@P1# set interfaces lo0 unit 0 description loopback-interface user@P1# set interfaces lo0 unit 0 family inet address 192.168.16.1/32
配置路由选项参数。
[edit ] user@P1# set routing-options router-id 10.255.187.32
配置协议参数。
[edit ] user@P1# set protocols mpls interface ge-1/0/7.0 user@P1# set protocols mpls interface ge-1/0/3.0 user@P1# set protocols ospf area 0.0.0.0 interface ge-1/0/3.0 user@P1# set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 user@P1# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@P1# set protocols ldp interface ge-1/0/3.0 user@P1# set protocols ldp interface ge-1/0/7.0 user@P1# set protocols ldp interface lo0.0
逐步过程
要配置设备 P2:
配置设备接口。
[edit ] user@P2# set interfaces ge-2/0/6 description to_P1 user@P2# set interfaces ge-2/0/6 unit 0 family inet address 10.40.0.2/30 user@P2# set interfaces ge-2/0/6 unit 0 family mpls user@P2# set interfaces ge-2/0/8 description to_PE2 user@P2# set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.1/30 user@P2# set interfaces ge-2/0/8 unit 0 family mpls user@P2# set interfaces lo0 unit 0 description loopback-interface user@P2# set interfaces lo0 unit 0 family inet address 192.168.13.1/32
配置路由选项参数。
[edit ] user@P2# set routing-options router-id 192.168.187.3
配置协议参数。
[edit ] user@P2# set protocols mpls interface ge-2/0/6.0 user@P2# set protocols mpls interface ge-2/0/8.0 user@P2# set protocols ospf area 0.0.0.0 interface ge-2/0/6.0 user@P2# set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 user@P2# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@P2# set protocols ldp interface ge-2/0/6.0 user@P2# set protocols ldp interface ge-2/0/8.0 user@P2# set protocols ldp interface lo0.0
逐步过程
要配置设备 PE2:
配置设备接口。
[edit ] user@PE2# set interfaces ge-2/0/8 description to-R1 user@PE2# set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.2/30 user@PE2# set interfaces ge-2/0/8 unit 0 family mpls user@PE2# set interfaces ge-2/1/1 unit 0 description to-vpna user@PE2# set interfaces ge-2/1/1 unit 0 family inet address 10.90.0.1/30 user@PE2# set interfaces lo0 unit 0 description loopback-interface user@PE2# set interfaces lo0 unit 0 family inet address 172.30.14.1/32
配置路由选项参数。
[edit ] user@PE2# set routing-options router-id 172.30.14.1 user@PE2# set routing-options autonomous-system 64511
配置协议参数。
[edit ] user@PE2# set protocols mpls interface ge-2/0/8.0 user@PE2# set protocols bgp group to_PE2 type internal user@PE2# set protocols bgp group to_PE2 local-address 172.30.14.1 user@PE2# set protocols bgp group to_PE2 family inet-vpn unicast user@PE2# set protocols bgp group to_PE2 neighbor 10.255.70.31 user@PE2# set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 user@PE2# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@PE2# set protocols ldp interface ge-2/0/8.0 user@PE2# set protocols ldp interface lo0.0
配置路由实例参数。
[edit ] user@PE2# set routing-instances vpna instance-type vrf user@PE2# set routing-instances vpna interface ge-2/1/1.0 user@PE2# set routing-instances vpna route-distinguisher 64511:1 user@PE2# set routing-instances vpna vrf-target target:64511:1 user@PE2# set routing-instances vpna protocols bgp group to_vpna type external user@PE2# set routing-instances vpna protocols bgp group to_vpna peer-as 64512 user@PE2# set routing-instances vpna protocols bgp group to_vpna neighbor 10.90.0.2
配置执行 DSCP 代码点 MPLS EXP 重写的服务等级参数。
[edit ] user@PE2# set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef user@PE2# set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be user@PE2# set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 user@PE2# set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 user@PE2# set class-of-service interfaces ge-2/0/8 unit 0 classifiers exp exp-in user@PE2# set class-of-service interfaces ge-2/0/8 unit 0 rewrite-rules exp exp-out user@PE2# set class-of-service interfaces ge-2/1/1 unit 0 classifiers dscp dscpv4 user@PE2# set class-of-service interfaces ge-2/1/1 unit 0 rewrite-rules dscp dscpv4-rw user@PE2# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef user@PE2# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be user@PE2# set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 user@PE2# set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
逐步过程
要配置设备 CE2:
配置设备接口。
[edit ] user@CE2# set interfaces ge-2/0/7 unit 0 description to-host user@CE2# set interfaces ge-2/0/7 unit 0 family inet address 172.16.80.2/30 user@CE2# set interfaces ge-2/0/7 unit 0 family inet filter input ip-v4 user@CE2# set interfaces ge-2/1/2 unit 0 description to-Provider user@CE2# set interfaces ge-2/1/2 unit 0 family inet address 10.90.0.2/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.2/32
配置协议参数。
[edit ] user@CE2# set protocols bgp group to_Provider type external user@CE2# set protocols bgp group to_Provider export send-direct user@CE2# set protocols bgp group to_Provider peer-as 64511 user@CE2# set protocols bgp group to_Provider neighbor 10.90.0.1
配置策略选项参数。
[edit ] user@CE2# set policy-options policy-statement send-direct from protocol direct user@CE2# set policy-options policy-statement send-direct then accept
配置路由选项参数。
[edit ] user@CE2# set routing-options router-id 192.168.0.2 user@CE2# set routing-options autonomous-system 64512
配置 DSCP 代码点重写参数。
[edit ] user@CE2# set firewall family inet filter ip-v4 term tcp80 from port 80 user@CE2# set firewall family inet filter ip-v4 term tcp80 then dscp ef user@CE2# set firewall family inet filter ip-v4 term 12345 from port 12345 user@CE2# set firewall family inet filter ip-v4 term 12345 then dscp be user@CE2# set firewall family inet filter ip-v4 term accept then accept
结果
在配置模式下,输入 、 show interfacesshow protocols、 、 show policy-optionsshow routing-options、 show routing-instances、 show firewall和show class-of-service命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以更正配置。
user@CE1# show interfaces
ge-1/0/1 {
unit 0 {
description to-host;
family inet {
filter {
input ip-v4;
}
address 172.16.50.2/30;
}
}
}
ge-1/0/5 {
unit 0 {
description to_Provider;
family inet {
address 10.80.0.1/30;
}
}
}
lo0 {
unit 1 {
description loopback-interface;
family inet {
address 192.168.0.1/32;
}
}
}
user@CE1# show protocols
bgp {
group to_Provider {
type external;
export send-direct;
peer-as 64511;
neighbor 10.80.0.2;
}
}
user@CE1# show policy-options
policy-statement send-direct {
from protocol direct;
then accept;
}
user@CE1# show routing-options router-id 192.168.0.1; autonomous-system 64510;
user@CE1# show firewall
family inet {
filter ip-v4 {
term tcp80 {
from {
port 80;
}
then dscp ef;
}
term 12345 {
from {
port 12345;
}
then dscp be;
}
term accept {
then accept;
}
}
}
完成设备 CE1 配置后,请从配置模式进入 commit 。
user@PE1# show interfaces
ge-1/0/6 {
description to_vpna;
unit 0 {
family inet {
address 10.80.0.2/30;
}
}
}
ge-1/0/7 {
description to_P1;
unit 0 {
family inet {
address 10.30.0.1/30;
}
family mpls;
}
}
lo0 {
unit 0 {
description loopback-interface;
family inet {
address 10.255.70.31/32;
}
}
}
user@PE1# show protocols
mpls {
interface ge-1/0/7.0;
}
bgp {
group to_PE2 {
type internal;
local-address 10.255.70.31;
family inet-vpn {
unicast;
}
neighbor 172.30.14.1;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-1/0/7.0;
}
}
ldp {
interface ge-1/0/7.0;
interface lo0.0;
}
user@PE1# show routing-options router-id 10.255.70.31; autonomous-system 64511;
user@PE1# show routing-instances
vpna {
instance-type vrf;
interface ge-1/0/6.0;
route-distinguisher 64511:1;
vrf-target target:64511:1;
protocols {
bgp {
group to_vpna {
type external;
peer-as 64510;
neighbor 10.80.0.1;
}
}
}
}
user@PE1# show class-of-service
classifiers {
dscp dscpv4 {
forwarding-class expedited-forwarding {
loss-priority low code-points ef;
}
forwarding-class best-effort {
loss-priority low code-points be;
}
}
exp exp-in {
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
interfaces {
ge-1/0/6 {
unit 0 {
classifiers {
dscp dscpv4;
}
rewrite-rules {
dscp dscpv4-rw;
}
}
}
ge-1/0/7 {
unit 0 {
classifiers {
exp exp-in;
}
rewrite-rules {
exp exp-out;
}
}
}
}
rewrite-rules {
dscp dscpv4-rw {
forwarding-class expedited-forwarding {
loss-priority low code-point ef;
}
forwarding-class best-effort {
loss-priority low code-point be;
}
}
exp exp-out {
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
}
}
}
完成设备 PE1 配置后,请从配置模式进入 commit 。
user@P1# show interfaces
ge-1/0/3 {
description to_P2;
unit 0 {
family inet {
address 10.40.0.1/30;
}
family mpls;
}
}
ge-1/0/7 {
description to_PE1;
unit 0 {
family inet {
address 10.30.0.2/30;
}
family mpls;
}
}
lo0 {
unit 0 {
description loopback-interface;
family inet {
address 192.168.16.1/32;
}
}
}
user@P1# show protocols
mpls {
interface ge-1/0/7.0;
interface ge-1/0/3.0;
}
ospf {
area 0.0.0.0 {
interface ge-1/0/3.0;
interface ge-1/0/7.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface ge-1/0/3.0;
interface ge-1/0/7.0;
interface lo0.0;
}
user@P1# show routing-options router-id 10.255.187.32;
完成设备 P1 配置后,请从配置模式进入 commit 。
user@P2# show interfaces
ge-2/0/6 {
description to_P1;
unit 0 {
family inet {
address 10.40.0.2/30;
}
family mpls;
}
}
ge-2/0/8 {
description to_PE2;
unit 0 {
family inet {
address 10.50.0.1/30;
}
family mpls;
}
}
lo0 {
unit 0 {
description loopback-interface;
family inet {
address 192.168.13.1/32;
}
}
}
user@P2# show protocols
mpls {
interface ge-2/0/6.0;
interface ge-2/0/8.0;
}
ospf {
area 0.0.0.0 {
interface ge-2/0/6.0;
interface ge-2/0/8.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface ge-2/0/6.0;
interface ge-2/0/8.0;
interface lo0.0;
}
user@P2# show routing-options router-id 192.168.187.3;
完成设备 P2 配置后,请从配置模式进入 commit 。
user@PE2# show interfaces
ge-2/0/8 {
description to-R1;
unit 0 {
family inet {
address 10.50.0.2/30;
}
family mpls;
}
}
ge-2/1/1 {
unit 0 {
description to-vpna;
family inet {
address 10.90.0.1/30;
}
}
}
lo0 {
unit 0 {
description loopback-interface;
family inet {
address 172.30.14.1/32;
}
}
}
user@PE2# show protocols
mpls {
interface ge-2/0/8.0;
}
bgp {
group to_PE1 {
type internal;
local-address 172.30.14.1;
family inet-vpn {
unicast;
}
neighbor 10.255.70.31;
}
}
ospf {
area 0.0.0.0 {
interface ge-2/0/8.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface ge-2/0/8.0;
interface lo0.0;
}
user@PE2# show routing-options router-id 172.30.14.1; autonomous-system 64511;
user@PE2# show routing-instances
vpna {
instance-type vrf;
interface ge-2/1/1.0;
route-distinguisher 64511:1;
vrf-target target:64511:1;
protocols {
bgp {
group to_vpna {
type external;
peer-as 64512;
neighbor 10.90.0.2;
}
}
}
}
user@PE2# show class-of-service
classifiers {
dscp dscpv4 {
forwarding-class expedited-forwarding {
loss-priority low code-points ef;
}
forwarding-class best-effort {
loss-priority low code-points be;
}
}
exp exp-in {
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
interfaces {
ge-2/0/8 {
unit 0 {
classifiers {
exp exp-in;
}
rewrite-rules {
exp exp-out;
}
}
}
ge-2/1/1 {
unit 0 {
classifiers {
dscp dscpv4;
}
rewrite-rules {
dscp dscpv4-rw;
}
}
}
}
rewrite-rules {
dscp dscpv4-rw {
forwarding-class expedited-forwarding {
loss-priority low code-point ef;
}
forwarding-class best-effort {
loss-priority low code-point be;
}
}
exp exp-out {
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
}
}
}
完成设备 PE2 配置后,请从配置模式进入 commit 。
user@CE2# show interfaces
ge-2/0/7 {
unit 0 {
description to-host;
family inet {
filter {
input ip-v4;
}
address 172.16.80.2/30;
}
}
}
ge-2/1/2 {
unit 0 {
description to-Provider;
family inet {
address 10.90.0.2/30;
}
}
}
lo0 {
unit 1 {
description loopback-interface;
family inet {
address 192.168.0.2/32;
}
}
}
user@CE2# show protocols
bgp {
group to_Provider {
type external;
export send-direct;
peer-as 64511;
neighbor 10.90.0.1;
}
}
user@CE2# show policy-options
policy-statement send-direct {
from protocol direct;
then accept;
}
user@CE2# show routing-options router-id 192.168.0.2; autonomous-system 64512;
user@CE2# show firewall
family inet {
filter ip-v4 {
term tcp80 {
from {
port 80;
}
then dscp ef;
}
term 12345 {
from {
port 12345;
}
then dscp be;
}
term accept {
then accept;
}
}
}
完成设备 CE2 配置后,请从配置模式进入 commit 。
验证
通过验证从 CE1 到 CE2 维护 DSCP 代码点,确认配置工作正常。
清除防火墙计数器
目的
确认防火墙计数器已清除。
行动
在设备 CE2 上,运行 clear firewall all 命令将防火墙计数器重置为 0。
user@CE2> clear firewall all
从 TCP HTTP 端口 80 和 12345 向网络发送流量并监控结果
目的
将连接到设备 CE1 的主机的流量发送到网络,以便在设备 CE2 上可以进行监控。
行动
接口 ge-2/0/7 上需要一个不同的防火墙,以对出站传输到目标的流量进行计数。以下命令将防火墙过滤器应用于在传输到目标时对标记的流量进行计数的防火墙过滤器。
注意:
要捕获设备 CE1 的流量,请应用此命令 set interfaces ge-1/0/1 unit 0 family inet filter output count,然后执行以下命令。
注意:
要捕获设备 CE2 的流量,请应用此命令 set interfaces ge-2/0/7 unit 0 family inet filter output count,然后执行以下命令。
set firewall family inet filter count term be from dscp be set firewall family inet filter count term be then count be set firewall family inet filter count term ef from dscp ef set firewall family inet filter count term ef then count ef set firewall family inet filter count term accept then accept set interfaces ge-2/0/7 unit 0 family inet filter output count
完成测试后,可以将计数过滤器保留到位,也可以将其移除。
在主机 1 上,使用流量生成器将源端口为 80 的 20 个 TCP 数据包发送到网络,并使用源端口 12345 重复任务。
[user@host]# hping 172.16.80.1 -s 80 -k -c 20 [user@host]# hping 172.16.80.1 -s 12345 -k -c 20
在设备 CE2 上,使用
show firewall命令检查防火墙计数器。user@CE2> show firewall Filter: __CE2/ip-v4 Filter: __CE2/count Counters: Name Bytes Packets be 800 20 ef 800 20
意义
TCP 数据包到端口 12345 的代码点维持不变。TCP 数据包到端口 80 的代码点维护为 ef。