在Cat9500和ISR4K之间配置VPLS
简介
VPLS是第2层扩展技术,大多数客户在ISP和第三方供应商的借用/租用服务中都使用它。VPLS的使用范围已超出本配置指南的范围。这是一份基本配置指南,旨在帮助客户在现有ISR4K平台和新的Cat9500交换机之间配置L2VPN。
先决条件
您应了解基本的L2VPN概念和配置用于配置L2 VFI情景的伪线模板
要求
ISR4K路由器(任何ISR4400/ISR4300)、Cat9500交换机和两台用作CE设备的设备
使用的组件
ISR4451-X
C9500-40X-A
CISCO1921
CISCO2911
配置
配置告知VPLS上下文的使用情况和支持的VC类型/详细信息
网络图
配置
在CE1和CE2上:
CE1#sh run Building configuration... Current configuration : 105 bytes ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.100 encapsulation dot1Q 100 ip address 101.101.101.2 255.255.255.0 ! |
CE2#sh run Building configuration... Current configuration : 1718 bytes ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! interface GigabitEthernet0/1.100 encapsulation dot1Q 100 ip address 101.101.101.1 255.255.255.0 ! |
在PE1和PE2上:
PE1#sh run Building configuration... Current configuration : 5049 bytes ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 bridge-domain 100 mtu 9180 neighbor 3.3.3.3 pw-class VPLS100 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface GigabitEthernet0/0/0 mtu 9180 no ip address negotiation auto service instance 100 ethernet encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric bridge-domain 100 ! ! interface GigabitEthernet0/0/2 ip address 30.30.30.1 255.255.255.0 negotiation auto mpls ip ! ip route 3.3.3.3 255.255.255.255 30.30.30.2 ! mpls ldp router-id Loopback0 force ! |
PE2#sh run Building configuration... Current configuration : 10722 bytes ! ip routing ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 neighbor 2.2.2.2 pw-class VPLS100 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface TenGigabitEthernet2/0/1 no switchport ip address 30.30.30.2 255.255.255.0 mpls ip ! interface TenGigabitEthernet2/0/2 switchport trunk allowed vlan 100 switchport mode trunk ! interface Vlan100 no ip address xconnect vfi 100 ! ip route 2.2.2.2 255.255.255.255 30.30.30.1 ! mpls ldp router-id Loopback0 force ! |
注意:在运行于EFP(以太网流点)服务实例的ISR4K和ASR1000设备上,确保我们在要扩展子网/广播域的各个SI(服务实例)下配置“rewrite ingress tag pop 1 symmetric”命令,以便ISR4K/ASR1k能够接收标记的(802.1Q Vlan Tag)从CE端发送的数据包。
验证
迄今为止,Cat9500平台在VPLS下支持与“以太网”互联。因此,首先检查VC类型是以太网(默认):
PE1#show mpls l2transport binding
Destination Address: 3.3.3.3,VC ID: 100
Local Label: 19
Cbit: 0, VC Type: Ethernet, GroupID: n/a
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
Remote Label: 17
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
PE2#show mpls l2transport binding
Destination Address: 2.2.2.2,VC ID: 100
Local Label: 17
Cbit: 0, VC Type: Ethernet, GroupID: n/a
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
Remote Label: 19
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
现在,其余命令将类似于验证L2VPN VC的方式。但是,了解Cat9500具有系统mtu非常重要,因此您无法修改面向LAN端的单个接口MTU值。因此,您需要在ISR4K平台的l2 vfi环境下明确配置“mtu <>”,以便根据Cat9500交换机上配置的系统mtu协商MTU值:
PE2:
PE2#show system mtu Global Ethernet MTU is 9180 bytes.
PE1:
PE1#show mpls l2transport vc detail
Local interface: VFI 100 vfi up
Interworking type is Ethernet
Destination address: 3.3.3.3, VC ID: 100, VC status: up
Output interface: Gi0/0/2, imposed label stack {17}
Preferred path: not configured
Default path: active
Next hop: 30.30.30.2
Create time: 00:02:10, last status change time: 00:02:10
Last label FSM state change time: 00:02:10
Signaling protocol: LDP, peer 3.3.3.3:0 up
Targeted Hello: 2.2.2.2(LDP Id) -> 3.3.3.3, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 19, remote 17
Group ID: local n/a, remote 0
MTU: local 9180, remote 9180
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 3.3.3.3/100, local label: 19
Dataplane:
SSM segment/switch IDs: 8387/4289 (used), PWID: 4
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
PE2:
PE2#show mpls l2transport vc detail
Local interface: VFI 100 vfi up
Interworking type is Ethernet
Destination address: 2.2.2.2, VC ID: 100, VC status: up
Output interface: Te2/0/1, imposed label stack {19}
Preferred path: not configured
Default path: active
Next hop: 30.30.30.1
Create time: 01:02:03, last status change time: 00:03:09
Last label FSM state change time: 00:03:09
Signaling protocol: LDP, peer 2.2.2.2:0 up
Targeted Hello: 3.3.3.3(LDP Id) -> 2.2.2.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 17, remote 19
Group ID: local n/a, remote 0
MTU: local 9180, remote 9180
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 2.2.2.2/100, local label: 17
Dataplane:
SSM segment/switch IDs: 12297/8194 (used), PWID: 1
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
现在,当我们尝试从CE1向CE2发起ping时:
CE1#ping 101.101.101.1 source 101.101.101.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 101.101.101.1, timeout is 2 seconds: Packet sent with a source address of 101.101.101.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
然后,当我们检查VC统计信息以确保数据包通过VPLS传输时:
PE1:
PE1#show mpls l2transport vc detail | sec statistics
VC statistics:
transit packet totals: receive 5, send 5
transit byte totals: receive 660, send 660
transit packet drops: receive 0, seq error 0, send 0
PE2:
PE2#show mpls l2transport vc detail | sec statistics
VC statistics:
transit packet totals: receive 5, send 5
transit byte totals: receive 680, send 680
transit packet drops: receive 0, seq error 0, send 0
故障排除
本文档旨在强调在ISR/ASR路由器和用作PE节点的Cat9500交换机之间配置VPLS VC时的兼容性问题,因此目前没有故障排除步骤。
反馈