CCIE SP—MPLS L2VPN VPLS
基本概念:
之前提到的EoMPLS是点对点的VPN,如果公司有多个分公司,就需要多点连通,这时就会需要VPLS。所谓VPLS,就是虚拟专用Lan网服务,它可以使多点通过伪线相连,此处的伪线跟之前在EoMPLS中提到的伪线类似。
VPLS实例说明:
以下说明了简单的VPLS配置实例:
N-PE1:
—————————————-
l2 vfi zy manual >>> 实例名
vpn id 1000
neighbor 10.0.2.2 encapsulation mpls
neighbor 10.0.2.10 encapsulation mpls
!
Interface loopback 0
ip address 10.0.2.1 255.255.255.255
!
Interface vlan 1000 >>> 这个vlan号不必与vpn id相同,这个只是本地vlan标识。
xconnect vfi zy >>> 实例与SVI端口关联
!
Interface gig 1/2
switchport
switchport trunk encap dot1q
switchport trunk allow vlan 1000
N-PE2:
—————————————-
l2 vfi zy manual
vpn id 1000
neighbor 10.0.2.1 encapsulation mpls
neighbor 10.0.2.10 encapsulation mpls
!
Interface loopback 0
ip address 10.0.2.2 255.255.255.255
!
Interface vlan 2000
no ip address
xconnect vfi zy
!
Interface gig 6/2
switchport
switchport trunk encap dot1q
switchport trunk allow vlan 2000
N-PE10:
—————————————-
l2 vfi zy manual
vpn id 1000
neighbor 10.0.2.1 encapsulation mpls
neighbor 10.0.2.2 encapsulation mpls
!
Interface loopback 0
ip address 10.0.2.10 255.255.255.255
!
Interface vlan 1000
xconnect vfi zy
!
Interface gig 1/2
switchport
switchport trunk encap dot1q
switchport trunk allow vlan 1000
配置说明:
1、Full mesh EoMPLS PWs among all PEs participating the same VPLS VFI
2、VPN id must be the same for same VPLS VFI, it’s global significant
3、VFI can’t be applied to physical interface or sub-interfaces. It can only apply to SVI
4、VFI to SVI (global VLAN) is 1:1 mapping
5、VFI with same VPN ID can be applied to different SVI (VLANs) on distinct systems. VFI VLAN is local significant
验证:
7604-npe1#sh vfi zy
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: zy, state: up, type: multipoint
VPN ID: 1000
Local attachment circuits: >>> local attachment vlan
Vlan1000
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.2.2 1000 Y >>> split-horizon is enabled by default
10.0.2.10 1000 Y
7604-npe1#sh mac-add vlan 1000
Legend: * – primary entry
age – seconds since last seen
n/a – not available
vlan mac address type learn age ports
——+—————-+——–+—–+———-+————————–
* 1000 2222.2222.2221 dynamic Yes 0 Gi1/2 >>> learn from local attachment circuit port
* 1000 2222.2222.2222 dynamic Yes 0 10.0.2.2, 1000 >>> learn from PW, NPE2
* 1000 2222.2222.2223 dynamic Yes 0 10.0.2.10, 1000 >>> learn from PW, NPE10
VC specific show commands are the same as EoMPLS, for example, the following show commands are per VC basis. They are the same as EoMPLS
Show mpls l2 vc
Show mpls l2 binding
Show mpls l2 vc detail
…
7604-npe1#show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
————- ————————– ————— ———- ———-
VFI zy VFI 10.0.2.2 1000 UP
VFI zy VFI 10.0.2.10 1000 UP
缺点:
以上是一般部署VPLS,但是这种部署有很多缺点:
1、所有PE都需配置定向LDP,形成全互联。
2、需要建立N*(N-1)/2的PWs,N是PE的数量
3、只适合小型部署
4、客户的VLAN标识被用于VPLS VFI的服务分界标识,也就是上面的vlan 1000,也就是说在这种部署中是无法应用QinQ的。
H-VPLS实例说明:
以下是H-VPLS的部署方案,而且这种部署支持QinQ,这样可以满足大型运营商的需求。
Hub PE Configuration:
—————————————-
l2 vfi h-vpls manual
vpn id 999
neighbor 10.0.2.4 encapsulation mpls no-split-horizon >>> 连接 spoke PE,关闭水平分割
neighbor 10.0.2.3 encapsulation mpls no-split-horizon
neighbor 10.0.2.2 encapsulation mpls >>> 连接 core PE
neighbor 10.0.2.1 encapsulation mpls
!
Interface vlan 999
xconnect vfi h-vpls
Spoke PE configuration:
—————————————-
interface Loopback0
ip address 10.0.2.3 255.255.255.255
!
interface GigabitEthernet1/9
xconnect 10.0.2.10 999 encapsulation mpls >>> 传统的EoMPLS, 可以是任何类型的EoMPLS,此时注意,如果是VPLS,VFI是不能应用到端口或子接口上的
验证:
7604-upe0#sh vfi h-vpls
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: h-vpls, state: up, type: multipoint
VPN ID: 999
Local attachment circuits:
Vlan999
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.2.4 999 N >>> 关闭水平分割
10.0.2.3 999 N
10.0.2.2 999 Y
10.0.2.1 999 Y
7604-upe0#sh mac-add vlan 999
Legend: * – primary entry
age – seconds since last seen
n/a – not available
vlan mac address type learn age ports
——+—————-+——–+—–+———-+————————–
* 999 2222.2222.2221 dynamic Yes 0 10.0.2.1, 999
* 999 2222.2222.2222 dynamic Yes 160 10.0.2.2, 999
* 999 2222.2222.2223 dynamic Yes 0 10.0.2.3, 999
* 999 2222.2222.2224 dynamic Yes 0 10.0.2.4, 999
* 999 2222.2222.222a dynamic Yes 0 Gi1/2
7604-upe0#sh mpl l2 vc 999
Local intf Local circuit Dest address VC ID Status
————- ————————– ————— ———- ———-
VFI h-vpls VFI 10.0.2.1 999 UP
VFI h-vpls VFI 10.0.2.2 999 UP
VFI h-vpls VFI 10.0.2.3 999 UP
VFI h-vpls VFI 10.0.2.4 999 UP
老大,能给个完整的h-vpls配置文档吗。
我写的文档只能让你理解什么是vpls,如果你想深入研究,还得具体情况具体分析,我的例子就是一个全的配置,只不过是最简单的。
其实配置是其次,主要是了解其原理~写的还不够透彻,对于新手来说很模糊的概念。
不过呢,人家常说“师傅领进门,修行看个人” frank 只是个领路人。