PWHE Example on ASR9k

什么是PWHE?Pseudowire Headend,它类似于BVI,由于BVI有很多限制,所以研发了PWHE,它会利用进口的硬件资源,从而执行更多硬件级别的feature,如进出QOS等,而且BVI在一台chassis上只能支持2000个,而PWHE则更多。

那么PWHW/BVI需要部署在什么场景下呢?如下图所示:

pwhe-topology

如果客户既有L2VPN的需求,又有L3VPN的需求,那么如何连接两部分呢?原始的Deploy方法是把S-PE分成两部分,一部分是对应A-PE的,终结PW,然后再连一个C-PE,C-PE作为传统的PE,把这部分流量放入VRF中,然后走L3VPN。这样的结果是多一个设备,维护也不方便,那如何做呢?在PWHE出来之前,可以通过在S-PE上用BVI终结PW,然后把BVI放入VRF中,这样也可以,但就像上面说的,BVI有很多限制,也不支持TE,如果客户需要在L2VPN中需要提供TE的FRR支持,那么就没办法了。

这里主要测试下“PWHE + RSVP-TE(one hop tunnel) + LDP

Topology如下所示:

GSR---ASR9010-1(0/2/0/2)---(0/0/0/11)ASR9001-2(0/0/0/12)---(0/0/0/12)ASR9001-1(PW-Ether)

ASR9001-1配置信息如下:

explicit-path name te123
 index 1 next-address strict ipv4 unicast 10.1.1.1
!
vrf 501
 description "pwhe vrf 501"
 address-family ipv4 unicast
  import route-target
   65535:501
  !
  export route-target
   65535:501
  !
 !
!
interface Loopback0
 ipv4 address 192.168.1.1 255.255.255.255
!
interface tunnel-te123
 description *** To ASR9001-2 ***
 ipv4 unnumbered Loopback0
 load-interval 30
 signalled-bandwidth 500000
 autoroute announce
 !
 destination 192.168.1.2
 fast-reroute protect node
 record-route
 path-option 1 explicit name te123
 path-option 2 dynamic
!
interface GigabitEthernet0/0/0/12
 mtu 9000
 ipv4 address 10.1.1.2 255.255.255.252
 dampening
!
interface PW-Ether501
 description "l3vpn vrf 501 l3 interface"
 mtu 1576
 vrf 501
 ipv4 address 1.1.1.1 255.255.255.252
 mac-address 200.1.1
 attach generic-interface-list pwhe-path
!
router ospf core
 router-id 192.168.1.1
 address-family ipv4 unicast
 area 0.0.0.0
  mpls traffic-eng
  interface Loopback0
   passive enable
  !
  interface GigabitEthernet0/0/0/12
  !
 !
 mpls traffic-eng router-id Loopback0
!
l2vpn
 pw-class control-word
  encapsulation mpls
   control-word
  !
 !
 xconnect group l3vpn
  p2p 501
   interface PW-Ether501
   neighbor ipv4 192.168.1.3 pw-id 501
    pw-class control-word
   !
  !
 !
!
generic-interface-list pwhe-path
 interface GigabitEthernet0/0/0/12
!
mpls oam
!
rsvp
 interface GigabitEthernet0/0/0/12
  bandwidth 1000000
 !
!
mpls traffic-eng
 interface GigabitEthernet0/0/0/12
 !
!
mpls ldp
 router-id 192.168.1.1
 address-family ipv4
  discovery targeted-hello accept
 !
 interface tunnel-te123
 !
 interface GigabitEthernet0/0/0/12
 !
!

下面是show信息:

RP/0/RSP0/CPU0:ASR9001-1#show mpls for
Thu Apr 24 08:45:02.724 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16000  16007       PW-HE(PE501)                    192.168.1.3     92          
16001  Unlabelled  PW(192.168.1.3:501)   \
                                      PE501        PW-HE-Disp      0           
16005  Pop         192.168.1.2/32     tt12891      192.168.1.2     0           
16006  16002       192.168.1.3/32     tt12891      192.168.1.2     1147538     
16007  Pop         10.1.2.0/30        tt12891      192.168.1.2     0 

RP/0/RSP0/CPU0:ASR9001-1#sh arp vrf 501
Thu Apr 24 08:45:41.542 UTC
-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address         Age        Hardware Addr   State      Type  Interface
1.1.1.1         -          0200.0001.0001  Interface  ARPA  PW-Ether501
1.1.1.2         02:48:58   0002.fc09.d802  Dynamic    ARPA  PW-Ether501
RP/0/RSP0/CPU0:ASR9001-1# 
RP/0/RSP0/CPU0:ASR9001-1#
RP/0/RSP0/CPU0:ASR9001-1#
RP/0/RSP0/CPU0:ASR9001-1#sh arp
Thu Apr 24 08:45:44.173 UTC
-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address         Age        Hardware Addr   State      Type  Interface
10.1.1.2        -          d867.d97f.3846  Interface  ARPA  GigabitEthernet0/0/0/12  <<<
10.1.1.1        00:13:07   10f3.117a.af2e  Dynamic    ARPA  GigabitEthernet0/0/0/12

RP/0/RSP0/CPU0:ASR9001-1#sh mpls traffic-eng forwarding
Thu Apr 24 08:52:51.713 UTC
P2P tunnels:
Tunnel ID                  Ingress IF     Egress IF      In lbl  Out lbl Backup 
-------------------------- -------------- -------------- ------- ------- -------
192.168.1.1 123_2                 -       Gi0/0/0/12     16002   3       unknown

Displayed 1 tunnel heads, 0 label P2P rewrites
Displayed 0 tunnel heads, 0 label P2MP rewrites

RP/0/RSP0/CPU0:ASR9001-1#sh mpls traffic-eng tu | i InLabel       
Thu Apr 24 08:53:01.089 UTC
InLabel: GigabitEthernet0/0/0/12, implicit-null

RP/0/RSP0/CPU0:ASR9001-1#sh mpls label table detail 
Thu Apr 24 09:49:33.698 UTC
Table Label   Owner                        State  Rewrite
----- ------- ---------------------------- ------ -------
0     0       LSD                          InUse  Yes
0     1       LSD                          InUse  Yes
0     2       LSD                          InUse  Yes
0     13      LSD                          InUse  Yes
0     16000   L2VPN:Active                 InUse  Yes
  (PW-HE, vers:0, intf=PE501)
0     16001   L2VPN:Active                 InUse  Yes
  (PW, vers:0, pw=192.168.1.3:501)
0     16002   TE-Control                   InUse  Yes
  (TEv4, vers:0, 'default':4U, src=192.168.1.1, dst=192.168.1.2, tun_id=123, ext_tun_id=0xac104f80, lsp_id=2)
0     16005   LDP:Active                   InUse  Yes
  (IPv4, vers:0, 'default':4U, 192.168.1.2/32)
0     16006   LDP:Active                   InUse  Yes
  (IPv4, vers:0, 'default':4U, 192.168.1.3/32)
0     16007   LDP:Active                   InUse  Yes
  (IPv4, vers:0, 'default':4U, 10.1.2.0/30)

RP/0/RSP0/CPU0:ASR9001-1#sh l2vpn xconnect de
Thu Apr 24 08:44:26.224 UTC

Group l3vpn, XC 501, state is up; Interworking none
  AC: PW-Ether501, state is up
    Type PW-Ether
    Interface-list: pwhe-path
    Replicate status:
    Gi0/0/0/12: success
    MTU 1562; interworking none
    Internal label: 16000
    Statistics:
      packets: received 2198, sent 2029
      bytes: received 1197386, sent 1131306
  PW: neighbor 192.168.1.3, PW ID 501, state is up ( established )
    PW class control-word, XC ID 0xc0000001
    Encapsulation MPLS, protocol LDP
    Source address 192.168.1.1
    PW type Ethernet, control word enabled, interworking none
    PW backup disable delay 0 sec
    Sequencing not set

    PW Status TLV in use
      MPLS         Local                          Remote                        
      ------------ ------------------------------ -----------------------------
      Label        16001                          16007                         
      Group ID     0x420                          0x4000240                     
      Interface    PW-Ether501                    GigabitEthernet0/2/0/0.501    
      MTU          1562                           1562                          
      Control word enabled                        enabled                       
      PW type      Ethernet                       Ethernet                      
      VCCV CV type 0x2                            0x2                           
                   (LSP ping verification)        (LSP ping verification)       
      VCCV CC type 0x7                            0x7                           
                   (control word)                 (control word)                
                   (router alert label)           (router alert label)          
                   (TTL expiry)                   (TTL expiry)                  
      ------------ ------------------------------ -----------------------------
    Incoming Status (PW Status TLV):
      Status code: 0x0 (Up) in Notification message
    Outgoing Status (PW Status TLV):
      Status code: 0x0 (Up) in Notification message
    MIB cpwVcIndex: 3221225473
    Create time: 24/04/2014 04:47:29 (03:56:57 ago)
    Last time status changed: 24/04/2014 05:55:46 (02:48:39 ago)
    Statistics:
      packets: received 2198, sent 2029
      bytes: received 1197386, sent 1131306

可能有人会问为什么需要LDP?RSVP不是能分标签么?
开始我也这么认为,内层标签是PW,外层标签是RSVP-TE的标签,这样就OK了,就像我以前总结的文章《MPLS Network Designs Basis》,只有当RSVP不在PE上时才会需要LDP提供临时的外层标签。

那么这种环境呢?如果不配置LDP会怎么样?
从S-PE上触发“ping vrf 501 1.1.1.2”,假设已经获得了ARP的相关信息

1. 封装ICMP报文,三层的源是PWHE的地址“1.1.1.1”,目的地址为“1.1.1.2”;二层的源MAC是 “0200.0001.0001”,目的MAC是“0002.fc09.d802
2. 封装时打上第一层PW标签;PW的目的地址为192.168.1.3/32,查找路由发现走tunnel123,TE的标签是3,正常直接弹出就可以了
3. 但是由于TE标签打断了端到端的PW LSP,因为数据包将在TE上走,TE又没开启LDP,所以出口是“Unlabelled”,所以PW不能建立

下面是在ASR9001-1上把tunnel从MPLS LDP中移除后的debug信息:

RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_fec_notif_handler:147, node role 1
RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_fec_notif_handler:160, FEC NOTI Peer [192.168.1.3] 
RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_session_xport_lsp:50, P [192.168.1.3]: Transport LSP Down
RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: l2vpn_id_mgr_pw_group_walk:2748, Starting...
RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: l2vpn_id_mgr_pw_group_walk:2787, Done.

RP/0/RSP0/CPU0:ASR9001-1#sh mpls for
Mon Apr 28 07:38:44.363 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16001  Unlabelled  PW(192.168.1.3:501)   \
                                      PE501        PW-HE-Disp      0           
16005  Pop         192.168.1.2/32     tt12891      192.168.1.2     152         
16006  Unlabelled  192.168.1.3/32     tt12891      192.168.1.2     0           
16007  Unlabelled  10.1.2.0/30        tt12891      192.168.1.2     0

4. Ok,恢复配置,根据mpls forwarding和TE forwarding的信息分析数据包的封装,为了方便,把上面的信息拿下来,根据下面的信息,我们可以看到“192.168.1.3”的label是192.168.1.2分给他的16002

RP/0/RSP0/CPU0:ASR9001-1#show mpls for
Thu Apr 24 08:45:02.724 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16000  16007       PW-HE(PE501)                    192.168.1.3     92          
16001  Unlabelled  PW(192.168.1.3:501)   \
                                      PE501        PW-HE-Disp      0           
16005  Pop         192.168.1.2/32     tt12891      192.168.1.2     0           
16006  16002       192.168.1.3/32     tt12891      192.168.1.2     1147538     
16007  Pop         10.1.2.0/30        tt12891      192.168.1.2     0

5. 因此如上所述,ICMP的目的地址是1.1.1.2,封装PW label;然后查找PW的下一跳是192.168.1.3,查找LFIB,出标签是192.168.1.2通过LDP分配的标签16002;继续check,出口是tunnel,所以check tunnel的转发表,192.168.1.2 TE尾端分给它POP 标签;所以标签迭代关系应该为“PW -> LDP -> TE”,也就是“16007 -> 16002 -> 3”,在ASR9001-1设置SPAN,把出口G0/0/0/2的报文抓下来确认,如下图所示:

pwhe-wireshark

0
你可以留言,或者trackback 从你的网站

留言哦