示例:通过传输类隧道配置 EVPN-VPWS
概述
在此示例中,我们使用基本网络拓扑通过 PE1 和 PE2 之间的两个 RSVP-TE 传输类隧道配置 EVPN-VPWS。我们定义了两个传输类,并为传输类分配不同的隧道。我们为设备配置以下功能:
-
EVPN-VPWS 路由实例。
-
使用 MPLS LSP 和 BGP 的 RSVP-TE 隧道。
-
黄金和青铜运输类。
-
策略过滤器为黄金和青铜传输类指定单独的社区。
要求
-
配置为 PE 路由器的两个 MX 系列路由器
-
一台配置为路由反射器的 MX 系列路由器
-
在所有设备上运行的 Junos OS 23.1R1 或更高版本。
拓扑学
图 1 显示了一个基本拓扑结构,其中包含 2 个 PE 设备和一个在 PE 设备之间转发路由的路由反射器。一对 CE 设备分别连接到 PE1 和 PE2。PE1 和 PE2 通过黄金隧道路由来自 CE1 和 CE2 的流量,来自 CE3 和 CE4 的流量通过青铜隧道路由。
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改任何必要的详细信息以匹配您的网络配置,然后将命令复制并粘贴到 [edit] 层次结构级别的 CLI 中。PE1、PE2 和 RR 的配置如下所示:
PE1
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description pe1-rr set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 vlan-tagging set interfaces ge-0/0/2 encapsulation flexible-ethernet-services set interfaces ge-0/0/2 unit 4 description pe1-ce1 set interfaces ge-0/0/2 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 4 vlan-id 300 set interfaces ge-0/0/2 unit 5 description pe1-ce3 set interfaces ge-0/0/2 unit 5 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 5 vlan-id 301 set interfaces lo0 unit 0 family inet address 10.0.255.1/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0001.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2gold set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add rt-evpnvpws-2 set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws-2 term a then accept set policy-options policy-statement vrf-export-evpnvpws-2 term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws-2 term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws-2 term a from community rt-evpnvpws-2 set policy-options policy-statement vrf-import-evpnvpws-2 term a then accept set policy-options policy-statement vrf-import-evpnvpws-2 term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set policy-options community rt-evpnvpws-2 members target:300:1 set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id local 102 set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id remote 201 set routing-instances evpn-vpws interface ge-0/0/2.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-instances evpn-vpws-2 instance-type evpn-vpws set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id local 103 set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id remote 301 set routing-instances evpn-vpws-2 interface ge-0/0/2.5 set routing-instances evpn-vpws-2 route-distinguisher 65000:2 set routing-instances evpn-vpws-2 vrf-import vrf-import-evpnvpws-2 set routing-instances evpn-vpws-2 vrf-export vrf-export-evpnvpws-2 set routing-options route-distinguisher-id 10.0.255.1 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.1 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200 set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.1 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe1-rr to 10.0.255.3 set protocols mpls label-switched-path pe1-pe2 to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold transport-class gold set protocols mpls label-switched-path pe1-pe2-bronze to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-bronze transport-class bronze set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
PE2
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description pe2-rr set interfaces ge-0/0/0 unit 0 family inet address 10.2.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/4 description pe2-ce2 set interfaces ge-0/0/4 vlan-tagging set interfaces ge-0/0/4 encapsulation flexible-ethernet-services set interfaces ge-0/0/4 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/4 unit 4 vlan-id 300 set interfaces lo0 unit 0 family inet address 10.0.255.2/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0002.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/4.4 vpws-service-id local 201 set routing-instances evpn-vpws protocols evpn interface ge-0/0/4.4 vpws-service-id remote 102 set routing-instances evpn-vpws interface ge-0/0/4.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-options route-distinguisher-id 10.0.255.2 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.2 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200 set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.2 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe2-pe1-gold to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-gold transport-class gold set protocols mpls label-switched-path pe2-pe1 to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-bronze to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-bronze transport-class bronze set protocols mpls label-switched-path pe2-rr to 10.0.255.3 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
RR
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description rr-pe1 set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 description rr-pe2 set interfaces ge-0/0/2 unit 0 family inet address 10.2.1.2/24 set interfaces ge-0/0/2 unit 0 family iso set interfaces ge-0/0/2 unit 0 family mpls set interfaces lo0 apply-groups-except global set interfaces lo0 unit 0 family inet address 10.0.255.3/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0003.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement pplb then load-balance per-packet set routing-options route-distinguisher-id 10.0.255.3 set routing-options router-id 10.0.255.3 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.3 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs cluster 10.0.255.3 set protocols bgp group BGP_PEERs neighbor 10.0.255.1 set protocols bgp group BGP_PEERs neighbor 10.0.255.2 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path rr-pe1 to 10.0.255.1 set protocols mpls label-switched-path rr-pe2 to 10.0.255.2 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
分步过程
要在 PE 设备上设置传输类隧道,请执行以下操作:
-
配置设备以支持增强型 IP 和隧道服务。
[edit] set chassis network-services enhanced-ip
-
配置接口。
[edit] set interfaces ge-0/0/0 description pe1-rr set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 vlan-tagging set interfaces ge-0/0/2 encapsulation flexible-ethernet-services set interfaces ge-0/0/2 unit 4 description pe1-ce1 set interfaces ge-0/0/2 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 4 vlan-id 300 set interfaces ge-0/0/2 unit 5 description pe1-ce3 set interfaces ge-0/0/2 unit 5 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 5 vlan-id 301 set interfaces lo0 unit 0 family inet address 10.0.255.1/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0001.00 set interfaces lo0 unit 0 family mpls
-
在 PE1 上定义金和青铜传输等级。
[edit] set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200
-
配置路由协议和路由选项以支持传输隧道。我们将 RSVP-TE 与 MPLS LSP 和 BGP 结合使用。
[edit] set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.1 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe1-rr to 10.0.255.3 set protocols mpls label-switched-path pe1-pe2 to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold transport-class gold set protocols mpls label-switched-path pe1-pe2-bronze to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-bronze transport-class bronze set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set routing-options route-distinguisher-id 10.0.255.1 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.1 set routing-options autonomous-system 65000
-
配置策略以将 EVPN 路由应用于传输隧道。我们用于
vrf-export
将隧道通告到远程 PE。[edit] set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2gold set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add rt-evpnvpws-2 set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws-2 term a then accept set policy-options policy-statement vrf-export-evpnvpws-2 term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws-2 term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws-2 term a from community rt-evpnvpws-2 set policy-options policy-statement vrf-import-evpnvpws-2 term a then accept set policy-options policy-statement vrf-import-evpnvpws-2 term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set policy-options community rt-evpnvpws-2 members target:300:1
-
配置将使用上述策略的 EVPN-VPWS 路由实例。
[edit] set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id local 102 set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id remote 201 set routing-instances evpn-vpws interface ge-0/0/2.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-instances evpn-vpws-2 instance-type evpn-vpws set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id local 103 set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id remote 301 set routing-instances evpn-vpws-2 interface ge-0/0/2.5 set routing-instances evpn-vpws-2 route-distinguisher 65000:2 set routing-instances evpn-vpws-2 vrf-import vrf-import-evpnvpws-2 set routing-instances evpn-vpws-2 vrf-export vrf-export-evpnvpws-2
验证
确认配置工作正常。
验证隧道中的数据包流
目的
验证 PE 设备是否在与传输类关联的 RSVP LSP 隧道上路由数据包。
行动
从 CE1、 ping
CE2 上的操作模式开始。
user@CE1> ping 172.16.0.2 count 10 rapid PING 172.16.0.2 (172.16.0.2): 56 data bytes !!!!!!!!!! --- 172.16.0.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.795/4.276/5.075/0.269 ms
从 CE3、 ping
CE4 上的操作模式。
user@CE3> ping 172.16.1.2 count 20 rapid PING 172.16.1.2 (172.16.1.2): 56 data bytes !!!!!!!!!!!!!!!!!!!! --- 172.16.1.2 ping statistics --- 20 packets transmitted, 20 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.631/4.380/7.976/0.608 ms
在 PE1 上的操作模式下,运行 show mpls lsp statistics
命令以显示 LSP 信息。
user@PE1> show mpls lsp statistics Ingress LSP: 4 sessions To From State Packets Bytes LSPname 10.0.255.2 10.0.255.1 Up 0 0 pe1-pe2 10.0.255.2 10.0.255.1 Up 20 2040 pe1-pe2-bronze 10.0.255.2 10.0.255.1 Up 10 1020 pe1-pe2-gold 10.0.255.3 10.0.255.1 Up 0 0 pe1-rr
意义
输出显示 ping 已成功。命令 show mpls lsp statistics
的输出显示数据包已路由到青铜隧道和黄金隧道。
验证配置的传输隧道
目的
验证 EVPN 是否使用了配置的传输隧道。
行动
在 PE1 上的操作模式下,运行 show route table mpls.0 protocol evpn
命令以识别 LSP 路由。
user@PE1> show route table mpls.0 protocol evpn mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 94 *[EVPN/7] 6d 01:07:24 > via ge-0/0/2.4, Pop 105 *[EVPN/7] 06:20:50 > via ge-0/0/2.5, Pop 106 *[EVPN/7] 06:17:47, remote-pe 10.0.255.2, routing-instance evpn-vpws-2, route-type Egress, vlan-id 301 > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-bronze 107 *[EVPN/7] 06:08:41, remote-pe 10.0.255.2, routing-instance evpn-vpws, route-type Egress, vlan-id 201 > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-gold ge-0/0/2.5 *[EVPN/7] 06:17:47, route-type Egress > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-bronze ge-0/0/2.4 *[EVPN/7] 06:08:41, route-type Egress > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-gold
在 PE1 上的操作模式下,使用路由标签号运行 show route table mpls.0 protocol evpn label label-number extensive
命令以显示传输类信息。
user@PE1> show route table mpls.0 protocol evpn label 107 extensive mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) 107 (1 entry, 1 announced) TSI: KRT in-kernel 107 /52 -> {composite(554)} *EVPN Preference: 7 Next hop type: Indirect, Next hop index: 0 Transport class: gold Address: 0x7b406d4 Next-hop reference count: 5, key opaque handle: 0x0, non-key opaque handle: 0x0 Next hop type: Router, Next hop index: 549 Next hop: 10.1.1.2 via ge-0/0/0.0, selected Label-switched-path pe1-pe2-gold . . . regress@PE1> show route table mpls.0 protocol evpn label 106 extensive mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) 106 (1 entry, 1 announced) TSI: KRT in-kernel 106 /52 -> {composite(553)} *EVPN Preference: 7 Next hop type: Indirect, Next hop index: 0 Transport class: bronze Address: 0x7b40584 Next-hop reference count: 5, key opaque handle: 0x0, non-key opaque handle: 0x0 Next hop type: Router, Next hop index: 551 Next hop: 10.1.1.2 via ge-0/0/0.0, selected Label-switched-path pe1-pe2-bronze . . .
意义
PE1 和 PE2 的输出显示,我们正在通过黄金隧道和青铜隧道路由来自 EVPN VPWS 路由实例的流量。