sr mpls te隧道配置案例

需求分析

1、在PE上开启mpls te功能

2、PE1和PE2上配置 显式路径及TE隧道

3、PE1和PE2写p1及P2之间建立mp-bgp,p1和p2为RR

4、配置隧道策略,把vpn流量迭代进te隧道

5、手动配adj sid,因为不是be,路径要手动指定路径,如果是自动获取每次设备重启adj sid都会变

6、p1和p2上不开mpls te,pe1和pe2上开mpls te

CE1

sysname pe1

router id 3.3.3.3

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:100

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 3.3.3.3

mpls

mpls te

explicit-path pe1-pe2

next sid label 20011 type prefix

next sid label 330002 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0003.00

is-name pe1

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.2 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.14 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.0.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

isis prefix-sid index 33

interface Tunnel100

description 4.4.4.4

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 4.4.4.4

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe1-pe2

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.0.2 as-number 65001

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

CE2

sysname pe2

router id 4.4.4.4

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:200

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls te

explicit-path pe2-pe1

next sid label 20022 type prefix

next sid label 330003 type adjacency

next sid label 20011 type prefix

next sid label 330001 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0004.00

is-name pe2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.6 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.18 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.1.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

isis prefix-sid index 44

interface Tunnel100

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 3.3.3.3

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe2-pe1

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.1.2 as-number 65002

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

P1

sysname p1

set neid 18a8b

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 1.1.1.1

mpls lsr-id 1.1.1.1

mpls

aaa

authentication-scheme default0

authentication-scheme default1

authentication-scheme default

authentication-mode local radius

authorization-scheme default

accounting-scheme default0

accounting-scheme default1

domain default0

domain default1

domain default_admin

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0001.00

is-name p1

segment-routing mpls

segment-routing global-block 20000 30000

segment-routing auto-adj-sid disable

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.1 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.5 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.9 255.255.255.252

isis enable 1

undo dcn mode vlan

interface Ethernet1/0/3

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/4

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/5

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/6

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/7

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/8

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/9

undo shutdown

undo dcn mode vlan

interface GigabitEthernet0/0/0

undo shutdown

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

isis prefix-sid index 11

interface NULL0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

P2

sysname p2

set neid 18a8c

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 2.2.2.2

mpls lsr-id 2.2.2.2

mpls

mpls te

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0002.00

is-name p2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.13 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.17 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.10 255.255.255.252

isis enable 1

undo dcn mode vlan

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

isis prefix-sid index 22

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

CE1

router id 10.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.0.2 255.255.255.0

interface LoopBack0

ip address 10.0.0.1 255.255.255.255

bgp 65001

peer 192.168.0.1 as-number 100

ipv4-family unicast

undo synchronization

network 10.0.0.1 255.255.255.255

peer 192.168.0.1 enable

CE2

router id 20.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.1.2 255.255.255.0

interface LoopBack0

ip address 20.0.0.1 255.255.255.255

bgp 65002

peer 192.168.1.1 as-number 100

ipv4-family unicast

undo synchronization

network 20.0.0.1 255.255.255.255

peer 192.168.1.1 enable

isis邻居查看

sid查看

手动指定显式路径的 ajd sid

P1

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

P2

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

查看adj sid(IGP自动生成的adj sid每次设备重启都会变)

关掉isis自动发布的adj sid

p1-isis-1\]segment-routing auto-adj-sid disable 再次查看就只有手动的了,设备重启就不会变了 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/dc6f24a486c94ecd836f2594188e9ad5.png) 配置显示路径(如果有控制器就能自动生成) pe1去程 explicit-path pe1-pe2 next sid label 20011 type prefix //p1设备的sid,由那个isis里面设置的范围20000-30000加上loopback口的prefix组合而来 next sid label 330002 type adjacency //p1设备连接pe2接口的adj sid 回程 pe2 explicit-path pe2-pe1 next sid label 20022 type prefix //p2设备的sid next sid label 330003 type adjacency //p2设备连接p1接口的adj sid next sid label 20011 type prefix //p1设备的sid,这条不配好像也可以 ,但为了理解还是配了吧 next sid label 330001 type adjacency //p1设备连接pe1接口的adj sid 配置隧道(借用loopback口地址,关联显式路径) pe1 interface Tunnel100 destination 4.4.4.4 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te mpls te signal-protocol segment-routing mpls te tunnel-id 100 mpls te path explicit-path pe1-pe2 pe2 interface Tunnel100 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 3.3.3.3 mpls te signal-protocol segment-routing mpls te tunnel-id 100 mpls te path explicit-path pe2-pe1 路径查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/578d7890872c4896a1cfdd0bfaf0d713.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/9dab95ad2fda4354bbdabfe81f12217a.png) 隧道查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/cff2662cb22648a796d870c27123ee37.png)![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/6480fb30b1c64e5fbfcab9a3521cba48.png) 检查隧道连通性 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/cbbaa52deabf4039a877fea5f8d1a146.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/ddc73057485945c084ccb2000cbeb3bd.png) 配置隧道选择策略 //有的设备不支持sr-te,要用cr-lsp pe1和pe2上配 tunnel-policy p1 tunnel select-seq sr-te load-balance-number 1 ip vpn-instance vpna ipv4-family tnl-policy p1 //调用策略 查看路由有没有进隧道 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/8c9d127611b34a549a5cc364e2155bfc.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/0425bcf566294c9cbf75d05e8267cfb8.png) ce1和ce2连通性测试 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/0c02aae7bf164eb397e10a6bc867d3dc.png) 内部标签还是mp-bgp分发的 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/956395eca1a044c5a409894d86a3fa72.png)

相关推荐
爱笑的眼睛113 小时前
深入解析HarmonyOS应用开发:ArkTS语法精要与UI组件实践
华为·harmonyos
爱笑的眼睛113 小时前
深入浅出 ArkTS:构建响应式 HarmonyOS 应用的现代语法与实践
华为·harmonyos
skywalk81633 小时前
调试parlant的大模型配置,最终自己动手写了g4f的模块挂载
网络·人工智能·语言模型·tiktoken
FFFfengZiz.4 小时前
HTTP相关
网络·网络协议·http
优质网络系统领域创作者5 小时前
华为AC+AP无线网络组网与配置指南
华为
网安小白的进阶之路5 小时前
A模块 系统与网络安全 第四门课 弹性交换网络-3
网络·安全·web安全
艾菜籽7 小时前
网络原理-HTTP补充2
网络·网络协议·http
爱笑的眼睛118 小时前
深入浅出 ArkTS:HarmonyOS 应用开发的语言基石
华为·harmonyos
安卓开发者8 小时前
鸿蒙Next中使用Socket进行网络通信:完整指南与实战
华为·harmonyos