配置不同TLOC颜色之间的连接
简介
本文档介绍允许用户在不同传输位置(TLOC)颜色之间实现连接的配置。
先决条件
要求
Cisco 建议您了解以下主题:
- 对Viptela软件定义广域网解决方案的基本理解
- vSmart路由策略
- 重叠管理协议(OMP)
使用的组件
本文档不限于特定的软件和硬件版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
背景信息
当用户有不同连接的站点无法在它们之间建立隧道时(例如多协议标签交换(MPLS)颜色(MPLS L3虚拟专用网(VPN)连接)和互联网/长期演进(LTE)(来自互联网服务提供商(ISP)或3G/LTE连接的通用互联网连接),此配置会非常有用。 如果在一个办公室中,您只有MPLS连接,而在另一个办公室中仅有互联网连接,但如果有某个站点同时连接了两种颜色,则两个远程办公室将无法在它们之间形成隧道,因此,通过从此双连接站点通告的默认或汇总路由,可以轻松实现。
配置
所有站点都使用单个VPN 40。下表汇总了所有3个vEdge上的系统设置:
| 主机名 | 站点ID | system-ip |
| vedge1 | 40 | 192.168.30.4 |
| vedge2 | 50 | 192.168.30.5 |
| vedge3 | 60 | 192.168.30.6 |
网络图
配置
以下是在vSmart上应用的配置,以允许站点之间的连接:
policy
lists
site-list sites_ve1_40_ve3_60
site-id 40
site-id 60
!
control-policy ROUTE_LEAK
sequence 10
match route
site-list sites_ve1_40_ve3_60
!
action accept
set
service vpn 40
!
!
!
default-action accept
!
apply-policy
site-list sites_ve1_40_ve3_60
control-policy ROUTE_LEAK out
!
!
验证
使用本部分可确认配置能否正常运行。
应用控制策略之前:
vedge1# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 connected - ge0/1 - - - - - F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
vedge2# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.4 mpls ipsec F,S
40 192.168.50.0/24 connected - ge0/2 - - - - - F,S
40 192.168.60.0/24 omp - - - - 192.168.30.6 lte ipsec F,S
vedge3# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.50.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.60.0/24 connected - ge0/1 - - - - - F,S
在vSmart上的apply-policy部分应用策略后:
vedge1# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 connected - ge0/1 - - - - - F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
40 192.168.60.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
vedge2# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.4 mpls ipsec F,S
40 192.168.50.0/24 connected - ge0/2 - - - - - F,S
40 192.168.60.0/24 omp - - - - 192.168.30.6 lte ipsec F,S
vedge3# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.60.0/24 connected - ge0/1 - - - - - F,S
故障排除
本部分提供了可用于对配置进行故障排除的信息。
检查OMP路由是否显示在OMP表中,其状态为C、I、R:
vedge3# show omp routes
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 192.168.30.3 262 1002 Inv,U installed 192.168.30.4 mpls ipsec -
192.168.30.3 263 1002 Inv,U installed 192.168.30.5 mpls ipsec -
192.168.30.3 264 1002 C,I,R installed 192.168.30.5 lte ipsec -
192.168.30.3 265 1002 L,R,Inv installed 192.168.30.6 lte ipsec -
40 192.168.50.0/24 192.168.30.3 260 1002 Inv,U installed 192.168.30.5 mpls ipsec -
192.168.30.3 261 1002 C,I,R installed 192.168.30.5 lte ipsec -
40 192.168.60.0/24 0.0.0.0 38 1002 C,Red,R installed 192.168.30.6 lte ipsec -
重述vEdge3仅具有LTE颜色连接。
如果未显示路由,请检查vSmart是否通告路由:
vsmart1# show omp peers 192.168.30.6
R -> routes received
I -> routes installed
S -> routes sent
DOMAIN OVERLAY SITE
PEER TYPE ID ID ID STATE UPTIME R/I/S
------------------------------------------------------------------------------------------
192.168.30.6 vedge 1 1 60 up 12:15:27:59 1/0/3
检查vSmart上的OMP路由属性:
vsmart1# show omp routes 192.168.40.0/24 detail | nomore
---------------------------------------------------
omp route entries for vpn 40 route 192.168.40.0/24
---------------------------------------------------
RECEIVED FROM:
peer 192.168.30.4
path-id 34
label 1002
status C,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 192.168.30.4
type installed
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 40
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
ADVERTISED TO:
peer 192.168.30.5
Attributes:
originator 192.168.30.4
label 1002
path-id 526
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
ADVERTISED TO:
peer 192.168.30.6
Attributes:
originator 192.168.30.4
label 1002
path-id 269
tloc 192.168.30.6, lte, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 268
tloc 192.168.30.5, lte, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 267
tloc 192.168.30.5, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 266
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
摘要
此类类似路由泄漏行为的配置非常简单,当由于某种原因无法通告聚合路由时(尽管在本例中,您可以执行此操作以在不使用控制策略的情况下解决任务)可以使用:
vedge2# show running-config vpn 40 vpn 40 ip route 192.168.0.0/16 null0 omp advertise static ! !
此外,当您无法使用默认路由从中心/中心站点(在本例中为vEdge2)通告它时,此配置也很有帮助:
vpn 40 ! ip route 0.0.0.0/0 vpn 0
由于不会通告VPN 0中具有下一跳的默认路由,因此这是预期行为:
PROTOCOL NEXTHOP NEXTHOP NEXTHOP VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS --------------------------------------------------------------------------------------------------------------------------------------------- 40 0.0.0.0/0 nat - ge0/0 - 0 - - - F,S
在此,您可以使用总结路由或使用控制策略来通告特定路由,如本文档中所述。
反馈