例:トランスポートクラストンネルを介したEVPN-VPWSの設定
概要
この例では、基本的なネットワークトポロジーを使用して、PE1とPE2の間の2つのRSVP-TEトランスポートクラストンネルにEVPN-VPWSを設定します。2つのトランスポートクラスを定義し、異なるトンネルをトランスポートクラスに割り当てます。以下の機能でデバイスを構成します。
-
EVPN-VPWS ルーティング インスタンス。
-
MPLS LSP と BGP を使用した RSVP-TE トンネル
-
ゴールドとブロンズのトランスポートクラス。
-
ゴールドとブロンズのトランスポートクラスに別々のコミュニティを指定するポリシーフィルター。
必要条件
-
PE ルーターとして設定された 2 台の MX シリーズ ルーター
-
ルートリフレクタとして設定された1台のMXシリーズルーター
-
すべてのデバイスでJunos OSリリース23.1R1以降が動作していること。
位相幾何学
図 1 は、2 台の PE デバイスと、PE デバイス間のルートを転送するルート リフレクタを使用した基本的なトポロジーを示しています。CEデバイスのペアは、それぞれPE1とPE2に接続されています。PE1 と PE2 は、CE1 と CE2 からのトラフィックをゴールド トンネル経由でルーティングし、CE3 と CE4 からのトラフィックをブロンズ トンネル経由でルーティングします。
構成
CLIクイック構成
この例を素早く設定するには、以下のコマンドをコピーしてテキスト・ファイルに貼り付け、改行を削除し、ネットワーク構成に合わせて必要な内容を変更した後、[edit]階層レベルのCLIにコマンドをコピー&ペーストしてください。PE1、PE2、およびRRの設定は次のとおりです。
PE1
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description pe1-rr set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 vlan-tagging set interfaces ge-0/0/2 encapsulation flexible-ethernet-services set interfaces ge-0/0/2 unit 4 description pe1-ce1 set interfaces ge-0/0/2 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 4 vlan-id 300 set interfaces ge-0/0/2 unit 5 description pe1-ce3 set interfaces ge-0/0/2 unit 5 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 5 vlan-id 301 set interfaces lo0 unit 0 family inet address 10.0.255.1/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0001.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2gold set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add rt-evpnvpws-2 set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws-2 term a then accept set policy-options policy-statement vrf-export-evpnvpws-2 term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws-2 term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws-2 term a from community rt-evpnvpws-2 set policy-options policy-statement vrf-import-evpnvpws-2 term a then accept set policy-options policy-statement vrf-import-evpnvpws-2 term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set policy-options community rt-evpnvpws-2 members target:300:1 set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id local 102 set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id remote 201 set routing-instances evpn-vpws interface ge-0/0/2.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-instances evpn-vpws-2 instance-type evpn-vpws set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id local 103 set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id remote 301 set routing-instances evpn-vpws-2 interface ge-0/0/2.5 set routing-instances evpn-vpws-2 route-distinguisher 65000:2 set routing-instances evpn-vpws-2 vrf-import vrf-import-evpnvpws-2 set routing-instances evpn-vpws-2 vrf-export vrf-export-evpnvpws-2 set routing-options route-distinguisher-id 10.0.255.1 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.1 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200 set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.1 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe1-rr to 10.0.255.3 set protocols mpls label-switched-path pe1-pe2 to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold transport-class gold set protocols mpls label-switched-path pe1-pe2-bronze to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-bronze transport-class bronze set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
PE2
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description pe2-rr set interfaces ge-0/0/0 unit 0 family inet address 10.2.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/4 description pe2-ce2 set interfaces ge-0/0/4 vlan-tagging set interfaces ge-0/0/4 encapsulation flexible-ethernet-services set interfaces ge-0/0/4 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/4 unit 4 vlan-id 300 set interfaces lo0 unit 0 family inet address 10.0.255.2/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0002.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/4.4 vpws-service-id local 201 set routing-instances evpn-vpws protocols evpn interface ge-0/0/4.4 vpws-service-id remote 102 set routing-instances evpn-vpws interface ge-0/0/4.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-options route-distinguisher-id 10.0.255.2 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.2 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200 set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.2 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe2-pe1-gold to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-gold transport-class gold set protocols mpls label-switched-path pe2-pe1 to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-bronze to 10.0.255.1 set protocols mpls label-switched-path pe2-pe1-bronze transport-class bronze set protocols mpls label-switched-path pe2-rr to 10.0.255.3 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
ティッカー
set chassis network-services enhanced-ip set interfaces ge-0/0/0 description rr-pe1 set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 description rr-pe2 set interfaces ge-0/0/2 unit 0 family inet address 10.2.1.2/24 set interfaces ge-0/0/2 unit 0 family iso set interfaces ge-0/0/2 unit 0 family mpls set interfaces lo0 apply-groups-except global set interfaces lo0 unit 0 family inet address 10.0.255.3/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0003.00 set interfaces lo0 unit 0 family mpls set policy-options policy-statement pplb then load-balance per-packet set routing-options route-distinguisher-id 10.0.255.3 set routing-options router-id 10.0.255.3 set routing-options autonomous-system 65000 set routing-options transport-class auto-create set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.3 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs cluster 10.0.255.3 set protocols bgp group BGP_PEERs neighbor 10.0.255.1 set protocols bgp group BGP_PEERs neighbor 10.0.255.2 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path rr-pe1 to 10.0.255.1 set protocols mpls label-switched-path rr-pe2 to 10.0.255.2 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable
手順
PEデバイスでトランスポートクラストンネルを設定するには、次の手順に従います。
-
拡張IPおよびトンネルサービスをサポートするようにデバイスを設定します。
[edit] set chassis network-services enhanced-ip
-
インターフェイスを設定します。
[edit] set interfaces ge-0/0/0 description pe1-rr set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/2 vlan-tagging set interfaces ge-0/0/2 encapsulation flexible-ethernet-services set interfaces ge-0/0/2 unit 4 description pe1-ce1 set interfaces ge-0/0/2 unit 4 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 4 vlan-id 300 set interfaces ge-0/0/2 unit 5 description pe1-ce3 set interfaces ge-0/0/2 unit 5 encapsulation vlan-ccc set interfaces ge-0/0/2 unit 5 vlan-id 301 set interfaces lo0 unit 0 family inet address 10.0.255.1/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0255.0001.00 set interfaces lo0 unit 0 family mpls
-
PE1でゴールドとブロンズのトランスポートクラスを定義します。
[edit] set routing-options transport-class auto-create set routing-options transport-class name gold color 100 set routing-options transport-class name bronze color 200
-
トランスポートトンネルをサポートするためのルーティングプロトコルとルーティングオプションを設定します。ここでは、MPLS LSP と BGP で RSVP-TE を使用しています。
[edit] set protocols bgp group BGP_PEERs type internal set protocols bgp group BGP_PEERs local-address 10.0.255.1 set protocols bgp group BGP_PEERs family inet transport set protocols bgp group BGP_PEERs family evpn signaling set protocols bgp group BGP_PEERs neighbor 10.0.255.3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols mpls label-switched-path pe1-rr to 10.0.255.3 set protocols mpls label-switched-path pe1-pe2 to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-gold transport-class gold set protocols mpls label-switched-path pe1-pe2-bronze to 10.0.255.2 set protocols mpls label-switched-path pe1-pe2-bronze transport-class bronze set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set routing-options route-distinguisher-id 10.0.255.1 set routing-options resolution preserve-nexthop-hierarchy set routing-options router-id 10.0.255.1 set routing-options autonomous-system 65000
-
トランスポートトンネルにEVPNルートを適用するようにポリシーを設定します。
vrf-export
を使用して、リモート PE にトンネルをアドバタイズします。[edit] set policy-options policy-statement vrf-export-evpnvpws term a then community add rt-evpnvpws set policy-options policy-statement vrf-export-evpnvpws term a then community add map2gold set policy-options policy-statement vrf-export-evpnvpws term a then accept set policy-options policy-statement vrf-export-evpnvpws term b then reject set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add rt-evpnvpws-2 set policy-options policy-statement vrf-export-evpnvpws-2 term a then community add map2bronze set policy-options policy-statement vrf-export-evpnvpws-2 term a then accept set policy-options policy-statement vrf-export-evpnvpws-2 term b then reject set policy-options policy-statement vrf-import-evpnvpws term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws term a from community rt-evpnvpws set policy-options policy-statement vrf-import-evpnvpws term a then accept set policy-options policy-statement vrf-import-evpnvpws term b then reject set policy-options policy-statement vrf-import-evpnvpws-2 term a from protocol bgp set policy-options policy-statement vrf-import-evpnvpws-2 term a from community rt-evpnvpws-2 set policy-options policy-statement vrf-import-evpnvpws-2 term a then accept set policy-options policy-statement vrf-import-evpnvpws-2 term b then reject set policy-options community map2bronze members color:0:200 set policy-options community map2gold members color:0:100 set policy-options community rt-evpnvpws members target:200:1 set policy-options community rt-evpnvpws-2 members target:300:1
-
上記のポリシーを使用する EVPN-VPWS ルーティング インスタンスを構成します。
[edit] set routing-instances evpn-vpws instance-type evpn-vpws set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id local 102 set routing-instances evpn-vpws protocols evpn interface ge-0/0/2.4 vpws-service-id remote 201 set routing-instances evpn-vpws interface ge-0/0/2.4 set routing-instances evpn-vpws route-distinguisher 65000:1 set routing-instances evpn-vpws vrf-import vrf-import-evpnvpws set routing-instances evpn-vpws vrf-export vrf-export-evpnvpws set routing-instances evpn-vpws-2 instance-type evpn-vpws set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id local 103 set routing-instances evpn-vpws-2 protocols evpn interface ge-0/0/2.5 vpws-service-id remote 301 set routing-instances evpn-vpws-2 interface ge-0/0/2.5 set routing-instances evpn-vpws-2 route-distinguisher 65000:2 set routing-instances evpn-vpws-2 vrf-import vrf-import-evpnvpws-2 set routing-instances evpn-vpws-2 vrf-export vrf-export-evpnvpws-2
検証
設定が正常に機能していることを確認します。
トンネル内のパケット フローの検証
目的
PEデバイスが、トランスポートクラスに関連付けられたRSVP LSPトンネルでパケットをルーティングしていることを確認します。
アクション
CE1の運用モードから、CE2 ping
。
user@CE1> ping 172.16.0.2 count 10 rapid PING 172.16.0.2 (172.16.0.2): 56 data bytes !!!!!!!!!! --- 172.16.0.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.795/4.276/5.075/0.269 ms
CE3の運用モードから、CE4 ping
。
user@CE3> ping 172.16.1.2 count 20 rapid PING 172.16.1.2 (172.16.1.2): 56 data bytes !!!!!!!!!!!!!!!!!!!! --- 172.16.1.2 ping statistics --- 20 packets transmitted, 20 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.631/4.380/7.976/0.608 ms
PE1 の運用モードから、 show mpls lsp statistics
コマンドを実行して LSP 情報を表示します。
user@PE1> show mpls lsp statistics Ingress LSP: 4 sessions To From State Packets Bytes LSPname 10.0.255.2 10.0.255.1 Up 0 0 pe1-pe2 10.0.255.2 10.0.255.1 Up 20 2040 pe1-pe2-bronze 10.0.255.2 10.0.255.1 Up 10 1020 pe1-pe2-gold 10.0.255.3 10.0.255.1 Up 0 0 pe1-rr
意味
出力は、pingが成功したことを示しています。 show mpls lsp statistics
コマンドの出力は、パケットがブロンズとゴールドのトンネルにルーティングされたことを示しています。
設定されたトランスポートトンネルの確認
目的
EVPN が設定されたトランスポート トンネルを使用していることを確認します。
アクション
PE1の運用モードから、 show route table mpls.0 protocol evpn
コマンドを実行してLSPルートを特定します。
user@PE1> show route table mpls.0 protocol evpn mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 94 *[EVPN/7] 6d 01:07:24 > via ge-0/0/2.4, Pop 105 *[EVPN/7] 06:20:50 > via ge-0/0/2.5, Pop 106 *[EVPN/7] 06:17:47, remote-pe 10.0.255.2, routing-instance evpn-vpws-2, route-type Egress, vlan-id 301 > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-bronze 107 *[EVPN/7] 06:08:41, remote-pe 10.0.255.2, routing-instance evpn-vpws, route-type Egress, vlan-id 201 > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-gold ge-0/0/2.5 *[EVPN/7] 06:17:47, route-type Egress > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-bronze ge-0/0/2.4 *[EVPN/7] 06:08:41, route-type Egress > to 10.1.1.2 via ge-0/0/0.0, label-switched-path pe1-pe2-gold
PE1の運用モードから、ルートラベル番号を指定して show route table mpls.0 protocol evpn label label-number extensive
コマンドを実行し、トランスポートクラス情報を表示します。
user@PE1> show route table mpls.0 protocol evpn label 107 extensive mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) 107 (1 entry, 1 announced) TSI: KRT in-kernel 107 /52 -> {composite(554)} *EVPN Preference: 7 Next hop type: Indirect, Next hop index: 0 Transport class: gold Address: 0x7b406d4 Next-hop reference count: 5, key opaque handle: 0x0, non-key opaque handle: 0x0 Next hop type: Router, Next hop index: 549 Next hop: 10.1.1.2 via ge-0/0/0.0, selected Label-switched-path pe1-pe2-gold . . . regress@PE1> show route table mpls.0 protocol evpn label 106 extensive mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) 106 (1 entry, 1 announced) TSI: KRT in-kernel 106 /52 -> {composite(553)} *EVPN Preference: 7 Next hop type: Indirect, Next hop index: 0 Transport class: bronze Address: 0x7b40584 Next-hop reference count: 5, key opaque handle: 0x0, non-key opaque handle: 0x0 Next hop type: Router, Next hop index: 551 Next hop: 10.1.1.2 via ge-0/0/0.0, selected Label-switched-path pe1-pe2-bronze . . .
意味
PE1 と PE2 からの出力は、EVPN VPWS ルーティング インスタンスからゴールドとブロンズのトンネルを介してトラフィックをルーティングしていることを示しています。