IOS XR L2VPN服务和功能
目录
目录
简介
1.点对点和多点服务
1.1点对点服务
1.2多点服务
2.连接电路
2.1 ASR 9000以太网虚拟电路
2.1.1传入接口匹配
2.1.2 VLAN操作
2.2思科IOS XR非EVC路由器行为(CRS和XR12000)
3.点对点服务
3.1本地交换
3.1.1主接口
3.1.2子接口和VLAN操作
3.1.2.1主接口和Dot1q子接口
3.1.2.2带封装的子接口
3.1.2.3 GigabitEthernet0/1/0/1.1上的入口方向
3.2虚拟专用有线服务
3.2.1概述
3.2.2 PW和AC耦合状态
3.2.3类型4和类型5 PW
3.2.4多段PW
3.2.5冗余
3.2.5.1核心冗余
3.2.5.2 PW捆绑包
3.2.5.3 PW冗余
3.2.5.4 ASR 9000 nV边缘集群
3.3 CDP
3.3.1 L2VPN PE的主接口上未启用CDP
3.3.2在L2VPN PE的主接口上启用CDP
3.4生成树
4.多点服务
4.1本地交换
4.2全MST
4.3 BVI
4.4 VPLS
4.4.1概述
4.4.2 PW类型和传输标记
4.4.3自动发现和信令
4.4.3.1 BGP自动发现和BGP信令
4.4.3.2 BGP自动发现和LDP信令
4.4.4 MAC刷新和撤消
4.4.5 H-VPLS
4.4.6水平分割组(SHG)
4.4.7冗余
4.4.7.1生成树
4.4.7.2 MSTAG
4.4.7.3 PVSTAG或PVRSTAG
4.4.7.4 MC-LAG
4.4.7.5 ASR 9000 nV边缘集群
4.4.7.6基于ICCP的服务多宿主(ICCP-SM)(PMCLAG(伪MCLAG)和主用/主用)
4.5流量风暴控制
4.6 MAC移动
4.7 IGMP和MLD监听
5.其他L2VPN主题
5.1负载均衡
5.2日志记录
5.3 ethernet-services access-list
5.4以太网出口过滤器
简介
1.点对点和多点服务
1.1点对点服务
1.2多点服务
2.连接电路
2.1 ASR 9000以太网虚拟电路
2.1.1传入接口匹配
2.1.2 VLAN操作
2.2思科IOS XR非EVC路由器行为(CRS和XR12000)
3.点对点服务
3.1本地交换
3.1.1主接口
3.1.2子接口和VLAN操作
3.1.2.1主接口和Dot1q子接口
3.1.2.2带封装的子接口
3.1.2.3 GigabitEthernet0/1/0/1.1上的入口方向
3.2虚拟专用有线服务
3.2.1概述
3.2.2 PW和AC耦合状态
3.2.3类型4和类型5 PW
3.2.4多段PW
3.2.5冗余
3.2.5.1核心冗余
3.2.5.2 PW捆绑包
3.2.5.3 PW冗余
3.2.5.4 ASR 9000 nV边缘集群
3.3 CDP
3.3.1 L2VPN PE的主接口上未启用CDP
3.3.2在L2VPN PE的主接口上启用CDP
3.4生成树
4.多点服务
4.1本地交换
4.2全MST
4.3 BVI
4.4 VPLS
4.4.1概述
4.4.2 PW类型和传输标记
4.4.3自动发现和信令
4.4.3.1 BGP自动发现和BGP信令
4.4.3.2 BGP自动发现和LDP信令
4.4.4 MAC刷新和撤消
4.4.5 H-VPLS
4.4.6水平分割组(SHG)
4.4.7冗余
4.4.7.1生成树
4.4.7.2 MSTAG
4.4.7.3 PVSTAG或PVRSTAG
4.4.7.4 MC-LAG
4.4.7.5 ASR 9000 nV边缘集群
4.4.7.6基于ICCP的服务多宿主(ICCP-SM)(PMCLAG(伪MCLAG)和主用/主用)
4.5流量风暴控制
4.6 MAC移动
4.7 IGMP和MLD监听
5.其他L2VPN主题
5.1负载均衡
5.2日志记录
5.3 ethernet-services access-list
5.4以太网出口过滤器
简介
本文档介绍基本的第2层(L2)VPN(L2VPN)拓扑。演示设计、服务、功能和配置时,演示基本示例非常有用。有关详细信息,请参阅Cisco ASR 9000系列路由器IOS XR版本7.4.x的L2VPN和以太网服务配置指南。
1.点对点和多点服务
L2VPN功能可提供点对点和多点服务。
1.1点对点服务
点对点服务基本上模拟两个终端节点之间的传输电路,因此终端节点看起来是通过点对点链路直接连接的。这可用于连接两个站点。
实际上,两个终端节点之间可以有多个路由器,并且可以通过多种设计提供点对点服务。
一台路由器可以在其两个接口之间执行本地交换:
两个路由器之间还可以存在多协议标签交换(MPLS)伪线(PW):
路由器可以在两个PW之间交换帧;在本例中,这是一个多段PW:
通过PW冗余功能提供冗余:
其他设计可用,但无法全部在此处列出。
1.2多点服务
多点服务模拟广播域,以便该网桥域中的所有主机看起来都逻辑连接到同一个以太网网段:
所有主机均可连接到同一台路由器/交换机:
多台交换机可以执行传统的以太网交换;必须使用生成树来打破环路:
虚拟专用局域网服务(VPLS)允许您使用MPLS PW在多个站点之间扩展广播域:
可以使用分层VPLS来提高可扩展性:
2.连接电路
2.1 ASR 9000以太网虚拟电路
2.1.1传入接口匹配
连接电路(AC)的基本规则包括:
- 必须在配置了l2transport关键字的接口上接收数据包,以便由L2VPN功能进行处理。
- 此接口可以是主接口(在接口配置模式下配置了l2transport命令),也可以是子接口(在子接口编号后配置了l2transport关键字)。
- 最长匹配查找确定数据包的传入接口。 最长匹配查找按以下顺序检查这些条件以将传入数据包匹配到子接口:
- 传入帧有两个dot1q标记,并且匹配配置了相同两个dot1q标记(802.1Q隧道或QinQ)的子接口。这是最长匹配。
- 传入帧有两个dot1q标记,并且匹配配置了相同dot1q第一个标记的子接口,并且 any 用于第二个标记。
- 传入帧有一个dot1q标记,并匹配配置了相同dot1q标记的子接口,并且 精确 关键字.
- 传入帧有一个或多个dot1q标记,并匹配配置了dot1q标记之一的子接口。
- 传入帧没有dot1q标记,并且匹配使用 encapsulation untag 命令。
- 传入帧无法与任何其他子接口匹配,因此它匹配使用 默认封装 命令。
- 传入帧无法与任何其他子接口匹配,因此它匹配为配置的主接口 l2transport.
- 在不使用以太网虚拟连接(EVC)模式的传统路由器上,在通过L2VPN功能传输子接口下配置的VLAN标记之前,会先从帧中删除(弹出)。
- 在使用EVC基础设施的Cisco ASR 9000系列聚合服务路由器上,默认操作是保留现有标记。使用rewrite命令修改默认值。
- 如果网桥域中存在网桥虚拟接口(BVI),则应弹出所有传入标记,因为BVI是没有任何标记的路由接口。有关详细信息,请参阅BVI部分。
下面是一些说明这些规则的示例:
- 基本示例是,无论物理端口上是否有VLAN标记,都必须传输该端口上接收的所有流量。如果在主接口下配置l2transport,则该物理端口上接收的所有流量将通过L2VPN功能传输:
interface GigabitEthernet0/0/0/2
l2transport - 可以将捆绑接口和子接口配置为l2transport:
interface Bundle-Ether1
l2transport - 在l2transport子接口下使用encapsulation default来匹配未由匹配时间最长的另一个子接口匹配的任何已标记或未标记的流量。(请参见示例4)。l2transport关键字在子接口名称中配置,而不是在主接口上的子接口下配置:
interface GigabitEthernet0/1/0/3.1 l2transport
如果要仅匹配无标记帧,请配置encapsulation untagged。
encapsulation default - 当有多个子接口时,对传入帧运行最长匹配测试以确定传入接口:
interface GigabitEthernet0/1/0/3.1 l2transport
在此配置中,请注意:
encapsulation default
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 2 second-dot1q 3 - 具有外部VLAN标记2和内部VLAN标记3的QinQ帧可以匹配。1、.2或。3子接口,但由于匹配规则最长,因此该帧会被分配给。3子接口。.3上的两个标记比。2上的一个标记长,比。1上的任何标记长。
- 带有外部VLAN标记2和内部VLAN标记4的QinQ帧被分配给。2子接口,因为encapsulation dot1q 2可以仅与VLAN标记2匹配dot1q帧,也可以与带有外部标记2的QinQ帧匹配。如果您不想匹配QinQ帧,请参阅示例5(exact关键字)。
- 带外部VLAN标记3的QinQ帧与。1子接口匹配。
- 带有VLAN标记2的dot1q帧与。2子接口匹配。
- 带有VLAN标记3的dot1q帧与。1子接口匹配。
- 要匹配dot1q帧而不是QinQ帧,请使用exact关键字:
interface GigabitEthernet0/1/0/3.2 l2transport
此配置与具有外部VLAN标记2的QinQ帧不匹配,因为它仅与具有一个VLAN标记的帧匹配。
encapsulation dot1q 2 exact - 使用untagged关键字仅匹配未标记的帧,例如思科发现协议(CDP)数据包或多生成树(MST)网桥协议数据单元(BPDU):
interface GigabitEthernet0/1/0/3.1 l2transport
在此配置中,请注意:
encapsulation default
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3 - 带有VLAN标记3的Dot1q帧或带有外部标记3的QinQ帧与。3子接口匹配。
- 所有其他dot1q或QinQ帧都匹配。1子接口。
- 没有VLAN标记的帧与。2子接口匹配。
- any关键字可用作通配符:
interface GigabitEthernet0/1/0/3.4 l2transport
两个子接口。4和。5都可以匹配标记4和5的QinQ帧,但是这些帧会被分配给。5子接口,因为它更加具体。这是最长匹配规则。
encapsulation dot1q 4 second-dot1q any
!
interface GigabitEthernet0/1/0/3.5 l2transport
encapsulation dot1q 4 second-dot1q 5 - 可以使用VLAN标记范围:
interface GigabitEthernet0/1/0/3.6 l2transport
encapsulation dot1q 6-10 - 可为第一个或第二个dot1q标记列出多个VLAN标记值或范围:
interface GigabitEthernet0/1/0/3.7 l2transport
最多可以列出九个值。如果需要更多值,则必须将它们分配给另一个子接口。对范围内的值进行分组以缩短列表。
encapsulation dot1q 6 , 7 , 8-10
!
interface GigabitEthernet0/1/0/3.11 l2transport
encapsulation dot1q 11 second-dot1q 1 , 2 , 3 , 4-6 , 10 - encapsulation dot1q second-dot1q命令对外部和内部标记使用Ethertype 0x8100,因为这是封装QinQ帧的Cisco方法。但是,根据IEEE,Ethertype 0x8100应保留用于具有一个VLAN标记的802.1q帧,而Ethertype 0x88a8的外部标记应用于QinQ帧。可以使用dot1ad关键字配置具有Ethertype 0x88a8的外部标记:
interface GigabitEthernet0/1/0/3.12 l2transport
encapsulation dot1ad 12 dot1q 100 - 要将旧的Ethertype 0x9100或0x9200用于QinQ外部标记,请在QinQ子接口的主接口下使用dot1q tunneling ethertype命令:
interface GigabitEthernet0/1/0/3
外部标签的Ethertype为0x9100或0x9200,而内部标签的dot1q Ethertype为0x8100。
dot1q tunneling ethertype [0x9100|0x9200]
!
interface GigabitEthernet0/1/0/3.13 l2transport
encapsulation dot1q 13 second-dot1q 100 - 可以根据源MAC地址将传入帧分配给子接口:
interface GigabitEthernet0/1/0/3.14 l2transport
encapsulation dot1q 14 ingress source-mac 1.1.1
2.1.2 VLAN操作
基于EVC的平台的默认行为是在传入帧上保留VLAN标记。
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
在此配置中,转发带有VLAN标记3的传入dot1q帧时,会保留其VLAN标记3。转发带有外部VLAN标记3和内部标记100的传入QinQ帧时,两个标记保持不变。
但是,EVC基础设施允许您使用rewrite命令操作标签,因此您可以弹出(删除)、转换或推送(添加)标签到传入VLAN标签堆栈。
以下是几个示例:
- pop关键字可让您从传入的dot1q帧中删除QinQ标记。此示例删除传入QinQ帧的外部标记13,并转发顶部带有dot1q标记100的帧:
interface GigabitEthernet0/1/0/3.13 l2transport
encapsulation dot1q 13 second-dot1q 100
rewrite ingress tag pop 1 symmetric该行为始终是对称的,这意味着外部标签13在入口方向上弹出,并在出口方向上推动。
- translate关键字允许您用一个或两个新标记替换一个或两个传入标记:
RP/0/RSP0/CPU0:router2(config-subif)#interface GigabitEthernet0/1/0/3.3
l2transport
RP/0/RSP0/CPU0:router2(config-subif)# encapsulation dot1q 3
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate ?
1-to-1 Replace the outermost tag with another tag
1-to-2 Replace the outermost tag with two tags
2-to-1 Replace the outermost two tags with one tag
2-to-2 Replace the outermost two tags with two other tags
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1 ?
dot1ad Push a Dot1ad tag
dot1q Push a Dot1Q tag
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1
dot1q 4
RP/0/RSP0/CPU0:router2(config-subif)#show config
Building configuration...
!! IOS XR Configuration 4.3.0
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag translate 1-to-1 dot1q 4 symmetric
!
endsymmetric关键字会自动添加,因为它是唯一受支持的模式。
- push关键字可让您向传入的dot1q帧添加QinQ标记:
interface GigabitEthernet0/1/0/3.4 l2transport
encapsulation dot1q 4
rewrite ingress tag push dot1q 100 symmetric将外部QinQ标记100添加到带有dot1q标记4的传入帧。在出口方向,QinQ标记弹出。
2.2思科IOS XR非EVC路由器行为(CRS和XR12000)
非EVC平台上VLAN匹配的语法不使用encapsulation关键字:
RP/0/RP0/CPU0:router1#config
RP/0/RP0/CPU0:router1(config)#int gig 0/0/0/2.3 l2transport
RP/0/RP0/CPU0:router1(config-subif)#dot1q ?
vlan Configure a VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan ?
<1-4094> Configure first (outer) VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 ?
<1-4094> Configure second (inner 802.1Q) VLAN ID on the subinterface
any Match frames with any second 802.1Q VLAN ID
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 100
无法配置VLAN标记处理,因为唯一可能的行为是弹出dot1q或dot1ad命令中指定的所有标记。此操作在默认情况下完成,因此没有rewrite命令。
3.点对点服务
3.1本地交换
3.1.1主接口
基本拓扑是两个主要接口之间的本地交叉连接:
Router2接收Gi 0/1/0/1上接收的所有流量,然后将其转发到Te 0/0/0/3,反之亦然。
虽然router1和router3在此拓扑中似乎有直接背对背电缆,但情况并非如此,因为router2实际上在TenGigE和GigabitEthernet接口之间转换。Router2可以在这两个接口上运行功能;例如,访问控制列表(ACL)可以丢弃特定类型的数据包或策略映射,以便形成或限定低优先级流量。
基本点对点交叉连接配置在router2上配置为l2transport的两个主接口之间:
interface GigabitEthernet0/1/0/1
l2transport
!
!
interface TenGigE0/0/0/3
l2transport
!
!
l2vpn
xconnect group test
p2p p2p1
interface TenGigE0/0/0/3
interface GigabitEthernet0/1/0/1
!
在router1和router3上,主接口配置了CDP和IPv4地址:
RP/0/RP0/CPU0:router1#sh run int Gi 0/0/0/1
interface GigabitEthernet0/0/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!
RP/0/RP0/CPU0:router1#
RP/0/RP0/CPU0:router1#sh cdp nei Gi 0/0/0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
router3.cisco.c Gi0/0/0/1 132 R ASR9K Ser Te0/0/0/3
RP/0/RP0/CPU0:router1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/8/32 ms
Router1将router3视为CDP邻居,并且可以ping通10.1.1.2(router3的接口地址),就像两台路由器直接相连一样。
由于路由器2上没有配置子接口,因此当路由器1和路由器3上配置了dot1q子接口时,带有VLAN标记的传入帧将透明传输:
RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2
ipv4 address 10.1.2.1 255.255.255.0
dot1q vlan 2
!
RP/0/RP0/CPU0:router1#ping 10.1.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
从router1向router3发出10,000次ping后,您可以使用show interface和show l2vpn命令,以确保由一个AC上的router2收到的ping请求在另一个AC上转发,并且以同样的方式反向处理ping应答。
RP/0/RSP0/CPU0:router2#sh int gig 0/1/0/1
GigabitEthernet0/1/0/1 is up, line protocol is up
Interface state transitions: 1
Hardware is GigabitEthernet, address is 0024.986c.63f1 (bia 0024.986c.63f1)
Description: static lab connection to acdc 0/0/0/1 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 1000Mb/s, SXFD, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:01:07
5 minute input rate 28000 bits/sec, 32 packets/sec
5 minute output rate 28000 bits/sec, 32 packets/sec
10006 packets input, 1140592 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 6 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10007 packets output, 1140832 bytes, 0 total output drops
Output 0 broadcast packets, 7 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RP/0/RSP0/CPU0:router2#sh int ten 0/0/0/3
TenGigE0/0/0/3 is up, line protocol is up
Interface state transitions: 3
Hardware is TenGigE, address is 0024.98ea.038b (bia 0024.98ea.038b)
Layer 1 Transport Mode is LAN
Description: static lab connection to putin 0/0/0/3 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 10000Mb/s, LR, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:06
Last clearing of "show interface" counters 00:01:15
5 minute input rate 27000 bits/sec, 30 packets/sec
5 minute output rate 27000 bits/sec, 30 packets/sec
10008 packets input, 1140908 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 8 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10006 packets output, 1140592 bytes, 0 total output drops
Output 0 broadcast packets, 6 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- -------------------------- --------------------------
test p2p1 UP Te0/0/0/3 UP Gi0/1/0/1 UP
-------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p1, state is up; Interworking none
AC: TenGigE0/0/0/3, state is up
Type Ethernet
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 10008, sent 10006
bytes: received 1140908, sent 1140592
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 10006, sent 10008
bytes: received 1140592, sent 1140908
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface gigabitEthernet 0/1/0/1
hardware ingress detail location 0/1/CPU0
Local interface: GigabitEthernet0/1/0/1, Xconnect id: 0x1880003, Status: up
Segment 1
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound
Statistics:
packets: received 10022, sent 10023
bytes: received 1142216, sent 1142489
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound
Platform AC context:
Ingress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00580003, SHG: None
Ingress uIDB: 0x0003, Egress uIDB: 0x0003, NP: 3, Port Learn Key: 0
NP3
Ingress uIDB:
Flags: L2, Status
Stats Ptr: 0x0d842c, uIDB index: 0x0003, Wire Exp Tag: 0
BVI Bridge Domain: 0, BVI Source XID: 0x01000000
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
QOS ID: 0, QOS Format ID: 0
Local Switch dest XID: 0x00000001
UIDB IF Handle: 0x00000000, Source Port: 1, Num VLANs: 0
Xconnect ID: 0x00580003, NP: 3
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0003, LAG pointer: 0x0000
Split Horizon Group: None
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface Te 0/0/0/3 hardware egress
detail location 0/0/CPU0
Local interface: TenGigE0/0/0/3, Xconnect id: 0x1080001, Status: up
Segment 1
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound
Statistics:
packets: received 10028, sent 10027
bytes: received 1143016, sent 1142732
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound
Platform AC context:
Egress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00000001, SHG: None
Ingress uIDB: 0x0007, Egress uIDB: 0x0007, NP: 0, Port Learn Key: 0
NP0
Egress uIDB:
Flags: L2, Status, Done
Stats ptr: 0x000000
VPLS SHG: None
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
UIDB IF Handle: 0x04000240, Search VLAN Vector: 0
QOS ID: 0, QOS format: 0
Xconnect ID: 0x00000001, NP: 0
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0007, LAG pointer: 0x0000
Split Horizon Group: None
3.1.2子接口和VLAN操作
在Cisco IOS®软件术语中,此示例有一个类似于交换机端口模式接入接口的AC和一个类似于中继的dot1q子接口:
通常,此拓扑使用网桥域,因为VLAN中通常有两个以上的端口,不过如果只有两个端口,则可以使用点对点交叉连接。本节介绍灵活重写功能如何为您提供多种方法来控制VLAN。
3.1.2.1主接口和Dot1q子接口
在本示例中,主接口位于一侧,dot1q子接口位于另一侧:
这是router1上的主接口:
RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1
interface GigabitEthernet0/0/0/1
description static lab connection to router2 0/1/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!
这是router2上的dot1q子接口:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/1
interface GigabitEthernet0/1/0/1
description static lab connection to router1 0/0/0/1
l2transport
RP/0/RSP0/CPU0:router2#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p2
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1
子接口名称TenGigE0/0/0/3.2中现在有一个l2transport关键字。Router3发送带有标记2的dot1q帧,该帧与router2上的TenGigE0/0/0/3.2子接口匹配。
rewrite ingress tag pop 1 symmetric命令可在入口方向上删除传入标记2。由于TenGigE0/0/0/3.2上的入口方向删除了标记,因此数据包会在GigabitEthernet0/1/0/1上的出口方向无标记发送。
Router1发送无标记帧,这些帧与主接口GigabitEthernet0/1/0/1匹配。
GigabitEthernet0/1/0/1上没有rewrite命令,因此不会弹出、推送或转换标记。
当数据包必须从TenGigE0/0/0/3.2转发出去时,由于rewrite ingress tag pop 1命令中的symmetric关键字,dot1q tag 2将被推送。该命令在入口方向上弹出一个标记,但在出口方向上对称推送一个标记。以下是router3上的示例:
RP/0/RSP0/CPU0:router3#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2
ipv4 address 10.1.1.2 255.255.255.0
encapsulation dot1q 2
使用相同的show interface和show l2vpn命令监控子接口计数器:
RP/0/RSP0/CPU0:router2#clear counters
Clear "show interface" counters on all interfaces [confirm]
RP/0/RSP0/CPU0:router2#clear l2vpn forwarding counters
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#sh int TenGigE0/0/0/3.2
TenGigE0/0/0/3.2 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0024.98ea.038b
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 2
Ethertype Any, MAC Match src any, dest any
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:00:27
1000 packets input, 122000 bytes
0 input drops, 0 queue drops, 0 input errors
1002 packets output, 122326 bytes
0 output drops, 0 queue drops, 0 output errors
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect detail
Group test, XC p2p2, state is up; Interworking none
AC: TenGigE0/0/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 1001, sent 1002
bytes: received 118080, sent 118318
drops: illegal VLAN 0, illegal length 0
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 1002, sent 1001
bytes: received 114310, sent 114076
正如预期的那样,TenGigE0/0/0/3.2上接收的数据包数量与GigabitEthernet0/1/0/1上发送的数据包数量匹配,反之亦然。
3.1.2.2带封装的子接口
可以将encapsulation default的子接口用于GigabitEthernet0/1/0/1上的主接口,以便捕获所有帧或使用encapsulation untagged来仅匹配未标记的帧:
RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1
3.1.2.3 GigabitEthernet0/1/0/1.1上的入口方向
您可以在GigabitEthernet0/1/0/1.1上向入口方向推送标记2,而在TenGigE0/0/0/3.2上不执行任何操作,而非TenGigE0/0/0/3.2上向入口方向推送标记2:
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged
rewrite ingress tag push dot1q 2 symmetric
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1
因此,您可以看到,使用encapsulation和rewrite命令的EVC模型为您匹配和操作VLAN标记提供了极大的灵活性。
3.2虚拟专用有线服务
3.2.1概述
虚拟专用有线服务(VPWS)(也称为MPLS以太网(EoMPLS))允许两个L2VPN提供商边缘(PE)设备通过MPLS云传输L2VPN流量。两个L2VPN PE通常在两个不同的站点连接,它们之间有一个MPLS核心。每个L2VPN PE连接的两个AC通过MPLS网络上的PW(即MPLS PW)进行链接。
每个PE都需要有一个MPLS标签才能到达远程PE的环回。此标签(通常称为内部网关协议(IGP)标签)可以通过MPLS标签分发协议(LDP)或MPLS流量工程(TE)获取。
两个PE在它们之间建立一个目标MPLS LDP会话,以便它们可以建立并控制PW的状态。一个PE向另一个PE通告MPLS标签以识别PW。
Router2在其本地AC上接收的流量封装在MPLS标签堆栈中:
- 外部MPLS标签是到达router3的环回接口的IGP标签。如果标签直接连接,则此标签可以是隐式null标签;这意味着不会附加IGP标签。
- 内部MPLS标签是路由器3通过目标LDP会话通告的PW标签。
- 根据配置和封装类型,MPLS标签后面可能会出现一个PW控制字。控制字在以太网接口上默认情况下不使用,必须在需要时显式配置。
- 传输的L2帧在数据包中跟随。
- 某些VLAN标记通过PW传输,具体取决于配置和PW类型。
倒数第二跳(在MPLS核心中的router3之前)会弹出IGP标签或用显式空标签替换它。因此,router3收到的帧上最有意义的标签是router3发信号给router2以获取PW的PW标签。因此,Router3知道收到的带有MPLS标签的流量应交换至连接到Router4的AC。
在上一个示例中,您应首先检查每个L2VPN是否具有远程PE环回的MPLS标签。以下示例说明如何检查router2上的标签:
RP/0/RSP1/CPU0:router2#sh mpls forwarding prefix 10.0.0.11/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16008 16009 10.0.0.11/32 Te0/0/0/1 10.0.23.2 681260
AC配置仍然相同:
RP/0/RSP1/CPU0:router2#sh run int gig 0/0/0/1.2
Wed May 1 13:56:07.668 CEST
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
因为没有rewrite ingress pop命令,所以传入的VLAN标记2通过PW传输。有关详细信息,请参阅第4类和第5类PW。
L2VPN配置指定本地AC和远程L2VPN PE的PW ID必须在每一端匹配,并且对于每个邻居必须是唯一的:
RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222
router3上的相应配置为:
RP/0/RSP0/CPU0:router3#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
RP/0/RSP0/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222
使用show l2vpn xconnect detail命令查看交叉连接的详细信息:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail
Group test, XC p2p4, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38448
bytes: received 12644, sent 2614356
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (21:31:00 ago)
Last time status changed: 30/04/2013 16:36:42 (21:25:16 ago)
Statistics:
packets: received 38448, sent 186
bytes: received 2614356, sent 12644
在此配置中,请注意:
- AC的最大传输单位(MTU)为1504,因为AC上的传入标记没有弹出。每端MTU必须匹配,否则PW不会出现。
- 在AC上接收了186个数据包,并如预期在PW上发送。
- 38448数据包在PW上接收,并在AC上按预期发送。
- router2的本地标签为16026,是router3用作内部标签的标签。由于IGP标签已由倒数第二的MPLS跳跳弹出,因此数据包在路由器2上接收,并且该MPLS标签作为顶部标签。Router2知道带有该PW标签的传入帧应该切换到AC Gi 0/0/0/1.2:
RP/0/RSP1/CPU0:router2#sh mpls forwarding labels 16026
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16026 Pop PW(10.0.0.11:222) Gi0/0/0/1.2 point2point 2620952
3.2.2 PW和AC耦合状态
在点对点交叉连接中,AC和PW耦合。因此,如果AC断开,L2VPN PE通过LDP向远程PE发出PW状态应关闭的信号。当配置了PW冗余时,这会触发收敛。有关详细信息,请参阅冗余部分。
在本示例中,AC在router2上关闭,并且正在将“AC Down”PW状态发送到router3:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail
Wed May 1 23:38:55.542 CEST
Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is down
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38544
bytes: received 12644, sent 2620884
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is down ( remote standby )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (1d07h ago)
Last time status changed: 01/05/2013 14:05:07 (09:33:47 ago)
Statistics:
packets: received 38544, sent 186
bytes: received 2620884, sent 12644
Router3知道PW应该关闭,因为远程AC已关闭:
RP/0/RSP0/CPU0:router3#sh l2vpn xconnect group test xc-name p2p4 detail
Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 38545, sent 186
bytes: received 2620952, sent 12644
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16031 16026
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 30/04/2013 16:37:57 (1d07h ago)
Last time status changed: 01/05/2013 14:11:33 (09:35:50 ago)
Statistics:
packets: received 186, sent 38545
bytes: received 12644, sent 2620952
3.2.3类型4和类型5 PW
可以使用两种类型的PW — 类型4和类型5。
- 第4类PW称为基于VLAN的PW。入口PE不应删除要通过PW传输的传入VLAN标记。
在基于EVC的平台(如ASR 9000)上,问题在于传入AC可能有一个rewrite命令来弹出传入VLAN标记,因此可能没有任何要通过PW传输的VLAN标记。为了消除这种可能性,EVC平台在帧顶部为第4类PW插入一个虚构VLAN标记0。使用transport-mode vlan命令配置第4类PW。远程PE应基于EVC,并应了解顶部VLAN标记是要剥离的虚拟标记。
但是,如果在EVC平台和非EVC平台之间使用第4类PW,则可能会导致互操作性问题。非EVC平台不将顶部VLAN标记视为虚拟VLAN标记,而是转发将虚拟VLAN标记0作为外部标记的帧。EVC平台能够使用rewrite命令处理传入帧中收到的VLAN标记。该VLAN操作结果通过第4类PW传输,上面带有一个额外的伪标记0。
最近的Cisco IOS XR软件版本能够使用4类PW,而无需使用transport-mode vlan passthrough命令的虚拟标记0。以太网流点(EFP)上的VLAN标记操作必须确保至少保留一个标记,因为必须存在在第4类PW上传输的VLAN标记,并且在本例中,不存在满足该要求的虚拟标记。传入接口标记重写后留在帧中的标记通过PW透明传输。
- 第5类PW称为基于以太网端口的PW。入口PE传输在主接口上接收的帧,或者在子接口上收到数据包时移除子接口标记之后的帧。不需要通过类型5 PW发送标记帧,并且基于EVC的平台不会添加虚拟标记。基于EVC的平台能够使用rewrite命令处理传入帧中收到的VLAN标记。该VLAN操作的结果通过5类PW传输,无论带标记还是无标记。
默认情况下,L2VPN PE尝试协商第5类PW,如以下示例所示:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet, control word disabled, interworking none
PW type Ethernet Ethernet
PW类型Ethernet表示类型5 PW。
这是router1发送的ARP请求的嗅探器捕获,由router2通过PW封装到router3:
Frame 38: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)
MPLS标签16031由router3通告的PW标签。嗅探器捕获是在倒数第二跳与router3之间进行的,因此没有IGP标签。
封装的以太网帧在PW标签之后立即开始。可以有一个PW控制字,但在本例中未配置。
即使是5类PW,路由器2也会传输在AC上接收的传入VLAN标记2,因为没有在AC上弹出rewrite命令。由于基于EVC的平台上没有自动弹出标签,因此传输重写处理之后来自AC的结果。请注意,没有具有第5类PW的虚拟VLAN标记0。
如果使用rewrite ingress tag pop 1 symmetric命令进行配置,则不会通过PW传输VLAN标记。
以下是在router2和router3上配置pw-class的4类PW示例。
l2vpn
pw-class VLAN
encapsulation mpls
transport-mode vlan
!
!
xconnect group test
p2p p2p4
neighbor 10.0.0.11 pw-id 222
pw-class VLAN
!
!
!
!
PW类型以太网VLAN表示类型4 PW。
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
现在,在传输的帧顶部插入了一个虚拟标记0:
Frame 15: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 0
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)
基于出口EVC的PE会删除虚拟标记,并转发其本地AC上带有标记2的帧。出口PE应用在其AC上配置的本地标记处理,处理在PW上接收的帧。如果其本地AC配置为rewrite ingress tag pop 1 symmetric,则必须在出口方向上推送配置的标记,因此在PW上接收的标记2顶部推送新标记。rewrite命令非常灵活,但您应仔细评估PW每一端要达到的目的。
3.2.4多段PW
L2VPN PE可以将PW而不是物理接口用作AC:
Router5在PW上接收来自router2的数据包,并将另一个PW上的数据包交换给router3。因此,Router5在PW之间切换,以便在router2和router3之间创建多段PW。
现在router2上的配置指向router5作为远程PE:
RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.12 pw-id 222
!
!
!
!
router5的配置是基本的:
RP/0/RSP0/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
neighbor 10.0.0.11 pw-id 223
!
neighbor 10.0.0.13 pw-id 222
!
description R2-R5-R3
!
!
!
description命令是可选的,它插入到router5发送给每个远程PE(router2和router3)的PW交换类型长度值(TLV)中。当中间有执行PW交换的路由器时,您需要排除PW故障时,说明会非常有用。
输入sh l2vpn xconnect命令以查看PW交换TLV:
RP/0/RSP0/CPU0:router5#sh l2vpn xconnect group test det
Group test, XC p2p5, state is down; Interworking none
Description: R2-R5-R3
PW: neighbor 10.0.0.11, PW ID 223, state is down ( provisioned )
PW class not set, XC ID 0xc0000002
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16042 unknown
Group ID 0x4000280 0x0
Interface GigabitEthernet0/0/0/1.2 unknown
MTU 1504 unknown
Control word disabled unknown
PW type Ethernet unknown
VCCV CV type 0x2 0x0
(none)
(LSP ping verification)
VCCV CC type 0x4 0x0
(none)
(TTL expiry)
------------ ------------------------------ -----------------------------
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.13, PW ID: 222
Description: R1-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 3221225474
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:30 (00:00:06 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000001
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16043 16056
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x4 0x6
(router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.11, PW ID: 223
Description: R2-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 0
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:35 (00:00:01 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)
Router5向router3发送PW交换TLV以及其PW的详细信息,然后向router2发送PW交换TLV,并将其PW详细信息发送到router3。
3.2.5冗余
点对点PW可用于连接两个站点,但是在PE或AC出现故障时,这两个站点应保持连接状态。
3.2.5.1核心冗余
如果您做出任何影响MPLS核心中重新路由的拓扑更改,MPLS PW会立即继承新路径。
3.2.5.2 PW捆绑包
客户边缘(CE)设备可以通过以太网捆绑连接到PE,以便在CE和PE之间存在捆绑成员链路故障时提供链路冗余。即使一个捆绑链路成员发生故障,该捆绑仍然可用。请注意,这不会提供PE冗余,因为PE故障会使整个捆绑断开。
冗余的一种方法是使用点对点PW传输多个电路。每条电路是两个CE之间的以太网捆绑的成员:
PE不终止捆绑包,而是通过PW透明地传输帧,包括链路汇聚控制协议(LACP)帧,CE在这些帧之间交换帧。
在此设计中,丢失AC或PE会导致捆绑成员断开,但捆绑保持运行。
在此设计中,CE仍然是单点故障。CE上可以使用的其他冗余功能包括:
- 多机箱链路汇聚组(MC-LAG)
- ASR 9000网络虚拟化(nV)集群
- Cisco IOS交换机上的虚拟交换系统(VSS)
- Cisco Nexus交换机上的虚拟端口通道(vPC)
从PE的角度来看,AC和MPLS PW之间有一个简单的点对点连接。
3.2.5.3 PW冗余
PE还可以通过称为PW冗余的功能提供冗余。
Router2有一个指向router3的主PW。在正常情况下,从router1到router6的流量流经该主PW。Router2也有一个备份PW以热备份方式连接到router4,但在正常情况下,没有流量流过该PW。
如果主PW、主PW的远程PE(router3)或远程PE上的AC(router3)出现问题,router2会立即激活备用PW,流量开始流过。问题解决后,流量会返回主PW。
路由器2上的配置如下:
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222
backup neighbor 10.0.0.14 pw-id 222
!
!
!
!
!
router3和router4的标准配置为:
RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222
!
!
!
!
在稳定条件下,PW到router3处于活动状态,而PW到router4处于备用状态:
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- ------------------ ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 UP
Backup
10.0.0.14 222 SB
------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51412, sent 25628
bytes: received 3729012, sent 1742974
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ -------------------------- --------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ -------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25628, sent 51412
bytes: received 1742974, sent 3729012
Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is standby ( all ready )
Backup for neighbor 10.0.0.13 PW ID 222 ( inactive )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ --------------------------- --------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ --------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x20 (Standby) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
RP/0/RSP0/CPU0:router2#
由于AC状态和PW状态是耦合的,因此当router3上的AC断开时,router3会向router2发出“AC down”信号。Router2关闭其主PW并激活备用PW:
RP/0/RSP0/CPU0:May 3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN :
Pseudowire with address 10.0.0.13, id 222, state is Down
RP/0/RSP0/CPU0:May 3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN :
Pseudowire with address 10.0.0.14, id 222, state is Up
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51735, sent 25632
bytes: received 3752406, sent 1743230
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ---------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ---------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0
Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is up ( established )
Backup for neighbor 10.0.0.13 PW ID 222 ( active )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------- -----------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------- -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25632, sent 51735
bytes: received 1743230, sent 3752406
RP/0/RSP0/CPU0:router2#
当router3上的AC恢复正常时,router2重新激活指向router3的主PW,指向router4的PW返回备用状态。
当router3关闭时,也会激活备用PW,并且router2会丢失通往其环回接口的路由。
下一个逻辑步骤是在每个站点引入具有两个PE的双向PW冗余:
但是,当两个PW同时处于活动状态时,此全网状的PW会遇到问题,因为网络中会引入环路。环路需要中断,通常使用生成树协议(STP)。但是,您不希望一个站点的生成树不稳定传播到另一个站点。因此,最好不要在这些PW上运行生成树,也不要合并两个站点之间的生成树。如果两个站点之间只有一个逻辑链路,则比较简单,因此不需要生成树。
一种解决方案是在一个站点的两个PE与其本地CE之间使用MC-LAG捆绑包。只有两个PE中的一个PE的捆绑成员处于活动状态,因此其到远程站点的PW处于活动状态。另一个PE的捆绑成员处于备用状态,且到远程站点的PW已断开。由于两个站点之间只有一个PW处于活动状态,因此不会引入环路。具有活动PW的PE也有一个备用的PW到远程站点的第二个PE。
在稳定条件下,活动捆绑成员位于router2和router3上,而活动PW位于它们之间。这是router3上的配置:
RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!
RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------
RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- --------------- -------- -------------- ----------
Gi0/0/0/1 Local Active 0x8001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8002, 0xa002 1000000
Link is marked as Standby by mLACP peer
在router5上,本地捆绑成员和发往router2的主要PW处于备用状态,发往router4的备用PW处于关闭状态:
RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!
RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- --------------------------
test p2p7 DN BE222.2 UP 10.0.0.11 222 SB
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------
RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222
Bundle-Ether222
Status: mLACP hot standby
Local links : 0 / 1 / 1
Local bandwidth : 0 (0) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Standby
Foreign links : 1 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Standby 0x8002, 0xa002 1000000
mLACP peer is active
Gi0/0/0/1 10.0.0.13 Active 0x8001, 0x9001 1000000
Link is Active
在router6上,捆绑成员到router3处于活动状态,而捆绑成员到router5处于备用状态:
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)
当router3上的捆绑成员断开时,router6会将其活动成员连接到router5:
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(D) Gi0/2(P)
由于bundle-ether222在router5上关闭,因此与router2相连的PW将同时关闭:
RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 DN BE222.2 DN 10.0.0.11 222 DN
Backup
10.0.0.12 222 DN
-----------------------------------------------------------------------------
Router2检测到它到router3的PW已关闭,并激活它到router5的备用PW:
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
-----------------------------------------------------------------------------
Router5的捆绑成员处于活动状态,且其指向router2的主要PW处于活动状态:
RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ----------- ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x8002, 0xa002 1000000
Link is Active
Gi0/0/0/1 10.0.0.13 Configured 0x8003, 0x9001 1000000
Link is down
RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
-------------------------------------------------------------------------------
3.2.5.4 ASR 9000 nV边缘集群
先前基于MC-LAG和PW冗余的设计对于冗余运行良好,但是,由于一些捆绑成员处于备用状态,因此它们不会在稳定条件下传输流量。
如果您希望所有捆绑成员都处于活动状态,即使是在稳定的条件下,您也可以将ASR 9000集群与来自CE的捆绑成员连接至PE的每个机架:
此设计针对CE和PE之间的捆绑成员链路故障、机架故障和核心链路故障提供冗余,只要集群与MPLS核心双重连接且核心中存在冗余。两个机架不必共置,可能位于不同的位置。此图中未表示机架间链路。
如果您希望在CE上实现冗余,则可以为CE使用多机箱解决方案:
- MC-LAG
- ASR 9000 nV集群
- VSS
- vPC
ASR 9000集群上的配置非常基本:
interface TenGigE0/0/0/8
bundle id 222 mode on
!
interface TenGigE1/0/0/8
bundle id 222 mode on
!
interface Bundle-Ether222
!
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface Bundle-Ether222.2
neighbor 10.0.0.13 pw-id 8
!
!
!
!
Cisco建议您配置静态LACP系统MAC地址和捆绑包MAC地址,以避免指定机架控制器切换导致的MAC地址更改。此示例显示如何查找地址:
RP/1/RSP0/CPU0:router2#sh int bundle-ether 222 | i address is
Hardware is Aggregated Ethernet interface(s), address is 0024.f71e.d309
Internet address is Unknown
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#int bundle-ether 222
RP/1/RSP0/CPU0:router2(config-if)#mac-address 0024.f71e.d309
RP/1/RSP0/CPU0:router2(config-if)#commit
RP/1/RSP0/CPU0:router2(config-if)#end
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#sh lacp system-id
Priority MAC Address
-------- -----------------
0x8000 00-24-f7-1e-d3-05
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#lacp system mac 0024.f71e.d305
RP/1/RSP0/CPU0:router2(config)#commit
RP/1/RSP0/CPU0:router2(config)#end
总之,这是捆绑以太网222,每个机架上有一个成员(机架0上为10个0/0/0/8,机架1上为10个1/0/0/8),并为点对点交叉连接配置的捆绑子接口:
RP/1/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p8 UP BE222.2 UP 10.0.0.13 8 UP
-------------------------------------------------------------------------------
3.3 CDP
Cisco路由器和交换机通常发送不带dot1q标记的CDP数据包。当配置为交叉连接的IOS XR路由器收到这些CDP数据包时,有多个场景可以确定这些数据包的后果:
在此拓扑中,根据配置,路由器1可将其本地PE路由器2视为CDP邻居或远程CE路由器4。
3.3.1 L2VPN PE的主接口上未启用CDP
来自L2VPN CE的CDP数据包通过交叉连接进行传输。如果主接口配置为l2transport,或者如果存在与未标记的CDP帧匹配的子接口,则两个L2VPN CE会相互通信(使用show cdp neighbors命令)。
以下是主接口的示例:
interface GigabitEthernet0/0/0/1
l2transport
!
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1
neighbor 10.0.0.11 pw-id 8
!
!
!
!
以下是无标记子接口的示例:
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 8
!
!
!
!
在这两个示例中,CDP数据包通过交叉连接进行传输,并且CE将彼此视为CDP邻居。CE不会将PE视为CDP邻居:
router1#sh cdp nei gigabitEthernet 0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
router4 Gig 0/1 168 R S ME-3400G- Gig 0/1
3.3.2在L2VPN PE的主接口上启用CDP
PE处理未标记的CDP数据包,PE和CE将彼此视为邻居。但是,在L2VPN PE的主接口上启用CDP时,CE看不到远程CE。
请注意:
- 不能在配置为l2transport的主接口上配置CDP。
- 在主非l2传输接口上配置CDP时,PE会拦截CDP数据包。即使配置了l2transport子接口来匹配未标记的CDP数据包(使用encapsulation untagged或encapsulation default命令),也会出现这种情况。在这种情况下,CDP数据包不会传输到远程站点。
3.4生成树
如果L2VPN CE是以太网交换机并且正在向L2VPN PE发送生成树BPDU,则这些BPDU将作为常规流量处理,并根据L2VPN配置进行传输。
如果主接口配置为l2transport,或者如果存在使用encapsulation untagged或encapsulation default命令配置的l2transport子接口,则无标记发送STP或MST BPDU并通过点对点交叉连接进行传输。
增强型每VLAN生成树(PVST+)或快速PVST+(PVRST+)发送已标记的BPDU,如果存在与BPDU的dot1q标记匹配的l2传输子接口,则传输这些BPDU。
以下是示例拓扑:
Router2和router3正在传输未标记帧和带有dot1q标记2的帧:
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 8
!
!
p2p p2p9
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 9
!
!
!
!
交换机1从switch4接收VLAN 1中的未标记BPDU和VLAN2中的已标记BPDU;其根端口位于Gi0/1上并指向switch4:
switch1#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 8
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0019.552b.b580
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
通过此配置,站点A的生成树域与站点B的生成树域合并。一个潜在的问题是,一个站点上的生成树不稳定可能会传播到另一个站点。
如果您确信一个站点仅通过一个PW连接到另一个站点,并且没有后门链路可引入物理环路,则最好不要在两个站点上运行生成树。这会使两个生成树域保持隔离。为此,请在CE上配置生成树bpdu过滤器,或在PE上配置以太网服务访问列表,以丢弃BPDU使用的目的MAC地址的帧。PE上的以太网服务访问列表可用于丢弃具有BPDU目标MAC的帧,或者您不想通过PW转发的其他类型L2协议。
这是可在两个站点之间传输的每个l2transport(sub)接口下使用的访问列表:
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd
60 deny any host 0100.0ccd.cdce
70 permit any any
!
RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.1
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!
RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!
以太网服务ACL开始丢弃BPDU:
RP/0/RSP1/CPU0:router2#sh access-lists ethernet-services block-invalid-frames
hardware ingress location 0/0/CPU0
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f (41 hw matches)
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd (63 hw matches)
60 deny any host 0100.0ccd.cdce
70 permit any any (8 hw matches)
交换机1不再接收来自交换机4的BPDU,因此交换机1现在成为根:
switch1#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p
在链路上禁用生成树的风险如下:如果在站点之间创建后门连接,则会导致物理环路,而且生成树无法中断环路。因此,当您在PW上禁用生成树时,请确保站点之间没有冗余链路,并且PW仍是站点之间的唯一连接。
如果站点之间存在多个连接,请使用类似于VPLS的解决方案以及生成树的接入网关版本,例如MST接入网关(MSTAG)或PVST+接入网关(PVSTAG)。有关详细信息,请参阅多点服务部分。
4.多点服务
有关多点L2功能的完整说明,请参阅实施多点第2层服务。
由于点对点交叉连接中只有两个接口,因此L2VPN交换机将接收的所有数据都接收在一端,并在另一端转发这些数据。
当网桥域中有两个以上的接口时,以太网交换机必须做出交换决策,以便根据帧的目的MAC地址确定帧转发位置。交换机根据收到的帧的源MAC地址进行MAC学习,并构建MAC地址表。
交换机使用此方法转发帧:
- 广播帧会泛洪到所有端口。使用风暴控制以限制广播泛洪速率。
- 组播帧会泛洪到网桥域中的所有端口,除非配置了互联网组管理协议(IGMP)或组播侦听程序发现(MLD)监听。使用风暴控制以限制组播泛洪速率。
- 目的MAC地址不属于网桥域的mac地址表(未知单播)的单播帧在网桥域中的所有端口上泛洪。使用风暴控制以限制未知单播泛洪速率。
- 目的MAC地址属于网桥域的mac地址表的单播帧将转发到已获取目的MAC地址的端口。
在Cisco IOS XR软件中,广播域或模拟LAN称为网桥域。这类似于Cisco IOS软件术语中的VLAN,不同之处在于IOS中的VLAN链接到TRUNK上用作dot1q标记的VLAN编号。Cisco IOS XR软件中的网桥域未链接到dot1q VLAN标记号。您可以使用EVC模型来处理dot1q标记,并且使dot1q子接口与同一网桥域中不同的dot1q VLAN编号或具有无标记接口。
网桥域基本上是一个广播域,其中广播和组播帧被泛洪。一个mac-address-table与每个网桥域关联(除非通过配置手动禁用MAC学习,这种情况非常罕见)。这通常对应一个IPv4或IPv6子网,其中网桥域中的所有主机都直接连接。
网桥域可以分组在一个网桥组中。这是检查配置的简便方法。您可以对网桥组执行一个show命令,而不是对每个网桥域执行一个show命令。网桥组没有mac-address-table或其他关联;它仅用于配置和show命令。
4.1本地交换
这是一个非常基本的示例:
Router2、router3和router4通过ASR 9000连接,ASR 9000模拟这三台路由器之间的LAN。
这三种路由器上的接口配置如下:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/39.2
interface GigabitEthernet0/1/0/39.2
ipv4 address 192.168.2.2 255.255.255.0
encapsulation dot1q 2
!
router3#sh run int gig 0/1
Building configuration...
Current configuration : 203 bytes
!
interface GigabitEthernet0/1
port-type nni
switchport access vlan 2
switchport trunk allowed vlan 1,2
switchport mode trunk
end
router3#sh run int vlan 2
Building configuration...
Current configuration : 61 bytes
!
interface Vlan2
ip address 192.168.2.3 255.255.255.0
end
router3#
RP/0/RSP0/CPU0:router4#sh run int ten 0/0/1/0.2
interface TenGigE0/0/1/0.2
ipv4 address 192.168.2.4 255.255.255.0
encapsulation dot1q 2
!
数据包由router1以dot1q标记2接收,然后转发到dot1q标记2的其他路由器。
在此基本场景中,AC上有两个选项:
- 由于所有AC都使用dot1q标记2,因此您可以将其保留在帧上,并使用与入口接口上接收到的dot1q标记在出口接口上转发帧。不需要rewrite ingress tag pop 1 symmetric命令。
- 您可以在入口方向弹出传入的dot1q标记2,并在出口方向对称推送dot1q标记2。虽然在这种基本情况下不需要这样做,但最好在开始时以这种方式配置网桥域,因为它为将来提供了更大的灵活性。以下是初始配置后可能发生更改的两个示例:
- 如果稍后在桥接域中引入路由BVI接口,则必须在BVI上处理数据包,而不带标记。有关详细信息,请参阅BVI部分。
- 稍后会添加使用不同dot1q标记的新交流电源。dot1q标记2将在入口方向上弹出,另一个dot1q标记将在新接口上在出口方向上推送,反之亦然。
在router1的每个AC上弹出dot1q标记:
RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/38.2
interface GigabitEthernet0/1/0/38.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP0/CPU0:router1#sh run int TenGigE0/2/0/4.2
interface TenGigE0/2/0/4.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
使用以下三种AC查看网桥域的配置:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain engineering
interface TenGigE0/2/0/4.2
!
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/38.2
!
!
!
!
网桥域必须在网桥组下配置。如果需要此客户的其他网桥域,可以在同一网桥组customer1下配置它们。如果新网桥域属于其他客户,则可以创建新的网桥组。这些示例使用客户对网桥域进行分组,但网桥域可以按任何条件进行分组。
使用show run l2vpn bridge group customer1 bridge-domain engineering命令显示网桥域的配置。
请使用show run l2vpn bridge group customer1命令查看所有网桥域的配置。
使用show l2vpn bridge-domain bd-name engineering命令或show l2vpn bridge-domain group customer1命令显示有关网桥域的信息。
RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name
engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
Gi0/1/0/38.2, state: up, Static MAC addresses: 0
Te0/2/0/4.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name
engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (00:18:06 ago)
No status change since creation
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 185066, sent 465
bytes: received 13422918, sent 34974
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: GigabitEthernet0/1/0/38.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40005; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 8, sent 12287
bytes: received 770, sent 892418
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: TenGigE0/2/0/4.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1040001; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 463, sent 11839
bytes: received 35110, sent 859028
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
如果要检查每个AC上是否接收和发送了数据包,请使用show l2vpn bridge-domain group customer1 bd-name engineering det命令。
如果要检查mac-address-table,请向show l2vpn forwarding bridge-domain命令添加mac-address关键字:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
------------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
每次在桥接域中收到帧时,由线卡在硬件中执行MAC学习。MAC地址表也有软件缓存,但此软件表无法连续更新以匹配硬件条目。在最新代码中输入show命令时,它会尝试将软件表与硬件表重新同步。在最多15秒之后,即使重新同步尚未完成(例如,如果表很大),它也会打印软件mac-address-table的当前状态。请使用l2vpn resynchronize forwarding mac-address-table命令手动重新同步软件和硬件表。
RP/0/RSP0/CPU0:router1#term mon
RP/0/RSP0/CPU0:router1#l2vpn resynchronize forwarding mac-address-table
location 0/1/CPU0
RP/0/RSP0/CPU0:router1#LC/0/1/CPU0:May 28 18:25:35.734 : vkg_l2fib_mac_cache[357]
%PLATFORM-
PLAT_L2FIB_MAC_CACHE-6-RESYNC_COMPLETE : The resynchronization of the MAC
address table is complete
0/1/CPU0
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
系统日志消息指示重新同步过程何时完成,因此启用terminal monitor以便查看消息很有用。
Resync Age列显示上次从硬件表重新同步MAC地址的时间。
location关键字是传入或传出线路卡的位置。MAC地址在硬件中的线卡之间交换,因此每个有AC或PW的线卡上都应该知道MAC地址。detail关键字可能会提供软件表的最新版本:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address detail location 0/1/CPU0
Bridge-domain name: customer1:engineering, id: 5, state: up
MAC learning: enabled
MAC port down flush: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC Secure: disabled, Logging: disabled
DHCPv4 snooping: profile not known on this node
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
IGMP snooping: disabled, flooding: enabled
Bridge MTU: 1500 bytes
Number of bridge ports: 3
Number of MAC addresses: 4
Multi-spanning tree instance: 0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
GigabitEthernet0/1/0/3.2, state: oper up
Number of MAC: 2
Statistics:
packets: received 187106, sent 757
bytes: received 13571342, sent 57446
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 0019.552b.b581, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
Mac Address: 0019.552b.b5c3, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
GigabitEthernet0/1/0/38.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 18, sent 14607
bytes: received 1950, sent 1061882
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 0024.986c.6417, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
TenGigE0/2/0/4.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 6c9c.ed3e.e484, LC learned: 0/2/CPU0
Resync Age: 0d 0h 0m 0s, Flag: remote
该命令的详细版本提供了网桥域中学习的MAC地址总数,以及在每个AC下学习的MAC地址数量。
hardware关键字直接从入口或出口转发引擎轮询硬件mac-address-table:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware ingress location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware egress location 0/2/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 14s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 1s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 10s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 13s N/A
RP/0/RSP0/CPU0:router1#
4.2全MST
以前的本地交换示例是基本的,因为只有路由器连接到网桥域。但是,一旦开始连接L2交换机,您可能会引入环路并需要STP以中断环路:
在此拓扑中,router1、router2和router3均配置了网桥域,图中显示了它们的所有接口。如果router4向router1发送广播(如ARP请求),router1将其泛洪到router2和router3,router2将其泛洪到router3,router3将其泛洪到router2。这会导致环路和广播风暴。
要中断环路,请使用STP。STP有多种类型,但Cisco IOS XR软件仅提供一种完整实施,即MST。
此外,Cisco IOS XR软件中还支持PVSTAG和MSTAG等协议的访问网关版本。这些是特定拓扑中使用的协议的静态、有限版本,通常与VPLS一起使用,在MSTAG和PVSTAG部分中进行了描述。在Cisco IOS XR软件中,如果拓扑包含多个交换机,并且需要完整生成树实施,则MST是唯一的选项。
每台路由器上配置了两个子接口,并添加到网桥域。对于router1,配置为:
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
!
!
!
MST在主接口上配置。在本例中,VLAN 2被分配给实例1,而所有其他VLAN仍为默认实例0。(更实际的配置是在实例之间平均分配VLAN。)
STP网络中的根网桥选择取决于配置的优先级和每个设备的嵌入式网桥ID。具有最低优先级或具有相等的最低优先级但具有最低网桥ID的设备被选为根网桥。在本例中,路由器3的优先级低于实例0的路由器1,因此路由器3是实例0的根。对于实例1,Router1的优先级低于Router3,因此Router1是实例1的根。
这是router1的配置:
spanning-tree mst customer1
name customer1
revision 1
instance 0
priority 28672
!
instance 1
vlan-ids 2
priority 24576
!
interface TenGigE0/0/0/1
!
interface GigabitEthernet0/0/0/1
!
!
这是router3上的配置:
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
spanning-tree mst 0 priority 24576
spanning-tree mst 1 priority 28672
所有交换机上的名称、修订版和VLAN到实例的映射必须相同。
现在,检查router1上的生成树状态:
RP/0/RSP1/CPU0:router1#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed
Operating in dot1q mode
MSTI 0 (CIST):
VLANS Mapped: 1,3-4094
CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0
Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 28672 (priority 28672 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.1
Te0/0/0/1 128.1 2000 DSGN FWD 28672 4055.3912.f1e6 128.1
MSTI 1:
VLANS Mapped: 2
Root ID Priority 24576
Address 4055.3912.f1e6
This bridge is the root
Int Cost 0
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 24576 4055.3912.f1e6 128.2
Te0/0/0/1 128.1 2000 DSGN FWD 24576 4055.3912.f1e6 128.1
Router3是实例0的根,因此router1的根端口位于Gi0/0/0/1上,指向router3。Router1是实例1的根,因此router1是该实例所有接口的指定网桥。
Router2在Te0/1/0/0上被阻塞,例如0:
RP/0/RSP1/CPU0:router2#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed
Operating in dot1q mode
MSTI 0 (CIST):
VLANS Mapped: 1,3-4094
CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0
Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.2
Te0/1/0/0 128.1 2000 ALT BLK 28672 4055.3912.f1e6 128.1
MSTI 1:
VLANS Mapped: 2
Root ID Priority 24576
Address 4055.3912.f1e6
Int Cost 2000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 32768 f025.72a7.b13e 128.2
Te0/1/0/0 128.1 2000 ROOT FWD 24576 4055.3912.f1e6 128.1
RP/0/RSP1/CPU0:router2#
Te0/1/0/0.2处于转发状态,而Te0/1/0/0.3处于阻塞状态。 当STP Blocked值为0x0时,条件为false,因此接口处于转发状态;当STP Blocked值为0x1时,条件为true,因此接口处于阻塞状态。
使用show uidb data命令确认此情况并显示网络处理器中存在的接口数据:
RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.2
ingress | i Blocked
STP Blocked 0x0
RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.3
ingress | i Blocked
STP Blocked 0x1
4.3 BVI
配置网桥域可创建L2域。要退出该L2域,请连接桥接域内主机与外部世界之间路由的L3路由器。在上图中,主机1可以使用router4或router5退出本地子网并访问Internet。
配置了网桥域的Router1和Router2是ASR 9000路由器,可以路由IPv4和IPv6流量。因此,这两台路由器可以将IP流量从网桥域中取出,并自行将其路由到Internet,而不依赖L3路由器。为此,您需要配置BVI,它是插入网桥域的L3接口,以便路由进出网桥域的数据包。
从逻辑上说,情况是这样的:
下面是配置:
RP/0/RSP1/CPU0:router1#sh run int bvi 2
interface BVI2
ipv4 address 192.168.2.1 255.255.255.0
!
RP/0/RSP1/CPU0:router1#sh run int bvi 3
interface BVI3
ipv4 address 192.168.3.1 255.255.255.0
!
RP/0/RSP1/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
routed interface BVI3
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
routed interface BVI2
!
!
!
RP/0/RSP1/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
BVI是无标记的L3接口,因此,如果要让BVI处理网桥域的AC上收到的数据包,必须将AC配置为弹出所有传入标记。否则,BVI无法理解标记并丢弃数据包。无法在BVI上配置dot1q子接口,因此必须像上例中在Gi0/0/0/1.2上所做的那样在AC上弹出标签。
由于BVI接口是虚拟接口,因此可启用的功能存在一些限制。在Cisco ASR 9000系列路由器上配置集成路由和桥接:配置IRB的限制中介绍了这些限制。ASR 9000上的BVI接口不支持以下功能:
- 访问控制列表(ACL)。但是,可以在网桥域的每个L2端口上配置L2 ACL。
- IP快速重路由(FRR)
- Netflow
- MoFRR(仅组播快速重新路由)
- MPLS标签交换
- mVPNv4
- 服务质量 (QoS)
- 流量镜像
- BVI的未编号接口
- 视频监控(Vidmon)
BVI可以采用虚拟路由和转发(VRF)配置,以便通过MPLS转发BVI上接收的流量,但必须使用per-vrf label-allocation-mode。
如果需要这些限制功能之一,则不能使用BVI。另一种解决方案是在路由器的两个端口之间使用外部环回电缆,其中一个端口位于网桥域中,另一个端口配置为正常路由接口,所有功能都可以在此接口上配置。
4.4 VPLS
4.4.1概述
VPLS能够通过MPLS PW将多个站点的网桥域合并为一个大型网桥域。不同站点上的主机似乎直接连接到同一个L2网段,因为它们的流量在L2VPN PE之间的全网状MPLS PW上透明封装:
需要全网状PW,以确保每台主机都能接收来自所有其他主机的流量。其结果是,L2VPN PE不会将VPLS PW上收到的帧转发到其它VPLS PW上。应该有一个全网状PW,因此每个PE直接接收流量,不需要在PW之间转发流量,因为转发会导致环路。这称为水平分割规则。
路由器正在运行MAC学习。一旦MAC地址出现在mac-address-table中,您就只能通过PW将目的MAC地址的帧转发到此MAC地址从中获知的L2VPN PE。这样可避免核心中不必要的流量重复。广播和组播会泛洪到所有PW,以确保所有主机都能收到它们。IGMP监听等功能非常有用,因为它允许组播帧仅发送到具有接收器或组播路由器的PE。这减少了核心层中的流量,尽管仍存在多个相同数据包的副本,当需要向每个PE发送这些数据包时,必须将这些副本发送到每个PE。
必须在虚拟转发实例(VFI)下配置全网状的PW:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
在VFI下配置的PW是在核心中完全网格化的PW。它们是同一水平分割组(SHG)的一部分,以确保在一个PW上接收的帧不会转发到另一个PW。
可以配置接入PW,PW被视为一种AC类型,未在VFI下配置。有关详细信息,请参阅H-VPLS部分。
router2、router3和router4上的配置非常相似,并且所有其它三台路由器都作为VFI下的邻居。
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (23:06:02 ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 234039, sent 7824
bytes: received 16979396, sent 584608
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16049 16042
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 15:57:36 (00:25:29 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 555, sent 285
bytes: received 36308, sent 23064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16050 16040
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:00:56 (00:22:09 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 184, sent 158
bytes: received 12198, sent 14144
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000b
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16051 289974
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225483
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:02:38 (00:20:27 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 137
bytes: received 0, sent 12064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
PW到10.0.0.12的本地标签为16049,这意味着收到的以太网帧带有标签16049。交换决策基于此MPLS标签,因为倒数第二个MPLS跳应该已弹出IGP标签。可能仍有一个明确的空标签,但交换决策基于PW标签:
RP/0/RSP0/CPU0:router1#sh mpls forwarding labels 16049
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ----------
16049 Pop PW(10.0.0.12:2) BD=5 point2point 58226
标签的show mpls forwarding labels命令提供网桥域编号,您可以使用该编号查找目标mac地址和接收数据包的PW(邻居和pw-id)。然后,您可以在mac-address-table中创建指向该邻居的条目:
RP/0/RSP0/CPU0:router1#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a01 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/1/CPU0 0d 0h 0m 0s N/A
4.4.2 PW类型和传输标记
默认情况下,VPLS PW被协商为第5类(以太网)PW。在任何VLAN标记操作(配置rewrite命令时)通过PW发送后进入AC的任何内容。
用于LDP信令的Cisco IOS XR软件版本4.1.0和带BGP的版本4.3.1允许您在邻居下配置pw-class,并在pw-class下配置传输模式vlan passthrough。这将协商虚拟连接(VC)类型4(以太网VLAN)PW,在配置rewrite命令时,PW会传输VLAN标记操作后来自AC的任何内容。
EFP上的VLAN标记操作可确保帧上至少剩有一个VLAN标记,因为如果存在VC类型4 PW,则需要在帧上使用dot1q标记。使用传输模式vlan直通模式时,不会向帧添加虚拟标记0。
不支持在同一VFI下混合使用4类和5类PW。所有PW的类型必须相同。
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.13 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.14 pw-id 2
pw-class VC4-PT
!
!
!
!
!
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail |
i "PW:|PW type"
MAC withdraw for Access PW: enabled
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
4.4.3自动发现和信令
以前的示例基于VFI下所有邻居的手动配置。MPLS LDP用于PW与邻居的信令。
当您向网络添加新的VPLS PE时,请配置PE以将PW分配给其每个本地网桥域中的所有现有PE。然后,必须重新配置所有现有PE以让新PE具有PW,因为所有PE必须完全网格化。随着PE和网桥域数量的增加,这有可能成为运营难题。
一种解决方案是让PE通过BGP自动发现其他PE。虽然IBGP也有全网状要求,但可以通过使用路由反射器来提升它。因此,新的PE通常配置为与少量路由反射器对等,所有其他PE接收其更新,而新PE接收来自其他PE的更新。
为了通过BGP发现其他PE,每个PE都针对vpls-vpws address-family进行配置,并在BGP中通告它们想要参与的网桥域。一旦发现属于同一网桥域的其他PE,即为每个这些PE建立PW。BGP是用于此自动发现的协议。
将PW信令发送到自动发现的PE有两个选项:BGP和LDP。在这些示例中,您使用BGP信令和LDP信令将之前的拓扑转换为BGP自动发现。
4.4.3.1 BGP自动发现和BGP信令
在路由器bgp和邻居(其他PE或路由反射器)下配置address-family l2vpn vpls-vpws:
router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!
新的地址系列对邻居变为活动状态,但没有PE通告其参与桥接域:
RP/0/RSP0/CPU0:router1#sh bgp neighbor 10.0.0.3 | i Address family L2VPN
Address family L2VPN VPLS: advertised and received
P/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 77
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 77 77 77 77 77 77
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 252950 53252 77 0 0 1w0d 0
10.0.0.10 0 65000 941101 47439 77 0 0 00:10:18 0
在L2VPN网桥域配置模式下配置autodiscovery bgp和signaling-protocol bgp。路由器1上的配置如下:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 11
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 11
!
!
!
!
!
!
路由器2上的配置如下:
RP/0/RSP1/CPU0:router2#sh run l2vpn bridge group customer1
Thu May 30 15:25:55.638 CEST
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 13
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 13
!
!
!
!
!
!
每个网桥域的不同PE上的vpn-id和路由目标相同,但每个PE都具有唯一的虚拟边缘标识符(VE-ID)。每个PE通过BGP发现VPN中的其他PE并使用BGP向PW发送信号。结果是全网状PW:
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 103 103 103 103 103 103
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 254944 53346 103 0 0 1w0d 6
10.0.0.10 0 65000 944859 47532 103 0 0 01:40:22 6
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 10.0.0.11:32769 (default for vrf customer1:finance)
*> 11:10/32 0.0.0.0 nolabel 16060
*>i12:10/32 10.0.0.12 16060 nolabel
*>i13:10/32 10.0.0.13 16060 nolabel
*>i14:10/32 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.11:32770 (default for vrf customer1:engineering)
*> 11:10/32 0.0.0.0 nolabel 16075
*>i12:10/32 10.0.0.12 16075 nolabel
*>i13:10/32 10.0.0.13 16075 nolabel
*>i14:10/32 10.0.0.14 289944 nolabel
Route Distinguisher: 10.0.0.12:32768
*>i12:10/32 10.0.0.12 16060 nolabel
* i 10.0.0.12 16060 nolabel
Route Distinguisher: 10.0.0.12:32769
*>i12:10/32 10.0.0.12 16075 nolabel
* i 10.0.0.12 16075 nolabel
Route Distinguisher: 10.0.0.13:32769
*>i13:10/32 10.0.0.13 16060 nolabel
* i 10.0.0.13 16060 nolabel
Route Distinguisher: 10.0.0.13:32770
*>i13:10/32 10.0.0.13 16075 nolabel
* i 10.0.0.13 16075 nolabel
Route Distinguisher: 10.0.0.14:32768
*>i14:10/32 10.0.0.14 289959 nolabel
* i 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.14:32769
*>i14:10/32 10.0.0.14 289944 nolabel
* i 10.0.0.14 289944 nolabel
Processed 14 prefixes, 20 paths
以下是router3通告的前缀(10.0.0.13),如在router1上所见;前缀通过两个路由反射器10.0.0.3和10.0.0.10接收:
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32770 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32770
Versions:
Process bRIB/RIB SendTblVer
Speaker 92 92
Last Modified: May 30 15:10:44.100 for 01:23:38
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 92
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32769 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32769
Versions:
Process bRIB/RIB SendTblVer
Speaker 93 93
Last Modified: May 30 15:10:44.100 for 01:25:02
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 93
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10
Router1已建立一些PW:
RP/0/RSP0/CPU0:router1#sh l2vpn discovery bridge-domain
Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16060 10 10 05/30/2013 15:07:39
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289959 10 10 10.0.0.14 05/30/2013 15:11:22
Bridge group: customer1, bridge-domain: engineering, id: 5, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16075 10 10 05/30/2013 15:08:54
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289944 10 10 10.0.0.14 05/30/2013 15:11:22
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain autodiscovery bgp
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10120, sent 43948
bytes: received 933682, sent 2989896
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000c
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16062 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225484
Create time: 30/05/2013 15:09:52 (01:29:44 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:44 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2679, sent 575
bytes: received 171698, sent 51784
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000e
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16063 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225486
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 11, sent 574
bytes: received 1200, sent 51840
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc0000010
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16064 289960
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225488
Create time: 30/05/2013 15:11:22 (01:28:15 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:15 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 561
bytes: received 0, sent 50454
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243532, sent 51089
bytes: received 17865888, sent 3528732
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000d
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16077 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225485
Create time: 30/05/2013 15:09:52 (01:29:45 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:45 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2677, sent 574
bytes: received 171524, sent 51670
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000f
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16078 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225487
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 17, sent 572
bytes: received 1560, sent 51636
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000011
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16079 289945
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225489
Create time: 30/05/2013 15:11:22 (01:28:16 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:16 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 559
bytes: received 0, sent 50250
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
4.4.3.2 BGP自动发现和LDP信令
使用address-family l2vpn vpls-vpws命令的BGP配置与BGP信令的配置完全相同。修改L2VPN配置,以便通过signaling-protocol ldp命令使用LDP信令。
所有四个PE上使用相同的配置:
router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol ldp
vpls-id 65000:3
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol ldp
vpls-id 65000:2
!
!
!
!
!
!
vpls-id由BGP自治系统(AS)编号和vpn-id组成。
来自router1的三个show命令说明已使用发现的PE建立了PW:
RP/0/RSP0/CPU0:router1#sh l2vpn discovery
Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3,
signaling protocol: LDP
VPLS-ID: 65000:3
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46
Bridge group: customer1, bridge-domain: engineering, id: 5,
signaling protocol: LDP
VPLS-ID: 65000:2
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10362, sent 45038
bytes: received 956240, sent 3064016
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:3
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000003
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16006 16033
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:3 65000:3
Group ID 0x3 0x0
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225475
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:25 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 40
bytes: received 12160, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16016 16020
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:22 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16049 289970
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 30/05/2013 17:11:46 (00:05:04 ago)
Last time status changed: 30/05/2013 17:11:51 (00:04:59 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243774, sent 52179
bytes: received 17888446, sent 3602852
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned (Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:2
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16027 16042
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:2 65000:2
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:26 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 41
bytes: received 12160, sent 3690
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16043 16021
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:2 65000:2
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:23 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16050 289974
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:2 65000:2
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 30/05/2013 17:11:46 (00:05:05 ago)
Last time status changed: 30/05/2013 17:11:51 (00:05:00 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
4.4.4 MAC刷新和撤消
VPLS中的转发基于mac-address-table,该表通过获取收到的帧的源MAC地址动态构建。如果网桥域中的拓扑发生更改,主机可能会通过不同的AC或VPLS邻居到达。如果继续根据现有mac-address-table转发帧,该主机的流量可能无法到达其目的地。
对于L2VPN PE,有多种方法可以检测拓扑更改:
- 网桥域中的端口会打开或关闭。
- 当L2VPN PE运行完整的MST实施或生成树接入网关协议时,会处理生成树拓扑更改通知(TCN)BPDU。故障链路可能不是PE上的本地链路,而可能是拓扑中更远的链路。PE拦截TCN。
当L2VPN PE检测到拓扑更改时,它会采取两种操作:
- PE刷新受拓扑更改影响的网桥域的mac-address-table。当为PVSTAG或每VLAN快速生成树接入网关(PVRSTAG)配置PE时,在一个VLAN子接口中检测到的TCN BPDU将影响该物理接口上的所有VLAN和网桥域。
- PE通过MPLS LDP MAC撤销消息向VPLS邻居发出信号,告知它们应刷新其mac-address-table。收到MAC撤销LDP消息的所有远程L2VPN PE会刷新其mac-address-table,流量会再次泛洪。根据新拓扑重建mac-address-tables。
端口抖动随时间变化时,MAC撤销消息的默认行为会发生变化:
- 传统上,在Cisco IOS XR软件中,L2VPN PE在AC关闭时发送MAC撤销消息。目的是让远程PE刷新受影响网桥域的MAC地址表,以便从另一个端口获取指向被关闭端口后面的MAC地址。
- 但是,这给一些遵循RFC 4762的远程PE带来了互操作性问题,并清除指向所有PE(发送MAC撤销消息的PE除外)的MAC地址。RFC 4762假定PE会在AC启动时发送MAC撤销消息,但在AC关闭时不会发送。在Cisco IOS XR软件版本4.2.1之后,默认行为是仅在网桥域端口启动时发送LDP MAC撤销消息,以便更好地遵守RFC。添加了配置命令以恢复到旧行为。
这是在Cisco IOS XR软件版本4.2.1之后具有默认行为的show命令:
RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain bd-name engineering det |
i "PW:|VFI|neighbor|MAC w"
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 4
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 2
VFI Statistics:
重要的一行是“桥接端口关闭时发送的MAC撤消”,在Cisco IOS XR软件版本4.2.1之后,默认情况下会禁用此字段。该命令还会提供网桥域中发送和接收的MAC撤销消息的数量。大量退出消息表示网桥域不稳定。
这是恢复为旧行为的配置:
l2vpn
bridge group customer1
bridge-domain finance
mac
withdraw state-down
!
!
!
!
4.4.5 H-VPLS
VPLS要求在L2VPN PE之间使用全网状PW,以确保任何PE在一跳中能够到达任何其他PE后面的主机,而无需一个PE将帧从一个PW反射到另一个PW。这是水平分割规则的基础,它可防止PE将帧从一个PW转发到另一个PW。即使在特殊情况下,如果mac-address-table中的目的MAC地址指向另一个PW,帧也会被丢弃。
全网状的PW意味着PW的数量可能随着PE数量的增长而变得非常多,因此这可能带来可扩展性问题。
您可以使用分层的PE减少此拓扑中的PW数量:
在此拓扑中,请注意:
- 用户提供商边缘(U-PE)设备具有到CE的AC。
- U-PE设备通过MPLS点对点PW将CE流量传输到网络提供商边缘(N-PE)设备。
- N-PE是与其他N-PE完全网格化的核心VPLS PE。
- 在N-PE上,来自U-PE的PW被视为访问PW,非常类似于AC。U-PE与其他N-PE不是网状的一部分,因此N-PE可以将接入PW视为AC,并将流量从该接入PW转发到作为VPLS全网状的一部分的核心PW。
- N-PE之间的核心PW在VFI下配置,以确保水平分割规则应用于在VFI下配置的所有核心PW。
- 来自U-PE的接入PW未在VFI下配置,因此它们不属于与VFI PW相同的SHG。流量可以从接入PW转发到VFI PW,反之亦然。
- U-PE可以使用PW冗余功能将主PW分配给主N-PE,并将备用PW分配给备用N-PE。当主PW关闭时,备用设备将接管。
以下示例为U-PE1(10.0.0.15)配置了N-PE1(10.0.0.11)和N-PE2(10.0.0.12)的PW冗余:
RP/0/RP0/CPU0:U-PE1#sh run int ten 0/1/0/5.2
interface TenGigE0/1/0/5.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RP0/CPU0:U-PE1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p engineering-0-1-0-5
interface TenGigE0/1/0/5.2
neighbor 10.0.0.11 pw-id 15
backup neighbor 10.0.0.12 pw-id 15
!
!
!
!
!
RP/0/RP0/CPU0:U-PE1#sh l2vpn xconnect group customer1
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- -----------------------------
customer1 engineering-0-1-0-5
UP Te0/1/0/5.2 UP 10.0.0.11 15 UP
Backup
10.0.0.12 15 SB
---------------------------------------------------------------------------------
通向10.0.0.12的PW处于备用状态。在N-PE1上,有一个通向10.0.0.15的接入PW和一个不在VFI下的AC。
N-PE1正在通过接入PW和VFI PW获取一些MAC地址:
RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: up, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:N-PE1#sh l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A
在N-PE2(10.0.0.12)上,接入PW处于备用状态:
RP/0/RSP0/CPU0:N-PE2#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE2#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 1, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: standby, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
4.4.6水平分割组(SHG)
水平分割规则规定在一个VFI PW上接收的帧不能通过另一个VFI PW转发。VFI N-PE应全网状。
此水平分割通过SHG实施:
- 来自一个SHG的成员无法相互转发帧,但可以将帧转发到其他SHG的成员。
- 默认情况下,所有VFI PW都分配给SHG 1。这可确保VFI PW之间没有转发,以便实施水平分割规则。在VFI PW上接收的数据包可以转发到AC和访问PW,因为它们不是同一SHG的一部分。
- 默认情况下,所有AC和接入PW都不属于SHG组,这意味着在AC或接入PW上接收的数据包可以转发到同一网桥域中的另一个AC或接入PW。
- 如果目标是防止在AC和访问PW之间转发,则可以使用split-horizon group命令将AC和访问PW分配给SHG 2。
RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
split-horizon group
!
interface GigabitEthernet0/1/0/3.2
split-horizon group
!
neighbor 10.0.0.15 pw-id 15
split-horizon group
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
在此配置中,Gi 0/0/0/1.2和Gi 0/1/0/3.2、Gi 0/0/0/1.2和10.0.0.15或Gi 0/1/0/3.2和10.0.0.15之间没有转发。但是,AC和VFI PW之间仍然可以转发流量,因为它们属于不同的SHG(1和2)。
RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering detail |
i "state is|List of|VFI|Split"
Split Horizon Group: none
ACs: 2 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/0/0/1.2, state is unresolved
Split Horizon Group: enabled
AC: GigabitEthernet0/1/0/3.2, state is up
Split Horizon Group: enabled
List of Access PWs:
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
Split Horizon Group: enabled
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
VFI Statistics:
4.4.7冗余
在尝试引入冗余时,您可能有一个双连接到VPLS域的站点:
如果连接到switch1的主机发送广播,switch1会将其转发到router1和switch2。Router1具有全网状PW,因此有PW到router2,而router1通过该PW转发广播。Router2将广播转发到switch2,交换机2再将其转发到switch1。这会导致物理环路。
4.4.7.1生成树
完整MST实现不适用于VPLS,因为该实现在主接口上发送MST BPDU,以便控制该接口上所有VLAN的转发状态。使用VPLS时,每个网桥域都有VFI,因此您不能在主接口上发送所有这些VFI的BPDU。
默认情况下,生成树BPDU通过VPLS和点对点PW传输。
如果switch1和switch2发送每VLAN BPDU或未标记的MST BPDU,并且如果BPDU与router1和router2上的l2传输子接口匹配,则通过VPLS传输BPDU。交换机在Gi 0/1接口上看到彼此的BPDU,生成树会中断环路并阻塞一个端口。
Switch2是VLAN 2的根:
switch2#sh spanning-tree vlan 2
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0024.985e.6a00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Desg FWD 20000 128.1 P2p Bound(PVST)
Gi0/2 Desg FWD 20000 128.2 P2p Bound(PVST)
交换机1的根端口位于Gi 0/1上,并且阻塞了Gi 0/2:
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p
问题在于BPDU也传输到远程站点,并且一个站点中的生成树不稳定性传播到连接到VPLS域的所有站点。隔离每个站点而不通过VPLS传输BPDU更安全。
一种解决方案是使用STP的接入网关版本。这是协议的有限实施,其中L2VPN PE配置为发送一些静态BPDU,以便显示为连接到生成树根。L2VPN PE不会将从CE收到的BPDU传输到远程站点,因此每个站点都有自己的生成树域。
4.4.7.2 MSTAG
如生成树部分所述,MST发送未标记的BPDU,但是这些BPDU控制接口上所有VLAN的转发状态。
VLAN可以分组到多个实例中,每个实例都有自己的转发状态。
VLAN通常分组,以便流量可以在多条路径之间均匀分布。当有两条路径时,一半的流量属于在第一条路径上转发而在第二条路径上阻塞的实例。另一半流量属于在第一个路径上阻塞并在第二个路径上转发的一个实例。这允许在稳定条件下两条路径之间的负载均衡。否则,有一个路径通常被完全阻止,并且仅在主路径关闭时才会变为活动状态。
以下是典型的MSTAG拓扑:
在本实验示例中,实例1具有VLAN 2,实例0具有其他VLAN。(在更实际的场景中,VLAN在多个实例之间分布,以便在实例之间实现良好的流量负载均衡。) 由于某些VLAN的流量比其他VLAN要多得多,因此每个实例中的VLAN数量并不总是相同。
这是MST实例0的配置:
- Router1和router2根据MSTAG配置发送一些静态BPDU。它们不会处理来自网络的传入BPDU或尝试运行完整实施。使用MSTAG时,两个L2VPN PE仅根据它们的MSTAG配置发送静态BPDU。
- 配置Router1的目的是通过显示为实例0的根来吸引该实例的流量。
- Router2被配置为实例0的次佳根优先级,因此在router1发生故障或switch1与router1之间发生AC故障时,它成为新的根。
- 在通向router2的端口Gi 0/1上为Switch2配置了较高的生成树开销,以确保其通向根的主路径位于Gig 0/2上通过switch1和router1。
- Switch2选择Gi 0/2作为instance0的根端口,并选择Gi 0/1作为备用端口,以防根端口丢失。
- 因此,来自属于实例0的VLAN中该站点的流量通过router1到达VPLS上的其他站点。
对于MST实例1(VLAN 2),配置与之相反:
- 配置Router2的目的是通过显示为实例1的根来吸引该实例的流量。
- Router1配置了实例1的次佳根优先级,因此在router2发生故障或switch2与router2之间发生AC故障时,它成为新的根。
- 在通向router1的端口Gi 0/1上为Switch1配置了较高的生成树开销,以确保其通向根的主路径位于Gig 0/2上通过switch2和router2。
- 交换机1选择Gi 0/2作为实例1的根端口,并选择Gi 0/1作为备用端口,以防根端口丢失。
- 因此,来自属于实例1的VLAN(本示例中的VLAN 2)中该站点的流量通过router2到达VPLS上的其他站点。
- 路由器1和路由器2上必须有子接口,才能捕获未标记的TCN并通过点对点PW将其转发到另一台路由器。因为switch1和switch2可能会丢失其直接链路并相互隔离,所以router1和router2必须通过该点对点PW转发它们之间的TCN。
- PE还会拦截TCN,刷新其mac-address-table,并将LDP MAC撤销发送到远程PE。
这是router1上的配置:
RP/0/RSP0/CPU0:router1#sh run int gigabitEthernet 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!
RP/0/RSP0/CPU0:router1#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0001
instance 0
root-id 0000.0000.0001
priority 4096
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 8192
root-priority 4096
!
!
!
RP/0/RSP0/CPU0:router1#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0001
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3048
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 369
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 322
在此配置中,请注意:
- 在MST实例0中,根网桥为0000.0000.0001,即router1的网桥ID。
- 在MST实例1中,根网桥为0000.0000.0002,即router2的网桥ID。
- 路由器1的网桥优先级在实例0中为4096(成为根),在实例1中为8192(成为次优根)。
- 路由器1的网桥优先级在实例0中为8192(成为次优根),在实例1中为4096(成为根)。
- GigabitEthernet0/1/0/3.1上的点对点交叉连接将无标记的MST TCN传输到另一台路由器。
在dot1q子接口上配置了出口ACL,以便丢弃尚未迁移到MST的另一个站点可能发送的每VLAN BPDU。此配置可防止CE交换机在为MST配置的接口上收到每VLAN BPDU时声明接口不一致。
Router2的配置非常相似:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!
RP/0/RSP0/CPU0:router2#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0002
instance 0
root-id 0000.0000.0001
priority 8192
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 4096
root-priority 4096
!
!
!
RP/0/RSP0/CPU0:router2#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0002
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3186
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 365
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 177
这是交换机1上的基本配置:
switch1#sh run | b spanning-tree
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch1#sh run int gig 0/1 | i spanning
spanning-tree mst 1 cost 100000
switch1#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p
因此,实例0中的流量通过router1转发,实例1中的流量通过switch2和router2转发。
switch2的配置使用的命令与switch1相同:
switch2#sh run | b spanning
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch2#sh run int gig 0/1 | i spanning
spanning-tree mst 0 cost 100000
switch2#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
对于实例0,交换机2通过switch1和router1,对于实例1,则通过router2。
流量负载均衡,因为一个实例通过router1离开站点,另一个实例通过router2离开站点。
如果router1和switch1之间的链路断开,则两个实例都会通过router2。
switch1#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p
switch2#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 100000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
在这种故障类型下可以实现快速收敛,因为通过次优根的路径已被选为备用路径。使用MSTAG时,MST BPDU不会通过VPLS传输,因此站点会与其他站点的不稳定性隔离开来。
4.4.7.3 PVSTAG或PVRSTAG
MSTAG是VPLS的首选接入网关协议,因为它使用快速生成树,并且由于使用实例而不是每个VLAN上的BPDU即可扩展。
如果站点无法迁移到MST,并且唯一的解决方案是继续运行PVST+或PVRST,您可以使用PVSTAG或PVRSTAG,但实施仅限于一个特定的拓扑:
在此拓扑中,最重要的限制是只能有一个CE交换机。不能像MSTAG拓扑中那样拥有两台交换机。在MSTAG中,您可以配置点对点PW,以便在站点拆分为两个部分时将无标记流量(包括BPDU TCN)从一个PE传输到另一个PE。使用PVST和PVRST时,TCN会进行标记,以便它们与要通过VPLS传输的数据流量相同的子接口匹配。路由器必须根据MAC地址和协议类型识别BPDU,才能将TCN转发到另一端。由于当前不支持此功能,因此要求只有一个CE设备。
早于Cisco IOS XR软件版本4.3.0的版本中的另一个要求是捆绑接口不能用作AC。此限制已在Cisco IOS XR软件版本4.3.0中取消。
其原理与MSTAG基本相同。PVSTAG路由器发送静态BPDU,使CE看起来已连接到直接连接到(虚拟)根的交换机,且开销为0。为了对流量进行负载均衡,可以为router3上的某些VLAN配置根,为router4上的其他VLAN配置根。
以下是router3的配置示例:
RP/0/RSP1/CPU0:router3#sh run int gigabitEthernet 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP1/CPU0:router3#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0001
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0001
!
!
!
RP/0/RSP1/CPU0:router3#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0
以下是router4的配置示例:
RP/0/RSP1/CPU0:router4#sh run int gig 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router4#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!
RP/0/RSP1/CPU0:router4#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0002
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0002
!
!
!
RP/0/RSP1/CPU0:router4#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0
以下是CE交换机3上的配置示例:
switch3#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p
switch3#sh spanning-tree vlan 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 4 128.1 P2p
Gi0/2 Root FWD 4 128.2 P2p
PVSTAG的配置与MSTAG非常相似,不同之处在于在MSTAG示例中,根优先级和主网关的优先级配置为4096,备用网关的优先级配置为8192。
域中的所有其他交换机的优先级应高于PVSTAG或PVRSTAG中配置的优先级。
您可以调整CE交换机上的接口开销,以影响哪个端口成为根端口以及哪个端口被阻塞。
4.4.7.4 MC-LAG
使用VPLS的MC-LAG配置比使用双向PW冗余的点对点PW更简单。PE不需要一个主PW和三个备用PW,而只需全网状VPLS PW(VPLS标准配置):
在此拓扑中,请注意:
- MC-LAG在左侧两个VPLS PE之间运行:router2和router4。
- 在正常情况下,捆绑成员在router1和router2之间处于活动状态,在router1和router4之间处于备用状态。
- Router2在VPLS网桥域下配置了捆绑子接口,因此router2将流量转发到远程VPLS PE。拓扑图中显示了两个站点,但可能还有更多站点。
- 远程PE通过router2从router1和router2后面的设备获取MAC地址,因此PE通过router2为这些目的MAC地址转发流量。
- 当router1和router2之间的链路断开或router2断开时,router1和router4之间的捆绑成员将变为活动状态。
- 与路由器2类似,路由器4在VPLS网桥域下配置了它的捆绑子接口。
- 当捆绑子接口在router4上打开时,router4会向远程VPLS PE发送LDP MAC撤销消息,以便让它们知道存在拓扑更改。
这是router3上的配置:
RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
配置MC-LAG捆绑后,将其添加到与任何其他AC一样的VPLS配置下。
这是router5上的相应配置:
RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router5#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!
在正常情况下,router3和router6之间的捆绑成员处于活动状态,router5和router6之间的成员处于备用状态:
RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x0001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8000, 0xa002 1000000
Link is marked as Standby by mLACP peer
RP/0/RSP1/CPU0:router3#
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+---------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)
router6#
来自CE的流量在router3上收到并转发到远程PE:
RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP1/CPU0:router3#sh l2vpn forwarding bridge-domain customer1:
engineering mac location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
001d.4603.1f01 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
最后一个命令说明router3正在学习其捆绑包上的某些MAC地址,而活动成员位于router3上。在router5上,没有通过捆绑获知的MAC地址,因为本地成员处于备用状态:
RP/0/RSP1/CPU0:router5#sh l2vpn forwarding bridge-domain customer1:engineering
mac location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f01 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A
当router3和router6之间的捆绑成员断开时,该捆绑成员在router5上变为活动状态。MC-LAG VPLS PE发送LDP MAC撤销消息,以便远程PE清除其mac-address-table,并通过新的活动MC-LAG PE路由器5获取MAC地址。
当活动MC-LAG捆绑成员从router3移动到router5时,Router2从router3和router5收到MAC撤销消息:
RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1 detail |
i "state is|withd|bridge-domain"
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/1/0/3.3, state is up
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/0/0/1.2, state is unresolved
AC: GigabitEthernet0/1/0/3.2, state is up
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
MAC withdraw message: send 2 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1
router2的MAC地址从router3(10.0.0.13)移动到router5(10.0.0.14):
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f02 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A
使用MC-LAG,站点可以使用单个捆绑包通过VPLS连接到其他站点。MC-LAG提供链路和PE冗余,但在逻辑上,它仍是一个用于到达其他站点的捆绑接口。该捆绑包不需要生成树,而且可以在CE上配置BPDU过滤器以确保BPDU不会在VPLS上的站点之间交换。
另一个选项是在捆绑包上的AC上配置以太网服务访问列表,以丢弃BPDU的目标MAC地址,从而不会在站点之间传输BPDU。但是,如果在站点之间引入后门链路,则生成树无法断开环路,因为它未在MC-LAG捆绑包上运行。因此,请仔细评估是否禁用MC-LAG捆绑包上的生成树。如果站点之间的拓扑得到精心维护,最好通过MC-LAG提供冗余,而无需生成树。
4.4.7.5 ASR 9000 nV边缘集群
MC-LAG解决方案提供了冗余,而无需使用生成树。一个缺点是,一个MC-LAG PE的捆绑成员处于备用状态,因此这是一个主用 — 备用解决方案,不能最大限度地提高链路利用率。
另一个设计选项是使用ASR 9000 nV边缘集群,这样CE可以同时拥有每个集群机架的捆绑成员,这些成员都处于活动状态:
此解决方案的另一个优点是减少了PW的数量,因为每个站点上的每个群集只有一个PW。当每个站点有两个PE时,每个PE必须为每个站点上的两个PE各有一个PW。
配置的简单性是另一个优点。该配置看起来就像一个非常基本的VPLS配置,具有带捆绑包AC和VFI PW的网桥域:
RP/1/RSP0/CPU0:router2#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 2 / 0 / 2
Local bandwidth : 20000000 (20000000) kbps
MAC address (source): 0024.f71e.d309 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64
Wait while timer: 2000 ms
Load balancing: Default
LACP: Not operational
Flap suppression timer: Off
Cisco extensions: Disabled
mLACP: Not configured
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------- ----------- -------------- ----------
Te0/0/0/8 Local Active 0x8000, 0x0005 10000000
Link is Active
Te1/0/0/8 Local Active 0x8000, 0x0001 10000000
Link is Active
RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.2
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.3
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/1/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/1/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
冗余由连接到两个机架的捆绑AC提供,以便在捆绑成员故障或机架故障时捆绑保持运行。
当站点仅通过集群连接到VPLS域时,其拓扑与MC-LAG关于生成树的拓扑类似。因此,该捆绑包不需要生成树,而且可以在CE上配置BPDU过滤器,以确保BPDU不会在VPLS上的站点之间交换。
另一个选项是在捆绑包上的AC上配置以太网服务访问列表,以丢弃BPDU的目标MAC地址,从而不会在站点之间传输BPDU。但是,如果在站点之间引入后门链路,则生成树无法断开环路,因为它未在CE-PE捆绑包上运行。因此,请仔细评估是否禁用该CE-PE捆绑包上的生成树。如果站点之间的拓扑得到精心维护,最好能够通过集群提供冗余,而无需生成树。
4.4.7.6基于ICCP的服务多宿主(ICCP-SM)(PMCLAG(伪MCLAG)和主用/主用)
版本4.3.1中引入了一项新功能,以克服MC-LAG的限制,MC-LAG的一些捆绑链路在保持备用模式时未使用。在称为伪MCLAG的新功能中,从DHD到附件点(PoA)的所有链路都在使用中,但VLAN在不同的捆绑包之间拆分。
4.5流量风暴控制
在L2广播域中,存在主机行为不正常并发送广播或组播帧速率很高的风险,广播或组播帧必须在网桥域中的任意位置泛洪。另一个风险是创建L2环路(不会被生成树打破),这会导致广播和组播数据包环路。广播和组播数据包的速率高会影响广播域中主机的性能。
将一个输入帧(广播、组播或未知单播帧)复制到网桥域中的多个出口端口也可能影响网络中的交换设备的性能。创建同一数据包的多个副本可能需要占用大量资源,具体取决于设备内必须复制数据包的位置。例如,由于交换矩阵的组播复制功能,将广播复制到多个不同插槽不是问题。当网络处理器必须在网络处理器处理的某些端口上发送同一数据包的多个副本时,网络处理器的性能可能会受到影响。
为了在风暴时保护设备,流量风暴控制功能允许您配置网桥域AC上接受的最大广播、组播和未知单播速率。有关详细信息,请参阅在VPLS网桥下实施流量风暴控制。
捆绑式AC接口或VFI PW不支持流量风暴控制,但非捆绑式AC和接入PW支持流量风暴控制。默认情况下禁用该功能;除非设置风暴控制,否则您接受任何广播速率、组播和未知单播。
以下是配置示例:
RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
neighbor 10.0.0.15 pw-id 15
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
vfi customer1-engineering
neighbor 10.0.0.10 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1w1d ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 5 (5 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control:
Broadcast: enabled(1000)
Multicast: enabled(10000)
Unknown unicast: enabled(10000)
Static MAC addresses:
Statistics:
packets: received 251295, sent 3555258
bytes: received 18590814, sent 317984884
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
<snip>
风暴控制丢弃计数器始终出现在show l2vpn bridge-domain detail命令的输出中。由于默认情况下禁用该功能,因此仅当配置该功能后,计数器才会开始报告丢弃。
配置的速率可能因不同网络之间的流量模式而异。在配置速率之前,Cisco建议您了解正常情况下广播、组播或未知单播帧的速率。然后,在高于正常速率的已配置速率中添加一个余量。
4.6 MAC移动
如果网络不稳定(例如接口抖动),则可以从新接口获取MAC地址。这是正常的网络融合,mac-address-table会动态更新。
但是,MAC的不断移动通常表示网络不稳定,例如L2环路期间出现严重的不稳定性。通过MAC地址安全功能,您可以报告MAC移动并采取纠正措施,例如关闭违规端口。
即使未配置纠正措施,您也可以配置logging命令,以便通过MAC移动消息警告您网络不稳定:
l2vpn
bridge group customer1
bridge-domain engineering
mac
secure
action none
logging
!
!
在本示例中,操作配置为none,因此当检测到MAC移动时,除了记录系统日志消息之外,不会执行任何操作。以下是示例消息:
LC/0/0/CPU0:Dec 13 13:38:23.396 : l2fib[239]:
%L2-L2FIB-5-SECURITY_MAC_SECURE_VIOLATION_AC : MAC secure in AC
GigabitEthernet0_0_0_4.1310 detected violated packet - source MAC:
0000.0000.0001, destination MAC: 0000.0001.0001; action: none
4.7 IGMP和MLD监听
默认情况下,组播帧会泛洪到网桥域中的所有端口。当您使用IP电视(IPTV)服务等高速率流时,所有端口上可能会转发大量流量并通过多个PW进行复制。如果通过一个接口转发所有电视流,则端口可能会拥塞。唯一的选项是配置诸如IGMP或MLD监听的功能,该功能会拦截组播控制数据包,以便跟踪接收器和组播路由器,并仅在适当时转发端口上的流。
有关这些功能的详细信息,请参阅Cisco ASR 9000系列路由器IOS XR版本7.9.x的组播配置指南。
5.其他L2VPN主题
5.1负载均衡
当L2VPN PE需要通过MPLS PW发送帧时,以太网帧被封装到具有一个或多个MPLS标签的MPLS帧中;至少有一个PW标签,可能还有一个IGP标签以便到达远程PE。
MPLS帧通过MPLS网络传输到远程L2VPN PE。通常有多条路径可到达目标PE:
PE1可以在P1和P2之间选择作为通向PE2的第一台MPLS P路由器。如果选择P1,则PE1在P3和P4之间选择,依此类推。可用路径基于IGP拓扑和MPLS TE隧道路径。
MPLS服务提供商更愿意均衡利用所有链路,而不是使用一条拥塞链路和其他未充分利用链路。由于某些PW比其他PW传输更多流量,并且因为PW流量采用的路径取决于核心中使用的散列算法,因此这一目标并非总是很容易实现。多个高带宽PW可能散列到同一条链路,从而导致拥塞。
一个非常重要的要求是,来自一个流的所有数据包都应该遵循相同的路径。否则,会导致帧顺序混乱,从而可能影响应用程序的质量或性能。
思科路由器上MPLS网络中的负载均衡通常基于底部MPLS标签之后的数据。
- 如果紧接底部标签后的数据以0x4或0x6开头,则MPLS P路由器会假设MPLS数据包内存在IPv4或IPv6数据包,并尝试根据从帧中提取的源和目标IPv4或IPv6地址的散列值进行负载均衡。理论上,这不应适用于封装并通过PW传输的以太网帧,因为目的MAC地址遵循底部标签。但最近已分配了以0x4和0x6开头的一些MAC地址范围。MPLS P路由器可能错误地认为以太网报头实际上是IPv4报头,并根据它假定IPv4源地址和目的地址对帧进行散列。来自PW的以太网帧可能会在MPLS核心中的不同路径上散列,这会导致PW中的帧顺序混乱和应用质量问题。解决方案是在pw-class下配置控制字,该控制字可以附加到点对点或VPLS PW。控制字在MPLS标签之后立即插入。控制字不以0x4或0x6开头,因此避免了问题。
RP/1/RSP0/CPU0:router#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
pw-class control-word
encapsulation mpls
control-word
!
!
bridge group customer1
bridge-domain engineering
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
pw-class control-word
!
<snip>
RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
<snip>
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
PW class control-word, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.10
PW type Ethernet, control word enabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 281708 16043
Group ID 0x4 0x5
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word enabled enabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x7 0x7
(control word) (control word)
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------ - 如果MPLS标签堆栈底部之后立即出现的数据不以0x4或0x6开头,则P路由器会根据底部标签进行负载均衡。来自一个PW的所有流量都遵循同一路径,因此不会出现无序数据包,但是这可能会导致某些链路在高带宽PW的情况下出现拥塞。使用Cisco IOS XR软件版本4.2.1,ASR 9000支持流量感知传输(FAT)PW功能。此功能在L2VPN PE上运行,它是在点对点或VPLS PW的两端协商的。入口L2VPN PE检测AC和L2VPN配置上的流,并在MPLS标签堆栈底部的PW MPLS标签下插入新的MPLS流标签。入口PE根据源和目的MAC地址(默认)或源和目的IPv4地址(可配置)检测流量。默认情况下使用MAC地址;建议使用IPv4地址,但必须手动配置。
利用FAT PW功能,入口L2VPN PE每个src-dst-mac或src-dst-ip插入一个底部MPLS标签。MPLS P路由器(在PE之间)在可用路径上散列帧,然后根据MPLS堆栈底部的该FAT PW流标签到达目标PE。这通常可以在核心层提供更好的带宽利用率,除非PW仅传输少量src-dst-mac或src-dst-ip会话。Cisco建议您使用控制字,这样可以避免在流标签之后立即出现以0x4和0x6开头的MAC地址。这可确保哈希值基于伪IP地址而不基于流标签。
通过此功能,来自一个PW的流量在可用时通过核心中的多条路径进行负载均衡。应用流量不会受到无序数据包的影响,因为从同一源(MAC或IP)发往同一目标(MAC或IP)的所有流量都遵循同一路径。
以下是一个配置示例:
l2vpn
pw-class fat-pw
encapsulation mpls
control-word
load-balancing
flow-label both
!
!
!
bridge group customer1
bridge-domain engineering
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
pw-class fat-pw
RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
<snip>
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
PW class fat-pw, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.10
PW type Ethernet, control word enabled, interworking none
Sequencing not set
Load Balance Hashing: src-dst-ip
Flow Label flags configured (Tx=1,Rx=1), negotiated (Tx=1,Rx=1)
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 281708 16043
Group ID 0x4 0x5
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word enabled enabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x7 0x7
(control word) (control word)
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
5.2日志记录
可以在L2VPN配置模式下配置不同类型的日志消息。配置l2vpn日志记录以接收L2VPN事件的系统日志警报,并配置日志记录伪线,以确定PW状态何时更改:
l2vpn
logging
bridge-domain
pseudowire
nsr
!
如果配置了许多PW,消息可能会泛洪日志。
5.3 ethernet-services access-list
您可以使用ethernet-services access-list丢弃来自特定主机的流量,或验证路由器是否从l2transport接口上的主机获取数据包:
RP/0/RSP0/CPU0:router#sh run ethernet-services access-list count-packets
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3
20 permit any any
!
RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group count-packets egress
!
RP/0/RSP0/CPU0:router#sh access-lists ethernet-services count-packets
hardware egress location 0/1/CPU0
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3 (5 hw matches)
20 permit any any (30 hw matches)
只能使用hardware关键字查看硬件匹配项。根据access-group的方向使用ingress或egress关键字。还指定了应用访问列表的接口的线路卡位置。
您还可以将ipv4访问列表应用于l2transport接口作为安全或故障排除功能:
RP/0/RSP0/CPU0:router#sh run ipv4 access-list count-pings
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2
20 permit ipv4 any any
!
RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ipv4 access-group count-pings ingress
!
RP/0/RSP0/CPU0:router#sh access-lists ipv4 count-pings hardware ingress
location 0/1/CPU0
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2 (5 hw matches)
20 permit ipv4 any any (6 hw matches)
5.4以太网出口过滤器
在AC的出口方向上,假设没有用于确定出口VLAN标记的rewrite ingress tag pop <> symmetric命令。在这种情况下,根据encapsulation命令,不会进行检查以确保传出帧具有正确的VLAN标记。
以下是一个配置示例:
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
!
interface GigabitEthernet0/1/0/39.2 l2transport
encapsulation dot1q 2
!
l2vpn
bridge group customer2
bridge-domain test
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/3.3
!
interface GigabitEthernet0/1/0/39.2
!
!
!
!
在此配置中,请注意:
- GigabitEthernet0/1/0/39.2上收到的带有dot1q标记2的广播会保留其传入标记,因为没有rewrite ingress命令。
- 该广播被dot1q标记2从GigabitEthernet0/1/0/3.2泛洪出去,但这不会造成问题,因为GigabitEthernet0/1/0/3.2也配置了dot1q标记2。
- 该广播也从GigabitEthernet0/1/0/3.3泛洪出去,从而保留其原始标记2,因为GigabitEthernet0/1/0/3.3上没有rewrite命令。GigabitEthernet0/1/0/3.3上的encapsulation dot1q 3命令在出口方向上未选中。
- 结果是,对于GigabitEthernet0/1/0/39上收到带有tag 2的一个广播,有两个带有tag 2的广播从GigabitEthernet0/1/0/3转出。重复流量可能会引起一些应用问题。
- 解决方案是配置ethernet egress-filter strict,以确保数据包离开子接口时具有正确的VLAN标记。否则,数据包不会转发或丢弃。
interface GigabitEthernet0/1/0/3.2 l2transport
ethernet egress-filter strict
!
interface GigabitEthernet0/1/0/3.3 l2transport
ethernet egress-filter strict
!
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
07-Aug-2013 |
初始版本 |
反馈