CCIE SP—MPLS L2VPN EoMPLS
EOMPLS
以下是实例拓扑:
SW3——R2——R1——R3——SW1
R1、R2和R3已经建立好LDP邻居,并且之间OSPF路由已通。
以下是基础配置模型:
ip cef
!
mpls ldp router-id Loopback0
mpls label protocol ldp
!
interface Loopback0
ip address 150.1.2.2 255.255.255.255
!
interface Serial2/2
ip address 150.1.12.2 255.255.255.0
mpls ip
!
router ospf 1
router-id 150.1.2.2
network 150.1.2.2 0.0.0.0 area 0
network 150.1.12.0 0.0.0.255 area 0
!
1、基于端口
以下是PE的配置:
Rack1R2#sh run int f0/0
Building configuration…
Current configuration : 177 bytes
!
interface FastEthernet0/0
description link-to-SW1-vlan12-F1/2
no ip address
duplex full
xconnect 150.1.3.3 100 encapsulation mpls
end
————————————
Rack1R3#sh run int f0/0
Building configuration…
Current configuration : 140 bytes
!
interface FastEthernet0/0
no ip address
duplex half
xconnect 150.1.2.2 100 encapsulation mpls
end
以下是结果:
Rack1R2#sh mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
————- ——————– ————— ———- ———-
Fa0/0 Ethernet 150.1.3.3 100 UP
Rack1R3#sh mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
————- ——————– ————— ———- ———-
Fa0/0 Ethernet 150.1.2.2 100 UP
Rack1R2#sh mpls l2transport vc 100 de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.3.3, VC ID: 100, VC status: up
Output interface: Se2/2, imposed label stack {19 16} >>>19是远端的VC标签,这个16的标签是根据下一跳(R1环回口)分配的标签,这个标签可以在“show mpls for”中找到。
Preferred path: not configured
Default path: active
Tunnel label: 16, next hop point2point
Create time: 00:13:37, last status change time: 00:08:53
Signaling protocol: LDP, peer 150.1.3.3:0 up
MPLS VC labels: local 16, remote 19 >>>16是本地的VC标签,19是对端PE的VC标签 。
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 19, send 27
byte totals: receive 3955, send 4764
packet drops: receive 0, send 0
Rack1R3#sh mpls l2transport vc 100 de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.2.2, VC ID: 100, VC status: up
Output interface: Se1/2, imposed label stack {16 17}
Preferred path: not configured
Default path: active
Tunnel label: 17, next hop point2point
Create time: 00:29:44, last status change time: 00:25:21
Signaling protocol: LDP, peer 150.1.2.2:0 up
MPLS VC labels: local 19, remote 16
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: link-to-SW1-vlan12-F1/2
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 66, send 41
byte totals: receive 11364, send 11167
packet drops: receive 0, send 0
Rack1R2#sh mpls for Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 No Label l2ckt(100) 4653 none point2point 17 Pop Label 150.1.1.1/32 0 Se2/2 point2point 18 16 150.1.3.3/32 0 Se2/2 point2point 19 Pop Label 150.1.13.0/24 0 Se2/2 point2point Rack1R3#sh mpls for Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 150.1.1.1/32 0 Se1/2 point2point 17 Pop Label 150.1.12.0/24 0 Se1/2 point2point 18 17 150.1.2.2/32 0 Se1/2 point2point 19 No Label l2ckt(100) 11836 none point2point
Rack1R2#sh mpls ldp nei
Peer LDP Ident: 150.1.3.3:0; Local LDP Ident 150.1.2.2:0
TCP connection: 150.1.3.3.11013 – 150.1.2.2.646
State: Oper; Msgs sent/rcvd: 23/22; Downstream
Up time: 00:12:02
LDP discovery sources:
Targeted Hello 150.1.2.2 -> 150.1.3.3, active, passive
Addresses bound to peer LDP Ident:
150.1.13.3 150.1.3.3
Peer LDP Ident: 150.1.1.1:0; Local LDP Ident 150.1.2.2:0
TCP connection: 150.1.1.1.646 – 150.1.2.2.11010
State: Oper; Msgs sent/rcvd: 21/21; Downstream
Up time: 00:11:42
LDP discovery sources:
Serial2/2, Src IP addr: 150.1.12.1
Addresses bound to peer LDP Ident:
150.1.13.1 150.1.1.1 150.1.12.1
Rack1SW3# sh arp >>>在CE端进行测试
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.2 – cc07.155c.f103 ARPA FastEthernet1/3
Rack1SW3#
Rack1SW3#ping 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 104/160/196 ms
Rack1SW3#
Rack1SW3#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.1 0 cc06.1524.f103 ARPA FastEthernet1/3
Internet 192.168.100.2 – cc07.155c.f103 ARPA FastEthernet1/3
2、基于VLAN
由于模拟器的原因,两端CE与PE的互联端口变更为E0/0。
以下是PE的配置:
Rack1R2#sh run | b 0/0
interface FastEthernet0/0
no ip address
duplex full
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
xconnect 150.1.3.3 100 encapsulation mpls
————————————
Rack1R3#sh run | b 0/0
interface FastEthernet0/0
no ip address
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
xconnect 150.1.2.2 100 encapsulation mpls
以下是CE的配置:
Rack1SW3#sh run | b 0/0
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
————————————
Rack1SW1#sh run | b 0/0
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 192.168.100.2 255.255.255.0
以下是结果:
Rack1R2#sh mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------- --------------- ---------- ---------- Fa0/0.100 Eth VLAN 100 150.1.3.3 100 UP Rack1R3#sh mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------- --------------- ---------- ---------- Fa0/0.100 Eth VLAN 100 150.1.2.2 100 UP Rack1R2#sh mpls for Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 150.1.1.1/32 0 Se2/2 point2point 17 No Label l2ckt(100) 536 none point2point 18 16 150.1.3.3/32 0 Se2/2 point2point 19 Pop Label 150.1.13.0/24 0 Se2/2 point2point
Rack1R2#sh mpls l2transport vc 100 detail
Local interface: Fa0/0.100 up, line protocol up, Eth VLAN 100 up
Destination address: 150.1.3.3, VC ID: 100, VC status: up
Output interface: Se2/2, imposed label stack {19 16}
Preferred path: not configured
Default path: active
Tunnel label: 16, next hop point2point
Create time: 00:16:40, last status change time: 00:11:39
Signaling protocol: LDP, peer 150.1.3.3:0 up
MPLS VC labels: local 17, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 5, send 5
byte totals: receive 536, send 616
packet drops: receive 0, send 0
您的文章真好,我仔细拜读,收获不小。但文章中有三处我有疑问,希望能与您探讨。
(1)Rack1R2#sh mpls l2transport vc 100 de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.3.3, VC ID: 100, VC status: up
Output interface: Se2/2, imposed label stack {19 16} >>>我认为imposed label stack应该为 {16 19} 。
19是远端的VC标签,这个16的标签是根据下一跳(R1环回口,注:我认为应为R3环回口)分配的标签,另外这个标签可以在“show mpls for”中找到。
(2)Rack1R3#sh mpls l2transport vc 100 de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.2.2, VC ID: 100, VC status: up
Output interface: Se1/2, imposed label stack {16 17}>>>认为imposed label stack应该为 {17 16}
(3)Rack1R2#sh mpls l2transport vc 100 detail
Local interface: Fa0/0.100 up, line protocol up, Eth VLAN 100 up
Destination address: 150.1.3.3, VC ID: 100, VC status: up
Output interface: Se2/2, imposed label stack {19 16} //我认为imposed label stack应该为 {16 19}
Preferred path: not configured
以下是我对于Eompls两层label的理解,不知你是否赞同?
外层Tunnel标签用于普通的路径label交换,通过正常的LDP过程分配的LSP标签
内层VC标签标识用户Vlan,通过PE间扩展的LDP会话分配
希望能与您邮件交流[email protected]
Output interface: Se2/2, imposed label stack {19 16}
19这个标签就是内层的out标签,也就是远端PE发给他的标签(在R3上,19是vpn的in标签,你可以用sh mpls for看到)。
16是外层的out标签,由于他的下一跳是R3,所以走R3的标签。要看R3环回口的标签是怎么来的,你可以通过”show mpls ldp bin”可以看出,他是R1分配给他的。
其实之所以你没有弄明白,就是标签的号码很相似,把你弄糊涂了,你可以用”mpls label rang”命令,控制标签的标签号,这样就可以一目了然了。如下所示:
R2:mpls label range 200 299
R3:mpls label range 300 399
R1:mpls label range 100 199
Rack1R2#sh mpls l2transport vc de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.3.3, VC ID: 100, VC status: up
Output interface: Se2/2, imposed label stack {300 101}
Preferred path: not configured
Default path: active
Tunnel label: 101, next hop point2point
Create time: 00:01:19, last status change time: 00:00:34
Signaling protocol: LDP, peer 150.1.3.3:0 up
MPLS VC labels: local 200, remote 300
Rack1R2#sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
200 No Label l2ckt(100) 180 none point2point
lib entry: 150.1.3.3/32, rev 8
local binding: label: 202
remote binding: lsr: 150.1.1.1:0, label: 101
Rack1R3#sh mpls l2transport vc de
Local interface: Fa0/0 up, line protocol up, Ethernet up
Destination address: 150.1.2.2, VC ID: 100, VC status: up
Output interface: Se1/2, imposed label stack {200 100}
Preferred path: not configured
Default path: active
Tunnel label: 100, next hop point2point
Create time: 00:02:38, last status change time: 00:01:43
Signaling protocol: LDP, peer 150.1.2.2:0 up
MPLS VC labels: local 300, remote 200
Rack1R3#sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
300 No Label l2ckt(100) 1935 none point2point
你的理解没有问题,起始Eompls跟普通的MPLS VPN是一样的,只不过稍微扩展些吧了。
我们对于Eompls内外层标签的理解是一致的。
我的意思是,对于imposed label stack {19 16} 中前一个应该是外层标签,后一个是内层标签。而你的案例好像写反了,你写的是前一个是内层标签,后一个是外层标签。
对于MPLS VPN,我可以确定tags imposed: {a b} 中a是ldp分配的外层公网标签,b是MBGP分配内层私网标签。
对于Eompls,我觉得格式也应该是一致的。网上也有例子证实了我的想法。可以参考《c7609 OSM板卡的Eompls配置案例 》http://www.cnblogs.com/cunshen/articles/738214.html中有如下
osr1#show mpls l2transport vc detail
Local interface: Vl2 up, line protocol up, Eth VLAN 2 up
Destination address: 11.11.11.11, VC ID: 2, VC status: up
Tunnel label: 17, next hop 34.0.0.2
Output interface: GE3/3, imposed label stack {17 18}//前一个标签17是Tunnel label,后一个标签是18是MPLS VC labels remote
Create time: 01:24:44, last status change time: 00:10:55
Signaling protocol: LDP, peer 11.11.11.11:0 up
MPLS VC labels: local 20, remote 18
Group ID: local 71, remote 89
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 1009, send 1019
byte totals: receive 133093, send 138089
packet drops: receive 0, send 0
不知你是否可以再查一下tags imposed: {a b}的顺序含义?
你理解错了,在此文中“imposed label stack”跟tags imposed不一样,tags imposed中的标签是一个in标签,一个out标签,它都是LDP分发的,包经过时,会发生标签互换;
但对于你说的底层标签,也就vpn标签,这个标签出去后不会发生标签替换,而是把外层标签加进去。也就是嵌入第二层标签,这就是一种机制。
在实践中如果你想看vpn标签,用“show ip bgp vpn all”;
如果你想看LDP的标签,就得用“show mpls for”;
2层标签不是一个概念,所以不要弄混!
你理解错了,在此文中“imposed label stack”跟tags imposed不一样:
tags imposed中的标签是一个in标签,一个out标签,它都是LDP分发的,包经过时,会发生标签互换;
但对于你说的底层标签,也就vpn标签,这个标签出去后不会发生标签替换,而是把外层标签加进去。也就是嵌入第二层标签,这就是一种机制。
在实践中如果你想看vpn标签,用“show ip bgp vpn all”;
如果你想看LDP的标签,就得用“show mpls for”;
2层标签不是一个概念,所以不要弄混!
关于你说的前一个和后一个标签具体指什么的问题,我没有看到哪里具体说明,我发的数据都是实际数据!看标签来判断吧!
你对于tags imposed的理解不正确,tags imposed中的两个标签并不是一个in标签,一个out标签,而是在tags imposed: {a b}格式中,a为外层标签,b为内层标签义
NJ-A-DFJ-SR7609-1#show ip cef vrf wangba 221.224.0.0 255.240.0.0 detail
221.224.0.0/12, version 2830, epoch 0, cached adjacency 221.6.0.141
0 packets, 0 bytes
tag information set, all rewrites owned
local tag: VPN-route-head
fast tag rewrite with GE3/1, 221.6.0.141, tags imposed: {577 900} //577是外层公网标签,900是MBGP内层私网标签
via 221.6.63.254, 0 dependencies, recursive 注221.6.63.254是公网路由
next hop 221.6.0.141, GE-WAN3/1 via 221.6.63.254/32 (Default)
valid cached adjacency
tag rewrite with GE3/1, 221.6.0.141, tags imposed: {577 900}
NJ-A-DFJ-SR7609-1#show tag forwarding-table 221.6.63.254 是公网路由
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
459 577 221.6.63.254/32 0 GE3/1 221.6.0.141
NJ-A-DFJ-SR7609-1#show mpls forwarding-table vrf wangba 221.224.0.0 255.240.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
None 577 221.224.0.0/12 0 GE3/1 221.6.0.141
只有vrf wangba中才有221.224.0.0 255.240.0.0的路由,即577应是外层标签
如下显示MBGP私网标签900
NJ-A-DFJ-SR7609-1#show bgp vpnv4 unicast all labels | in 221.224.0.0
221.224.0.0/12 221.6.63.254 vpn-route/900
我有空找个模拟器按你的环境还测试一下,看看数据是否与你的一致
你们都没错,显示的问题与IOS 版本有关吧,我12.2的版本,imposed label stack {106 288}
106是到对端loopback口外层标签由LDP领居分布的,288是VC内层标签,由对端PE分配的
PE1#sh ver | in c7600
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRD4, RELEASE SOFTWARE (fc2)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRD4, RELEASE SOFTWARE (fc2)
PE1#sh mpls l2transport vc 3537 detail
Local interface: Te1/4.3537 up, line protocol up, Eth VLAN 3537 up
Interworking type is Ethernet
Destination address: x, VC ID: 3537, VC status: up
Output interface: Te7/1, imposed label stack {106 288}
Preferred path: not configured
Default path: active
Next hop: x
Create time: 3w0d, last status change time: 3w0d
Signaling protocol: LDP, peer x:0 up
Targeted Hello: x(LDP Id) -> x Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 503, remote 288