一、实验拓扑
二、拓扑介绍
本实验中两台PE设备有主备两条链路,要实现MPLS网互通,需要配置4条LSP,每个方向需要配置2条LSP静态路由,主用链路是经过P_1的链路,备用链路是经过P_2的链路,主用链路的LSP命名为LSP1、LSP2,备用链路的LSP命名为LSP3、LSP4。
三、实验背景
BGP协议通过引入BFD与BGP联动功能,利用BFD的快速检测机制,迅速发现BGP对等体间链路的故障,并报告给BGP协议,从而实现BGP路由的快速收敛。BGP协议未绑定BFD依靠KEEPALIVE机制实现秒级保护,依靠绑定BFD可以实现毫秒级保护。
检测MPLS LSP的连通性时,BFD会话协商有静态配置BFD和动态创建BFD两种方式,其中,动态创建BFD方式只支持动态LSP,静态配置BFD方式则支持静态和动态LSP。
在LSP链路上建立BFD会话,利用BFD检测机制快速检测LSP链路的故障,提供端到端的保护,本文研究范围是静态BFD下的静态LSP链路保护。
BFD检测LSP的连通性,即Ingress和Egress之间相互周期性地发送BFD报文。如果任何一端在检测时间内没有收到对端发来的BFD报文,就认为LSP状态为Down,并向LSPM上报LSP Down消息。
要实现双向链路检查,主备链路有扼要各配置双向两个静态LSP BFD会话,本实验中如果不配置BFD也可以依靠OSPF路由协议实现LSP主备用链路的自动倒换,只是秒级倒换,不能实现毫秒级。
四、配置思路
1、在各PE、P路由器上配置所有接口包括LOOPBACK接口的IP;
2、在各PE、P路由器上启动OSPF路由协议,实现网络IP互通,并通过提高PE_1、PE_2节点的GE0/0/1接口OSPF开销COST值将通过P_2的链路指定为备用链路;
3、在PE、P上配置两条链路、两个方向的静态LSP,实现通过静态LSP承载业务的目的;
4、在PE_1上配置主用链路到达PE_2的静态LSP BFD会话,实现从PE_1到PE_2方向的LSP快速检测;
五、不配置BFD实现LSP自动倒换步骤
1、PE_1路由器配置
mpls lsr-id 10.10.1.1
mpls
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.3.1.1 255.255.255.0
ospf cost 10
mpls
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 10.10.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
network 10.10.1.1 0.0.0.0
#
static-lsp ingress LSP1 destination 10.10.1.4 32 nexthop 10.1.1.2 out-label 20
static-lsp ingress LSP2 destination 10.10.1.4 32 nexthop 10.3.1.2 out-label 50
static-lsp egress LSP3 incoming-interface GigabitEthernet0/0/0 in-label 80
static-lsp egress LSP4 incoming-interface GigabitEthernet0/0/1 in-label 100
#
2、PE_2路由器配置
mpls lsr-id 10.10.1.4
mpls
#
interface GigabitEthernet0/0/0
ip address 10.2.1.2 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.4.1.2 255.255.255.0
ospf cost 10
mpls
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 10.10.1.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
network 10.10.1.4 0.0.0.0
#
static-lsp egress LSP1 incoming-interface GigabitEthernet0/0/0 in-label 40
static-lsp egress LSP2 incoming-interface GigabitEthernet0/0/1 in-label 60
static-lsp ingress LSP3 destination 10.10.1.1 32 nexthop 10.2.1.1 out-label 70
static-lsp ingress LSP4 destination 10.10.1.1 32 nexthop 10.4.1.1 out-label 90
#
3、P_1路由器配置
mpls lsr-id 10.10.1.2
mpls
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.2.1.1 255.255.255.0
mpls
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 10.10.1.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
network 10.10.1.2 0.0.0.0
#
static-lsp transit LSP1 incoming-interface GigabitEthernet0/0/0 in-label 20 next
hop 10.2.1.2 out-label 40
static-lsp transit LSP3 incoming-interface GigabitEthernet0/0/1 in-label 70 next
hop 10.1.1.1 out-label 80
#
4、P_2路由器配置
mpls lsr-id 10.10.1.3
mpls
#
interface GigabitEthernet0/0/0
ip address 10.4.1.1 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.3.1.2 255.255.255.0
mpls
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 10.10.1.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
network 10.10.1.3 0.0.0.0
#
static-lsp transit LSP2 incoming-interface GigabitEthernet0/0/1 in-label 50 next
hop 10.4.1.2 out-label 60
static-lsp transit LSP4 incoming-interface GigabitEthernet0/0/0 in-label 90 next
hop 10.3.1.1 out-label 100
#
5、测试步骤
(1)联通测试(PE_1<-->PE_2)
[PE_1]ping lsp ip 10.10.1.4 32
LSP PING FEC: IPV4 PREFIX 10.10.1.4/32/ : 100 data bytes, press CTRL_C to bre
ak
Reply from 10.10.1.4: bytes=100 Sequence=1 time=30 ms
Reply from 10.10.1.4: bytes=100 Sequence=2 time=30 ms
Reply from 10.10.1.4: bytes=100 Sequence=3 time=30 ms
Reply from 10.10.1.4: bytes=100 Sequence=4 time=20 ms
Reply from 10.10.1.4: bytes=100 Sequence=5 time=30 ms --- FEC: IPV4 PREFIX 10.10.1.4/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/30 ms<PE_2>ping lsp ip 10.10.1.1 32
LSP PING FEC: IPV4 PREFIX 10.10.1.1/32/ : 100 data bytes, press CTRL_C to bre
ak
Reply from 10.10.1.1: bytes=100 Sequence=1 time=40 ms
Reply from 10.10.1.1: bytes=100 Sequence=2 time=20 ms
Reply from 10.10.1.1: bytes=100 Sequence=3 time=20 ms
Reply from 10.10.1.1: bytes=100 Sequence=4 time=20 ms
Reply from 10.10.1.1: bytes=100 Sequence=5 time=20 ms --- FEC: IPV4 PREFIX 10.10.1.1/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/40 ms
观察发现,PE_1、PE_2可以双向互通,证明前面的MPLS-LSP配置正确无误。
(2)路由测试(PE_1-->PE_2)
[PE_1]tracert lsp ip 10.10.1.4 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.4/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.1.1.2/[20 ]
1 10.1.1.2 20 ms Transit 10.2.1.2/[40 ]
2 10.10.1.4 40 ms Egress <PE_2>tracert lsp ip 10.10.1.1 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.1/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.2.1.1/[70 ]
1 10.2.1.1 10 ms Transit 10.1.1.1/[80 ]
2 10.10.1.1 20 ms Egress
通过链路路由跟踪测试发现,无论是从PE_1到PE_2的路由,还是从PE_2到PE_1的实际链路路由都只走了P_1路由器,也就是流量只走了主用链路,下面我们人工切断P_1路由器的一条链路测试链路倒换情况。
(3)切断P_1的任意连接PE_1或PE_2的一条路由,测试倒换
[P_1-GigabitEthernet0/0/1]disp ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.1.2/24 up up
GigabitEthernet0/0/1 10.2.1.1/24 *down down
GigabitEthernet0/0/2 unassigned down down
LoopBack1 10.10.1.2/32 up up(s)
NULL0 unassigned up up(s)切断链路0/0/1,再到PE_1或PE_2上追踪路由如下:
<PE_1>tracert lsp ip 10.10.1.4 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.4/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.3.1.2/[50 ]
1 10.3.1.2 20 ms Transit 10.4.1.2/[60 ]
2 10.10.1.4 40 ms Egress <PE_2>tracert lsp ip 10.10.1.1 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.1/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.4.1.1/[90 ]
1 10.4.1.1 20 ms Transit 10.3.1.1/[100 ]
2 10.10.1.1 10 ms Egress观察发现两边的流量都自动切换到通过P_2路由器,这些都是因为骨干网中的OSPF路由协议完成的自动路由切换。
六、BFD快速监测配置
1、PE_1部分
#
bfd pe1tope2 bind static-lsp LSP1
discriminator local 1
discriminator remote 2
min-tx-interval 100
min-rx-interval 100
process-pst
commit
#
2、PE_2部分
#
bfd pe2tope1 bind peer-ip 10.10.1.1
discriminator local 2
discriminator remote 1
min-tx-interval 100
min-rx-interval 100
commit
#3、检测配置部分
[PE_1]disp bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------1 2 10.10.1.4 Up S_STA_LSP -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0[PE_2]disp bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------2 1 10.10.1.1 Up S_IP_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/04、倒换测试部分
首先切断主用链路,观察bfd状态,及跟踪PE_1、PE_2的链路收敛状态
<PE_1>disp bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------1 2 10.10.1.4 Init S_STA_LSP -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/1<PE_2>disp bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------2 1 10.10.1.1 Down S_IP_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/1主用链路中断后,PE_1的BFD状态为INIT,PE_2的BFD状态为DOWN
<PE_2>tracert lsp ip 10.10.1.1 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.1/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.4.1.1/[90 ]
1 10.4.1.1 20 ms Transit 10.3.1.1/[100 ]
2 10.10.1.1 20 ms Egress
<PE_1>tracert lsp ip 10.10.1.4 32
LSP Trace Route FEC: IPV4 PREFIX 10.10.1.4/32 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 10.3.1.2/[50 ]
1 10.3.1.2 10 ms Transit 10.4.1.2/[60 ]
2 10.10.1.4 30 ms Egress
观察链路切换正常。
再次恢复主用链路,观察PE_1的BFD状态分别过渡到DOWN、INIT、UP,由于使用了华为eNSP模拟器,BFD状态过渡时间并不觉得比OSPF路由切换时间快。
5、MPLS排除故障部分
查找MPLS故障,首先需要查看当前节点的MPLS状态,包括LSP名称、对应转发等价类及出入标签、对应物理端口和状态信息。
<PE_1>disp mpls static-lsp
TOTAL : 4 STATIC LSP(S)
UP : 3 STATIC LSP(S)
DOWN : 1 STATIC LSP(S)
Name FEC I/O Label I/O If Status
LSP1 10.10.1.4/32 NULL/20 -/GE0/0/0 Up
LSP2 10.10.1.4/32 NULL/50 -/GE0/0/1 Down
LSP3 -/- 80/NULL GE0/0/0/- Up
LSP4 -/- 100/NULL GE0/0/1/- Up
<PE_2>disp mpls static-lsp
TOTAL : 4 STATIC LSP(S)
UP : 3 STATIC LSP(S)
DOWN : 1 STATIC LSP(S)
Name FEC I/O Label I/O If Status
LSP1 -/- 40/NULL GE0/0/0/- Up
LSP2 -/- 60/NULL GE0/0/1/- Up
LSP3 10.10.1.1/32 NULL/70 -/GE0/0/0 Up
LSP4 10.10.1.1/32 NULL/90 -/GE0/0/1 Down <P_1>disp mpls static-lsp
TOTAL : 2 STATIC LSP(S)
UP : 2 STATIC LSP(S)
DOWN : 0 STATIC LSP(S)
Name FEC I/O Label I/O If Status
LSP1 -/- 20/40 GE0/0/0/GE0/0/1 Up
LSP3 -/- 70/80 GE0/0/1/GE0/0/0 Up
<P_2>disp mpls static-lsp
TOTAL : 2 STATIC LSP(S)
UP : 2 STATIC LSP(S)
DOWN : 0 STATIC LSP(S)
Name FEC I/O Label I/O If Status
LSP2 -/- 50/60 GE0/0/1/GE0/0/0 Up
LSP4 -/- 90/100 GE0/0/0/GE0/0/1 Up
七、配置总结回顾
MPLS-VPN的配置原则一定要掌握:
1、确保LSP路径的上游节点的出标签与下游节点的入标签保持一致;
2、所有的P路由器都是transit节点,起到承上启下的作用;
3、PE路由器从入方向上看是ingress节点,从到方向上看是egress节点;
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
