示例:为 IPv4 组播 VPN 流量配置特定隧道(使用 Draft-Rosen MVPN)
此示例说明如何配置不同的提供商隧道,以便在组播 VPN 网络中传输 IPv4 客户流量。
要求
此示例使用以下硬件和软件组件:
四台瞻博网络设备:两台 PE 路由器和两台客户边缘设备。
在 PE 路由器上运行的 Junos OS 11.4 或更高版本。
PE 路由器可以是 M 系列多服务边缘路由器、MX 系列以太网服务路由器或 T 系列核心路由器。
客户边缘设备可以是交换机(如 EX 系列以太网交换机),也可以是路由器(如 M 系列、MX 系列或 T 系列平台)。
概述
组播隧道是一种在组播 VPN 中跨提供商核心提供控制和数据流量的机制。控制和数据包通过提供商核心中的组播分发树传输。当服务提供商同时传输来自单个客户的 IPv4 和 IPv6 流量时,有时将 IPv4 和 IPv6 流量分离到客户 VRF 路由实例内的不同组播隧道会很有用。将客户 IPv4 和 IPv6 流量放在两个不同的隧道上可提供灵活性和控制力。例如,它可以帮助服务提供商适当收费,管理和测量流量模式,并在部署新服务时改进决策能力。
此示例配置了草稿 Rosen 7 组播 VPN 控制平面。控制平面配置为使用特定于源的组播 (SSM) 模式。提供商隧道用于 draft-rosen 7 控制流量和 IPv4 客户流量。
此示例使用以下语句配置 draft-rosen 7 控制平面并指定要在提供商隧道中传输的 IPv4 流量:
provider-tunnel pim-ssm family inet group-address 232.1.1.1
pim mvpn family inet autodiscovery inet-mdt
pim mvpn family inet6 disable
mvpn family inet autodiscovery-only intra-as inclusive
family inet-mdt signaling
请注意以下限制:
Junos OS 目前不支持带有 draft-rosen 6 或 draft-rosen 7 的 IPv6。
Junos OS 在一个路由实例中不支持两个以上的提供商隧道。例如,您无法配置一个 RSVP-TE 提供商隧道和两个 MVPN 提供商隧道。
在路由实例中,您无法同时配置任意源组播 (ASM) 隧道和 SSM 隧道。
PE 路由器配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,然后将命令复制并粘贴到层次结构级别的 CLI [edit]
中。
路由器 PE1
set interfaces so-0/0/3 unit 0 family inet address 10.111.10.1/30 set interfaces so-0/0/3 unit 0 family mpls set interfaces fe-1/1/2 unit 0 family inet address 10.10.10.1/30 set interfaces lo0 unit 0 family inet address 10.255.182.133/32 primary set interfaces lo0 unit 1 family inet address 10.10.47.100/32 set routing-options router-id 10.255.182.133 set routing-options route-distinguisher-id 10.255.182.133 set routing-options autonomous-system 100 set routing-instances VPN-A instance-type vrf set routing-instances VPN-A interface fe-1/1/2.0 set routing-instances VPN-A interface lo0.1 set routing-instances VPN-A provider-tunnel pim-ssm family inet group-address 232.1.1.1 set routing-instances VPN-A provider-tunnel mdt threshold group 224.1.1.0/24 source 10.240.0.242/32 rate 10 set routing-instances VPN-A provider-tunnel mdt tunnel-limit 20 set routing-instances VPN-A provider-tunnel mdt group-range 232.1.1.3/32 set routing-instances VPN-A vrf-target target:100:10 set routing-instances VPN-A vrf-table-label set routing-instances VPN-A protocols ospf area 0.0.0.0 interface all set routing-instances VPN-A protocols ospf export bgp-to-ospf set routing-instances VPN-A protocols pim mvpn family inet autodiscovery inet-mdt set routing-instances VPN-A protocols pim mvpn family inet6 disable set routing-instances VPN-A protocols pim rp static address 10.255.182.144 set routing-instances VPN-A protocols pim interface lo0.1 mode sparse-dense set routing-instances VPN-A protocols pim interface fe-1/1/2.0 mode sparse-dense set routing-instances VPN-A protocols mvpn family inet autodiscovery-only intra-as inclusive set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.182.133 set protocols bgp group ibgp family inet-vpn unicast set protocols bgp group ibgp family inet-mdt signaling set protocols bgp group ibgp neighbor 10.255.182.142 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols pim rp local address 10.255.182.133 set protocols pim interface all mode sparse set protocols pim interface all version 2 set protocols pim interface fxp0.0 disable set policy-options policy-statement bgp-to-ospf from protocol bgp set policy-options policy-statement bgp-to-ospf then accept
路由器 PE2
set interfaces so-0/0/1 unit 0 family inet address 10.10.20.1/30 set interfaces so-0/0/3 unit 0 family inet address 10.111.10.2/30 set interfaces so-0/0/3 unit 0 family iso set interfaces so-0/0/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.182.142/32 primary set interfaces lo0 unit 1 family inet address 10.10.47.101/32 set routing-options router-id 10.255.182.142 set routing-options route-distinguisher-id 10.255.182.142 set routing-options autonomous-system 100 set routing-instances VPN-A instance-type vrf set routing-instances VPN-A interface so-0/0/1.0 set routing-instances VPN-A interface lo0.1 set routing-instances VPN-A provider-tunnel pim-ssm family inet group-address 232.1.1.1 set routing-instances VPN-A provider-tunnel mdt threshold group 224.1.1.0/24 source 10.240.0.242/32 rate 10 set routing-instances VPN-A provider-tunnel mdt tunnel-limit 20 set routing-instances VPN-A provider-tunnel mdt group-range 232.1.1.3/32 set routing-instances VPN-A vrf-target target:100:10 set routing-instances VPN-A vrf-table-label set routing-instances VPN-A routing-options graceful-restart set routing-instances VPN-A protocols ospf area 0.0.0.0 interface all set routing-instances VPN-A protocols ospf export bgp-to-ospf set routing-instances VPN-A protocols pim mvpn family inet autodiscovery inet-mdt set routing-instances VPN-A protocols pim mvpn family inet6 disable set routing-instances VPN-A protocols pim rp static address 10.255.182.144 set routing-instances VPN-A protocols pim interface lo0.1 mode sparse-dense set routing-instances VPN-A protocols pim interface so-0/0/1.0 mode sparse-dense set routing-instances VPN-A protocols mvpn family inet autodiscovery-only intra-as inclusive set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.182.142 set protocols bgp group ibgp family inet-vpn unicast set protocols bgp group ibgp family inet-mdt signaling set protocols bgp group ibgp neighbor 10.255.182.133 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols pim rp static address 10.255.182.133 set protocols pim interface all mode sparse set protocols pim interface all version 2 set protocols pim interface fxp0.0 disable set policy-options policy-statement bgp-to-ospf from protocol bgp set policy-options policy-statement bgp-to-ospf then accept
路由器 PE1
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 Junos OS CLI 用户指南。
要配置路由器 PE1:
配置路由器接口,启用 IPv4 流量。
还要在面向路由器 PE2 的接口上启用 MPLS。
该
lo0.1
接口用于VPN-A
路由实例。[edit interfaces] user@PE1# set so-0/0/3 unit 0 family inet address 10.111.10.1/30 user@PE1# set so-0/0/3 unit 0 family mpls user@PE1# set fe-1/1/2 unit 0 family inet address 10.10.10.1/30 user@PE1# set lo0 unit 0 family inet address 10.255.182.133/32 primary user@PE1# set lo0 unit 1 family inet address 10.10.47.100/32
配置路由策略以将 BGP 路由从路由表导出到 OSPF。
[edit policy-options policy-statement bgp-to-ospf] user@PE1# set from protocol bgp user@PE1# set then accept
配置路由器 ID、路由识别符和自治系统编号。
[edit routing-options] user@PE1# set router-id 10.255.182.133 user@PE1# set route-distinguisher-id 10.255.182.133 user@PE1# set autonomous-system 100
配置需要在主路由实例中运行的协议,以启用 MPLS、BGP、IGP、VPN 和 PIM 稀疏模式。
[edit protocols ] user@PE1# set mpls interface all user@PE1# set mpls interface fxp0.0 disable user@PE1# set bgp group ibgp type internal user@PE1# set bgp group ibgp local-address 10.255.182.133 user@PE1# set bgp group ibgp family inet-vpn unicast user@PE1# set bgp group ibgp neighbor 10.255.182.142 user@PE1# set ospf traffic-engineering user@PE1# set ospf area 0.0.0.0 interface all user@PE1# set ospf area 0.0.0.0 interface fxp0.0 disable user@PE1# set ldp interface all user@PE1# set pim rp local address 10.255.182.133 user@PE1# set pim interface all mode sparse user@PE1# set pim interface all version 2 user@PE1# set pim interface fxp0.0 disable
创建客户 VRF 路由实例。
[edit routing-instances VPN-A] user@PE1# set instance-type vrf user@PE1# set interface fe-1/1/2.0 user@PE1# set interface lo0.1 user@PE1# set vrf-target target:100:10 user@PE1# set vrf-table-label user@PE1# set protocols ospf area 0.0.0.0 interface all user@PE1# set protocols ospf export bgp-to-ospf user@PE1# set protocols pim rp static address 10.255.182.144 user@PE1# set protocols pim interface lo0.1 mode sparse-dense user@PE1# set protocols pim interface fe-1/1/2.0 mode sparse-dense
配置 draft-rosen 7 控制平面,并指定要在提供商隧道中传输的 IPv4 流量。
[edit routing-instances VPN-A] user@PE1# set provider-tunnel pim-ssm family inet group-address 232.1.1.1 user@PE1# set protocols pim mvpn family inet autodiscovery inet-mdt user@PE1# set protocols pim mvpn family inet6 disable user@PE1# set protocols mvpn family inet autodiscovery-only intra-as inclusive [edit protocols bgp group ibgp] user@PE1# set family inet-mdt signaling
(可选)配置数据 MDT 隧道。
[edit routing-instances VPN-A] user@PE1# set provider-tunnel mdt threshold group 224.1.1.0/24 source 10.240.0.242/32 rate 10 user@PE1# set provider-tunnel mdt tunnel-limit 20 user@PE1# set provider-tunnel mdt group-range 232.1.1.3/32
结果
在配置模式下,输入 show interfaces
、 show policy-options
、 show routing-instances
show protocols
和show routing-options
命令来确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明以更正配置。
user@PE1# show interfaces lo0 { unit 0 { family inet { address 10.255.182.133/32 { primary; } } } unit 1 { family inet { address 10.10.47.100/32; } } } so-0/0/3 { unit 0 { family inet { address 10.111.10.1/30; } family mpls; } } fe-1/1/2 { unit 0 { family inet { address 10.10.10.1/30; } } }
user@PE1# show policy-options policy-statement bgp-to-ospf { from protocol bgp; then accept; }
user@PE1# show protocols mpls { ipv6-tunneling; interface all; interface fxp0.0 { disable; } } bgp { group ibgp { type internal; local-address 10.255.182.133; family inet-vpn { unicast; } family inet-mdt { signaling; } neighbor 10.255.182.142; } } ospf { traffic-engineering; area 0.0.0.0 { interface all; interface fxp0.0 { disable; } } } ldp { interface all; } pim { rp { local { address 10.255.182.133; } } interface all { mode sparse; version 2; } interface fxp0.0 { disable; } }
user@PE1# show routing-instances VPN-A { instance-type vrf; interface fe-1/1/2.0; interface lo0.1; provider-tunnel { pim-ssm { family { inet { group-address 232.1.1.1; } } } mdt { threshold { group 224.1.1.0/24 { source 10.240.0.242/32 { rate 10; } } } tunnel-limit 20; group-range 232.1.1.3/32; } } vrf-target target:100:10; vrf-table-label; protocols { ospf { export bgp-to-ospf; area 0.0.0.0 { interface all; } } pim { mvpn { family { inet { autodiscovery { inet-mdt; } } inet6 { disable; } } } rp { static { address 10.255.182.144; } } interface lo0.1 { mode sparse-dense; } interface fe-1/1/2.0 { mode sparse-dense; } } mvpn { family { inet { autodiscovery-only { intra-as { inclusive; } } } } } } }
user@PE1# show routing-options route-distinguisher-id 10.255.182.133; autonomous-system 100; router-id 10.255.182.133;
如果完成路由器配置,请从配置模式输入 commit
。
对路由器 PE2 使用相应的接口名称和 IP 地址重复此过程。
CE 设备配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,然后将命令复制并粘贴到层次结构级别的 CLI [edit]
中。
设备 CE1
set interfaces fe-0/1/0 unit 0 family inet address 10.10.10.2/30 set interfaces lo0 unit 0 family inet address 10.255.182.144/32 primary set routing-options router-id 10.255.182.144 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols pim rp local address 10.255.182.144 set protocols pim interface all mode sparse-dense set protocols pim interface fxp0.0 disable
设备 CE2
set interfaces so-0/0/1 unit 0 family inet address 10.10.20.2/30 set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set interfaces lo0 unit 0 family inet address 10.255.182.140/32 primary set routing-options router-id 10.255.182.140 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols pim rp static address 10.255.182.144 set protocols pim interface all mode sparse-dense set protocols pim interface fxp0.0 disable
设备 CE1
分步过程
要配置设备 CE1:
配置路由器接口,启用 IPv4 和 IPv6 流量。
[edit interfaces] user@CE1# set fe-0/1/0 unit 0 family inet address 10.10.10.2/30 user@CE1# set lo0 unit 0 family inet address 10.255.182.144/32 primary
配置路由器 ID。
[edit routing-options] user@CE1# set router-id 10.255.182.144
配置需要在 CE 设备上运行的协议,以启用 OSPF(适用于 IPv4)和 PIM 稀疏密集模式。
[edit protocols] user@CE1# set ospf area 0.0.0.0 interface all user@CE1# set ospf area 0.0.0.0 interface fxp0.0 disable user@CE1# set pim rp local address 10.255.182.144 user@CE1# set pim interface all mode sparse-dense user@CE1# set pim interface fxp0.0 disable
结果
在配置模式下,输入 show interfaces
、 show protocols
和 show routing-options
命令确认您的配置。如果输出未显示预期的配置,请重复此示例中的配置说明以进行更正。
user@CE1# show interfaces fe-0/1/0 { unit 0 { family inet { address 10.10.10.2/30; } } } lo0 { unit 0 { family inet { address 10.255.182.144/32 { primary; } } } }
user@CE1# show protocols ospf { area 0.0.0.0 { interface all; interface fxp0.0 { disable; } } } pim { rp { local { address 10.255.182.144; } } interface all { mode sparse-dense; } interface fxp0.0 { disable; } }
user@CE1# show routing-options router-id 10.255.182.144;
如果完成路由器配置,请从配置模式输入 commit
。
对设备 CE2 重复此过程,使用相应的接口名称和 IP 地址。
验证
确认配置工作正常。
验证隧道封装
目的
验证 PIM 组播隧道 (mt
) 封装和解封装接口是否启动。
行动
user@PE1> show pim interfaces instance VPN-A Instance: PIM.VPN-A Name Stat Mode IP V State NbrCnt JoinCnt(sg) JoinCnt(*g) DR address fe-1/1/2.0 Up SparseDense 4 2 NotDR 1 1 1 10.10.10.2 lo0.1 Up SparseDense 4 2 DR 0 0 0 10.10.47.100 lsi.2304 Up SparseDense 4 2 P2P 0 0 0 mt-0/3/0.32769 Up SparseDense 4 2 P2P 0 0 0 mt-1/2/0.1081344 Up SparseDense 4 2 P2P 0 0 0 mt-1/2/0.32768 Up SparseDense 4 2 P2P 1 0 0 pe-0/3/0.32770 Up Sparse 4 2 P2P 0 0 0
意义
用于封装 mt-[xxxxx]
的组播隧道接口的范围是从 32,768 到 49,151。用于解封装的接口 mt-[yyyyy]
在 1,081,344 到 1,107,827 之间。PIM 仅在封装接口上运行。解封装接口填充下游接口信息。
验证 PIM 邻居
目的
验证是否已通过组播隧道接口建立 PIM 邻居关系。
行动
user@PE1> show pim neighbors instance VPN-A Instance: PIM.VPN-A B = Bidirectional Capable, G = Generation Identifier, H = Hello Option Holdtime, L = Hello Option LAN Prune Delay, P = Hello Option DR Priority, T = Tracking Bit Interface IP V Mode Option Uptime Neighbor addr fe-1/1/2.0 4 2 HPLGT 00:29:35 10.10.10.2 mt-1/2/0.32768 4 2 HPLGT 00:28:32 10.10.47.101
意义
如果列出了邻居地址且正常运行时间在递增,则表示通过组播隧道接口建立了 PIM 邻居关系。
验证提供程序隧道和控制平面
目的
确认提供程序隧道和控制平面协议正确无误。
行动
user@PE1> show pim mvpn Instance Family VPN-Group Mode Tunnel PIM.VPN-A INET 225.1.1.1 PIM-MVPN PIM-SSM
意义
对于草稿 Rosen,MVPN 模式在输出 PIM-MVPN
中显示为 。
检查路由
目的
验证流量是否按预期流动。
行动
user@R1> show multicast route extensive instance VPN-A Family: INET Group: 224.1.1.1 Source: 10.240.0.242/32 Upstream interface: fe-1/1/2.0 Downstream interface list: mt-1/2/0.32768 Session description: NOB Cross media facilities Statistics: 92 kBps, 1001 pps, 1869820 packets Next-hop ID: 1048581 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 0
意义
对于 draft-rosen,上游协议在输出 PIM
中显示为 。
验证 MDT 隧道
目的
验证默认和数据 MDT 隧道是否正确。
行动
user@PE1> show pim mdt instance VPN-A Instance: PIM.VPN-A Tunnel direction: Outgoing Tunnel mode: PIM-SSM Default group address: 232.1.1.1 Default source address: 10.255.182.133 Default tunnel interface: mt-1/2/0.32769 Default tunnel source: 0.0.0.0 C-group address C-source address P-group address Data tunnel interface 224.1.1.1 10.240.0.242 232.1.1.3 mt-0/3/0.32771 Instance: PIM.VPN-A Tunnel direction: Incoming Tunnel mode: PIM-SSM Default group address: 232.1.1.1 Default source address: 10.255.182.142 Default tunnel interface: mt-1/2/0.1081345 Default tunnel source: 0.0.0.0