07-MSR系列路由器BGP-MPLS VPN采用GRE隧道的典型配置举例
本章节下载: 07-MSR系列路由器BGP-MPLS VPN采用GRE隧道的典型配置举例 (155 KB)
MSR系列路由器BGP-MPLS VPN采用GRE隧道的典型配置举例
Copyright © 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
目 录
本文档介绍使用GRE隧道连接MPLS L3VPN多个PE的典型案例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解GRE隧道和MPLS L3VPN的特性。
如图1所示,在运营商骨干网上,PE A和PE B设备具备MPLS能力,设备P只提供纯IP功能,不具备MPLS能力。CE 1和CE 2属于VPN实例vpna。
现要求通过在PE上配置GRE隧道以实现:在MPLS L3VPN骨干网PE间通过GRE隧道转发CE的VPNv4报文。
图1 MSR系列路由器采用GRE隧道的MPLS L3VPN组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
GE0/0 |
10.1.1.1/30 |
P |
GE0/1 |
172.1.1.2/30 |
PE A |
Loop0 |
1.1.1.1/32 |
|
GE0/0 |
172.2.1.1/30 |
|
GE0/1 |
10.1.1.2/30 |
PE B |
Loop0 |
2.2.2.2/32 |
|
GE0/0 |
172.1.1.1/30 |
|
GE0/1 |
10.2.1.2/30 |
|
Tunnel0 |
20.1.1.1/30 |
|
GE0/0 |
172.2.1.2/30 |
CE 2 |
GE0/0 |
10.2.1.1/30 |
|
Tunnel0 |
20.1.1.2/30 |
为了使GRE隧道正常转发报文,隧道两端必须配置源端地址与目的端地址,且两端地址互为源地址和目的地址。为保证隧道的稳定性,应使用环回接口作为源端和目的端地址。
本举例是在Release 2311版本上进行配置和验证的。
# 配置基本接口配置。
<PEA> system-view
[PEA] interface loopback 0
[PEA-LoopBack0] ip address 1.1.1.1 255.255.255.255
[PEA-LoopBack0] quit
[PEA] interface gigabitethernet 0/0
[PEA-GigabitEthernet0/0] port link-mode route
[PEA-GigabitEthernet0/0] ip address 172.1.1.1 255.255.255.252
[PEA-GigabitEthernet0/0] quit
[PEA] interface gigabitethernet 0/1
[PEA-GigabitEthernet0/1] port link-mode route
[PEA-GigabitEthernet0/1] ip address 10.1.1.1 255.255.255.252
[PEA-GigabitEthernet0/1] quit
# 配置OSPF协议,实现骨干网的互通。
[PEA] ospf 1
[PEA-ospf-1] area 0.0.0.0
[PEA-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.3
[PEA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PEA-ospf-1-area-0.0.0.0] quit
[PEA-ospf-1] quit
# 在PE A上使能MPLS基本能力。
[PEA] mpls lsr-id 1.1.1.1
[PEA] mpls
# 在PE A上创建GRE隧道策略,指定报文通过的隧道类型为GRE,负载分担条数为1。
[PEA] tunnel-policy gre1
[PEA-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PEA-tunnel-policy-gre1] quit
# 在PE A上创建VPN实例vpna,并与GRE隧道策略关联起来。
[PEA] ip vpn-instance vpna
[PEA-vpn-instance-vpna] route-distinguisher 1:1
[PEA-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[PEA-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[PEA-vpn-instance-vpna] tnl-policy gre1
[PEA-vpn-instance-vpna] quit
# 将PE A接口与vpna绑定,将CE接入PE A。
[PEA] interface gigabitethernet 0/1
[PEA-GigabitEthernet0/1] ip binding vpn-instance vpna
[PEA-GigabitEthernet0/1] ip address 10.1.1.1 255.255.255.252
[PEA-GigabitEthernet0/1] quit
# 在PE A与CE 1之间建立EBGP对等体,引入VPN路由。
[PEA] bgp 100
[PEA-bgp] ipv4-family vpn-instance vpna
[PEA-bgp-vpna] peer 10.1.1.1 as-number 65410
[PEA-bgp-vpna] peer 10.1.1.1 next-hop-local
[PEA-bgp-vpna] import-route direct
[PEA-bgp-vpna] quit
[PEA-bgp] quit
# 在PE之间建立MP-IBGP对等体。
[PEA] bgp 100
[PEA-bgp] peer 2.2.2.2 as-number 100
[PEA-bgp] peer 2.2.2.2 connect-interface loopback 0
[PEA-bgp] ipv4-family vpnv4
[PEA-bgp-af-vpnv4] peer 2.2.2.2 enable
[PEA-bgp-af-vpnv4] quit
[PEA-bgp] quit
# 创建隧道tunnel 0,封装为GRE over IPv4协议,使能MPLS能力。
[PEA] interface tunnel 0
[PEA-Tunnel0] tunnel-protocol gre
[PEA-Tunnel0] source loopback 0
[PEA-Tunnel0] destination 2.2.2.2
[PEA-Tunnel0] ip address 20.1.1.1 255.255.255.252
[PEA-Tunnel0] mpls
[PEA-Tunnel0] quit
# 配置基本接口配置。
<PEB> system-view
[PEB] interface loopback 0
[PEB-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PEB-LoopBack0] quit
[PEB] interface gigabitethernet 0/0
[PEB-GigabitEthernet0/0] port link-mode route
[PEB-GigabitEthernet0/0] ip address 172.2.1.2 255.255.255.252
[PEB-GigabitEthernet0/0] quit
[PEB] interface gigabitethernet 0/1
[PEB-GigabitEthernet0/1] port link-mode route
[PEB-GigabitEthernet0/1] ip address 10.2.1.2 255.255.255.252
[PEB-GigabitEthernet0/1] quit
# 配置OSPF协议,实现骨干网的互通。
[PEB] ospf 1
[PEB-ospf-1] area 0.0.0.0
[PEB-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.3
[PEB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PEB-ospf-1-area-0.0.0.0] quit
[PEB-ospf-1] quit
# 在PE B设备上使能MPLS基本能力
[PEB] mpls lsr-id 2.2.2.2
[PEB] mpls
# 在PE B上创建GRE隧道策略,指定报文通过的隧道类型为GRE,负载分担条数为1。
[PEB] tunnel-policy gre1
[PEB-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PEB-tunnel-policy-gre1] quit
# 在PE B上创建VPN实例vpna,并与GRE隧道策略关联起来。
[PEB] ip vpn-instance vpna
[PEB-vpn-instance-vpna] route-distinguisher 1:2
[PEB-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[PEB-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[PEB-vpn-instance-vpna] tnl-policy gre1
[PEB-vpn-instance-vpna] quit
# 将PE B接口与vpna绑定,将CE接入PE B。
[PEB] interface gigabitethernet 0/1
[PEB-GigabitEthernet0/1] ip binding vpn-instance vpna
[PEB-GigabitEthernet0/1] ip address 10.2.1.2 255.255.255.252
[PEB-GigabitEthernet0/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PEB] bgp 100
[PEB-bgp] ipv4-family vpn-instance vpna
[PEB-bgp-vpna] peer 10.2.1.1 as-number 65420
[PEB-bgp-vpna] peer 10.2.1.1 next-hop-local
[PEB-bgp-vpna] import-route direct
[PEB-bgp-vpna] quit
[PEB-bgp] quit
# 在PE之间建立MP-IBGP对等体。
[PEB] bgp 100
[PEB-bgp] peer 1.1.1.1 as-number 100
[PEB-bgp] peer 1.1.1.1 connect-interface loopback 0
[PEB-bgp] ipv4-family vpnv4
[PEB-bgp-af-vpnv4] peer 1.1.1.1 enable
[PEB-bgp-af-vpnv4] quit
[PEB-bgp] quit
# 创建隧道tunnel 0,封装为GRE over IPv4协议,使能MPLS能力。
[PEB] interface tunnel 0
[PEB-Tunnel0] tunnel-protocol gre
[PEB-Tunnel0] source loopback 0
[PEB-Tunnel0] destination 1.1.1.1
[PEB-Tunnel0] ip address 20.1.1.2 255.255.255.252
[PEB-Tunnel0] mpls
[PEB-Tunnel0] quit
# 配置P基本接口配置。
<P> system-view
[P] interface gigabitethernet 0/0
[P-GigabitEthernet0/0] ip address 172.2.1.1 255.255.255.252
[P-GigabitEthernet0/0] quit
[P] interface gigabitethernet 0/1
[P-GigabitEthernet0/1] ip address 172.1.1.2 255.255.255.252
[P-GigabitEthernet0/1] quit
# 配置OSPF协议,实现骨干网的互通。
[P] ospf 1
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# 查看PE A的Tunnel接口状态。
<PEA> display interface tunnel 0
Tunnel0 current state: UP
Line protocol current state: UP
Description: Tunnel0 Interface
The Maximum Transmit Unit is 1476
Internet Address is 20.1.1.1/30 Primary
Encapsulation is TUNNEL, service-loopback-group ID not set.
Tunnel source 1.1.1.1 (LoopBack0), destination 2.2.2.2
Tunnel bandwidth 64 (kbps)
Tunnel keepalive disabled
Tunnel protocol/transport GRE/IP
GRE key disabled
Checksumming of GRE packets disabled
Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0
Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last clearing of counters: Never
Last 300 seconds input: 2 bytes/sec, 0 packets/sec
Last 300 seconds output: 2 bytes/sec, 0 packets/sec
55 packets input, 4840 bytes
0 input error
174 packets output, 12218 bytes
0 output error
# 查看PE B的Tunnel接口状态。
<PEB> display interface tunnel 0
Tunnel0 current state: UP
Line protocol current state: UP
Description: Tunnel0 Interface
The Maximum Transmit Unit is 1476
Internet Address is 20.1.1.2/30 Primary
Encapsulation is TUNNEL, service-loopback-group ID not set.
Tunnel source 2.2.2.2 (LoopBack0), destination 1.1.1.1
Tunnel bandwidth 64 (kbps)
Tunnel keepalive disabled
Tunnel protocol/transport GRE/IP
GRE key disabled
Checksumming of GRE packets disabled
Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0
Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last clearing of counters: Never
Last 300 seconds input: 7 bytes/sec, 0 packets/sec
Last 300 seconds output: 7 bytes/sec, 0 packets/sec
30 packets input, 2640 bytes
0 input error
30 packets output, 2640 bytes
0 output error
# 在CE 1上ping CE 2的接口IP地址,验证是否能够ping通。
<CE1> ping 10.2.1.1
PING 10.2.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.2.1.1: bytes=56 Sequence=0 ttl=253 time=2 ms
Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=1 ms
Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms
Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms
Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=2 ms
--- 10.2.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
· PE A配置:
#
mpls lsr-id 1.1.1.1
#
ip vpn-instance vpna
route-distinguisher 1:1
tnl-policy gre1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls
#
tunnel-policy gre1
tunnel select-seq gre load-balance-number 1
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.1.1.1 255.255.255.252
#
interface GigabitEthernet0/1
port link-mode route
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.252
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Tunnel0
ip address 20.1.1.1 255.255.255.252
source LoopBack0
destination 2.2.2.2
mpls
#
bgp 100
undo synchronization
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
peer 10.1.1.1 next-hop-local
#
ipv4-family vpnv4
peer 2.2.2.2 enable
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.3
network 1.1.1.1 0.0.0.0
· PE B配置:
#
mpls lsr-id 2.2.2.2
#
ip vpn-instance vpna
route-distinguisher 1:2
tnl-policy gre1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls
#
tunnel-policy gre1
tunnel select-seq gre load-balance-number 1
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.2.1.2 255.255.255.252
#
interface GigabitEthernet0/1
port link-mode route
ip binding vpn-instance vpna
ip address 10.2.1.2 255.255.255.252
#
interface Tunnel0
ip address 20.1.1.2 255.255.255.252
source LoopBack0
destination 1.1.1.1
mpls
#
bgp 100
undo synchronization
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family vpn-instance vpna
peer 10.2.1.1 as-number 65420
import-route direct
peer 10.2.1.1 next-hop-local
#
ipv4-family vpnv4
peer 1.1.1.1 enable
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0
· P配置:
#
interface GigabitEthernet0/0
ip address 172.2.1.1 255.255.255.252
#
interface GigabitEthernet0/1
ip address 172.1.1.2 255.255.255.252
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.3
network 172.1.1.0 0.0.0.3
· H3C MSR 系列路由器 命令参考(V5)-R2311
· H3C MSR 系列路由器 配置指导(V5)-R2311
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!