sr mpls te隧道配置案例

需求分析

1、在PE上开启mpls te功能

2、PE1和PE2上配置 显式路径及TE隧道

3、PE1和PE2写p1及P2之间建立mp-bgp,p1和p2为RR

4、配置隧道策略,把vpn流量迭代进te隧道

5、手动配adj sid,因为不是be,路径要手动指定路径,如果是自动获取每次设备重启adj sid都会变

6、p1和p2上不开mpls te,pe1和pe2上开mpls te

CE1

sysname pe1

router id 3.3.3.3

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:100

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 3.3.3.3

mpls

mpls te

explicit-path pe1-pe2

next sid label 20011 type prefix

next sid label 330002 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0003.00

is-name pe1

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.2 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.14 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.0.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

isis prefix-sid index 33

interface Tunnel100

description 4.4.4.4

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 4.4.4.4

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe1-pe2

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.0.2 as-number 65001

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

CE2

sysname pe2

router id 4.4.4.4

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:200

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls te

explicit-path pe2-pe1

next sid label 20022 type prefix

next sid label 330003 type adjacency

next sid label 20011 type prefix

next sid label 330001 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0004.00

is-name pe2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.6 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.18 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.1.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

isis prefix-sid index 44

interface Tunnel100

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 3.3.3.3

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe2-pe1

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.1.2 as-number 65002

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

P1

sysname p1

set neid 18a8b

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 1.1.1.1

mpls lsr-id 1.1.1.1

mpls

aaa

authentication-scheme default0

authentication-scheme default1

authentication-scheme default

authentication-mode local radius

authorization-scheme default

accounting-scheme default0

accounting-scheme default1

domain default0

domain default1

domain default_admin

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0001.00

is-name p1

segment-routing mpls

segment-routing global-block 20000 30000

segment-routing auto-adj-sid disable

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.1 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.5 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.9 255.255.255.252

isis enable 1

undo dcn mode vlan

interface Ethernet1/0/3

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/4

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/5

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/6

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/7

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/8

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/9

undo shutdown

undo dcn mode vlan

interface GigabitEthernet0/0/0

undo shutdown

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

isis prefix-sid index 11

interface NULL0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

P2

sysname p2

set neid 18a8c

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 2.2.2.2

mpls lsr-id 2.2.2.2

mpls

mpls te

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0002.00

is-name p2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.13 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.17 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.10 255.255.255.252

isis enable 1

undo dcn mode vlan

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

isis prefix-sid index 22

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

CE1

router id 10.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.0.2 255.255.255.0

interface LoopBack0

ip address 10.0.0.1 255.255.255.255

bgp 65001

peer 192.168.0.1 as-number 100

ipv4-family unicast

undo synchronization

network 10.0.0.1 255.255.255.255

peer 192.168.0.1 enable

CE2

router id 20.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.1.2 255.255.255.0

interface LoopBack0

ip address 20.0.0.1 255.255.255.255

bgp 65002

peer 192.168.1.1 as-number 100

ipv4-family unicast

undo synchronization

network 20.0.0.1 255.255.255.255

peer 192.168.1.1 enable

isis邻居查看

sid查看

手动指定显式路径的 ajd sid

P1

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

P2

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

查看adj sid(IGP自动生成的adj sid每次设备重启都会变)

关掉isis自动发布的adj sid

p1-isis-1segment-routing auto-adj-sid disable

再次查看就只有手动的了,设备重启就不会变了

配置显示路径(如果有控制器就能自动生成)

pe1去程

explicit-path pe1-pe2

next sid label 20011 type prefix //p1设备的sid,由那个isis里面设置的范围20000-30000加上loopback口的prefix组合而来

next sid label 330002 type adjacency //p1设备连接pe2接口的adj sid

回程

pe2

explicit-path pe2-pe1

next sid label 20022 type prefix //p2设备的sid

next sid label 330003 type adjacency //p2设备连接p1接口的adj sid

next sid label 20011 type prefix //p1设备的sid,这条不配好像也可以 ,但为了理解还是配了吧

next sid label 330001 type adjacency //p1设备连接pe1接口的adj sid

配置隧道(借用loopback口地址,关联显式路径)

pe1

interface Tunnel100

destination 4.4.4.4

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe1-pe2

pe2

interface Tunnel100

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 3.3.3.3

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe2-pe1

路径查看

隧道查看

检查隧道连通性


配置隧道选择策略 //有的设备不支持sr-te,要用cr-lsp

pe1和pe2上配

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

ip vpn-instance vpna

ipv4-family

tnl-policy p1 //调用策略

查看路由有没有进隧道

ce1和ce2连通性测试

内部标签还是mp-bgp分发的

相关推荐
小鹿软件办公7 小时前
通过调整编码参数使用 VLC 媒体播放器无损压缩视频方法
运维·网络·音视频
在书中成长8 小时前
HarmonyOS 小游戏《对战五子棋》开发第8篇 - GomokuEngine核心引擎设计(三):五子连珠判定算法
算法·华为·harmonyos
yqcoder9 小时前
什么是 Math 对象
网络·网络协议·udp
Piko61418 小时前
H3C IRF2 堆叠实战:打造高可靠核心交换网络
运维·网络·笔记
在书中成长20 小时前
HarmonyOS 小游戏《对战五子棋》开发第5篇-五子棋GameConstants常量与类型定义最佳实践
华为·harmonyos
最爱老式锅包肉20 小时前
《HarmonyOS技术精讲-ArkWeb》桥接两岸:JSBridge原生与Web互调
前端·华为·harmonyos
茯苓gao21 小时前
嵌入式开发笔记:CANopen相关移位运算与通信协议术语详解
网络·嵌入式硬件·学习·信息与通信
万联WANFLOW21 小时前
SD-WAN 控制平面高可用怎么做?SDWAN 控制器挂了,全网会发生什么
运维·网络·分布式·架构
酱学编程1 天前
【从零到一实现一个 AI Agent 框架 · 第四篇】04. 任务规划:拆解复杂目标 -
服务器·网络·数据库·人工智能
风行南方1 天前
密码学之分组密码
网络·密码学