第 3 层 VPN 中的提供商边缘链路保护
本主题介绍如何配置预计算保护路径,并在 CE 路由器和替代 PE 路由器之间提供链路保护和备份路径。
了解 BGP 标记单播路径的提供商边缘链路保护
在 MPLS 服务提供商网络中,当第 3 层 VPN 用于运营商的部署时,用于链接一个自治系统 (AS) 中的客户边缘 (CE) 路由器和其他 AS 中的提供商边缘 (PE) 路由器的协议为 BGP 标签单播。在 AS 之间重新路由解决方案对于帮助服务提供商确保网络中断将对通过网络的数据流的影响降至最低至关重要。作为另一服务提供商的客户,服务提供商可以拥有通过不同的 PE 路由器连接到其他服务提供商的不同 CE 路由器。此设置支持流量负载平衡。但是,如果一个 CE 路由器和 PE 路由器之间的链路中断,这可能会导致流量中断。因此,应配置一个预计算的保护路径,这样,如果 CE 路由器和 PE 路由器之间的链路中断,可以使用其他 CE 路由器与备用 PE 路由器之间的保护路径(也称为备用路径)。
要将标签单播路径配置为保护路径,请在 protection
层次结构级别使用语句 [edit routing-instances instance-name protocols bgp family inet labeled-unicast]
:
routing-instances { customer { instance-type vrf; ... protocols { bgp { family inet { labeled-unicast { protection; } } family inet6 { labeled-unicast { protection; } } type external; ... } } } }
该 protection
语句表示,需要对从特定邻接方或家族接收的前缀提供保护。为给定家族、组或邻接方启用保护后,将从给定对等方接收的前缀或下一跃点添加保护条目。
只有当转发表表中的 BGP 已经安装了最佳路径时,才能选择保护路径。这是因为保护路径不能用作最佳路径。
要最大程度地减少受保护路径关闭时的数据包丢失,还可以在[edit routing-instances instance-name protocols bgp family inet labeled-unicast]
层次结构级别使用per-prefix-label
语句。在 AS 中包含受保护路径的每个 PE 路由器上设置此语句。
保护路径选择基于两个状态标志的值进行:
标志
ProtectionPath
表示希望保护的路径。标志
ProtectionCand
表示可用作保护路径的路由条目。
仅为外部对等方配置提供商边缘链路保护。
如果使用多路径语句配置
equal-external-internal
了提供商边缘链路保护,则多路径优先于保护。
了解 3 层 VPN 中的提供商边缘链路保护
在 MPLS 服务提供商网络中,客户可以拥有通过不同 PE 路由器连接到服务提供商的双宿主 CE 路由器。通过此设置,可以在服务提供商网络中实现流量负载平衡。但是,如果 CE 路由器和 PE 路由器之间的链路中断,这可能会导致流量中断。因此,应该配置一个预计算的保护路径,这样,如果 CE 路由器和 PE 路由器之间的链路中断,则可以使用 CE 路由器和备用 PE 路由器之间的保护路径(也称为备份路径)。
要将路径配置为保护路径,请在 protection
层级使用语句 [edit routing-instances instance-name protocols bgp family inet unicast]
:
routing-instances { customer { instance-type vrf; ... protocols { bgp { type external; ... family inet { unicast { protection; } } family inet6 { unicast { protection; } } } } } }
该 protection
语句表示,对从特定邻接方或家族接收的前缀需要保护。为给定家族、组或邻接方启用保护后,将从给定对等方接收的前缀或下一跃点添加保护条目。
只有当转发表表中的 BGP 已经安装了最佳路径时,才能选择保护路径。这是因为保护路径不能用作最佳路径。
必须为具有受保护 PE-CE 链路的路由器在[routing-instances instance-name]
层次结构下配置选项vrf-table-label
。这适用于 Junos OS 12.3 至 13.2 版(含)。
保护路径选择基于两个状态标志的值进行:
标志
ProtectionPath
指示请求保护的路径。标志
ProtectionCand
表示可用作保护路径的路由条目。
仅为外部对等方配置提供商边缘链路保护。
如果使用多路径语句配置
equal-external-internal
了提供商边缘链路保护,则多路径优先于保护。
示例:在 3 层 VPN 中配置提供商边缘链路保护
此示例说明如何配置可在 MPLS 网络中出现链路故障时使用的提供商边缘保护路径。
要求
此示例使用以下硬件组件、软件组件和配置选项:
M 系列多服务边缘路由器、MX 系列 5G 通用路由平台或 T 系列核心路由器
Junos OS 12.3 至 13.2 版(含)
必须为具有受保护 PE-CE 链路的路由器在
[routing-instances instance-name]
层级启用选项vrf-table-label
。
概述
以下示例说明如何在第 3 层 VPN 中配置提供商边缘链路保护。
拓扑
在此示例中,通过在四个自治系统中配置三个客户边缘设备和三个服务提供商边缘设备,设置第 3 层 VPN。CE 设备在 AS 64496、AS 64498 和 AS 64499 中配置。PE 设备在 AS 64497 中配置。
图 1 显示了此示例中使用的拓扑。
此示例的目的是保护路由器 PE3 和 CE2 之间的提供商边缘链路。当 PE3-CE2 链路中断时,通过 PE2-CE2 的备份链路路由流量,您可以在路由器 PE3 和 CE2 之间的主链路上配置保护。
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层次结构级别的 CLI 中 [edit]
。
路由器 CE1
set interfaces ge-2/0/0 unit 0 description toPE1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.1/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.1/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::1/128 set routing-options router-id 192.0.2.1 set routing-options autonomous-system 64496 set protocols bgp group toPE1 type external set protocols bgp group toPE1 export send-direct set protocols bgp group toPE1 peer-as 64497 set protocols bgp group toPE1 neighbor 10.1.1.2 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept
路由器 PE1
set interfaces ge-2/0/0 unit 0 description toCE1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.2/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toPE2 set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.5/30 set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64 set interfaces ge-2/0/1 unit 0 family mpls set interfaces ge-2/0/2 unit 0 description toPE3 set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.9/30 set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64 set interfaces ge-2/0/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.2/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::2/128 set protocols mpls interface all set protocols ldp interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 10 set protocols ospf area 0.0.0.0 interface ge-2/0/2.0 metric 10 set protocols ospf3 area 0.0.0.0 interface lo0.0 passive set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 10 set protocols ospf3 area 0.0.0.0 interface ge-2/0/2.0 metric 10 set protocols bgp group toInternal type internal set protocols bgp group toInternal family inet-vpn unicast set protocols bgp group toInternal family inet6-vpn unicast set protocols bgp group toInternal multipath set protocols bgp group toInternal local-address 192.0.2.2 set protocols bgp group toInternal neighbor 192.0.2.3 set protocols bgp group toInternal neighbor 192.0.2.4 set routing-options router-id 192.0.2.2 set routing-options autonomous-system 64497 set routing-options forwarding-table export lb set routing-instances radium instance-type vrf set routing-instances radium interface ge-2/0/0.0 set routing-instances radium route-distinguisher 64497:1 set routing-instances radium vrf-target target:64497:1 set routing-instances radium protocols bgp group toCE1 type external set routing-instances radium protocols bgp group toCE1 peer-as 64496 set routing-instances radium protocols bgp group toCE1 neighbor 10.1.1.1 set policy-options policy-statement lb then load-balance per-packet
路由器 PE2
set interfaces ge-2/0/0 unit 0 description toPE1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.6/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toP set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.13/30 set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:13::/64 eui-64 set interfaces ge-2/0/1 unit 0 family mpls set interfaces ge-2/0/2 unit 0 description toCE2 set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.29/30 set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:29::/64 eui-64 set interfaces ge-2/0/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.3/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::3/128 set protocols mpls interface all set protocols ldp interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5 set protocols ospf3 area 0.0.0.0 interface lo0.0 passive set protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5 set protocols bgp group toInternal type internal set protocols bgp group toInternal family inet-vpn unicast set protocols bgp group toInternal family inet6-vpn unicast set protocols bgp group toInternal multipath set protocols bgp group toInternal local-address 192.0.2.3 set protocols bgp group toInternal neighbor 192.0.2.2 set protocols bgp group toInternal neighbor 192.0.2.4 set routing-options router-id 192.0.2.3 set routing-options autonomous-system 64497 set routing-options forwarding-table export lb set routing-instances radium instance-type vrf set routing-instances radium interface ge-2/0/2.0 set routing-instances radium route-distinguisher 64497:1 set routing-instances radium vrf-target target:64497:1 set routing-instances radium protocols bgp group toCE2 type external set routing-instances radium protocols bgp group toCE2 peer-as 64498 set routing-instances radium protocols bgp group toCE2 neighbor 10.1.1.30 set policy-options policy-statement lb then load-balance per-packet
路由器 PE3
set interfaces ge-2/0/0 unit 0 description toPE1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.10/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toP set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.18/30 set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64 set interfaces ge-2/0/1 unit 0 family mpls set interfaces ge-2/0/2 unit 0 description toCE2 set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.25/30 set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:25::/64 eui-64 set interfaces ge-2/0/2 unit 0 family mpls set interfaces ge-2/0/3 unit 0 description toCE3 set interfaces ge-2/0/3 unit 0 family inet address 10.1.1.21/30 set interfaces ge-2/0/3 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64 set interfaces ge-2/0/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.4/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::4/128 set protocols mpls interface all set protocols ldp interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5 set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols ospf3 area 0.0.0.0 interface lo0.0 passive set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5 set protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols bgp group toInternal type internal set protocols bgp group toInternal family inet-vpn unicast set protocols bgp group toInternal family inet6-vpn unicast set protocols bgp group toInternal multipath set protocols bgp group toInternal local-address 192.0.2.4 set protocols bgp group toInternal neighbor 192.0.2.2 set protocols bgp group toInternal neighbor 192.0.2.3 set routing-options router-id 192.0.2.4 set routing-options autonomous-system 64497 set routing-options forwarding-table export lb set routing-instances radium instance-type vrf set routing-instances radium vrf-table-label set routing-instances radium interface ge-2/0/2.0 set routing-instances radium interface ge-2/0/3.0 set routing-instances radium route-distinguisher 64497:1 set routing-instances radium vrf-target target:64497:1 set routing-instances radium protocols bgp group toCE2 type external set routing-instances radium protocols bgp group toCE2 peer-as 64498 set routing-instances radium protocols bgp group toCE2 neighbor 10.1.1.26 set routing-instances radium protocols bgp group toCE2 family inet unicast protection set routing-instances radium protocols bgp group toCE2 family inet6 unicast protection set routing-instances radium protocols bgp group toCE3 type external set routing-instances radium protocols bgp group toCE3 peer-as 64499 set routing-instances radium protocols bgp group toCE3 neighbor 10.1.1.22 set policy-options policy-statement lb then load-balance per-packet
路由器 P
set interfaces ge-2/0/0 unit 0 description toPE2 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.14/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:13::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toPE3 set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.17/30 set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64 set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.5/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::5/128 set routing-options router-id 192.0.2.5 set routing-options autonomous-system 64497 set protocols mpls interface all set protocols ldp interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 5 set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5 set protocols ospf3 area 0.0.0.0 interface lo0.0 passive set protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 5 set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5
路由器 CE2
set interfaces ge-2/0/0 unit 0 description toPE2 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.30/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:29::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toPE3 set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.26/30 set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:25::/64 eui-64 set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.6/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::6/128 set routing-options router-id 192.0.2.6 set routing-options autonomous-system 64498 set protocols bgp group toAS2 type external set protocols bgp group toAS2 export send-direct set protocols bgp group toAS2 peer-as 64497 set protocols bgp group toAS2 neighbor 10.1.1.25 set protocols bgp group toAS2 neighbor 10.1.1.29 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept
路由器 CE3
set interfaces ge-2/0/0 unit 0 description toPE3 set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.22/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.7/24 set interfaces lo0 unit 0 family inet6 address 2001:db8::7/128 set routing-options router-id 192.0.2.7 set routing-options autonomous-system 64499 set protocols bgp group toPE3 type external set protocols bgp group toPE3 export send-direct set protocols bgp group toPE3 peer-as 64497 set protocols bgp group toPE3 neighbor 10.1.1.21 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept
在 3 层 VPN 中配置提供商边缘链路保护
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 CLI 用户指南中的在配置模式下使用 CLI 编辑器。
要配置提供商边缘链路保护:
配置路由器接口。
[edit interfaces] user@PE3# set ge-2/0/0 unit 0 description toPE1 user@PE3# set ge-2/0/0 unit 0 family inet address 10.1.1.10/30 user@PE3# set ge-2/0/0 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64 user@PE3# set ge-2/0/0 unit 0 family mpls
user@PE3# set ge-2/0/1 unit 0 description toP user@PE3# set ge-2/0/1 unit 0 family inet address 10.1.1.18/30 user@PE3# set ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64 user@PE3# set ge-2/0/1 unit 0 family mpls
user@PE3# set ge-2/0/2 unit 0 description toCE2 user@PE3# set ge-2/0/2 unit 0 family inet address 10.1.1.25/30 user@PE3# set ge-2/0/2 unit 0 family inet6 address 12001:db8:0:25::/64 eui-64 user@PE3# set ge-2/0/2 unit 0 family mpls
user@PE3# set ge-2/0/3 unit 0 description toCE3 user@PE3# set ge-2/0/3 unit 0 family inet address 10.1.1.21/30 user@PE3# set ge-2/0/3 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64 user@PE3# set ge-2/0/3 unit 0 family mpls
user@PE3# set lo0 unit 0 family inet address 192.0.2.4/24 user@PE3# set lo0 unit 0 family inet6 address 2001:db8::4/128
同样,在所有其他路由器上配置接口。
配置路由器 ID 和自治系统 (AS) 编号。
[edit routing-options] user@PE3# set router-id 192.0.2.4 user@PE3# set autonomous-system 64497
同样,请为所有其他路由器配置路由器 ID 和 AS 编号。在此示例中,路由器 ID 与路由器上配置的环路地址相同。
在路由器 PE3 的所有接口上配置 MPLS 和 LDP。
[edit protocols] user@PE3# set mpls interface all user@PE3# set ldp interface all
同样,配置其他 PE 路由器。
在路由器 PE3 面向核心的接口上配置 IGP。
[edit protocols ospf area 0.0.0.0] user@PE3# set interface lo0.0 passive user@PE3# set interface ge-2/0/1.0 metric 5 user@PE3# set interface ge-2/0/0.0 metric 10
[edit protocols ospf3 area 0.0.0.0] user@PE3# set interface lo0.0 passive user@PE3# set interface ge-2/0/1.0 metric 5 user@PE3# set interface ge-2/0/0.0 metric 10
同样,配置其他 PE 路由器。
配置一个策略,用于将路由从路由表导出到路由器 PE3 上的转发表。
[edit policy-options] user@PE3# set policy-statement lb then load-balance per-packet
[edit routing-options] user@PE3# set forwarding-table export lb
同样,配置其他 PE 路由器。
在路由器 CE2 上配置 BGP,并包含用于导出往返服务提供商网络的路由的策略。
[edit policy-options] user@CE2# set policy-statement send-direct from protocol direct user@CE2# set policy-statement send-direct then accept
[edit protocols bgp group toAS2] user@CE2# set type external user@CE2# set export send-direct user@CE2# set peer-as 64497 user@CE2# set neighbor 10.1.1.25 user@CE2# set neighbor 10.1.1.29
同样,配置其他 CE 路由器。
在路由器 PE3 上配置 BGP,用于提供商核心内的路由。
[edit protocols bgp group toInternal] user@PE3# set type internal user@PE3# set family inet-vpn unicast user@PE3# set family inet6-vpn unicast user@PE3# set multipath user@PE3# set local-address 192.0.2.4 user@PE3# set neighbor 192.0.2.2 user@PE3# set neighbor 192.0.2.3
同样,配置其他 PE 路由器。
在路由器 PE3 上配置第 3 层 VPN 路由实例。
[set routing-instances radium] user@PE3# set instance-type vrf user@PE3# set vrf-table-label user@PE3# set interface ge-2/0/2.0 user@PE3# set interface ge-2/0/3.0 user@PE3# set route-distinguisher 64497:1 user@PE3# set vrf-target target:64497:1
[edit routing-instances radium protocols bgp group toCE2] user@PE3# set type external user@PE3# set peer-as 64498 user@PE3# set neighbor 10.1.1.26
[edit routing-instances radium protocols bgp group toCE3] user@PE3# set type external user@PE3# set peer-as 64499 user@PE3# set neighbor 10.1.1.22
同样,配置其他 PE 路由器。
在路由器 PE3 和 CE2 之间的链路上配置提供商边缘链路保护。
[edit routing-instances radium protocols bgp group toCE2] user@PE3# set family inet unicast protection user@PE3# set family inet6 unicast protection
结果
在配置模式下,输入 、 show interfaces
show routing-options
、 show policy-options
、 show protocols
和show routing-instances
命令,以确认您的配置。
如果输出未显示预期的配置,请重复此示例中的说明,以更正配置。
user@PE3# show interfaces ge-2/0/0 { unit 0 { description toPE1; family inet { address 10.1.1.10/30; } family inet6 { address 2001:db8:0:9::/64 { eui-64; } } family mpls; } } ge-2/0/1 { unit 0 { description toP; family inet { address 10.1.1.18/30; } family inet6 { address 2001:db8:0:17::/64 { eui-64; } } family mpls; } } ge-2/0/2 { unit 0 { description toCE2; family inet { address 10.1.1.25/30; } family inet6 { address 2001:db8:0:25::/64 { eui-64; } } family mpls; } } ge-2/0/3 { unit 0 { description toCE3; family inet { address 10.1.1.21/30; } family inet6 { address 2001:db8:0:21::/64 { eui-64; } } family mpls; } } lo0 { unit 0 { family inet { address 192.0.2.4/24; } family inet6 { address 2001:db8::4/128; } } }
user@PE3# show routing-options router-id 192.0.2.4; autonomous-system 64497; forwarding-table { export lb; }
user@PE3# show policy-options policy-statement lb { then { load-balance per-packet; } }
user@PE3# show protocols mpls { interface all; } bgp { group toInternal { type internal; local-address 192.0.2.4; family inet-vpn { unicast; } family inet6-vpn { unicast; } multipath; neighbor 192.0.2.2; neighbor 192.0.2.3; } } ospf { area 0.0.0.0 { interface lo0.0 { passive; } interface ge-2/0/1.0 { metric 5; } interface ge-2/0/0.0 { metric 10; } } } ospf3 { area 0.0.0.0 { interface lo0.0 { passive; } interface ge-2/0/1.0 { metric 5; } interface ge-2/0/0.0 { metric 10; } } } ldp { interface all; }
user@PE3# show routing-instances radium { instance-type vrf; interface ge-2/0/2.0; interface ge-2/0/3.0; route-distinguisher 64497:1; vrf-target target:64497:1; protocols { bgp { group toCE2 { type external; family inet { unicast { protection; } } family inet6 { unicast { protection; } } peer-as 64498; neighbor 10.1.1.26; } group toCE3 { type external; peer-as 64499; neighbor 10.1.1.22; } } } }
在所有其他路由器上运行这些命令以确认配置。完成路由器配置后,请从配置模式进入 commit
。
验证
确认配置工作正常。
验证 BGP
目的
验证 BGP 在第 3 层 VPN 中是否正常运行。
行动
在路由器 PE3 的操作模式下,运行 show route protocol bgp
命令。
user@PE3> show route protocol bgp inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) radium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden) @ = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both 192.0.2.1/24 *[BGP/170] 00:09:15, localpref 100, from 192.0.2.2 AS path: 64496 I, validation-state: unverified > to 10.1.1.9 via ge-2/0/0.0, Push 299792 192.0.2.6/24 @[BGP/170] 00:09:40, localpref 100 AS path: 64498 I, validation-state: unverified > to 10.1.1.26 via ge-2/0/2.0 [BGP/170] 00:09:07, localpref 100, from 192.0.2.3 AS path: 64498 I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top) 192.0.2.7/24 *[BGP/170] 00:09:26, localpref 100 AS path: 64499 I, validation-state: unverified > to 10.1.1.22 via ge-2/0/3.0 10.1.1.0/30 *[BGP/170] 00:09:15, localpref 100, from 192.0.2.2 AS path: I, validation-state: unverified > to 10.1.1.9 via ge-2/0/0.0, Push 299792 10.1.1.20/30 [BGP/170] 00:09:26, localpref 100 AS path: 64499 I, validation-state: unverified > to 10.1.1.22 via ge-2/0/3.0 10.1.1.24/30 [BGP/170] 00:09:40, localpref 100 AS path: 64498 I, validation-state: unverified > to 10.1.1.26 via ge-2/0/2.0 10.1.1.28/30 *[BGP/170] 00:09:07, localpref 100, from 192.0.2.3 AS path: I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top) [BGP/170] 00:09:40, localpref 100 AS path: 64498 I, validation-state: unverified > to 10.1.1.26 via ge-2/0/2.0 mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) bgp.l3vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 64497:1:192.0.2.1/24 *[BGP/170] 00:09:15, localpref 100, from 192.0.2.2 AS path: 64496 I, validation-state: unverified > to 10.1.1.9 via ge-2/0/0.0, Push 299792 64497:1:192.0.2.6/24 *[BGP/170] 00:09:07, localpref 100, from 192.0.2.3 AS path: 64498 I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top) 64497:1:10.1.1.0/30 *[BGP/170] 00:09:15, localpref 100, from 192.0.2.2 AS path: I, validation-state: unverified > to 10.1.1.9 via ge-2/0/0.0, Push 299792 64497:1:10.1.1.28/30 *[BGP/170] 00:09:07, localpref 100, from 192.0.2.3 AS path: I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top) inet6.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) radium.inet6.0: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)
输出显示路由器 PE3 路由表中的所有 BGP 路由。这表示 BGP 正在按要求运行。
同样,在其他路由器上运行此命令,检查 BGP 是否正常运行。
意义
BGP 在第 3 层 VPN 中起作用。
验证提供商边缘链路保护
目的
验证路由器 PE2 和 CE2 之间的提供商边缘链路是否受到保护。
行动
要验证提供商边缘链路保护配置是否正确,
确认通过路由器 PE2 直接向路由器 PE3 播发路由器 CE2 上的路由。
如果路由播发正确,您将看到路由的多个路径。
在路由器 PE3 的操作模式下,运行
show route destination-prefix
命令。user@PE3> show route 192.0.2.6 radium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden) @ = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both 192.0.2.6/24 @[BGP/170] 02:55:36, localpref 100 AS path: 64498 I, validation-state: unverified > to 10.1.1.26 via ge-2/0/2.0 [BGP/170] 00:10:13, localpref 100, from 192.0.2.3 AS path: 64498 I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299840, Push 299776(top) #[Multipath/255] 00:10:13 > to 10.1.1.26 via ge-2/0/2.0 to 10.1.1.17 via ge-2/0/1.0, Push 299840, Push 299776(top)
输出将验证路由器 CE2 上从路由器 PE3 到目标路由的 192.0.2.6多个路径是否存在。第一条路径直接通过 PE3-CE2 链路 (10.1.1.26)。第二条路径是通过提供商核心和 PE2 (10.1.1.17)。
-
通过确认受保护的活动路径的权重为
0x1
和保护候选路径的权重,验证保护路径配置是否正确0x4000
。在路由器 PE3 的操作模式下,运行
show route destination-prefix extensive
命令。user@PE3> show route 192.0.2.6 extensive radium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden) 192.0.2.6/24 (3 entries, 2 announced) State: <CalcForwarding> TSI: KRT in-kernel 192.0.2.6/24 -> {list:10.1.1.26, indirect(1048584)} Page 0 idx 1 Type 1 val 9229c38 Nexthop: Self AS path: [64497] 64498 I Communities: Page 0 idx 2 Type 1 val 9229cc4 Flags: Nexthop Change Nexthop: Self Localpref: 100 AS path: [64497] 64498 I Communities: target:64497:1 Path 192.0.2.6 from 10.1.1.26 Vector len 4. Val: 1 2 @BGP Preference: 170/-101 Next hop type: Router, Next hop index: 994 Address: 0x9240a74 Next-hop reference count: 5 Source: 10.1.1.26 Next hop: 10.1.1.26 via ge-2/0/2.0, selected Session Id: 0x200001 State: <Active Ext ProtectionPath ProtectionCand> Peer AS: 64498 Age: 2:55:54 Validation State: unverified Task: BGP_64498.10.1.1.26+52214 Announcement bits (1): 2-BGP_RT_Background AS path: 64498 I Accepted Localpref: 100 Router ID: 192.0.2.6 BGP Preference: 170/-101 Route Distinguisher: 64497:1 Next hop type: Indirect Address: 0x92413a8 Next-hop reference count: 6 Source: 192.0.2.3 Next hop type: Router, Next hop index: 1322 Next hop: 10.1.1.17 via ge-2/0/1.0, selected Label operation: Push 299840, Push 299776(top) Label TTL action: prop-ttl, prop-ttl(top) Session Id: 0x200005 Protocol next hop: 192.0.2.3 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b State: <Secondary NotBest Int Ext ProtectionCand> Inactive reason: Not Best in its group - Interior > Exterior > Exterior via Interior Local AS: 64497 Peer AS: 64497 Age: 10:31 Metric2: 1 Validation State: unverified Task: BGP_64497.192.0.2.3+179 Local AS: 64497 Peer AS: 64497 Age: 10:31 Metric2: 1 Validation State: unverified Task: BGP_64497.192.0.2.3+179 AS path: 64498 I Communities: target:64497:1 Import Accepted VPN Label: 299840 Localpref: 100 Router ID: 192.0.2.3 Primary Routing Table bgp.l3vpn.0 Indirect next hops: 1 Protocol next hop: 192.0.2.3 Metric: 1 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b Indirect path forwarding next hops: 1 Next hop type: Router Next hop: 10.1.1.17 via ge-2/0/1.0 Session Id: 0x200005 192.0.2.3/24 Originating RIB: inet.3 Metric: 1 Node path count: 1 Forwarding nexthops: 1 Nexthop: 10.1.1.17 via ge-2/0/1.0 #Multipath Preference: 255 Next hop type: List, Next hop index: 1048585 Address: 0x944c154 Next-hop reference count: 2 Next hop: ELNH Address 0x9240a74 weight 0x1, selected equal-external-internal-type external Next hop type: Router, Next hop index: 994 Address: 0x9240a74 Next-hop reference count: 5 Next hop: 10.1.1.26 via ge-2/0/2.0 Next hop: ELNH Address 0x92413a8 weight 0x4000 equal-external-internal-type internal Next hop type: Indirect Address: 0x92413a8 Next-hop reference count: 6 Protocol next hop: 192.0.2.3 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b Next hop type: Router, Next hop index: 1322 Address: 0x9241310 Next-hop reference count: 4 Next hop: 10.1.1.17 via ge-2/0/1.0 Label operation: Push 299840, Push 299776(top) Label TTL action: prop-ttl, prop-ttl(top) State: <ForwardingOnly Int Ext> Inactive reason: Forwarding use only Age: 10:31 Validation State: unverified Task: RT Announcement bits (1): 0-KRT AS path: 64498 I
输出显示,分配给 PE3-CE2 路径的权重 (0x1) 优于分配给 PE2-CE2 路径的权重 (0x4000)。较低的权重值优先于权重值较高。这确认 PE3-CE2 路径受 PE2-CE2 路径保护
意义
路由器 PE3 和 CE2 之间的提供商边缘链路受到保护。
示例:为 BGP 标记的单播路径配置提供商边缘链路保护
此示例说明如何配置标记的单播保护路径,在运营商拓扑中的链路发生故障时可以使用该路径。
要求
此示例使用以下硬件和软件组件:
M 系列多服务边缘路由器、MX 系列 5G 通用路由平台或 T 系列核心路由器
Junos OS 13.3 或更高版本
概述
此示例说明如何在第 3 层 VPN 中配置标记单播链路保护。
拓扑
在此示例中,通过在 5 个自治系统中配置 2 个客户边缘设备和 8 个服务提供商边缘设备,即可设置载波到运营商拓扑。CE 设备在 AS100 和 AS101 中配置。PE 设备在 AS200、AS300 和 AS201 中配置。
图 2 显示了此示例中使用的拓扑。
此示例的目的是保护路由器 R4 和 R3 之间的提供商边缘链路。在 R4 和 R3 之间的主链路上配置了保护,这样当主链路出现故障时,流量可以通过备份链路(R11 到 R10)进行路由。
还可以在 R11 和 R10 之间的辅助链路上配置保护,以便在该链路成为主链路而 R4-R3 链路成为次要链路时,R11-R10 链路也将得到保护。
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层次结构级别的 CLI 中 [edit]
。
仅在提交初始配置且 BGP 在转发表中安装了最佳路径之后,配置才会添加保护。
路由器 R0
set interfaces ge-2/0/0 unit 0 description toR1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.1/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.1/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2056.00 set routing-options router-id 192.0.2.1 set routing-options autonomous-system 100 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10
路由器 R1
set interfaces ge-2/0/0 unit 0 description toR0 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.2/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR2 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.5/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.2/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2052.00 set routing-options router-id 192.0.2.2 set routing-options autonomous-system 200 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/1.0 set protocols ldp interface lo0.0 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 10 set protocols bgp group toR8 local-address 192.0.2.2 set protocols bgp group toR8 type external set protocols bgp group toR8 multihop ttl 10 set protocols bgp group toR8 family inet-vpn unicast set protocols bgp group toR8 neighbor 192.0.2.9 peer-as 201 set policy-options policy-statement child_vpn_routes from protocol bgp set policy-options policy-statement child_vpn_routes then accept set routing-instances customer-provider-vpn instance-type vrf set routing-instances customer-provider-vpn interface ge-2/0/0.0 set routing-instances customer-provider-vpn route-distinguisher 192.0.2.4:1 set routing-instances customer-provider-vpn vrf-target target:200:1 set routing-instances customer-provider-vpn protocols ospf export child_vpn_routes set routing-instances customer-provider-vpn protocols ospf area 0.0.0.0 interface ge-2/0/0.0
路由器 R2
set interfaces ge-2/0/0 unit 0 description toR1 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.6/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR3 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.9/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces ge-2/0/2 unit 0 description toR10 set interfaces ge-2/0/2 unit 0 family inet address 10.1.0.37/30 set interfaces ge-2/0/2 unit 0 family iso set interfaces ge-2/0/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.3/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2046.00 set routing-options router-id 192.0.2.3 set routing-options autonomous-system 200 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/0.0 set protocols ldp interface ge-2/0/1.0 set protocols ldp interface ge-2/0/2.0 set protocols ldp interface lo0.0 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 10 set protocols ospf area 0.0.0.0 interface ge-2/0/2.0 metric 10
路由器 R3
set interfaces ge-2/0/0 unit 0 description toR2 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.10/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR4 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.13/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.4/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2045.00 set routing-options router-id 192.0.2.4 set routing-options autonomous-system 200 set protocols mpls traffic-engineering bgp-igp set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp egress-policy from-bgp set protocols ldp interface ge-2/0/0.0 set protocols ldp interface lo0.0 set protocols ospf traffic-engineering set protocols ospf export from-bgp set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols bgp group toR4 type external set protocols bgp group toR4 import send-local set protocols bgp group toR4 family inet labeled-unicast set protocols bgp group toR4 export send-local set protocols bgp group toR4 neighbor 10.1.0.14 peer-as 300 set policy-options policy-statement from-bgp from protocol bgp set policy-options policy-statement from-bgp then metric add 100 set policy-options policy-statement from-bgp then accept set policy-options policy-statement send-local term 2 from metric 100 set policy-options policy-statement send-local term 2 then reject set policy-options policy-statement send-local then accept
路由器 R4
set interfaces ge-2/0/0 unit 0 description toR3 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.14/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR5 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.17/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.5/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2049.00 set policy-options policy-statement 1b then load-balance per-packet set routing-options router-id 192.0.2.5 set routing-options autonomous-system 300 set routing-options forwarding-table export 1b set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/1.0 set protocols ldp interface lo0.0 set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface ge-2/0/1.0 level 2 metric 10 set protocols isis interface lo0.0 passive set protocols bgp group parent-vpn-peers type internal set protocols bgp group parent-vpn-peers local-address 192.0.2.5 set protocols bgp group parent-vpn-peers family inet-vpn unicast set protocols bgp group parent-vpn-peers neighbor 192.0.2.7 set protocols bgp group parent-vpn-peers neighbor 192.0.2.12 set routing-instances coc-provider-vpn instance-type vrf set routing-instances coc-provider-vpn interface ge-2/0/0.0 set routing-instances coc-provider-vpn interface ge-2/0/2.0 set routing-instances coc-provider-vpn route-distinguisher 192.0.2.5:1 set routing-instances coc-provider-vpn vrf-target target:300:1 set routing-instances coc-provider-vpn protocols bgp group toR3 type external set routing-instances coc-provider-vpn protocols bgp group toR3 family inet labeled-unicast per-prefix-label set routing-instances coc-provider-vpn protocols bgp group toR3 neighbor 10.1.0.13 peer-as 200
路由器 R5
set interfaces ge-2/0/0 unit 0 description toR4 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.18/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR6 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.21/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces ge-2/0/2 unit 0 description toR11 set interfaces ge-2/0/2 unit 0 family inet address 10.1.0.46/30 set interfaces ge-2/0/2 unit 0 family iso set interfaces ge-2/0/2 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.6/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2050.00 set routing-options router-id 192.0.2.6 set routing-options autonomous-system 300 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/0.0 set protocols ldp interface ge-2/0/1.0 set protocols ldp interface ge-2/0/2.0 set protocols ldp interface lo0.0 set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface ge-2/0/0.0 level 2 metric 10 set protocols isis interface ge-2/0/1.0 level 2 metric 10 set protocols isis interface ge-2/0/2.0 level 2 metric 10 set protocols isis interface lo0.0 passive
路由器 R6
set interfaces ge-2/0/0 unit 0 description toR5 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.22/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR7 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.25/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.7/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2048.00 set routing-options router-id 192.0.2.7 set routing-options autonomous-system 300 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/0.0 set protocols ldp interface lo0.0 set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface ge-2/0/0.0 level 2 metric 10 set protocols isis interface lo0.0 passive set protocols bgp group parent-vpn-peers type internal set protocols bgp group parent-vpn-peers local-address 192.0.2.7 set protocols bgp group parent-vpn-peers family inet-vpn unicast set protocols bgp group parent-vpn-peers neighbor 192.0.2.5 set protocols bgp group parent-vpn-peers neighbor 192.0.2.12 set routing-instances coc-provider-vpn instance-type vrf set routing-instances coc-provider-vpn interface ge-2/0/1.0 set routing-instances coc-provider-vpn route-distinguisher 192.0.2.7:1 set routing-instances coc-provider-vpn vrf-target target:300:1 set routing-instances coc-provider-vpn protocols bgp group toR7 family inet labeled-unicast per-prefix-label set routing-instances coc-provider-vpn protocols bgp group toR7 type external set routing-instances coc-provider-vpn protocols bgp group toR7 neighbor 10.1.0.26 peer-as 201
路由器 R7
set interfaces ge-2/0/0 unit 0 description toR6 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.26/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR8 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.29/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.8/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2054.00 set routing-options router-id 192.0.2.8 set routing-options autonomous-system 201 set protocols mpls traffic-engineering bgp-igp set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp egress-policy from-bgp set protocols ldp interface ge-2/0/1.0 set protocols ldp interface lo0.0 set protocols ospf traffic-engineering set protocols ospf export from-bgp set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 10 set protocols bgp group toR6 type external set protocols bgp group toR6 import send-all set protocols bgp group toR6 family inet labeled-unicast set protocols bgp group toR6 export send-all set protocols bgp group toR6 neighbor 10.1.0.25 peer-as 300 set policy-options policy-statement from-bgp from protocol bgp set policy-options policy-statement from-bgp then accept set policy-options policy-statement send-all then accept
路由器 R8
set interfaces ge-2/0/0 unit 0 description toR7 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.30/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR9 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.33/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.9/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2053.00 set routing-options router-id 192.0.2.9 set routing-options autonomous-system 201 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/0.0 set protocols ldp interface lo0.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols bgp group toR1 local-address 192.0.2.9 set protocols bgp group toR1 type external set protocols bgp group toR1 multihop ttl 10 set protocols bgp group toR1 family inet-vpn unicast set protocols bgp group toR1 neighbor 192.0.2.2 peer-as 200 set policy-options policy-statement child_vpn_routes from protocol bgp set policy-options policy-statement child_vpn_routes then accept set routing-instances customer-provider-vpn instance-type vrf set routing-instances customer-provider-vpn interface ge-2/0/1.0 set routing-instances customer-provider-vpn route-distinguisher 192.0.2.9:1 set routing-instances customer-provider-vpn vrf-target target:200:1 set routing-instances customer-provider-vpn protocols ospf export child_vpn_routes set routing-instances customer-provider-vpn protocols ospf area 0.0.0.0 interface ge-2/0/1.0
路由器 R9
set interfaces ge-2/0/0 unit 0 description toR8 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.34/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.10/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2047.00 set routing-options router-id 192.0.2.10 set routing-options autonomous-system 101 set routing-options static route 198.51.100.1/24 discard set protocols ospf export statics set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set policy-options policy-statement statics from route-filter 198.51.100.1/24 exact set policy-options policy-statement statics then accept
路由器 R10
set interfaces ge-2/0/0 unit 0 description toR2 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.38/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR11 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.41/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.11.24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2061.00 set routing-options router-id 192.0.2.11 set routing-options autonomous-system 200 set protocols mpls traffic-engineering bgp-igp set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp egress-policy from-bgp set protocols ldp interface ge-2/0/0.0 set protocols ldp interface lo0.0 set protocols ospf traffic-engineering set protocols ospf export from-bgp set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10 set protocols bgp group toR4 type external set protocols bgp group toR4 import send-local set protocols bgp group toR4 family inet labeled-unicast set protocols bgp group toR4 export send-local set protocols bgp group toR4 neighbor 10.1.0.42 peer-as 300 set protocols bgp group toR4 inactive: neighbor 10.1.0.50 peer-as 300 set policy-options policy-statement from-bgp from protocol bgp set policy-options policy-statement from-bgp then metric add 100 set policy-options policy-statement from-bgp then accept set policy-options policy-statement send-local term 2 from metric 100 set policy-options policy-statement send-local term 2 then reject set policy-options policy-statement send-local then accept
路由器 R11
set interfaces ge-2/0/0 unit 0 description toR10 set interfaces ge-2/0/0 unit 0 family inet address 10.1.0.42/30 set interfaces ge-2/0/0 unit 0 family iso set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-2/0/1 unit 0 description toR5 set interfaces ge-2/0/1 unit 0 family inet address 10.1.0.45/30 set interfaces ge-2/0/1 unit 0 family iso set interfaces ge-2/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.0.2.12/24 set interfaces lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2062.00 set routing-options router-id 192.0.2.12 set routing-options autonomous-system 300 set protocols mpls interface all set protocols ldp track-igp-metric set protocols ldp interface ge-2/0/1.0 set protocols ldp interface lo0.0 set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface ge-2/0/1.0 level 2 metric 10 set protocols isis interface lo0.0 passive set protocols bgp group parent-vpn-peers type internal set protocols bgp group parent-vpn-peers local-address 192.0.2.12 set protocols bgp group parent-vpn-peers family inet-vpn unicast set protocols bgp group parent-vpn-peers neighbor 192.0.2.7 set protocols bgp group parent-vpn-peers neighbor 192.0.2.12 set routing-instances coc-provider-vpn instance-type vrf set routing-instances coc-provider-vpn interface ge-2/0/0.0 set routing-instances coc-provider-vpn route-distinguisher 192.0.2.12:1 set routing-instances coc-provider-vpn vrf-target target:300:1 set routing-instances coc-provider-vpn protocols bgp group toR10 family inet labeled-unicast per-prefix-label set routing-instances coc-provider-vpn protocols bgp group toR10 type external set routing-instances coc-provider-vpn protocols bgp group toR10 neighbor 10.1.0.41 peer-as 200
在 3 层 VPN 中配置提供商边缘链路保护
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 CLI 用户指南中的在配置模式下使用 CLI 编辑器。
要配置标记的单播链路保护:
配置路由器接口。
[edit interfaces] user@R4# set ge-2/0/0 unit 0 description toR3 user@R4# set ge-2/0/0 unit 0 family inet address 10.1.0.14/30 user@R4# set ge-2/0/0 unit 0 family iso user@R4# set ge-2/0/0 unit 0 family mpls
user@R4# set ge-2/0/1 unit 0 description toR5 user@R4# set ge-2/0/1 unit 0 family inet address 10.1.0.17/30 user@R4# set ge-2/0/1 unit 0 family iso user@R4# set ge-2/0/1 unit 0 family mpls
user@R4# set lo0 unit 0 family inet address 192.0.2.5/24 user@R4# set lo0 unit 0 family iso address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2049.00
同样,在所有其他路由器上配置接口。
在 R4 上配置路由策略选项。
[edit policy-options] user@R4# set policy-statement 1b then load-balance per-packet
同样,为此示例配置路由器 R1、R3、R7、R8、R9 和 R10 的策略选项。
配置路由器 ID、自治系统 (AS) 编号和任何其他路由选项。
[edit routing-options] user@R4# set router-id 192.0.2.5 user@R4# set autonomous-system 300 user@R4# set forwarding-table export 1b
同样,为所有其他路由器配置路由器 ID、AS 编号和任何其他路由选项。在此示例中,路由器 ID 与路由器上配置的环路地址相同。
在路由器 R4 上配置 MPLS 和 LDP。
[edit protocols] user@R4# set mpls interface all user@R4# set ldp track-igp-metric user@R4# set ldp interface ge-2/0/1.0 user@R4# set ldp interface lo0.0
同样,在除 R0 和 R9 以外的所有其他路由器上配置 MPLS 和 LDP。
在路由器 R4 面向核心的接口上配置 IGP。
[edit protocols isis] user@R4# set level 1 disable user@R4# set level 2 wide-metrics-only user@R4# set interface ge-2/0/1.0 level 2 metric 10 user@R4# set interface lo0.0 passive
同样,配置其他路由器(R5、R6 和 R11 上的 IS-IS,以及此示例中所有其他路由器上的 OSPF)。
在路由器 R4 上配置 BGP。
[edit protocols bgp group parent-vpn-peers] user@R4# set type internal user@R4# set local-address 192.0.2.5 user@R4# set family inet-vpn unicast user@R4# set neighbor 192.0.2.7 user@R4# set neighbor 192.0.2.12
同样,在路由器 R1、R3、R6、R7、R8、R10 和 R11 上配置 BGP。
在路由器 R4 上配置 VPN 路由和转发 (VRF) 实例以创建第 3 层 VPN。
[edit routing-instances coc-provider-vpn] user@R4# set instance-type vrf user@R4# set interface ge-2/0/0.0 user@R4# set interface ge-2/0/2.0 user@R4# set route-distinguisher 192.0.2.5:1 user@R4# set vrf-target target:300:1
[edit routing-instances coc-provider-vpn protocols bgp group toR3] user@R4# set type external user@R4# set family inet labeled-unicast per-prefix-label user@R4# set neighbor 10.1.0.13 peer-as 200
同样,在 R1、R6、R8 和 R11 上配置其他 VRF 路由实例。
结果
在配置模式下,输入 、 show interfaces
show policy-options
、 show routing-options
、 show protocols
和show routing-instances
命令,以确认您的配置。
如果输出未显示预期的配置,请重复此示例中的说明,以更正配置。
user@R4# show interfaces ge-2/0/0 { unit 0 { description toR3; family inet { address 10.1.0.14/30; } family iso; family mpls; } } ge-2/0/1 { unit 0 { description toR5; family inet { address 10.1.0.17/30; } family iso; family mpls; } } lo0 { unit 0 { family inet { address 192.0.2.5/24; } family iso { address 47.0005.80ff.f800.0000.0108.0001.0102.5507.2049.00; } } }
user@R4# show policy-options policy-statement 1b { then { load-balance per-packet; } }
user@R4# show routing-options router-id 192.0.2.5; autonomous-system 300; forwarding-table { export 1b; }
user@R4# show protocols mpls { interface all; } ldp { track-igp-metric; interface ge-2/0/1.0; interface lo0.0; } isis { level 1 disable; level 2 wide-metrics-only; interface ge-2/0/1.0 { level 2 metric 10; } interface lo0.0 { passive; } } bgp { group parent-vpn-peers { type internal; local-address 192.0.2.5; family inet-vpn { unicast; } neighbor 192.0.2.7; neighbor 192.0.2.12; } }
user@R4# show routing-instances coc-provider-vpn { instance-type vrf; interface ge-2/0/0.0; interface ge-2/0/2.0; route-distinguisher 192.0.2.5:1; vrf-target target:300:1; protocols { bgp { group toR3 { type external; family inet { labeled-unicast { per-prefix-label; } } neighbor 10.1.0.13 { peer-as 200; } } } } }
完成路由器配置后,请从配置模式进入 commit
。
对此示例中的每个路由器重复此过程,为每个路由器使用相应的接口名称和地址。
验证
确认配置工作正常。
启用保护
目的
在 R4 上启用保护,以请求对从 R4 到 R3 的链路提供保护。
行动
在
protection
层次结构级别添加语句[edit routing-instances instance-name protocols bgp group group-name family inet labeled-unicast]
。[edit routing-instances coc-provider-vpn protocols bgp group toR3] user@R4# set family inet labeled-unicast protection
验证并提交配置。
type external; family inet { labeled-unicast { per-prefix-label; protection; } } neighbor 10.1.0.13 { peer-as 200; }
验证多路径条目
目的
验证 R4 是否具有包含两个条目的多路径条目。
行动
在路由器 R4 的操作模式下,运行 show route 192.0.2.2
命令以检查到 R1 的路由。
user@R4> show route 192.0.2.2 #[Multipath/255] 00:02:44, metric 20 > to 10.1.0.13 via ge-2/0/0.0, Push 408592 to 10.1.0.18 via ge-2/0/1.0, Push 299856, Push 299792(top)
验证多路径条目是否具有不同的权重
目的
验证多路径条目中的两个路由的权重是否不同,第一个条目的权重为 0x1,第二个条目的权重为 0x4000。
行动
在路由器 R4 的操作模式下,运行 show route 192.0.2.2 detail
命令以检查到 R1 的路由。
user@R4> show route 192.0.2.2 detail #Multipath Preference: 255 Next hop type: List, Next hop index: 1048609 Address: 0x92f058c Next-hop reference count: 4 Next hop: ELNH Address 0x92c48ac weight 0x1, selected equal-external-internal-type external Next hop type: Router, Next hop index: 1603 Address: 0x92c48ac Next-hop reference count: 2 Next hop: 10.1.0.13 via ge-2/0/0.0 Label operation: Push 408592 Label TTL action: prop-ttl Next hop: ELNH Address 0x92c548c weight 0x4000 equal-external-internal-type internal Next hop type: Indirect Address: 0x92c548c Next-hop reference count: 3 Protocol next hop: 192.0.2.12 Push 299856 Indirect next hop: 0x9380f40 1048608 INH Session ID: 0x10001a Next hop type: Router, Next hop index: 1586 Address: 0x92c5440 Next-hop reference count: 3 Next hop: 10.1.0.18 via ge-2/0/1.0 Label operation: Push 299856, Push 299792(top) Label TTL action: prop-ttl, prop-ttl(top) State: <ForwardingOnly Int Ext> Inactive reason: Forwarding use only Age: 3:38 Metric: 20 Validation State: unverified Task: RT Announcement bits (1): 0-KRT AS path: 200 I
了解主机快速重新路由
主机快速重新路由 (HFRR) 将预计算的保护路径添加到数据包转发引擎 (PFE) 中,这样,如果提供商边缘设备和服务器群之间的链路无法进行转发,PFE 可以使用另一条路径,而不必等待路由器或协议提供更新的转发信息。这种预先计算的保护路径通常称为修复或备份路径。
HFRR 是一种可保护多点接口(如以太网)上的 IP 端点的技术。对于服务器端点的快速服务恢复至关重要的数据中心,这项技术非常重要。接口或链路中断后,HFRR 使本地修复时间约为 50 毫秒。
考虑 图 3 所示的网络拓扑。
路由设备会创建由地址解析协议 (ARP) 和 IPv6 邻接方发现协议 (NDP) 触发的主机路由转发条目。HFRR 通过路由协议提供的备份下一跃点增强主机路由。这些备份的下一跳使到达流量能够在网络重新融合时保持流动。
流量从连接到提供商边缘设备 PE1 和 PE2 的网络流向主机 A 和主机 B。此流量受 HFRR 保护。如果设备 PE2 和主机服务器之间的链路中断,流量将通过设备 PE1 重新路由到主机服务器。在拓扑中,主机 A 和主机 B 表示 LAN PC,统称服务器群。PE 设备是在它们之间配置了第 3 层 VPN 的路由器。设备 PE1 通过 ARP 或 IPv6 NDP 了解直连主机。
设备 PE2 还具有有关服务器群网络的信息,并将此信息播发至设备 PE1。此播发使用内部 BGP (IBGP) 通过第 3 层 VPN 传输。在设备 PE1 和 PE2 上,此路由被视为到服务器群子网的直接路由。
设备 PE1 使用通过 ARP 和 NDP 学习的主机路由将流量发送到服务器群中的主机计算机。如果设备 PE1 和服务器群之间的链路中断,并且未配置 HFRR,则路由设备会查找下一个最佳路由,即 IBGP 路由。这种实施方式会导致一定间隔的流量丢失,直到更新发生和网络重新融合。在设备 PE1 上配置的 HFRR 通过使用备份路径增强 ARP 和 NDP 路由来解决此问题,以便流量可以持续转发而不会中断。
此特定拓扑中的备份路径是 IBGP 第 3 层 VPN 路由。在实际部署中,设备 PE2 还可以为其直连服务器群网络配置链路保护,设备 PE1 可以使用第 3 层 VPN 路由向设备 PE2 通过自身向服务器群通告可访问性。因此,应在设备 PE1 和设备 PE2 上启用 HFRR。此外,设备 PE1 和设备 PE2 都应通过 BGP 向服务器群通告可访问性。
例如,如果设备 PE1 到服务器群之间的链路以及设备 PE2 到服务器群之间的链路同时中断,则可以在 PE 设备之间发展临时路由环路。环路可以持续进行,直到两端的 BGP 得知服务器群子网已关闭并撤回 BGP 路由。
ARP 前缀限制和停电补充超时
配置 HFRR 配置文件时,可选的 ARP 前缀限制会为 ARP 路由数设置最大值,从而为路由表中的每个 HFRR 配置文件创建 FRR 路由。此限制可防止 ARP 攻击耗尽路由设备上的虚拟内存。ARP 前缀限制不会限制转发表表中的 ARP 路由。但是,它限制了 Junos OS 为配置文件读取的 ARP 路由数量,因此限制了路由进程 (rpd) 在路由表和转发表中创建的 HFRR 路由数量。
ARP 前缀限制会应用于每个 HFRR 配置文件。它不会限制路由表中所有 ARP/HFRR 路由的总计数。它仅限制每个 HFRR 配置文件的 ARP/HFRR 路由数量。
有两个配置语句 (global-arp-prefix-limit
和 arp-prefix-limit
) 用于设置 ARP 前缀限制,一个分别在全局 [edit routing-options host-fast-reroute]
层次结构级别,另一个在 [edit routing-instances instance-name routing-options interface interface-name]
层次结构级别。全局 global-arp-prefix-limit
语句为路由设备上配置的所有 HFRR 配置文件设置默认 ARP 前缀限制。语句 arp-prefix-limit
将覆盖该 global-arp-prefix-limit
受保护接口的 HFRR 配置文件。
当 HFRR 配置文件中的 ARP 路由数量达到配置的 ARP 前缀限制的 80% 时,将向系统日志发送一条警告消息。如果 ARP 前缀保持在配置值 80% 以上,则对于添加到该 HFRR 配置文件的任何后续 ARP 路由,将显示警告消息。
当 HFRR 配置文件中的 ARP 路由数量达到 HFRR 配置文件配置的 ARP 前缀限制的 100% 时,另一条警告消息将发送到系统日志。当数字超过 100% 阈值时,HFRR 配置文件将停用。发生这种情况时,将从路由表中删除所有 ARP/FRR 路由。FRR 路由也会从转发表中删除。
HFRR 配置文件停用后,将启动一个停电计时器。此计时器的超时值是 ARP 缓存超时(内核超时)+ 补充黑线计时器。
有全局语句和 per-HFRR CLI 语句(global-supplementary-blackout-timer
和 supplementary-blackout-timer
)。全局值位于 [edit routing-options host-fast-reroute]
层次结构级别,适用于路由设备上的所有 HFRR 配置文件。为层级的路由实例接口 [edit routing-instances instance-name routing-options interface interface-name]
配置的补充黑线计时器仅覆盖该 HFRR 配置文件的全局值。
黑发计时器到期后,将重新激活 HFRR 配置文件,并且 Junos OS 将重新学习 ARP 路由并重新创建 HFRR 路由。如果再次未超过 ARP 前缀限制,HFRR 路由将启动。
如果 HFRR 配置文件被屏蔽并处于已停用状态,则在每个提交操作期间或每次使用 restart routing
命令重新启动路由进程 (rpd) 时,都会对 ARP 状态进行重新评估。
主要路由和备用路由候选项
HFRR 下一跃点的主路由由 ARP 和 IPv6 NDP 路由提供。这些是 /32 或 /128 路由。备份路由是在本地接口上配置的地址的确切前缀匹配。例如,如果配置的本地地址为 10.0.0.5/24,则路由设备会查找前缀 10.0.0.0 的完全匹配,前缀长度为 24,以便选择备份路由。
备份路由选择的约束条件如下所示:
前缀必须与在路由设备的支持 HFRR 的接口上配置的相同子网地址匹配。
远程端不得配置路由聚合(也称为汇总)。例如,如果远程端组合了两个或多个 /24 子网来播发前缀长度小于 /24 的子网,Junos OS 不会选择此汇总路由作为备份路由。
如果路由表中有另一个路由由另一个协议获知,该协议与 /32 或 /128(ARP 或 NDP) 路由的前缀匹配时间最长,则不会选择该路由作为备用候选路由。例如,假设本地接口地址为 10.0.0.5/24。此外,假设路由表包含前缀为 10.0.0.0/24 的 IBGP 路由和前缀为 10.0.0.0/28 的 OSPF 路由。即使 /28 路由是子网中某些前缀的更好路由,但 Junos OS 不会将 10.0.0.0/28 视为备用候选项。IBGP 路由将成为所有主机路由的备份候选路由。但是,在进行全局修复后,将使用 OSPF 路由进行转发。
简而言之,备份候选项必须是具有与使用 HFRR 保护的子网本地接口相同的前缀的路由。
备份路径选择策略
备份选择仅考虑第 3 层 VPN 路由。HFRR 使用通常的 BGP 路径选择算法来选择一个最佳备份路由。仅选择一个备份路径。如果有多个备用路径候选路径,则选择算法会选择最佳备份路径。HFRR 在任何时间点仅提供两条路径,一条主路径,一条备份路径。如果所选的备份路径本身有两个路径,则该备份下一跃点中的第一个路径将用作 HFRR 路由的备份下一跃点。
主路径的安装权重为 1。备份路径的安装重量为 0x4000。显然,备份路径必须是通过与主接口不同的接口的路径。
备份路由仅在接口所属的路由表中进行查找。对于 IPv4,Junos OS 使用 routing-instance-name.inet.0。对于 IPv6,Junos OS 在 .inet6.0 中 routing-instance-name。
HFRR 路由的特征
HFRR 路由是仅可转发的路由,不用于路由解析。HFRR 路由有主机地址,这意味着它们以 /32 或 /128 作为前缀长度。如果平台具有双路由引擎,备份路由进程 (rpd) 也会创建 HFRR 路由。但是,在路由引擎切换后,备份路由进程 (rpd) 不会将 HFRR 路由安装到路由表的 HFRR 路由。
另请注意,如果路由表中存在 HFRR 路由,将使用 HFRR 路由进行单播逆向路径转发 (uRPF) 计算。
删除 HFRR 路由
如果在配置中删除或停用受保护的接口,在路由实例上配置 HFRR 且路由实例已停用或删除,或者启用 HFRR (link-protection (Host Fast Reroute)
) 的语句被删除或停用时,HFRR 路由将被删除。当路由实例发生灾难性操作(例如路由进程重新启动时)时,HFRR 路由将被删除并读取。如果删除所有备份路由,HFRR 路由也将被删除。例如当 BGP 撤回路由时,或者当 BGP 停用或删除时。
受保护接口关闭且 HFRR 被删除或停用后,计时器将从超时开始 20 秒。HFRR 路由删除将在计时器到期后进行。这是为了确保在接口发生翻动(快速上下翻动)时,Junos OS 不会执行导致流量丢失的不必要路由删除和添加操作。仅当接口关闭或 HFRR 路由被删除或停用时,才会使用此计时器。
在以下情况下,HFRR 路由将立即清除:
备份路由出现故障,没有其他潜在的备用路径。
收到 ARP 删除消息。
路由进程 (rpd) 终止。
支持 HFRR 的接口
仅在以太网接口上允许 HFRR。如果在点对点接口上配置 HFRR,提交操作将失败。
仅接受在 VPN 路由和转发 (VRF) 类型的路由实例下配置的接口。如果在其他类型的路由实例上配置 HFRR,提交操作将失败。
未满足以下要求时,提交操作不会失败。但是,接口不受 HFRR 保护,接口在命令输出中 show hfrr profiles
被标记为非活动:
仅在编号接口上允许 HFRR,这意味着必须向接口分配地址。例如,您不能在接口上配置地址为 IPv4,而没有地址的 IPv6 则不能。
为 HFRR 保护配置的接口必须在层次结构级别上配置
[edit interfaces]
,并且还必须连接到路由实例。路由实例必须具有虚拟隧道 (VT) 接口或随附的
vrf-table-label
语句。
接口在命令输出中 show hfrr profiles
可能标记为非活动的另一个原因是接口正在从一个实例迁移到另一个实例,而 HFRR 配置处于上一个路由实例中。
如果重叠逻辑单元属于同一路由实例,则 HFRR 在它们上不受支持,如下所示:
user@host # show interfaces ge-0/0/2 { vlan-tagging; unit 0 { vlan-id 1; family inet { address 172.16.0.4/16; # same subnet } } unit 1 { vlan-id 2; family inet { address 172.16.0.5/16; # same subnet } } }
如果按此处所示配置重叠子网,并在两个重叠子网上启用 HFRR,则路由协议进程 (rpd) 将生成RPD_ASSERT错误。
另请参阅
示例:使用主机快速重新路由配置链路保护
此示例说明如何配置主机快速重新路由 (HFRR)。HFRR 可保护多点接口(如以太网)上的 IP 端点。
要求
此示例使用以下硬件和软件组件:
两个提供商边缘 (PE) 设备和四个提供商 (P) 设备。
示例假设 PE 设备后面存在主机。
该示例假设至少将一个第 3 层交换机(如 EX 系列交换机)连接到主机。
Junos OS 11.4R2 或更高版本。
概述
在此示例中,流量从连接到 PE 设备的网络流向服务器主机。此流量受 HFRR 保护。如果一个 PE 设备和服务器群之间的链路中断,流量将通过另一个 PE 设备重新路由到服务器群。
您可以通过将 link-protection
语句添加到路由实例中的接口配置来配置 HFRR。
[edit routing-instances cust1 routing-options] set interface ge-4/1/0.0 link-protection (Host Fast Reroute)
建议将此语句包含在通过多点接口连接到服务器群的所有 PE 设备上。
在此示例中,PE 设备通过第 3 层 VPN 路由和 BGP 向其服务器群通告可访问性。
作为可选设置,PE 设备配置了不间断主动路由和虚拟路由器冗余协议 (VRRP) 的高可用性功能。不间断主动路由 (NSR) 使具有冗余路由引擎的路由平台能够从主路由引擎切换到备份路由引擎,而无需向对等节点发出变更警报,并且不会丢失路由和协议信息。VRRP 提供将可用路由器自动分配给参与的主机,从而提高路由路径的可用性和可靠性。
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层次结构级别的 CLI 中 [edit]
。
设备 PE1
set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 set interfaces ge-4/1/0 unit 0 description toPE2 set interfaces ge-0/2/0 unit 0 family inet address 10.10.10.1/30 set interfaces ge-0/2/0 unit 0 description toP1 set interfaces ge-0/2/0 unit 0 family mpls set interfaces ge-0/2/4 unit 0 family inet address 10.10.15.2/30 set interfaces ge-0/2/4 unit 0 description toP5 set interfaces ge-0/2/4 unit 0 family mpls set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 vrrp-group 1 virtual-address 192.0.2.5 set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 vrrp-group 1 priority 240 set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 vrrp-group 1 fast-interval 100 set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 vrrp-group 1 preempt set interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24 vrrp-group 1 accept-data set interfaces lo0 unit 0 family inet address 10.255.8.207/32 set protocols mpls interface ge-0/2/0.0 set protocols mpls interface ge-0/2/4.0 set protocols bgp group pe-ce type internal set protocols bgp group pe-ce local-address 10.255.8.207 set protocols bgp group pe-ce family inet-vpn unicast set protocols bgp group pe-ce neighbor 10.255.8.86 set protocols bgp group pe-ce export send-routes set protocols ospf area 0.0.0.0 interface ge-0/2/0.0 set protocols ospf area 0.0.0.0 interface ge-0/2/4.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-0/2/0.0 set protocols ldp interface ge-0/2/4.0 set policy-options policy-statement send-routes term 1 from protocol direct set policy-options policy-statement send-routes term 1 from protocol local set policy-options policy-statement send-routes term 1 then accept set routing-options nonstop-routing set routing-options autonomous-system 100 set routing-instances cust1 instance-type vrf set routing-instances cust1 interface ge-4/1/0.0 set routing-instances cust1 route-distinguisher 100:100 set routing-instances cust1 vrf-target target:100:100 set routing-instances cust1 vrf-table-label set routing-instances cust1 routing-options interface ge-4/1/0.0 link-protection
设备 PE2
set interfaces ge-0/0/2 unit 0 family inet address 10.10.12.2/30 set interfaces ge-0/0/2 unit 0 description toP2 set interfaces ge-0/0/2 unit 0 family mpls set interfaces ge-0/1/2 unit 0 family inet address 10.10.13.1/30 set interfaces ge-0/1/2 unit 0 description toP4 set interfaces ge-0/1/2 unit 0 family mpls set interfaces ge-2/0/2 unit 0 family inet address 192.0.2.3/24 set interfaces ge-2/0/2 unit 0 description toPE1 set interfaces ge-2/0/2 unit 0 family inet address 192.0.2.3/24 vrrp-group 1 virtual-address 192.0.2.5 set interfaces ge-2/0/2 unit 0 family inet address 192.0.2.3/24 vrrp-group 1 fast-interval 100 set interfaces ge-2/0/2 unit 0 family inet address 192.0.2.3/24 vrrp-group 1 preempt set interfaces ge-2/0/2 unit 0 family inet address 192.0.2.3/24 vrrp-group 1 accept-data set interfaces lo0 unit 0 family inet address 10.255.8.86/32 set protocols mpls interface ge-0/0/2.0 set protocols mpls interface ge-0/1/2.0 set protocols bgp group pe-ce type internal set protocols bgp group pe-ce export send-routes set protocols bgp group pe-ce local-address 10.255.8.86 set protocols bgp group pe-ce family inet-vpn unicast set protocols bgp group pe-ce neighbor 10.255.8.207 set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 set protocols ospf area 0.0.0.0 interface ge-0/1/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-0/0/2.0 set protocols ldp interface ge-0/1/2.0 set policy-options policy-statement send-routes term 1 from protocol direct set policy-options policy-statement send-routes term 1 from protocol local set policy-options policy-statement send-routes term 1 then accept set routing-options nonstop-routing set routing-options autonomous-system 100 set routing-instances cust1 instance-type vrf set routing-instances cust1 interface ge-2/0/2.0 set routing-instances cust1 route-distinguisher 100:100 set routing-instances cust1 vrf-target target:100:100 set routing-instances cust1 vrf-table-label set routing-instances cust1 routing-options interface ge-2/0/2.0 link-protection
设备 P1
set interfaces ge-0/0/3 unit 0 family inet address 10.10.11.1/30 set interfaces ge-0/0/3 unit 0 description toP2 set interfaces ge-0/0/3 unit 0 family mpls set interfaces ge-0/0/4 unit 0 family inet address 10.10.10.2/30 set interfaces ge-0/0/4 unit 0 description toPE1 set interfaces ge-0/0/4 unit 0 family mpls set protocols mpls interface ge-0/0/4.0 set protocols mpls interface ge-0/0/3.0 set protocols ospf area 0.0.0.0 interface ge-0/0/4.0 set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-0/0/3.0 set protocols ldp interface ge-0/0/4.0 set routing-options autonomous-system 100
设备 P2
set interfaces ge-0/2/1 unit 0 family inet address 10.10.12.1/30 set interfaces ge-0/2/1 unit 0 description toPE2 set interfaces ge-0/2/1 unit 0 family mpls set interfaces ge-1/2/1 unit 0 family inet address 10.10.11.2/30 set interfaces ge-1/2/1 unit 0 description toP1 set interfaces ge-1/2/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.8.246/32 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set routing-options autonomous-system 100
设备 P4
set interfaces ge-0/2/3 unit 0 family inet address 10.10.13.2/30 set interfaces ge-0/2/3 unit 0 description toPE2 set interfaces ge-0/2/3 unit 0 family mpls set interfaces ge-1/3/3 unit 0 family inet address 10.10.14.1/30 set interfaces ge-1/3/3 unit 0 description toP5 set interfaces ge-1/3/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.8.4/32 set protocols mpls interface ge-0/2/3.0 set protocols mpls interface ge-1/3/3.0 set protocols ospf area 0.0.0.0 interface ge-0/2/3.0 set protocols ospf area 0.0.0.0 interface ge-1/3/3.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-0/2/3.0 set protocols ldp interface ge-1/3/3.0 set routing-options autonomous-system 100
设备 P5
set interfaces ge-0/1/2 unit 0 family inet address 10.10.15.1/30 set interfaces ge-0/1/2 unit 0 description toPE1 set interfaces ge-0/1/2 unit 0 family mpls set interfaces ge-0/1/5 unit 0 family inet address 10.10.14.2/30 set interfaces ge-0/1/5 unit 0 description toP4 set interfaces ge-0/1/5 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.8.5/32 set protocols mpls interface ge-0/1/5.0 set protocols mpls interface ge-0/1/2.0 set protocols ospf area 0.0.0.0 interface ge-0/1/5.0 set protocols ospf area 0.0.0.0 interface ge-0/1/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-0/1/2.0 set protocols ldp interface ge-0/1/5.0 set routing-options autonomous-system 100
程序
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 CLI 用户指南中的在配置模式下使用 CLI 编辑器。
要配置 HFRR:
配置接口。
[edit interfaces] user@PE1# set ge-4/1/0 unit 0 family inet address 192.0.2.2/24 user@PE1# set ge-4/1/0 unit 0 description toPE2 user@PE1# set ge-0/2/0 unit 0 family inet address 10.10.10.1/30 user@PE1# set ge-0/2/0 unit 0 description toP1 user@PE1# set ge-0/2/0 unit 0 family mpls user@PE1# set ge-0/2/4 unit 0 family inet address 10.10.15.2/30 user@PE1# set ge-0/2/4 unit 0 description toP5 user@PE1# set ge-0/2/4 unit 0 family mpls user@PE1# set lo0 unit 0 family inet address 10.255.8.207/32
(可选)在接口上配置 VRRP 到设备 PE2。
[edit interfaces ge-4/1/0 unit 0 family inet address 192.0.2.2/24] user@PE1# set vrrp-group 1 virtual-address 192.0.2.5 user@PE1# set vrrp-group 1 priority 240 user@PE1# set vrrp-group 1 fast-interval 100 user@PE1# set vrrp-group 1 preempt user@PE1# set vrrp-group 1 accept-data
在接口上配置 MPLS。
[edit protocols mpls] user@PE1# set interface ge-0/2/0.0 user@PE1# set interface ge-0/2/4.0
配置 BGP。
[edit protocols bgp group pe-ce] user@PE1# set type internal user@PE1# set local-address 10.255.8.207 user@PE1# set family inet-vpn unicast user@PE1# set neighbor 10.255.8.86 user@PE1# set export send-routes
配置用于播发直接和本地接口路由的策略。
[edit policy-options policy-statement send-routes term 1] user@PE1# set from protocol direct user@PE1# set from protocol local user@PE1# set then accept
配置内部网关协议,如 IS-IS 或 OSPF。
[edit protocols ospf area 0.0.0.0] user@PE1# set interface ge-0/2/0.0 user@PE1# set interface ge-0/2/4.0 user@PE1# set interface lo0.0 passive
配置信令协议,例如 RSVP 或 LDP。
[edit protocols ldp] user@PE1# set interface ge-0/2/0.0 user@PE1# set interface ge-0/2/4.0
(可选)配置不间断活动路由。
[edit routing-options] user@PE1# set nonstop-routing
配置自治系统 (AS)。
[edit routing-options] user@PE1# set routing-options autonomous-system 100
配置第 3 层 VPN 路由实例。
[edit routing-instances cust1] user@PE1# set instance-type vrf user@PE1# set interface ge-4/1/0.0 user@PE1# set route-distinguisher 100:100 user@PE1# set vrf-target target:100:100 user@PE1# set vrf-table-label
配置 HFRR 链路保护。
[edit routing-instances cust1 routing-options] user@PE1# set interface ge-4/1/0.0 link-protection (Host Fast Reroute)
完成设备配置后,提交配置。
[edit] user@PE1# commit
结果
通过发出 show interfaces
、 、 show protocols
show policy-options
、 show routing-options
、 和show routing-instances
命令来确认您的配置。
user@PE1# show interfaces ge-4/1/0 { unit 0 { description toPE2; family inet { address 192.0.2.2/24 { vrrp-group 1 { virtual-address 192.0.2.5; priority 240; fast-interval 100; preempt; accept-data; } } } } } ge-0/2/0 { unit 0 { description toP1; family inet { address 10.10.10.1/30; } family mpls; } } ge-0/2/4 { unit 0 { description toP5; family inet { address 10.10.15.2/30; } family mpls; } } lo0 { unit 0 { family inet { address 10.255.8.207/32; } } }
user@PE1# show protocols mpls { interface ge-0/2/0.0; interface ge-0/2/4.0; } bgp { group pe-ce { export-send-routes; type internal; local-address 10.255.8.207; family inet-vpn { unicast; } neighbor 10.255.8.86; } } ospf { area 0.0.0.0 { interface ge-0/2/0.0; interface ge-0/2/4.0; interface lo0.0 { passive; } } } ldp { interface ge-0/2/0.0; interface ge-0/2/4.0; }
user@PE1# show policy-options policy-statement send-routes { term 1 { from protocol [ direct local ]; then accept; } }
user@PE1# show routing-options nonstop-routing; autonomous-system 100;
user@PE1# show routing-instances cust1 { instance-type vrf; interface ge-4/1/0.0; route-distinguisher 100:100; vrf-target target:100:100; vrf-table-label; routing-options { interface { ge-4/1/0.0 { link-protection; } } } }
验证
确认配置工作正常。
验证 HFRR
目的
请确保启用 HFRR。
行动
user@PE1> show hfrr profiles HFRR pointer: 0x9250000 HFRR Current State: HFRR_ACTIVE HFRR Protected IFL Name: ge-4/1/0.0 HFRR Protected IFL Handle: 0x921086c HFRR Routing Instance Name: cust1 HFRR Routing Instance Handle: 0x9129740 HFRR Sync BG Sceduled: NO HFRR RTS Filter On: YES HFRR Delete BG Scheduled: NO HFRR Num ARP Routes learnt: 100 HFRR Num FRR Routes Created: 100
意义
输出显示,HFRR 在接口 ge-4/1/0.0 上已启用。
验证 ARP 路由
目的
确保学习了预期的 ARP 路由。
行动
user@PE1> show route protocol arp inet.0: 43 destinations, 43 routes (42 active, 0 holddown, 1 hidden) inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) cust1.inet.0: 1033 destinations, 2043 routes (1033 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.0.2.3/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.4/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.5/24 @[ARP/4294967293] 00:04:32, from 192.0.2.1 Unusable 192.0.2.6/24 @[ARP/4294967293] 00:04:34, from 192.0.2.1 Unusable 192.0.2.7/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.8/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.9/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.10/24 @[ARP/4294967293] 00:04:35, from 192.0.2.1 Unusable 192.0.2.11/24 @[ARP/4294967293] 00:04:33, from 192.0.2.1 Unusable 192.0.2.12/24 @[ARP/4294967293] 00:04:33, from 192.0.2.1 Unusable 192.0.2.13/24 @[ARP/4294967293] 00:04:33, from 192.0.2.1 Unusable ...
验证快速重新路由路由
目的
请确保学习预期的快速重新路由 (FRR) 路由。
行动
user@PE1> show route protocol frr inet.0: 43 destinations, 43 routes (42 active, 0 holddown, 1 hidden) inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) cust1.inet.0: 1033 destinations, 2043 routes (1033 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.0.2.3/24 #[FRR/200] 00:05:38, from 192.0.2.1 > to 192.0.2.3 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.4/24 #[FRR/200] 00:05:38, from 192.0.2.1 > to 192.0.2.4 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.5/24 #[FRR/200] 00:05:35, from 192.0.2.1 > to 192.0.2.5 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.6/24 #[FRR/200] 00:05:37, from 192.0.2.1 > to 192.0.2.6 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.7/24 #[FRR/200] 00:05:38, from 192.0.2.1 > to 192.0.2.7 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.8/24 #[FRR/200] 00:05:38, from 192.0.2.1 > to 192.0.2.8 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.9/24 #[FRR/200] 00:05:38, from 192.0.2.1 > to 192.0.2.9 via ge-4/1/0.0 to 10.10.15.1 via ge-0/2/4.0, Push 16, Push 299792(top) 192.0.2.10/24 #[FRR/200] 00:05:38, from 192.0.2.1 ...
验证转发
目的
请确保预期的路由显示在转发表中。
行动
user@PE1> show route forwarding-table destination 192.0.2.3 Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 36 1 Routing table: default-switch.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 554 1 Routing table: __master.anon__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 532 1 Routing table: cust1.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 192.0.2.3/24 user 0 ulst 1048575 2 0:0:14:14:1:3 ucst 767 3 ge-4/1/0.0 indr 1048574 1001 10.10.15.1 Push 16, Push 299792(top) 1262 2 ge-0/2/4.0 192.0.2.3/24 dest 0 0:0:14:14:1:3 ucst 767 3 ge-4/1/0.0 ...