03-H3C_S12500_组播VPN典型配置
本章节下载: 03-H3C_S12500_组播VPN典型配置 (282.9 KB)
本文档介绍组播VPN的典型配置举例。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解组播VPN特性。
如图1所示,Customer A有位于两地的分支机构,这两个分支机构已通过同一个运营商的MPLS L3VPN网络实现了两地间单播路由信息的正常交互。目前Customer A中的组播源与接收者分别位于不同的分支机构中,且各分支机构内运行的PIM协议模式为PIM-SM。现要求通过MD VPN技术,实现组播接收者能够正常接收到组播源发来的组播数据。
图1 配置单AS内MD VPN组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
S 1 |
- |
10.11.3.2/24 |
PE 2 |
Vlan-int3 |
192.168.2.2/24 |
PE 1 |
Vlan-int2 |
192.168.1.2/24 |
|
Vlan-int12 |
10.11.2.1/24 |
|
Vlan-int11 |
10.11.1.1/24 |
|
Loop1 |
1.1.1.2/32 |
|
Loop1 |
1.1.1.1/32 |
CE a1 |
Vlan-int10 |
10.11.3.1/24 |
P |
Vlan-int2 |
192.168.1.1/24 |
|
Vlan-int11 |
10.11.1.2/24 |
|
Vlan-int3 |
192.168.2.1/24 |
|
Loop0 |
2.2.2.2/32 |
|
Loop1 |
3.3.3.3/32 |
CE a2 |
Vlan-int20 |
10.11.4.1/24 |
R 1 |
- |
10.11.4.2/24 |
|
Vlan-int12 |
10.11.2.2/24 |
为了实现上述组网需求,需要在公网的各设备上运行PIM协议(与私网中的PIM协议模式相互独立),并在各PE设备上配置MD VPN。
本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。
· 配置MD VPN时,只有在指定了Default-Group和MD源接口,并获取到MD源接口的公网IP地址之后,MTI才会生效。
· 属于同一VPN的所有接口(包括PE上绑定VPN实例的接口)上必须运行相同模式的PIM协议。
· 在不同的PE上,应该为相同VPN实例的MD指定相同的Default-Group。
· MD源接口必须与建立BGP对等体时所使用的源接口相同,否则将无法获取正确的路由信息。
· 缺省情况下,以太网接口、VLAN虚接口及聚合接口处于down状态。如果要对这些接口进行配置,请先使用undo shutdown命令使接口状态处于up状态。
· 系统工作在标准模式下,配置组播VPN时必须配置保留VLAN,否则系统会出现异常。保留VLAN配置完成后,请不要修改,否则需要重新配置,关于保留VLAN的详细介绍请参见“MPLS配置指导”中的“MPLS L3VPN”。关于系统工作模式的详细介绍请参见“基础配置指导”中的“设备管理”。
# 按照图1配置各设备上的接口IP地址和子网掩码。
<CEa1> system-view
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] ip address 10.11.3.1 24
[CEa1-Vlan-interface10] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] ip address 2.2.2.2 32
[CEa1-LoopBack0] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] ip address 10.11.1.2 24
[CEa1-Vlan-interface11] quit
PE 1、P、PE 2和CE a2的配置与CE a1相似,配置过程略。
配置路由协议及基本MPLS L3VPN,实现两地间单播路由信息互通。具体配置请参见“MPLS配置指导”中的“MPLS L3VPN”。
(1) 在公网实例中使能IP组播路由、公网接口上配置PIM-SM功能(包括LoopBack接口)
# 在PE 1上使能IP组播路由,在公网接口上配置PIM-SM。
[PE1] multicast routing
[PE1-mrib] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] pim sm
[PE1-Vlan-interface2] quit
[PE1] interface loopback 1
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
# 在P上使能IP组播路由,在公网接口上配置PIM-SM,并将LoopBack 1接口指定为公网的C-BSR和C-RP,其中C-RP服务于公网实例中所有组播组。
[P] multicast routing
[P-mrib] quit
[P] interface vlan-interface 2
[P-Vlan-interface2] pim sm
[P-Vlan-interface2] quit
[P] interface vlan-interface 3
[P-Vlan-interface3] pim sm
[P-Vlan-interface3] quit
[P] interface loopback 1
[P-LoopBack1] pim sm
[P-LoopBack1] quit
[P] pim
[P-pim] c-bsr 3.3.3.3
[P-pim] c-rp 3.3.3.3
[P-pim] quit
# 在PE 2上使能IP组播路由,在公网接口上配置PIM-SM。
[PE2] multicast routing
[PE2-mrib] quit
[PE2] interface vlan-interface 3
[PE2-Vlan-interface3] pim sm
[PE2-Vlan-interface3] quit
[PE2] interface loopback 1
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
(2) 在VPN私网实例中使能IP组播路由、私网接口上配置PIM-SM功能,并在连接有接收者的CE上配置IGMP
# 在CE a1上使能IP组播路由,在各接口上配置PIM-SM,并将LoopBack 0接口指定为私网的C-BSR和C-RP,其中C-RP服务于Customer A实例中所有组播组。
[CEa1] multicast routing
[CEa1-mrib] quit
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] pim sm
[CEa1-Vlan-interface10] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] pim sm
[CEa1-Vlan-interface11] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] pim sm
[CEa1-LoopBack0] quit
[CEa1] pim
[CEa1-pim] c-bsr 2.2.2.2
[CEa1-pim] c-rp 2.2.2.2
[CEa1-pim] quit
# 在CE a2上使能IP组播路由,在连接有接收者的接口上使能IGMP,其余各接口上配置PIM-SM。
[CEa2] multicast routing
[CEa2-mrib] quit
[CEa2] interface vlan-interface 12
[CEa2-Vlan-interface12] pim sm
[CEa2-Vlan-interface12] quit
[CEa2] interface vlan-interface 20
[CEa2-Vlan-interface20] igmp enable
[CEa2-Vlan-interface20] quit
# 在PE 1上配置VPN实例Customer A,将接口Vlan-interface11与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[PE1] ip vpn-instance customerA
[PE1-vpn-instance-customerA] route-distinguisher 100:1
[PE1-vpn-instance-customerA] vpn-target 100:1
[PE1-vpn-instance-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] ip binding vpn-instance customerA
[PE1-Vlan-interface11] quit
[PE1] multicast routing vpn-instance customerA
[PE1-mrib-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] pim sm
[PE1-Vlan-interface11] quit
# 在PE 2上配置VPN实例Customer A,将接口Vlan-interface12与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[PE2] ip vpn-instance customerA
[PE2-vpn-instance-customerA] route-distinguisher 100:1
[PE2-vpn-instance-customerA] vpn-target 100:1
[PE2-vpn-instance-customerA] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] ip binding vpn-instance customerA
[PE2-Vlan-interface12] quit
[PE2] multicast routing vpn-instance customerA
[PE2-mrib-customerA] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] pim sm
[PE2-Vlan-interface12] quit
(3) 创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围
# 在PE 1上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE1] multicast-domain vpn-instance customerA
[PE1-md-customerA] default-group 239.1.1.1
[PE1-md-customerA] source loopback 1
[PE1-md-customerA] data-group 225.2.2.0 28
[PE1-md-customerA] quit
# 在PE 2上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE2] multicast-domain vpn-instance customerA
[PE2-md-customerA] default-group 239.1.1.1
[PE2-md-customerA] source loopback 1
[PE2-md-customerA] data-group 225.2.2.0 28
[PE2-md-customerA] quit
按照如上配置后,通过在PE及P设备上执行display pim routing-table命令,可以检查公网Default-MDT建立情况,以P设备为例:
[P]display pim routing-table
Total 1 (*, G) entry; 2 (S, G) entry
(*, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 02:54:43
Upstream interface: Register
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 2
1: Vlan-interface2
Protocol: pim-sm, UpTime: 02:54:43, Expires: -
2: Vlan-interface3
Protocol: pim-sm, UpTime: 02:33:57, Expires: -
(1.1.1.1, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 01:57:13
Upstream interface: Vlan-interface2
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information: None
(1.1.1.2, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 01:57:13
Upstream interface: Vlan-interface3
Upstream neighbor: 192.168.2.2
RPF prime neighbor: 192.168.2.2
Downstream interface(s) information: None
由此可见,公网P设备上已建立RPT(*,239.1.1.1)和两棵相互独立的SPT树,这三棵树共同组成了该公网上的Default-MDT。
· PE 1:
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 2
#
vlan 11
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlan-interface11
ip binding vpn-instance customerA
ip address 10.11.1.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· PE 2:
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 3
#
vlan 12
#
interface LoopBack1
ip address 1.1.1.2 255.255.255.255
pim sm
#
interface Vlan-interface3
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Vlan-interface12
ip binding vpn-instance customerA
ip address 10.11.2.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· P:
#
vlan 2 to 3
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Vlan-interface3
ip address 192.168.2.1 255.255.255.0
pim sm
#
multicast routing
#
pim
c-bsr 3.3.3.3
c-rp 3.3.3.3
#
· CE a1:
#
vlan 10 to 11
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 10.11.3.1 255.255.255.0
pim sm
#
interface Vlan-interface11
ip address 10.11.1.2 255.255.255.0
pim sm
#
multicast routing
#
pim
c-bsr 2.2.2.2
c-rp 2.2.2.2
#
· CE a2:
#
vlan 12
#
vlan 20
#
interface Vlan-interface12
ip address 10.11.2.2 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 10.11.4.1 255.255.255.0
igmp enable
#
multicast routing
#
如图2所示,Customer A有位于两地的分支机构,这两个分支机构跨越了两个运营商网络,并已通过跨域VPN-OptionA方案实现了两地间单播路由信息的正常交互。目前Customer A中的组播源与接收者分别位于不同的分支机构中,且各分支机构内运行的PIM协议模式为PIM-SM。现要求通过MD VPN技术,实现组播接收者能够正常接收到组播源发来的组播数据。
图2 配置A类跨AS的MD VPN组网图
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
S 1 |
- |
10.11.3.2/24 |
R 1 |
- |
10.11.4.2/24 |
PE 1 |
Vlan-int2 |
192.168.1.2/24 |
ASBR-PE 2 |
Vlan-int4 |
192.168.3.2/24 |
|
Vlan-int11 |
10.11.1.1/24 |
|
Vlan-int3 |
192.168.2.2/24 |
|
Loop1 |
1.1.1.1/32 |
|
Loop1 |
1.1.1.3/32 |
ASBR-PE 1 |
Vlan-int2 |
192.168.1.1/24 |
|
Loop2 |
22.22.22.22/32 |
|
Vlan-int3 |
192.168.2.1/24 |
PE 2 |
Vlan-int4 |
192.168.3.1/24 |
|
Loop1 |
1.1.1.2/32 |
|
Vlan-int12 |
10.11.2.1/24 |
|
Loop2 |
11.11.11.11/32 |
|
Loop1 |
1.1.1.4/32 |
CE a1 |
Vlan-int10 |
10.11.3.1/24 |
CE a2 |
Vlan-int20 |
10.11.4.1/24 |
|
Vlan-int11 |
10.11.1.2/24 |
|
Vlan-int12 |
10.11.2.2/24 |
|
Loop0 |
2.2.2.2/32 |
|
|
|
为了实现上述组网需求,需要在每个AS内各建立一个独立的MD。
本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。
· 各AS内部运行的公网PIM模式可以不同,但属于同一VPN的所有接口(包括ASBR上绑定VPN实例的接口)上必须运行统一的PIM模式。
· 对于同一AS内的相同VPN实例的MD,应为其指定相同的Default-Group,对于不同AS的相同VPN实例,为其MD指定的Default-Group可以不同。
· 缺省情况下,以太网接口、VLAN虚接口及聚合接口处于down状态。如果要对这些接口进行配置,请先使用undo shutdown命令使接口状态处于up状态。
· 系统工作在标准模式下,配置组播VPN时必须配置保留VLAN,否则系统会出现异常。保留VLAN配置完成后,请不要修改,否则需要重新配置,关于保留VLAN的详细介绍请参见“MPLS配置指导”中的“MPLS L3VPN”。关于系统工作模式的详细介绍请参见“基础配置指导”中的“设备管理”。
# 按照图2配置各设备上的接口IP地址和子网掩码。
<CEa1> system-view
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] ip address 10.11.3.1 24
[CEa1-Vlan-interface10] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] ip address 2.2.2.2 32
[CEa1-LoopBack0] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] ip address 10.11.1.2 24
[CEa1-Vlan-interface11] quit
PE 1、ASBR-PE 1、ASBR-PE 2、PE 2和CE a2的配置与CE a1相似,配置过程略。
配置路由协议及OptionA方式的跨域MPLS L3VPN,实现两地间单播路由信息互通。具体配置请参见“MPLS配置指导”中的“MPLS L3VPN”。
(1) 在各AS的公网实例中使能IP组播路由、公网接口上配置PIM-SM功能(包括LoopBack接口)
# 在PE 1上使能IP组播路由,在公网接口上配置PIM-SM。
[PE1] multicast routing
[PE1-mrib] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] pim sm
[PE1-Vlan-interface2] quit
[PE1] interface loopback 1
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
# 在ASBR-PE 1上使能IP组播路由,在公网接口上配置PIM-SM,并将LoopBack 2接口指定为AS 100公网的C-BSR和C-RP,其中C-RP服务于该公网实例中所有组播组。
[ASBR-PE1] multicast routing
[ASBR-PE1-mrib] quit
[ASBR-PE1] interface vlan-interface 2
[ASBR-PE1-Vlan-interface2] pim sm
[ASBR-PE1-Vlan-interface2] quit
[ASBR-PE1] interface loopback 1
[ASBR-PE1-LoopBack1] pim sm
[ASBR-PE1-LoopBack1] quit
[ASBR-PE1] interface loopback 2
[ASBR-PE1-LoopBack2] pim sm
[ASBR-PE1-LoopBack2] quit
[ASBR-PE1] pim
[ASBR-PE1-pim] c-bsr 11.11.11.11
[ASBR-PE1-pim] c-rp 11.11.11.11
[ASBR-PE1-pim] quit
# 在PE 2上使能IP组播路由,在公网接口上配置PIM-SM。
[PE2] multicast routing
[PE2-mrib] quit
[PE2] interface vlan-interface 4
[PE2-Vlan-interface4] pim sm
[PE2-Vlan-interface4] quit
[PE2] interface loopback 1
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
# 在配置ASBR-PE 2上使能IP组播路由,在公网接口上配置PIM-SM,并将LoopBack 2接口指定为AS 200公网的C-BSR和C-RP,其中C-RP服务于该公网实例中所有组播组。
[ASBR-PE2] multicast routing
[ASBR-PE2-mrib] quit
[ASBR-PE2] interface vlan-interface 4
[ASBR-PE2-Vlan-interface4] pim sm
[ASBR-PE2-Vlan-interface4] quit
[ASBR-PE2] interface loopback 1
[ASBR-PE2-LoopBack1] pim sm
[ASBR-PE2-LoopBack1] quit
[ASBR-PE2] interface loopback 2
[ASBR-PE2-LoopBack2] pim sm
[ASBR-PE2-LoopBack2] quit
[ASBR-PE2] pim
[ASBR-PE2-pim] c-bsr 22.22.22.22
[ASBR-PE2-pim] c-rp 22.22.22.22
[ASBR-PE2-pim] quit
(2) 在VPN私网实例中使能IP组播路由、私网接口上配置PIM-SM功能,并在连接有接收者的CE上配置IGMP
同一AS内的ASBR与PE的VPN实例的VPN Target应能匹配,不同AS的PE的VPN实例的VPN Target则不需要匹配。
# 在CE a1上使能IP组播路由,在各接口上配置PIM-SM,并将LoopBack 0接口指定为私网的C-BSR和C-RP,其中C-RP服务于Customer A实例中所有组播组。
[CEa1] multicast routing
[CEa1-mrib] quit
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] pim sm
[CEa1-Vlan-interface10] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] pim sm
[CEa1-Vlan-interface11] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] pim sm
[CEa1-LoopBack0] quit
[CEa1] pim
[CEa1-pim] c-bsr 2.2.2.2
[CEa1-pim] c-rp 2.2.2.2
[CEa1-pim] quit
# 在CE a2上使能IP组播路由,在连接有接收者的接口上使能IGMP,其余各接口上配置PIM-SM。
[CEa2] multicast routing
[CEa2-mrib] quit
[CEa2] interface vlan-interface 12
[CEa2-Vlan-interface12] pim sm
[CEa2-Vlan-interface12] quit
[CEa2] interface vlan-interface 20
[CEa2-Vlan-interface20] igmp enable
[CEa2-Vlan-interface20] quit
# 在PE 1上配置VPN实例Customer A,将接口Vlan-interface11与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[PE1] ip vpn-instance customerA
[PE1-vpn-instance-customerA] route-distinguisher 100:1
[PE1-vpn-instance-customerA] vpn-target 100:1
[PE1-vpn-instance-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] ip binding vpn-instance customerA
[PE1-Vlan-interface11] quit
[PE1] multicast routing vpn-instance customerA
[PE1-mrib-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] pim sm
[PE1-Vlan-interface11] quit
# 在PE 2上配置VPN实例Customer A,将接口Vlan-interface12与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM
[PE2] ip vpn-instance customerA
[PE2-vpn-instance] route-distinguisher 200:1
[PE2-vpn-instance] vpn-target 200:1
[PE2-vpn-instance] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] ip binding vpn-instance customerA
[PE2-Vlan-interface12] quit
[PE2] multicast routing vpn-instance customerA
[PE2-mrib-customerA] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] pim sm
[PE2-Vlan-interface12] quit
# 在ASBR-PE 1上配置VPN实例Customer A,将接口Vlan-interface3与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[ASBR-PE1] ip vpn-instance customerA
[ASBR-PE1-vpn-instance-customerA] route-distinguisher 100:1
[ASBR-PE1-vpn-instance-customerA] vpn-target 100:1
[ASBR-PE1-vpn-instance-customerA] quit
[ASBR-PE1] interface vlan-interface 3
[ASBR-PE1-Vlan-interface3] ip binding vpn-instance customerA
[ASBR-PE1-Vlan-interface3] quit
[ASBR-PE1] multicast routing vpn-instance customerA
[ASBR-PE1-mrib-customerA] quit
[ASBR-PE1] interface vlan-interface 3
[ASBR-PE1-Vlan-interface3] pim sm
[ASBR-PE1-Vlan-interface3] quit
# 在ASBR-PE 2上配置VPN实例Customer A,将接口Vlan-interface3与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[ASBR-PE2] ip vpn-instance customerA
[ASBR-PE2-vpn-vpn-customerA] route-distinguisher 200:1
[ASBR-PE2-vpn-vpn-customerA] vpn-target 200:1
[ASBR-PE2-vpn-vpn-customerA] quit
[ASBR-PE2] interface vlan-interface 3
[ASBR-PE2-Vlan-interface3] ip binding vpn-instance customerA
[ASBR-PE2-Vlan-interface3] quit
[ASBR-PE2] multicast routing vpn-instance customerA
[ASBR-PE2-mrib-customerA] quit
[ASBR-PE2] interface vlan-interface 3
[ASBR-PE2-Vlan-interface3] pim sm
[ASBR-PE2-Vlan-interface3] quit
(3) 在每个AS内各建立一个独立的MD,并指定Default-Group、MD源接口和Data-Group范围
# 在PE 1上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE1] multicast-domain vpn-instance customerA
[PE1-md-customerA] default-group 239.1.1.1
[PE1-md-customerA] source loopback 1
[PE1-md-customerA] data-group 225.2.2.0 28
[PE1-md-customerA] quit
# 在ASBR-PE 1上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[ASBR-PE1] multicast-domain vpn-instance customerA
[ASBR-PE1-md-customerA] default-group 239.1.1.1
[ASBR-PE1-md-customerA] source loopback 1
[ASBR-PE1-md-customerA] data-group 225.2.2.0 28
[ASBR-PE1-md-customerA] quit
# 在PE 2上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE2] multicast-domain vpn-instance customerA
[PE2-md-customerA] default-group 239.1.1.1
[PE2-md-customerA] source loopback 1
[PE2-md-customerA] data-group 225.2.2.0 28
[PE2-md-customerA] quit
# 在ASBR-PE 2上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[ASBR-PE2] multicast-domain vpn-instance customerA
[ASBR-PE2-md-customerA] default-group 239.1.1.1
[ASBR-PE2-md-customerA] source loopback 1
[ASBR-PE2-md-customerA] data-group 225.2.2.0 28
[ASBR-PE2-md-customerA] quit
# 按照如上配置后,通过在PE及ASBR-PE设备上执行display pim routing-table命令,可以检查各AS的公网Default-MDT建立情况,以ASBR-PE 1设备为例:
[ASBR-PE1]display pim routing-table
Total 1 (*, G) entry; 1 (S, G) entry
(*, 239.1.1.1)
RP: 11.11.11.11 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 02:54:43
Upstream interface: Register
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlan-interface2
Protocol: pim-sm, UpTime: 02:54:43, Expires: -
(1.1.1.1, 239.1.1.1)
RP: 11.11.11.11 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 01:57:13
Upstream interface: Vlan-interface2
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information: None
由此可见,公网ASBR-PE 1设备上已建立RPT(*,239.1.1.1)和SPT(1.1.1.1, 239.1.1.1),这两棵树共同组成了AS 100公网上的Default-MDT。
· PE 1:
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 2
#
vlan 11
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlan-interface11
ip binding vpn-instance customerA
ip address 10.11.1.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· PE 2:
#
ip vpn-instance customerA
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
#
vlan 4
#
vlan 12
#
interface LoopBack1
ip address 1.1.1.4 255.255.255.255
pim sm
#
interface Vlan-interface4
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Vlan-interface12
ip binding vpn-instance customerA
ip address 10.11.2.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· ASBR-PE 1:
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 2 to 3
#
interface LoopBack1
ip address 1.1.1.2 255.255.255.255
pim sm
#
interface LoopBack2
ip address 11.11.11.11 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Vlan-interface3
ip binding vpn-instance customerA
ip address 192.168.2.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
pim
c-bsr 11.11.11.11
c-rp 11.11.11.11
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· ASBR-PE 2:
#
ip vpn-instance customerA
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
#
vlan 3 to 4
#
interface LoopBack1
ip address 1.1.1.3 255.255.255.255
pim sm
#
interface LoopBack2
ip address 22.22.22.22 255.255.255.255
pim sm
#
interface Vlan-interface3
ip binding vpn-instance customerA
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Vlan-interface4
ip address 192.168.3.2 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
pim
c-bsr 22.22.22.22
c-rp 22.22.22.22
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· CE a1:
#
vlan 10 to 11
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 10.11.3.1 255.255.255.0
pim sm
#
interface Vlan-interface11
ip address 10.11.1.2 255.255.255.0
pim sm
#
multicast routing
#
pim
c-bsr 2.2.2.2
c-rp 2.2.2.2
#
· CE a2:
#
vlan 12
#
vlan 20
#
interface Vlan-interface12
ip address 10.11.2.2 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 10.11.4.1 255.255.255.0
igmp enable
#
multicast routing
#
如图3所示,Customer A有位于两地的分支机构,这两个分支机构跨越了两个运营商网络,并已通过跨域VPN-OptionC方案实现了两地间单播路由信息的正常交互。目前Customer A中的组播源与接收者分别位于不同的分支机构中,且各分支机构内运行的PIM协议模式为PIM-SM。现要求通过MD VPN技术,实现组播接收者能够正常接收到组播源发来的组播数据。
图3 配置C类跨AS的MD VPN组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
S 1 |
- |
10.11.3.2/24 |
R 1 |
- |
10.11.4.2/24 |
PE 1 |
Vlan-int2 |
192.168.1.2/24 |
ASBR-PE2 |
Vlan-int4 |
192.168.3.2/24 |
|
Vlan-int11 |
10.11.1.1/24 |
|
Vlan-int3 |
192.168.2.2/24 |
|
Loop1 |
1.1.1.1/32 |
|
Loop1 |
1.1.1.3/32 |
ASBR-PE1 |
Vlan-int2 |
192.168.1.1/24 |
|
Loop2 |
22.22.22.22/32 |
|
Vlan-int3 |
192.168.2.1/24 |
PE 2 |
Vlan-int4 |
192.168.3.1/24 |
|
Loop1 |
1.1.1.2/32 |
|
Vlan-int12 |
10.11.2.1/24 |
|
Loop2 |
11.11.11.11/32 |
|
Loop1 |
1.1.1.4/32 |
CE a1 |
Vlan-int10 |
10.11.3.1/24 |
CE a2 |
Vlan-int20 |
10.11.4.1/24 |
|
Vlan-int11 |
10.11.1.2/24 |
|
Vlan-int12 |
10.11.2.2/24 |
|
Loop0 |
2.2.2.2/32 |
|
|
|
· 为了实现上述组网需求,需要在所有AS内统一建立一个MD。
· 为了使公网PIM-SM域之间组播源信息的共享,需要在各公网PIM-SM域的RP之间建立MSDP对等体。
本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。
· 缺省情况下,以太网接口、VLAN虚接口及聚合接口处于down状态。如果要对这些接口进行配置,请先使用undo shutdown命令使接口状态处于up状态。
· 系统工作在标准模式下,配置组播VPN时必须配置保留VLAN,否则系统会出现异常。保留VLAN配置完成后,请不要修改,否则需要重新配置,关于保留VLAN的详细介绍请参见“MPLS配置指导”中的“MPLS L3VPN”。关于系统工作模式的详细介绍请参见“基础配置指导”中的“设备管理”。
# 按照5.1 图3配置各设备上的接口IP地址和子网掩码。
<CEa1> system-view
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] ip address 10.11.3.1 24
[CEa1-Vlan-interface10] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] ip address 2.2.2.2 32
[CEa1-LoopBack0] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] ip address 10.11.1.2 24
[CEa1-Vlan-interface11] quit
PE 1、ASBR-PE 1、ASBR-PE 2、PE 2和CE a2的配置与CE a1相似,配置过程略。
配置路由协议及OptionC方式的跨域MPLS L3VPN,实现两地间单播路由信息互通。具体配置请参见“MPLS配置指导”中的“MPLS L3VPN”。
(1) 在各AS的公网实例中使能IP组播路由、公网接口上配置PIM-SM功能(包括LoopBack接口),并将各AS配置为独立的PIM-SM域
# 在PE 1上使能IP组播路由,在公网接口上配置PIM-SM。
[PE1] multicast routing
[PE1-mrib] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] pim sm
[PE1-Vlan-interface2] quit
[PE1] interface loopback 1
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
# 在ASBR-PE 1上使能IP组播路由,在公网接口上配置PIM-SM,并将LoopBack 2接口指定为AS 100公网的C-BSR和C-RP,其中C-RP服务于该公网实例中所有组播组。。
[ASBR-PE1] multicast routing
[ASBR-PE1-mrib] quit
[ASBR-PE1] interface vlan-interface 2
[ASBR-PE1-Vlan-interface2] pim sm
[ASBR-PE1-Vlan-interface2] quit
[ASBR-PE1] interface vlan-interface 3
[ASBR-PE1-Vlan-interface3] pim sm
[ASBR-PE1-Vlan-interface3] quit
[ASBR-PE1] interface loopback 1
[ASBR-PE1-LoopBack1] pim sm
[ASBR-PE1-LoopBack1] quit
[ASBR-PE1] interface loopback 2
[ASBR-PE1-LoopBack2] pim sm
[ASBR-PE1-LoopBack2] quit
[ASBR-PE1] pim
[ASBR-PE1-pim] c-bsr 11.11.11.11
[ASBR-PE1-pim] c-rp 11.11.11.11
[ASBR-PE1-pim] quit
# 在ASBR-PE 1上配置BSR的服务边界,将AS 100配置为独立的PIM-SM域。
[ASBR-PE1] interface vlan-interface 3
[ASBR-PE1-Vlan-interface3] pim bsr-boundary
[ASBR-PE1-Vlan-interface3] quit
# 在PE 2上使能IP组播路由,在公网接口上配置PIM-SM。
[PE2] multicast routing
[PE2-mrib] quit
[PE2] interface vlan-interface 4
[PE2-Vlan-interface4] pim sm
[PE2-Vlan-interface4] quit
[PE2] interface loopback 1
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
# 在ASBR-PE 2上使能IP组播路由,在公网接口上配置PIM-SM,并将LoopBack 2接口指定为AS 200公网的C-BSR和C-RP,其中C-RP服务于该公网实例中所有组播组。。
[ASBR-PE2] multicast routing
[ASBR-PE2-mrib] quit
[ASBR-PE2] interface vlan-interface 3
[ASBR-PE2-Vlan-interface3] pim sm
[ASBR-PE2-Vlan-interface3] quit
[ASBR-PE2] interface vlan-interface 4
[ASBR-PE2-Vlan-interface4] pim sm
[ASBR-PE2-Vlan-interface4] quit
[ASBR-PE2] interface loopback 1
[ASBR-PE2-LoopBack1] pim sm
[ASBR-PE2-LoopBack1] quit
[ASBR-PE2] interface loopback 2
[ASBR-PE2-LoopBack2] pim sm
[ASBR-PE2-LoopBack2] quit
[ASBR-PE2] pim
[ASBR-PE2-pim] c-bsr 22.22.22.22
[ASBR-PE2-pim] c-rp 22.22.22.22
[ASBR-PE2-pim] quit
# 在ASBR-PE 2上配置BSR的服务边界,将AS 200配置为独立的PIM-SM域。
[ASBR-PE2] interface vlan-interface 3
[ASBR-PE2-Vlan-interface3] pim bsr-boundary
[ASBR-PE2-Vlan-interface3] quit
(2) 在各公网PIM-SM域的RP之间建立MSDP对等体,从而实现各AS公网PIM-SM域之间组播源信息的共享
# 在ASBR-PE 1上配置MSDP对等体。
[ASBR-PE1] msdp
[ASBR-PE1-msdp] encap-data-enable
[ASBR-PE1-msdp] peer 192.168.2.2 connect-interface vlan-interface 3
# 在ASBR-PE 2上配置MSDP对等体。
[ASBR-PE2] msdp
[ASBR-PE2-msdp] encap-data-enable
[ASBR-PE2-msdp] peer 192.168.2.1 connect-interface vlan-interface 3
(3) 在VPN私网实例中使能IP组播路由、私网接口上配置PIM-SM功能,并在连接有接收者的CE上配置IGMP
对于同一个VPN,不同AS的PE上为该VPN实例配置的VPN Target需要匹配。
# 在CE a1上使能IP组播路由,在各接口上配置PIM-SM,并将LoopBack 0接口指定为私网的C-BSR和C-RP,其中C-RP服务于Customer A实例中所有组播组。
[CEa1] multicast routing
[CEa1-mrib] quit
[CEa1] interface vlan-interface 10
[CEa1-Vlan-interface10] pim sm
[CEa1-Vlan-interface10] quit
[CEa1] interface vlan-interface 11
[CEa1-Vlan-interface11] pim sm
[CEa1-Vlan-interface11] quit
[CEa1] interface loopback 0
[CEa1-LoopBack0] pim sm
[CEa1-LoopBack0] quit
[CEa1] pim
[CEa1-pim] c-bsr 2.2.2.2
[CEa1-pim] c-rp 2.2.2.2
[CEa1-pim] quit
# 在配置CE a2上使能IP组播路由,在连接有接收者的接口上使能IGMP,其余各接口上配置PIM-SM。
[CEa2] multicast routing
[CEa2-mrib] quit
[CEa2] interface vlan-interface 12
[CEa2-Vlan-interface12] pim sm
[CEa2-Vlan-interface12] quit
[CEa2] interface vlan-interface 20
[CEa2-Vlan-interface20] igmp enable
[CEa2-Vlan-interface20] quit
# 在配置PE 1上配置VPN实例Customer A,将接口Vlan-interface11与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM。
[PE1] ip vpn-instance customerA
[PE1-vpn-instance-customerA] route-distinguisher 100:1
[PE1-vpn-instance-customerA] vpn-target 100:1
[PE1-vpn-instance-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] ip binding vpn-instance customerA
[PE1-Vlan-interface11] quit
PE1] multicast routing vpn-instance customerA
[PE1-mrib-customerA] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] pim sm
[PE1-Vlan-interface11] quit
# 在PE 2上配置VPN实例Customer A,将接口Vlan-interface12与该实例其进行关联,并使能该实例中的IP组播路由及在关联接口上配置PIM-SM
[PE2] ip vpn-instance customerA
[PE2-vpn-instance-customerA] route-distinguisher 200:1
[PE2-vpn-instance-customerA] vpn-target 100:1
[PE2-vpn-instance] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] ip binding vpn-instance customerA
[PE2-Vlan-interface12] quit
[PE2] multicast routing vpn-instance customerA
[PE2-mrib-customerA] quit
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] pim sm
[PE2-Vlan-interface12] quit
(4) 在所有AS内统一建立一个MD,并指定Default-Group、MD源接口和Data-Group范围
# 在PE 1上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE1] multicast-domain vpn-instance customerA
[PE1-md-customerA] default-group 239.1.1.1
[PE1-md-customerA] source loopback 1
[PE1-md-customerA] data-group 225.2.2.0 28
[PE1-md-customerA] quit
# 在PE 2上创建VPN实例的MD,并指定Default-Group、MD源接口和Data-Group范围。
[PE2] multicast-domain vpn-instance customerA
[PE2-md-customerA] default-group 239.1.1.1
[PE2-md-customerA] source loopback 1
[PE2-md-customerA] data-group 225.2.2.0 28
[PE2-md-customerA] quit
# 按照如上配置后,通过在PE及ASBR-PE设备上执行display pim routing-table命令,可以检查公网Default-MDT建立情况,以ASBR-PE 1设备为例:
[ASBR-PE1]display pim routing-table
Total 1 (*, G) entry; 2 (S, G) entry
(*, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 02:54:43
Upstream interface: Register
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlan-interface2
Protocol: pim-sm, UpTime: 02:54:43, Expires: -
(1.1.1.1, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 01:57:13
Upstream interface: Vlan-interface2
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information: None
(1.1.1.4, 239.1.1.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 01:57:13
Upstream interface: Vlan-interface3
Upstream neighbor: 192.168.2.2
RPF prime neighbor: 192.168.2.2
Downstream interface(s) information: None
由此可见,公网ASBR-PE 1设备上已建立RPT(*,239.1.1.1)和两棵相互独立的SPT树,这三棵树共同组成了该公网MD上的Default-MDT。
· PE 1:
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 2
#
vlan 11
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlan-interface11
ip binding vpn-instance customerA
ip address 10.11.1.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· PE 2:
#
ip vpn-instance customerA
route-distinguisher 200:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 4
#
vlan 12
#
interface LoopBack1
ip address 1.1.1.4 255.255.255.255
pim sm
#
interface Vlan-interface4
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Vlan-interface12
ip binding vpn-instance customerA
ip address 10.11.2.1 255.255.255.0
pim sm
#
multicast routing
#
multicast routing vpn-instance customerA
#
multicast-domain vpn-instance customerA
source LoopBack1
default-group 239.1.1.1
data-group 225.1.1.0 255.255.255.240
#
· ASBR-PE 1:
#
vlan 2 to 3
#
interface LoopBack1
ip address 1.1.1.2 255.255.255.255
pim sm
#
interface LoopBack2
ip address 11.11.11.11 255.255.255.255
pim sm
#
interface Vlan-interface2
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Vlan-interface3
ip address 192.168.2.1 255.255.255.0
pim sm
pim bsr-boundary
#
multicast routing
#
pim
c-bsr 11.11.11.11
c-rp 11.11.11.11
#
msdp
encap-data-enable
peer 192.168.2.2 connect-interface Vlan-interface3
#
· ASBR-PE 2:
#
vlan 3 to 4
#
interface LoopBack1
ip address 1.1.1.3 255.255.255.255
pim sm
#
interface LoopBack2
ip address 22.22.22.22 255.255.255.255
pim sm
#
interface Vlan-interface3
ip address 192.168.2.2 255.255.255.0
pim sm
pim bsr-boundary
#
interface Vlan-interface4
ip address 192.168.3.2 255.255.255.0
pim sm
#
multicast routing
#
pim
c-bsr 22.22.22.22
c-rp 22.22.22.22
#
msdp
encap-data-enable
peer 192.168.2.1 connect-interface Vlan-interface3
#
· CE a1:
#
vlan 10 to 11
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 10.11.3.1 255.255.255.0
pim sm
#
interface Vlan-interface11
ip address 10.11.1.2 255.255.255.0
pim sm
#
multicast routing
#
pim
c-bsr 2.2.2.2
c-rp 2.2.2.2
#
· CE a2:
#
vlan 12
#
vlan 20
#
interface Vlan-interface12
ip address 10.11.2.2 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 10.11.4.1 255.255.255.0
igmp enable
#
multicast routing
#
· H3C S12500系列路由交换机 IP组播配置指导-Release 7328
· H3C S12500系列路由交换机 IP组播命令参考-Release 7328
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!