sr mpls te隧道配置案例

需求分析

1、在PE上开启mpls te功能

2、PE1和PE2上配置 显式路径及TE隧道

3、PE1和PE2写p1及P2之间建立mp-bgp，p1和p2为RR

4、配置隧道策略，把vpn流量迭代进te隧道

5、手动配adj sid，因为不是be，路径要手动指定路径，如果是自动获取每次设备重启adj sid都会变

6、p1和p2上不开mpls te，pe1和pe2上开mpls te

CE1

sysname pe1

router id 3.3.3.3

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:100

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 3.3.3.3

mpls

mpls te

explicit-path pe1-pe2

next sid label 20011 type prefix

next sid label 330002 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0003.00

is-name pe1

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.2 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.14 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.0.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

isis prefix-sid index 33

interface Tunnel100

description 4.4.4.4

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 4.4.4.4

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe1-pe2

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.0.2 as-number 65001

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

CE2

sysname pe2

router id 4.4.4.4

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:200

tnl-policy p1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls te

explicit-path pe2-pe1

next sid label 20022 type prefix

next sid label 330003 type adjacency

next sid label 20011 type prefix

next sid label 330001 type adjacency

segment-routing

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0004.00

is-name pe2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.6 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.18 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip binding vpn-instance vpna

ip address 192.168.1.1 255.255.255.0

undo dcn mode vlan

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

isis prefix-sid index 44

interface Tunnel100

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 3.3.3.3

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe2-pe1

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

peer 2.2.2.2 enable

ipv4-family vpn-instance vpna

peer 192.168.1.2 as-number 65002

undo dcn

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

P1

sysname p1

set neid 18a8b

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 1.1.1.1

mpls lsr-id 1.1.1.1

mpls

aaa

authentication-scheme default0

authentication-scheme default1

authentication-scheme default

authentication-mode local radius

authorization-scheme default

accounting-scheme default0

accounting-scheme default1

domain default0

domain default1

domain default_admin

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0001.00

is-name p1

segment-routing mpls

segment-routing global-block 20000 30000

segment-routing auto-adj-sid disable

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.1 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.5 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.9 255.255.255.252

isis enable 1

undo dcn mode vlan

interface Ethernet1/0/3

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/4

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/5

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/6

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/7

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/8

undo shutdown

undo dcn mode vlan

interface Ethernet1/0/9

undo shutdown

undo dcn mode vlan

interface GigabitEthernet0/0/0

undo shutdown

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

isis prefix-sid index 11

interface NULL0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.2 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

P2

sysname p2

set neid 18a8c

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 2.2.2.2

mpls lsr-id 2.2.2.2

mpls

mpls te

license

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

isis 1

is-level level-2

cost-style wide

network-entity 49.0001.0000.0000.0002.00

is-name p2

segment-routing mpls

segment-routing global-block 20000 30000

interface Ethernet1/0/0

undo shutdown

ip address 100.0.0.13 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/1

undo shutdown

ip address 100.0.0.17 255.255.255.252

isis enable 1

undo dcn

undo dcn mode vlan

interface Ethernet1/0/2

undo shutdown

ip address 100.0.0.10 255.255.255.252

isis enable 1

undo dcn mode vlan

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

isis prefix-sid index 22

interface NULL0

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

undo dcn

CE1

router id 10.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.0.2 255.255.255.0

interface LoopBack0

ip address 10.0.0.1 255.255.255.255

bgp 65001

peer 192.168.0.1 as-number 100

ipv4-family unicast

undo synchronization

network 10.0.0.1 255.255.255.255

peer 192.168.0.1 enable

CE2

router id 20.0.0.1

interface GigabitEthernet0/0/0

ip address 192.168.1.2 255.255.255.0

interface LoopBack0

ip address 20.0.0.1 255.255.255.255

bgp 65002

peer 192.168.1.1 as-number 100

ipv4-family unicast

undo synchronization

network 20.0.0.1 255.255.255.255

peer 192.168.1.1 enable

isis邻居查看

sid查看

手动指定显式路径的 ajd sid

P1

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.1 remote-ip-addr 100.0.0.2 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.5 remote-ip-addr 100.0.0.6 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.9 remote-ip-addr 100.0.0.10 sid 330003

P2

segment-routing

ipv4 adjacency local-ip-addr 100.0.0.13 remote-ip-addr 100.0.0.14 sid 330001

ipv4 adjacency local-ip-addr 100.0.0.17 remote-ip-addr 100.0.0.18 sid 330002

ipv4 adjacency local-ip-addr 100.0.0.10 remote-ip-addr 100.0.0.9 sid 330003

查看adj sid（IGP自动生成的adj sid每次设备重启都会变）

关掉isis自动发布的adj sid

p1-isis-1segment-routing auto-adj-sid disable

再次查看就只有手动的了，设备重启就不会变了

配置显示路径（如果有控制器就能自动生成）

pe1去程

explicit-path pe1-pe2

next sid label 20011 type prefix //p1设备的sid，由那个isis里面设置的范围20000-30000加上loopback口的prefix组合而来

next sid label 330002 type adjacency //p1设备连接pe2接口的adj sid

回程

pe2

explicit-path pe2-pe1

next sid label 20022 type prefix //p2设备的sid

next sid label 330003 type adjacency //p2设备连接p1接口的adj sid

next sid label 20011 type prefix //p1设备的sid，这条不配好像也可以 ，但为了理解还是配了吧

next sid label 330001 type adjacency //p1设备连接pe1接口的adj sid

配置隧道（借用loopback口地址，关联显式路径）

pe1

interface Tunnel100

destination 4.4.4.4

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe1-pe2

pe2

interface Tunnel100

ip address unnumbered interface LoopBack0

tunnel-protocol mpls te

destination 3.3.3.3

mpls te signal-protocol segment-routing

mpls te tunnel-id 100

mpls te path explicit-path pe2-pe1

路径查看

隧道查看

检查隧道连通性

配置隧道选择策略 //有的设备不支持sr-te，要用cr-lsp

pe1和pe2上配

tunnel-policy p1

tunnel select-seq sr-te load-balance-number 1

ip vpn-instance vpna

ipv4-family

tnl-policy p1 //调用策略

查看路由有没有进隧道

ce1和ce2连通性测试

内部标签还是mp-bgp分发的