PWHE Example on ASR9k
什么是PWHE?Pseudowire Headend,它类似于BVI,由于BVI有很多限制,所以研发了PWHE,它会利用进口的硬件资源,从而执行更多硬件级别的feature,如进出QOS等,而且BVI在一台chassis上只能支持2000个,而PWHE则更多。
那么PWHW/BVI需要部署在什么场景下呢?如下图所示:
如果客户既有L2VPN的需求,又有L3VPN的需求,那么如何连接两部分呢?原始的Deploy方法是把S-PE分成两部分,一部分是对应A-PE的,终结PW,然后再连一个C-PE,C-PE作为传统的PE,把这部分流量放入VRF中,然后走L3VPN。这样的结果是多一个设备,维护也不方便,那如何做呢?在PWHE出来之前,可以通过在S-PE上用BVI终结PW,然后把BVI放入VRF中,这样也可以,但就像上面说的,BVI有很多限制,也不支持TE,如果客户需要在L2VPN中需要提供TE的FRR支持,那么就没办法了。
这里主要测试下“PWHE + RSVP-TE(one hop tunnel) + LDP”
Topology如下所示:
GSR---ASR9010-1(0/2/0/2)---(0/0/0/11)ASR9001-2(0/0/0/12)---(0/0/0/12)ASR9001-1(PW-Ether)
ASR9001-1配置信息如下:
explicit-path name te123 index 1 next-address strict ipv4 unicast 10.1.1.1 ! vrf 501 description "pwhe vrf 501" address-family ipv4 unicast import route-target 65535:501 ! export route-target 65535:501 ! ! ! interface Loopback0 ipv4 address 192.168.1.1 255.255.255.255 ! interface tunnel-te123 description *** To ASR9001-2 *** ipv4 unnumbered Loopback0 load-interval 30 signalled-bandwidth 500000 autoroute announce ! destination 192.168.1.2 fast-reroute protect node record-route path-option 1 explicit name te123 path-option 2 dynamic ! interface GigabitEthernet0/0/0/12 mtu 9000 ipv4 address 10.1.1.2 255.255.255.252 dampening ! interface PW-Ether501 description "l3vpn vrf 501 l3 interface" mtu 1576 vrf 501 ipv4 address 1.1.1.1 255.255.255.252 mac-address 200.1.1 attach generic-interface-list pwhe-path ! router ospf core router-id 192.168.1.1 address-family ipv4 unicast area 0.0.0.0 mpls traffic-eng interface Loopback0 passive enable ! interface GigabitEthernet0/0/0/12 ! ! mpls traffic-eng router-id Loopback0 ! l2vpn pw-class control-word encapsulation mpls control-word ! ! xconnect group l3vpn p2p 501 interface PW-Ether501 neighbor ipv4 192.168.1.3 pw-id 501 pw-class control-word ! ! ! ! generic-interface-list pwhe-path interface GigabitEthernet0/0/0/12 ! mpls oam ! rsvp interface GigabitEthernet0/0/0/12 bandwidth 1000000 ! ! mpls traffic-eng interface GigabitEthernet0/0/0/12 ! ! mpls ldp router-id 192.168.1.1 address-family ipv4 discovery targeted-hello accept ! interface tunnel-te123 ! interface GigabitEthernet0/0/0/12 ! !
下面是show信息:
RP/0/RSP0/CPU0:ASR9001-1#show mpls for Thu Apr 24 08:45:02.724 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16000 16007 PW-HE(PE501) 192.168.1.3 92 16001 Unlabelled PW(192.168.1.3:501) \ PE501 PW-HE-Disp 0 16005 Pop 192.168.1.2/32 tt12891 192.168.1.2 0 16006 16002 192.168.1.3/32 tt12891 192.168.1.2 1147538 16007 Pop 10.1.2.0/30 tt12891 192.168.1.2 0 RP/0/RSP0/CPU0:ASR9001-1#sh arp vrf 501 Thu Apr 24 08:45:41.542 UTC ------------------------------------------------------------------------------- 0/0/CPU0 ------------------------------------------------------------------------------- Address Age Hardware Addr State Type Interface 1.1.1.1 - 0200.0001.0001 Interface ARPA PW-Ether501 1.1.1.2 02:48:58 0002.fc09.d802 Dynamic ARPA PW-Ether501 RP/0/RSP0/CPU0:ASR9001-1# RP/0/RSP0/CPU0:ASR9001-1# RP/0/RSP0/CPU0:ASR9001-1# RP/0/RSP0/CPU0:ASR9001-1#sh arp Thu Apr 24 08:45:44.173 UTC ------------------------------------------------------------------------------- 0/0/CPU0 ------------------------------------------------------------------------------- Address Age Hardware Addr State Type Interface 10.1.1.2 - d867.d97f.3846 Interface ARPA GigabitEthernet0/0/0/12 <<< 10.1.1.1 00:13:07 10f3.117a.af2e Dynamic ARPA GigabitEthernet0/0/0/12 RP/0/RSP0/CPU0:ASR9001-1#sh mpls traffic-eng forwarding Thu Apr 24 08:52:51.713 UTC P2P tunnels: Tunnel ID Ingress IF Egress IF In lbl Out lbl Backup -------------------------- -------------- -------------- ------- ------- ------- 192.168.1.1 123_2 - Gi0/0/0/12 16002 3 unknown Displayed 1 tunnel heads, 0 label P2P rewrites Displayed 0 tunnel heads, 0 label P2MP rewrites RP/0/RSP0/CPU0:ASR9001-1#sh mpls traffic-eng tu | i InLabel Thu Apr 24 08:53:01.089 UTC InLabel: GigabitEthernet0/0/0/12, implicit-null RP/0/RSP0/CPU0:ASR9001-1#sh mpls label table detail Thu Apr 24 09:49:33.698 UTC Table Label Owner State Rewrite ----- ------- ---------------------------- ------ ------- 0 0 LSD InUse Yes 0 1 LSD InUse Yes 0 2 LSD InUse Yes 0 13 LSD InUse Yes 0 16000 L2VPN:Active InUse Yes (PW-HE, vers:0, intf=PE501) 0 16001 L2VPN:Active InUse Yes (PW, vers:0, pw=192.168.1.3:501) 0 16002 TE-Control InUse Yes (TEv4, vers:0, 'default':4U, src=192.168.1.1, dst=192.168.1.2, tun_id=123, ext_tun_id=0xac104f80, lsp_id=2) 0 16005 LDP:Active InUse Yes (IPv4, vers:0, 'default':4U, 192.168.1.2/32) 0 16006 LDP:Active InUse Yes (IPv4, vers:0, 'default':4U, 192.168.1.3/32) 0 16007 LDP:Active InUse Yes (IPv4, vers:0, 'default':4U, 10.1.2.0/30) RP/0/RSP0/CPU0:ASR9001-1#sh l2vpn xconnect de Thu Apr 24 08:44:26.224 UTC Group l3vpn, XC 501, state is up; Interworking none AC: PW-Ether501, state is up Type PW-Ether Interface-list: pwhe-path Replicate status: Gi0/0/0/12: success MTU 1562; interworking none Internal label: 16000 Statistics: packets: received 2198, sent 2029 bytes: received 1197386, sent 1131306 PW: neighbor 192.168.1.3, PW ID 501, state is up ( established ) PW class control-word, XC ID 0xc0000001 Encapsulation MPLS, protocol LDP Source address 192.168.1.1 PW type Ethernet, control word enabled, interworking none PW backup disable delay 0 sec Sequencing not set PW Status TLV in use MPLS Local Remote ------------ ------------------------------ ----------------------------- Label 16001 16007 Group ID 0x420 0x4000240 Interface PW-Ether501 GigabitEthernet0/2/0/0.501 MTU 1562 1562 Control word enabled enabled PW type Ethernet Ethernet VCCV CV type 0x2 0x2 (LSP ping verification) (LSP ping verification) VCCV CC type 0x7 0x7 (control word) (control word) (router alert label) (router alert label) (TTL expiry) (TTL expiry) ------------ ------------------------------ ----------------------------- Incoming Status (PW Status TLV): Status code: 0x0 (Up) in Notification message Outgoing Status (PW Status TLV): Status code: 0x0 (Up) in Notification message MIB cpwVcIndex: 3221225473 Create time: 24/04/2014 04:47:29 (03:56:57 ago) Last time status changed: 24/04/2014 05:55:46 (02:48:39 ago) Statistics: packets: received 2198, sent 2029 bytes: received 1197386, sent 1131306
可能有人会问为什么需要LDP?RSVP不是能分标签么?
开始我也这么认为,内层标签是PW,外层标签是RSVP-TE的标签,这样就OK了,就像我以前总结的文章《MPLS Network Designs Basis》,只有当RSVP不在PE上时才会需要LDP提供临时的外层标签。
那么这种环境呢?如果不配置LDP会怎么样?
从S-PE上触发“ping vrf 501 1.1.1.2”,假设已经获得了ARP的相关信息
1. 封装ICMP报文,三层的源是PWHE的地址“1.1.1.1”,目的地址为“1.1.1.2”;二层的源MAC是 “0200.0001.0001”,目的MAC是“0002.fc09.d802”
2. 封装时打上第一层PW标签;PW的目的地址为192.168.1.3/32,查找路由发现走tunnel123,TE的标签是3,正常直接弹出就可以了
3. 但是由于TE标签打断了端到端的PW LSP,因为数据包将在TE上走,TE又没开启LDP,所以出口是“Unlabelled”,所以PW不能建立
下面是在ASR9001-1上把tunnel从MPLS LDP中移除后的debug信息:
RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_fec_notif_handler:147, node role 1 RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_fec_notif_handler:160, FEC NOTI Peer [192.168.1.3] RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: atom_session_xport_lsp:50, P [192.168.1.3]: Transport LSP Down RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: l2vpn_id_mgr_pw_group_walk:2748, Starting... RP/0/RSP0/CPU0:Apr 28 09:38:08.276 : l2vpn_mgr[1178]: DBG-ALL: l2vpn_id_mgr_pw_group_walk:2787, Done. RP/0/RSP0/CPU0:ASR9001-1#sh mpls for Mon Apr 28 07:38:44.363 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16001 Unlabelled PW(192.168.1.3:501) \ PE501 PW-HE-Disp 0 16005 Pop 192.168.1.2/32 tt12891 192.168.1.2 152 16006 Unlabelled 192.168.1.3/32 tt12891 192.168.1.2 0 16007 Unlabelled 10.1.2.0/30 tt12891 192.168.1.2 0
4. Ok,恢复配置,根据mpls forwarding和TE forwarding的信息分析数据包的封装,为了方便,把上面的信息拿下来,根据下面的信息,我们可以看到“192.168.1.3”的label是192.168.1.2分给他的16002
RP/0/RSP0/CPU0:ASR9001-1#show mpls for
Thu Apr 24 08:45:02.724 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16000 16007 PW-HE(PE501) 192.168.1.3 92
16001 Unlabelled PW(192.168.1.3:501) \
PE501 PW-HE-Disp 0
16005 Pop 192.168.1.2/32 tt12891 192.168.1.2 0
16006 16002 192.168.1.3/32 tt12891 192.168.1.2 1147538
16007 Pop 10.1.2.0/30 tt12891 192.168.1.2 0
5. 因此如上所述,ICMP的目的地址是1.1.1.2,封装PW label;然后查找PW的下一跳是192.168.1.3,查找LFIB,出标签是192.168.1.2通过LDP分配的标签16002;继续check,出口是tunnel,所以check tunnel的转发表,192.168.1.2 TE尾端分给它POP 标签;所以标签迭代关系应该为“PW -> LDP -> TE”,也就是“16007 -> 16002 -> 3”,在ASR9001-1设置SPAN,把出口G0/0/0/2的报文抓下来确认,如下图所示:
本文出自 Frank's Blog