瞭解IOS XR L2VPN服務和功能
目錄
簡介
本檔案介紹基本第2層(L2)VPN(L2VPN)拓撲,並提供用於演示設計、服務和配置的基本示例。
背景資訊
有關其他資訊,請參閱Cisco ASR 9000系列路由器IOS XR 7.4.x版的L2VPN和乙太網服務配置指南。
1.點對點和多點服務
L2VPN功能提供點對點和多點服務的功能。
1.1點對點服務
點對點服務基本上模擬兩個終端節點之間的傳輸電路,因此終端節點看起來是通過點對點鏈路直接連線的。這可用於連線兩個站點。
實際上,兩個終端節點之間可以有多個路由器,而且可以有多個設計來提供點對點服務。
一台路由器可以在其兩個介面之間執行本地交換:
兩台路由器之間也可能存在多重協定標籤交換(MPLS)偽線(PW):
路由器可以在兩個PW之間交換幀;在本例中,這是一個多段PW:
通過PW冗餘功能提供冗餘:
其他設計可用,但無法全部列在此處。
1.2多點服務
多點服務模擬廣播域,以便在該網橋域中連線的所有主機看起來都邏輯連線到同一個乙太網網段:
所有主機都可以連線到同一個路由器/交換機:
多台交換機可以執行傳統的乙太網交換;必須使用跨距樹狀目錄來中斷回圈:
虛擬專用LAN服務(VPLS)允許您使用MPLS PW在多個站點之間擴展廣播域:
分層VPLS可用於提高可擴充性:
2.連線電路
2.1 ASR 9000乙太網路虛擬電路
2.1.1傳入介面匹配
連線電路(AC)的基本規則包括:
- 必須在使用l2transport關鍵字配置的介面上接收資料包,以便由L2VPN功能進行處理。
- 此介面可以是主介面(其中l2transport命令是在介面配置模式下配置的)或子介面(其中l2transport關鍵字是在子介面編號之後配置的)。
- 最長匹配查詢確定資料包的傳入介面。最長匹配查詢按以下順序檢查這些條件,以將傳入資料包與子介面匹配:
- 傳入幀有兩個dot1q標籤,並且匹配使用相同的兩個dot1q標籤(802.1Q隧道或QinQ)配置的子介面。 這是最長的一次匹配。
- 傳入幀具有兩個dot1q標籤,並且匹配配置了相同的dot1q第一個標籤和第二個標籤any的子介面。
- 傳入幀有一個dot1q標籤,並匹配使用相同的dot1q標籤和exact關鍵字配置的子介面。
- 傳入幀具有一個或多個dot1q標籤,並且匹配使用dot1q標籤之一配置的子介面。
- 傳入幀沒有dot1q標籤,並且匹配使用 封裝未標籤 指令。
- 傳入幀無法與任何其他子介面匹配,因此它匹配使用 預設封裝 指令。
- 傳入幀無法與任何其他子介面匹配,因此它匹配為l2transport配置的主介面。
- 在不使用乙太網虛擬連線(EVC)模式的傳統路由器上,在子介面下配置的VLAN標籤通過L2VPN功能傳輸之前,會先從幀中刪除(彈出)。
- 在使用EVC基礎設施的Cisco ASR 9000系列聚合服務路由器上,預設操作是保留現有標籤。使用rewrite命令修改預設值。
- 如果網橋域中有網橋虛擬介面(BVI),則所有傳入標籤均可彈出,因為BVI是沒有任何標籤的路由介面。詳情請參閱BVI部分。
以下幾個示例說明了這些規則:
- 一個基本示例是,必須傳輸物理埠上接收的所有流量,無論其是否具有VLAN標籤。如果在主介面下配置l2transport,則該物理埠上接收的所有流量都將通過L2VPN功能傳輸:
interface GigabitEthernet0/0/0/2
l2transport - 可以將捆綁包介面和子介面配置為l2transport:
interface Bundle-Ether1
l2transport - 在l2transport子介面下使用encapsulation default以匹配任何已標籤或未標籤的流量,這些流量未與匹配時間最長的另一個子介面進行匹配。(請參見示例4)。 l2transport關鍵字是在子介面名稱中配置的,而不是在主介面上的子介面下配置的:
interface GigabitEthernet0/1/0/3.1 l2transport
如果要僅匹配未標籤的幀,請配置encapsulation untagged。
encapsulation default - 當有多個子介面時,對傳入幀運行最長的匹配測試以確定傳入介面:
interface GigabitEthernet0/1/0/3.1 l2transport
在此組態中,請注意:
encapsulation default
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 2 second-dot1q 3 - 具有外部VLAN標籤2和內部VLAN標籤3的QinQ幀可以匹配1、2或3個子介面,但由於匹配規則最長,因此該幀被分配給3個子介面。3上的兩個標籤比2上的一個標籤長,比1上的無標籤長。
- 帶有外部VLAN標籤2和內部VLAN標籤4的QinQ幀將分配給。2子介面,因為encapsulation dot1q 2可以僅匹配VLAN標籤2的dot1q幀,也可以匹配帶有外部標籤2的QinQ幀。如果不想匹配QinQ幀,請參閱示例5(精確關鍵字)。
- 外部VLAN標籤3的QinQ幀與1子介面匹配。
- 帶有VLAN標籤2的dot1q幀與2個子介面匹配。
- 帶有VLAN標籤3的dot1q幀與1子介面匹配。
- 要匹配dot1q幀而不是QinQ幀,請使用精確關鍵字:
interface GigabitEthernet0/1/0/3.2 l2transport
此配置與具有外部VLAN標籤2的QinQ幀不匹配,因為它僅與具有恰好一個VLAN標籤的幀匹配。
encapsulation dot1q 2 exact - 使用untagged關鍵字以僅匹配未標籤的訊框,例如思科探索通訊協定(CDP)封包或多重跨距樹狀目錄(MST)橋接通訊協定資料單元(BPDU):
interface GigabitEthernet0/1/0/3.1 l2transport
在此組態中,請注意:
encapsulation default
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3 - 帶有VLAN標籤3的Dot1q幀或帶有外部標籤3的QinQ幀與3個子介面匹配。
- 所有其他dot1q或QinQ幀都與1子介面匹配。
- 沒有VLAN標籤的幀與2個子介面匹配。
- any關鍵字可用作萬用字元:
interface GigabitEthernet0/1/0/3.4 l2transport
兩個子介面4和5都可以匹配標籤4和5的QinQ幀,但是這些幀被分配給5個子介面,因為它更加具體。這是最長匹配規則。
encapsulation dot1q 4 second-dot1q any
!
interface GigabitEthernet0/1/0/3.5 l2transport
encapsulation dot1q 4 second-dot1q 5 - 可以使用VLAN標籤範圍:
interface GigabitEthernet0/1/0/3.6 l2transport
encapsulation dot1q 6-10 - 可為第一個或第二個dot1q標籤列出多個VLAN標籤值或範圍:
interface GigabitEthernet0/1/0/3.7 l2transport
最多可以列出九個值。如果需要更多的值,則必須將它們分配給另一個子介面。對範圍內的值進行分組以縮短清單。
encapsulation dot1q 6 , 7 , 8-10
!
interface GigabitEthernet0/1/0/3.11 l2transport
encapsulation dot1q 11 second-dot1q 1 , 2 , 3 , 4-6 , 10 - encapsulation dot1q second-dot1q命令對外部標籤和內部標籤使用Ethertype 0x8100,因為這是封裝QinQ幀的Cisco方法。但是,根據IEEE,Ethertype 0x8100可以保留給具有一個VLAN標籤的802.1q幀,而Ethertype 0x88a8的外部標籤可以用於QinQ幀。可以使用dot1ad關鍵字配置Ethertype 0x88a8的外部標籤:
interface GigabitEthernet0/1/0/3.12 l2transport
encapsulation dot1ad 12 dot1q 100 - 若要對QinQ外部標籤使用舊的Ethertype 0x9100或0x9200,請在QinQ子介面的主介面下使用dot1q tunneling ethertype命令:
interface GigabitEthernet0/1/0/3
外部標籤的Ethertype為0x9100或0x9200,內部標籤的dot1q Ethertype 0x8100。
dot1q tunneling ethertype [0x9100|0x9200]
!
interface GigabitEthernet0/1/0/3.13 l2transport
encapsulation dot1q 13 second-dot1q 100 - 傳入幀可以根據源MAC地址分配給子介面:
interface GigabitEthernet0/1/0/3.14 l2transport
encapsulation dot1q 14 ingress source-mac 1.1.1
2.1.2 VLAN操作
基於EVC的平台的預設行為是在傳入幀上保留VLAN標籤。
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
在此配置中,轉髮帶有VLAN標籤3的傳入dot1q幀時,會保留其VLAN標籤3。轉髮帶有外部VLAN標籤3和內部標籤100的傳入QinQ幀時,這兩個標籤保持不變。
但是,EVC基礎架構允許您使用rewrite命令操縱標籤,以便可以彈出(移除)、轉換或推送(新增)標籤到傳入VLAN標籤堆疊。
以下是幾個範例:
- pop關鍵字允許您從傳入的dot1q幀中刪除QinQ標籤。此示例刪除傳入QinQ幀的外部標籤13,並轉發頂部帶有dot1q標籤100的幀:
interface GigabitEthernet0/1/0/3.13 l2transport
encapsulation dot1q 13 second-dot1q 100
rewrite ingress tag pop 1 symmetric該行為始終是對稱的,這意味著外部標籤13在入口方向上彈出,並在出口方向上推動。
- 使用translate關鍵字可以用一個或兩個新標籤替換一個或兩個傳入標籤:
RP/0/RSP0/CPU0:router2(config-subif)#interface GigabitEthernet0/1/0/3.3
l2transport
RP/0/RSP0/CPU0:router2(config-subif)# encapsulation dot1q 3
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate ?
1-to-1 Replace the outermost tag with another tag
1-to-2 Replace the outermost tag with two tags
2-to-1 Replace the outermost two tags with one tag
2-to-2 Replace the outermost two tags with two other tags
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1 ?
dot1ad Push a Dot1ad tag
dot1q Push a Dot1Q tag
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1
dot1q 4
RP/0/RSP0/CPU0:router2(config-subif)#show config
Building configuration...
!! IOS XR Configuration 4.3.0
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag translate 1-to-1 dot1q 4 symmetric
!
end系統會自動新增symmetric關鍵字,因為它是唯一支援的模式。
- 使用push關鍵字可以向傳入的dot1q幀新增QinQ標籤:
interface GigabitEthernet0/1/0/3.4 l2transport
encapsulation dot1q 4
rewrite ingress tag push dot1q 100 symmetric在傳入幀中新增一個外層QinQ標籤100,該外層QinQ標籤具有dot1q標籤4。在輸出方向上,QinQ標籤被彈出。
2.2 Cisco IOS® XR非EVC路由器行為(CRS和XR12000)
非EVC平台上的VLAN匹配語法不使用encapsulation關鍵字:
RP/0/RP0/CPU0:router1#config
RP/0/RP0/CPU0:router1(config)#int gig 0/0/0/2.3 l2transport
RP/0/RP0/CPU0:router1(config-subif)#dot1q ?
vlan Configure a VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan ?
<1-4094> Configure first (outer) VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 ?
<1-4094> Configure second (inner 802.1Q) VLAN ID on the subinterface
any Match frames with any second 802.1Q VLAN ID
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 100
無法配置VLAN標籤操作,因為唯一可能的行為是彈出在dot1q或dot1ad命令中指定的所有標籤。此操作在預設情況下完成,因此沒有rewrite命令。
3.點對點服務
3.1本地交換
3.1.1主介面
基本拓撲是兩個主要介面之間的本地交叉連線:
Router2會擷取Gi0/1/0/1上收到的所有流量並將其轉送到Te0/0/0/3,反之亦然。
雖然router1和router3在此拓撲中似乎有直接的背對背纜線,但情況並非如此,因為router2實際上是在TenGigE和GigabitEthernet介面之間執行translation。Router2可以在這兩個介面上執行功能;例如,存取控制清單(ACL)可以捨棄特定型別的封包或原則映像,以便塑造或限制低優先順序的流量。
在router2上設定為l2transport的兩個主要介面之間設定基本的點對點交叉連線:
interface GigabitEthernet0/1/0/1
l2transport
!
!
interface TenGigE0/0/0/3
l2transport
!
!
l2vpn
xconnect group test
p2p p2p1
interface TenGigE0/0/0/3
interface GigabitEthernet0/1/0/1
!
在router1和router3上,主介面設定為CDP和IPv4位址:
RP/0/RP0/CPU0:router1#sh run int Gi 0/0/0/1
interface GigabitEthernet0/0/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!
RP/0/RP0/CPU0:router1#
RP/0/RP0/CPU0:router1#sh cdp nei Gi 0/0/0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
router3.cisco.c Gi0/0/0/1 132 R ASR9K Ser Te0/0/0/3
RP/0/RP0/CPU0:router1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/8/32 ms
Router1將router3視為CDP鄰居,並能ping通10.1.1.2(router3的介面位址),就好像兩台路由器是直接相連的一樣。
由於router2上沒有設定任何子介面,因此當router1和router3上設定dot1q子介面時,會透明傳輸具有VLAN標籤的傳入訊框:
RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2
ipv4 address 10.1.2.1 255.255.255.0
dot1q vlan 2
!
RP/0/RP0/CPU0:router1#ping 10.1.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
從router1對router3執行10,000次ping後,可以使用show interface和show l2vpn命令,以確保router2在一個AC上收到的ping請求會在另一個AC上轉送,而且ping回覆會以相同方式反向處理。
RP/0/RSP0/CPU0:router2#sh int gig 0/1/0/1
GigabitEthernet0/1/0/1 is up, line protocol is up
Interface state transitions: 1
Hardware is GigabitEthernet, address is 0024.986c.63f1 (bia 0024.986c.63f1)
Description: static lab connection to acdc 0/0/0/1 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 1000Mb/s, SXFD, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:01:07
5 minute input rate 28000 bits/sec, 32 packets/sec
5 minute output rate 28000 bits/sec, 32 packets/sec
10006 packets input, 1140592 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 6 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10007 packets output, 1140832 bytes, 0 total output drops
Output 0 broadcast packets, 7 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RP/0/RSP0/CPU0:router2#sh int ten 0/0/0/3
TenGigE0/0/0/3 is up, line protocol is up
Interface state transitions: 3
Hardware is TenGigE, address is 0024.98ea.038b (bia 0024.98ea.038b)
Layer 1 Transport Mode is LAN
Description: static lab connection to putin 0/0/0/3 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 10000Mb/s, LR, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:06
Last clearing of "show interface" counters 00:01:15
5 minute input rate 27000 bits/sec, 30 packets/sec
5 minute output rate 27000 bits/sec, 30 packets/sec
10008 packets input, 1140908 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 8 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10006 packets output, 1140592 bytes, 0 total output drops
Output 0 broadcast packets, 6 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- -------------------------- --------------------------
test p2p1 UP Te0/0/0/3 UP Gi0/1/0/1 UP
-------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p1, state is up; Interworking none
AC: TenGigE0/0/0/3, state is up
Type Ethernet
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 10008, sent 10006
bytes: received 1140908, sent 1140592
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 10006, sent 10008
bytes: received 1140592, sent 1140908
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface gigabitEthernet 0/1/0/1
hardware ingress detail location 0/1/CPU0
Local interface: GigabitEthernet0/1/0/1, Xconnect id: 0x1880003, Status: up
Segment 1
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound
Statistics:
packets: received 10022, sent 10023
bytes: received 1142216, sent 1142489
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound
Platform AC context:
Ingress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00580003, SHG: None
Ingress uIDB: 0x0003, Egress uIDB: 0x0003, NP: 3, Port Learn Key: 0
NP3
Ingress uIDB:
Flags: L2, Status
Stats Ptr: 0x0d842c, uIDB index: 0x0003, Wire Exp Tag: 0
BVI Bridge Domain: 0, BVI Source XID: 0x01000000
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
QOS ID: 0, QOS Format ID: 0
Local Switch dest XID: 0x00000001
UIDB IF Handle: 0x00000000, Source Port: 1, Num VLANs: 0
Xconnect ID: 0x00580003, NP: 3
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0003, LAG pointer: 0x0000
Split Horizon Group: None
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface Te 0/0/0/3 hardware egress
detail location 0/0/CPU0
Local interface: TenGigE0/0/0/3, Xconnect id: 0x1080001, Status: up
Segment 1
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound
Statistics:
packets: received 10028, sent 10027
bytes: received 1143016, sent 1142732
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound
Platform AC context:
Egress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00000001, SHG: None
Ingress uIDB: 0x0007, Egress uIDB: 0x0007, NP: 0, Port Learn Key: 0
NP0
Egress uIDB:
Flags: L2, Status, Done
Stats ptr: 0x000000
VPLS SHG: None
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
UIDB IF Handle: 0x04000240, Search VLAN Vector: 0
QOS ID: 0, QOS format: 0
Xconnect ID: 0x00000001, NP: 0
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0007, LAG pointer: 0x0000
Split Horizon Group: None
3.1.2子介面和VLAN操作
在Cisco IOS®軟體術語中,此範例有一個類似switchport mode access介面的AC和一個類似trunk的dot1q子介面:
通常,此拓撲使用橋接域,因為VLAN中通常有兩個以上的埠,不過,如果只有兩個埠,則可以使用點對點交叉連線。本節介紹靈活的重寫功能如何為您提供多種操作VLAN的方法。
3.1.2.1主介面和Dot1q子介面
在本例中,主介面位於一側,dot1q子介面位於另一側:
這是router1上的主要介面:
RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1
interface GigabitEthernet0/0/0/1
description static lab connection to router2 0/1/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!
這是router2上的dot1q子介面:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/1
interface GigabitEthernet0/1/0/1
description static lab connection to router1 0/0/0/1
l2transport
RP/0/RSP0/CPU0:router2#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p2
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1
現在,TenGigE0/0/0/3.2的子介面名稱中有一個l2transport關鍵字。Router3傳送帶有2標籤的dot1q幀,這些幀與router2上的TenGigE0/0/0/3.2子介面匹配。
rewrite ingress tag pop 1 symmetric命令可在輸入方向上刪除傳入標籤2。由於TenGigE0/0/0/3.2上的標籤已在輸入方向上刪除,因此在GigabitEthernet0/1/0/1上,資料包在輸出方向上被傳送時未標籤。
Router1傳送未標籤的訊框,這些訊框與主介面GigabitEthernet0/1/0/1相符。
GigabitEthernet0/1/0/1上沒有rewrite命令,因此不會彈出、推送或轉換標籤。
當資料包必須從TenGigE0/0/0/3.2轉發出去時,由於rewrite ingress tag pop 1命令中的對稱關鍵字,dot1q標籤2被推出。該命令在入口方向上彈出一個標籤,但在出口方向上對稱推送一個標籤。以下是router3上的範例:
RP/0/RSP0/CPU0:router3#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2
ipv4 address 10.1.1.2 255.255.255.0
encapsulation dot1q 2
使用相同的show interface和show l2vpn命令監控子介面計數器:
RP/0/RSP0/CPU0:router2#clear counters
Clear "show interface" counters on all interfaces [confirm]
RP/0/RSP0/CPU0:router2#clear l2vpn forwarding counters
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#sh int TenGigE0/0/0/3.2
TenGigE0/0/0/3.2 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0024.98ea.038b
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 2
Ethertype Any, MAC Match src any, dest any
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:00:27
1000 packets input, 122000 bytes
0 input drops, 0 queue drops, 0 input errors
1002 packets output, 122326 bytes
0 output drops, 0 queue drops, 0 output errors
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect detail
Group test, XC p2p2, state is up; Interworking none
AC: TenGigE0/0/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 1001, sent 1002
bytes: received 118080, sent 118318
drops: illegal VLAN 0, illegal length 0
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 1002, sent 1001
bytes: received 114310, sent 114076
正如預期的那樣,TenGigE0/0/0/3.2上接收到的資料包數與GigabitEthernet0/1/0/1上傳送的資料包數匹配,反之亦然。
3.1.2.2帶封裝的子介面
除了GigabitEthernet0/1/0/1上的主介面,您還可使用預設封裝的子介面來捕獲所有幀,或者使用未標籤的封裝,以便僅匹配未標籤的幀:
RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1
3.1.2.3 GigabitEthernet0/1/0/1.1上的輸入方向
您可以在GigabitEthernet0/1/0/1.1上沿入口方向推入標籤2,而在TenGigE0/0/0/3.2上不執行任何操作,而不是沿入口方向在TenGigE0/0/0/3.2上推入標籤2:
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged
rewrite ingress tag push dot1q 2 symmetric
RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1
因此,您可以看到,使用encapsulation和rewrite指令的EVC模型,在配對和操縱VLAN標籤方面為您提供了極大的靈活性。
3.2虛擬專用線路服務
3.2.1概述
虛擬私人有線服務(VPWS)(也稱為透過MPLS傳輸的乙太網路(EoMPLS))允許兩個L2VPN提供者邊緣(PE)裝置透過MPLS雲傳輸L2VPN流量。兩個L2VPN PE通常在兩個不同的站點連線,並在它們之間連線一個MPLS核心。每個L2VPN PE上連線的兩個AC通過MPLS網路上的PW(即MPLS PW)進行連結。
每個PE都需要有一個MPLS標籤才能到達遠端PE的環回。此標籤通常稱為內部網關協定(IGP)標籤,可以通過MPLS標籤分發協定(LDP)或MPLS流量工程(TE)獲知。
這兩個PE在它們之間建立了目標MPLS LDP會話,以便它們可以建立並控制PW的狀態。一個PE向另一個PE通告MPLS標籤以標識PW。
router2在其本地AC上接收的流量會封裝在MPLS標籤堆疊中:
- 外部MPLS標籤是到達router3環回的IGP標籤。如果標籤直接連線,則此標籤可以是隱式 — 空標籤;這意味著不附加任何IGP標籤。
- 內部MPLS標籤是由router3通過目標LDP會話通告的PW標籤。
- 根據MPLS標籤的配置和封裝型別,PW控制字可以出現在MPLS標籤之後。預設情況下,控制字不會在乙太網介面上使用,必須在需要時顯式配置。
- 傳輸的L2幀在資料包中跟隨。
- 有些VLAN標籤通過PW傳輸,具體取決於配置和PW型別。
倒數第二跳,在MPLS核心中的router3之前,會彈出IGP標籤或用顯性null標籤替換。因此,router3收到的幀上最有意義的標籤是router3發訊號給router2以獲取PW的PW標籤。因此,Router3知道使用該MPLS標籤接收之流量可以交換到連線到Router4的AC。
在上一個示例中,您可以首先檢查每個L2VPN是否具有遠端PE環回的MPLS標籤。以下是如何檢查router2上標籤的範例:
RP/0/RSP1/CPU0:router2#sh mpls forwarding prefix 10.0.0.11/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16008 16009 10.0.0.11/32 Te0/0/0/1 10.0.23.2 681260
AC配置仍然相同:
RP/0/RSP1/CPU0:router2#sh run int gig 0/0/0/1.2
Wed May 1 13:56:07.668 CEST
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
由於沒有rewrite ingress pop命令,因此傳入的VLAN標籤2會透過PW傳輸。有關詳細資訊,請參閱第4類和第5類PW。
L2VPN配置指定本地AC和遠端L2VPN PE的PW ID在每一端必須匹配,並且對於每個鄰居必須是唯一的:
RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222
router3上的對應組態為:
RP/0/RSP0/CPU0:router3#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
RP/0/RSP0/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222
使用show l2vpn xconnect detail命令以檢視交叉連線的詳細資訊:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail
Group test, XC p2p4, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38448
bytes: received 12644, sent 2614356
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (21:31:00 ago)
Last time status changed: 30/04/2013 16:36:42 (21:25:16 ago)
Statistics:
packets: received 38448, sent 186
bytes: received 2614356, sent 12644
在此組態中,請注意:
- AC的最大傳輸單元(MTU)為1504,因為AC上的傳入標籤沒有彈出。每端的MTU必須相符,否則PW不會顯示。
- 在AC上接收了186個資料包,並如預期在PW上傳送。
- 38448在PW上收到資料包並按預期在AC上傳送。
- router2上的本地標籤為16026,是router3用來作為內部標籤的標籤。由於IGP標籤已由倒數第二的MPLS躍點彈出,因此在router2上接收資料包,並將該MPLS標籤作為頂標籤。Router2知道帶有該PW標籤的傳入訊框可以交換到AC Gi 0/0/0/1.2:
RP/0/RSP1/CPU0:router2#sh mpls forwarding labels 16026
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16026 Pop PW(10.0.0.11:222) Gi0/0/0/1.2 point2point 2620952
3.2.2 PW和AC耦合狀態
在點對點交叉連線中,AC和PW耦合。因此,如果AC關閉,L2VPN PE通過LDP向遠端PE傳送PW狀態可以關閉的訊號。當配置了PW冗餘時,這將觸發收斂。有關詳細資訊,請參閱「冗餘」部分。
在以下範例中,AC在router2上關閉,且正在將AC Down PW狀態傳送到router3:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail
Wed May 1 23:38:55.542 CEST
Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is down
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38544
bytes: received 12644, sent 2620884
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is down ( remote standby )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (1d07h ago)
Last time status changed: 01/05/2013 14:05:07 (09:33:47 ago)
Statistics:
packets: received 38544, sent 186
bytes: received 2620884, sent 12644
Router3知道因為遠端AC關閉而PW可能關閉:
RP/0/RSP0/CPU0:router3#sh l2vpn xconnect group test xc-name p2p4 detail
Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 38545, sent 186
bytes: received 2620952, sent 12644
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16031 16026
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 30/04/2013 16:37:57 (1d07h ago)
Last time status changed: 01/05/2013 14:11:33 (09:35:50 ago)
Statistics:
packets: received 186, sent 38545
bytes: received 12644, sent 2620952
3.2.3型別4和型別5 PW
可以使用兩種型別的PW — 型別4和型別5。
- 第4類PW稱為基於VLAN的PW。輸入PE不應刪除要通過PW傳輸的傳入VLAN標籤。
在基於EVC的平台(如ASR 9000)上,問題在於傳入AC可以有一個rewrite命令來彈出傳入VLAN標籤,因此不能通過PW傳輸任何VLAN標籤。為了消除這種可能性,EVC平台在幀頂部為型別4 PW插入一個虛構VLAN標籤0。第4類PW是使用transport-mode vlan命令配置的。遠端PE可以基於EVC,並且可以瞭解頂級VLAN標籤是要去除的虛擬標籤。
但是,如果您在EVC平台和非EVC平台之間使用第4類PW,則可能會導致互操作性問題。非EVC平台不將頂級VLAN標籤視為虛擬VLAN標籤,而是轉發將虛擬VLAN標籤0作為外部標籤的幀。EVC平台能夠使用rewrite命令操作傳入幀上接收到的VLAN標籤。通過型別4 PW傳輸VLAN操作的結果,並在其頂部使用額外虛擬標籤0。
最近的Cisco IOS XR軟體版本提供使用型別4 PW的功能,而不使用transport-mode vlan passthrough命令中的虛擬標籤0。乙太網流點(EFP)上的VLAN標籤操作必須確保至少保留一個標籤,因為必須在型別4 PW上傳輸VLAN標籤,並且在本例中,沒有符合該要求的虛擬標籤。傳入介面標籤重寫後留在幀上的標籤通過PW透明地傳輸。
- 第5類PW稱為基於乙太網埠的PW。輸入PE傳輸在主介面上接收的幀,或者在子介面上接收到資料包時刪除子介面標籤之後的幀。不需要通過型別5 PW傳送帶標籤的幀,並且基於EVC的平台不會新增虛擬標籤。基於EVC的平台能夠使用rewrite命令操作傳入幀上接收到的VLAN標籤。該VLAN操作的結果通過型別5的PW傳輸,無論標籤或未標籤。
預設情況下,L2VPN PE會嘗試協商第5類PW,如以下示例所示:
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet, control word disabled, interworking none
PW type Ethernet Ethernet
PW型別Ethernet表示型別5 PW。
以下是router1傳送並由router2透過PW封裝到router3的ARP要求的監聽器擷取:
Frame 38: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)
MPLS標籤16031由router3通告的PW標籤。監聽器擷取已在倒數第二躍點與router3之間進行,因此沒有IGP標籤。
封裝的乙太網幀在PW標籤之後立即啟動。可以有PW控制字,但在本示例中未配置。
即使是5類PW,由於沒有rewrite命令將其彈出,路由器2也會傳輸AC上接收的傳入VLAN標籤2。由於基於EVC的平台上沒有自動彈出標籤,因此傳輸重寫處理之後來自AC的結果。請注意,沒有具有型別5 PW的虛擬VLAN標籤0。
如果使用rewrite ingress tag pop 1 symmetric命令進行配置,則不會通過PW傳輸VLAN標籤。
以下範例顯示第4型PW,在router2和router3上設定了pw類別。
l2vpn
pw-class VLAN
encapsulation mpls
transport-mode vlan
!
!
xconnect group test
p2p p2p4
neighbor 10.0.0.11 pw-id 222
pw-class VLAN
!
!
!
!
PW型別乙太網VLAN表示型別4 PW。
RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
現在,在正在傳輸的幀頂部插入了一個虛擬標籤0:
Frame 15: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 0
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)
基於輸出EVC的PE刪除虛擬標籤並轉發其本地AC上帶有標籤2的幀。出口PE對在PW上接收的幀應用其AC上配置的本地標籤操作。如果其本地AC配置為重寫入口標籤pop 1對稱,則配置的標籤必須在出口方向上推送,因此在PW上接收的標籤2的頂部推送新標籤。rewrite命令非常靈活,但您可以仔細評估PW每一端要達到的目標。
3.2.4多段PW
可以將L2VPN PE的PW而不是物理介面作為AC:
Router5在PW上收到來自router2的封包,並將另一個PW上的封包交換到router3。因此router5在PW之間交換,以便在router2和router3之間建立多區段PW。
現在router2上的組態會指向router5作為遠端PE:
RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.12 pw-id 222
!
!
!
!
router5上的組態是基本型:
RP/0/RSP0/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
neighbor 10.0.0.11 pw-id 223
!
neighbor 10.0.0.13 pw-id 222
!
description R2-R5-R3
!
!
!
description命令是可選的,並插入router5傳送到每個遠端PE(router2和router3)的PW交換型別長度值(TLV)中。 當中間有路由器執行PW交換時,您需要排除PW問題,說明很有用。
輸入sh l2vpn xconnect命令以檢視PW交換TLV:
RP/0/RSP0/CPU0:router5#sh l2vpn xconnect group test det
Group test, XC p2p5, state is down; Interworking none
Description: R2-R5-R3
PW: neighbor 10.0.0.11, PW ID 223, state is down ( provisioned )
PW class not set, XC ID 0xc0000002
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16042 unknown
Group ID 0x4000280 0x0
Interface GigabitEthernet0/0/0/1.2 unknown
MTU 1504 unknown
Control word disabled unknown
PW type Ethernet unknown
VCCV CV type 0x2 0x0
(none)
(LSP ping verification)
VCCV CC type 0x4 0x0
(none)
(TTL expiry)
------------ ------------------------------ -----------------------------
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.13, PW ID: 222
Description: R1-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 3221225474
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:30 (00:00:06 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000001
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16043 16056
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x4 0x6
(router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.11, PW ID: 223
Description: R2-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 0
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:35 (00:00:01 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)
Router5將PW交換TLV連同其PW的詳情傳送到router3,並將PW交換TLV連同其PW的詳情傳送到router2,傳送到router3。
3.2.5冗餘
點對點PW可用於連線兩個站點,但這兩個站點在PE或AC故障時仍可保持連線。
3.2.5.1核心冗餘
如果您做出任何影響MPLS核心中重新路由的拓撲更改,MPLS PW會立即繼承新路徑。
3.2.5.2使用PW的捆綁包
客戶邊緣(CE)裝置可以通過乙太網捆綁包連線到PE,以便在CE和PE之間存在捆綁成員鏈路故障時提供鏈路冗餘。即使一個套件組合連結成員關閉,套件組合也會保持開啟。這不會提供PE冗餘,因為PE故障導致整個捆綁包關閉。
一種冗餘方法是使用點對點PW傳輸多個電路。每個電路是兩個CE之間的乙太網捆綁的成員:
PE不終止捆綁包,而是通過PW透明地傳輸幀,包括鏈路聚合控制協定(LACP)幀,CE在這些幀之間交換。
在此設計中,丟失AC或PE會導致捆綁成員關閉,但捆綁保持運行。
在此設計中,CE仍是一個單點故障。可以在CE上使用的其他冗餘功能包括:
- 多機箱連結彙總群組(MC-LAG)
- ASR 9000網路虛擬化(nV)集群
- Cisco IOS交換器上的虛擬交換系統(VSS)
- Cisco Nexus交換機上的虛擬埠通道(vPC)
從PE的角度來看,在AC和MPLS PW之間有一個簡單的點對點連線。
3.2.5.3 PW冗餘
PE還可以通過PW冗餘功能提供冗餘。
Router2具有指向router3的主PW。在正常情況下,從router1到router6的流量會流過該主PW。Router2也有一個備份的PW到router4處於熱待命狀態,但在正常情況下,該PW上沒有流量通過。
如果主PW、主PW的遠端PE(router3)或遠端PE上的AC(router3)出現問題,則router2會立即啟用備份PW,流量開始流過。問題解決後,流量會返回到主PW。
router2上的設定為:
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222
backup neighbor 10.0.0.14 pw-id 222
!
!
!
!
!
router3和router4上的標準組態為:
RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222
!
!
!
!
在穩定條件下,PW到router3處於活動狀態,PW到router4處於備用狀態:
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- ------------------ ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 UP
Backup
10.0.0.14 222 SB
------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51412, sent 25628
bytes: received 3729012, sent 1742974
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ -------------------------- --------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ -------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25628, sent 51412
bytes: received 1742974, sent 3729012
Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is standby ( all ready )
Backup for neighbor 10.0.0.13 PW ID 222 ( inactive )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ --------------------------- --------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ --------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x20 (Standby) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
RP/0/RSP0/CPU0:router2#
由於AC狀態和PW狀態是耦合的,因此當router3上的AC斷開時,router3會向router2發出AC訊號。Router2使其主PW關閉並啟動備份PW:
RP/0/RSP0/CPU0:May 3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN :
Pseudowire with address 10.0.0.13, id 222, state is Down
RP/0/RSP0/CPU0:May 3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN :
Pseudowire with address 10.0.0.14, id 222, state is Up
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det
Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51735, sent 25632
bytes: received 3752406, sent 1743230
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ---------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ---------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0
Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is up ( established )
Backup for neighbor 10.0.0.13 PW ID 222 ( active )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------- -----------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------- -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25632, sent 51735
bytes: received 1743230, sent 3752406
RP/0/RSP0/CPU0:router2#
當router3上的AC重新開啟時,router2將主PW重新啟用到router3,而PW到router4會回復到待機狀態。
當router3關閉時,備份PW也會啟用,而router2會失去通往其回送的路由。
下一個邏輯步驟是在每個站點引入具有兩個PE的雙向PW冗餘:
但是,當兩個PW同時處於活動狀態時,此全網狀的PW會遇到問題,因為環路被引入網路。環路需要斷開,通常使用生成樹協定(STP)。 但是,您不希望一個站點上的生成樹不穩定性傳播到另一個站點。因此,最好不要在這些PW上運行生成樹,也不要合併兩個站點之間的生成樹。如果兩個站點之間只有一個邏輯鏈路,則比較簡單,因此不需要生成樹。
一個解決方案是在一個站點的兩個PE與其本地CE之間使用MC-LAG捆綁包。只有兩個PE之一啟用了其捆綁成員,因此到遠端站點的PW處於活動狀態。另一台PE的捆綁成員處於備用狀態,並且到遠端站點的PW已關閉。由於兩個站點之間只有一個PW處於活動狀態,因此不會引入環路。具有活動PW的PE也有一個備用的PW到遠端站點上的第二個PE。
在穩定的條件下,活動的套件組合成員位於router2和router3上,而活動的PW位於兩者之間。以下是router3上的組態:
RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!
RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------
RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- --------------- -------- -------------- ----------
Gi0/0/0/1 Local Active 0x8001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8002, 0xa002 1000000
Link is marked as Standby by mLACP peer
在router5上,本地套件組合成員與指向router2的主PW處於備用狀態,而指向router4的備份PW處於關閉狀態:
RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!
RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- --------------------------
test p2p7 DN BE222.2 UP 10.0.0.11 222 SB
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------
RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222
Bundle-Ether222
Status: mLACP hot standby
Local links : 0 / 1 / 1
Local bandwidth : 0 (0) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Standby
Foreign links : 1 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Standby 0x8002, 0xa002 1000000
mLACP peer is active
Gi0/0/0/1 10.0.0.13 Active 0x8001, 0x9001 1000000
Link is Active
在router6上,套件組合成員與router3之間的連線處於作用中狀態,而套件組合成員與router5之間的連線處於待命狀態:
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)
當router3上的套件組合成員關閉時,router6會將其作用中成員變更為router5:
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(D) Gi0/2(P)
由於捆綁包ether222在router5上關閉,因此與router2相連的PW會同時關閉:
RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 DN BE222.2 DN 10.0.0.11 222 DN
Backup
10.0.0.12 222 DN
-----------------------------------------------------------------------------
Router2偵測到router3的PW已關閉,並啟動對router5的備份PW:
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
-----------------------------------------------------------------------------
Router5的套件組合成員處於使用中狀態,以及其主要PW到router2:
RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ----------- ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x8002, 0xa002 1000000
Link is Active
Gi0/0/0/1 10.0.0.13 Configured 0x8003, 0x9001 1000000
Link is down
RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
-------------------------------------------------------------------------------
3.2.5.4 ASR 9000 nV邊緣集群
先前基於MC-LAG和PW冗餘的設計在冗餘方面工作正常,但由於某些捆綁成員處於備用狀態,因此它們不會在穩定條件下傳輸流量。
如果您希望所有捆綁包成員都處於活動狀態,即使是在穩定的條件下,也可以將ASR 9000群集與連線到PE每個機架的CE中的捆綁包成員一起使用:
此設計針對CE和PE之間的捆綁包成員鏈路故障、機架故障和核心鏈路故障提供冗餘 — 只要集群與MPLS核心雙向連線且核心中存在冗餘。兩個機架不必共置,可以位於不同的位置。此圖中未顯示機架間鏈路。
如果您希望在CE上實現冗餘,則可以為CE使用多機箱解決方案:
- MC-LAG
- ASR 9000 nV集群
- VSS
- vPC
ASR 9000群集上的配置非常基本:
interface TenGigE0/0/0/8
bundle id 222 mode on
!
interface TenGigE1/0/0/8
bundle id 222 mode on
!
interface Bundle-Ether222
!
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface Bundle-Ether222.2
neighbor 10.0.0.13 pw-id 8
!
!
!
!
思科建議您配置靜態LACP系統MAC地址和捆綁包MAC地址,以避免指定機架控制器切換導致MAC地址更改。以下範例顯示如何尋找位址:
RP/1/RSP0/CPU0:router2#sh int bundle-ether 222 | i address is
Hardware is Aggregated Ethernet interface(s), address is 0024.f71e.d309
Internet address is Unknown
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#int bundle-ether 222
RP/1/RSP0/CPU0:router2(config-if)#mac-address 0024.f71e.d309
RP/1/RSP0/CPU0:router2(config-if)#commit
RP/1/RSP0/CPU0:router2(config-if)#end
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#sh lacp system-id
Priority MAC Address
-------- -----------------
0x8000 00-24-f7-1e-d3-05
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#lacp system mac 0024.f71e.d305
RP/1/RSP0/CPU0:router2(config)#commit
RP/1/RSP0/CPU0:router2(config)#end
總而言之,這是捆綁乙太網222,每個機架上有一個成員(機架0上為10個0/0/0/8,機架1上為10個1/0/0/8),並為點對點交叉連線配置了捆綁子介面:
RP/1/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p8 UP BE222.2 UP 10.0.0.13 8 UP
-------------------------------------------------------------------------------
3.3 CDP
Cisco路由器和交換器通常會傳送不帶dot1q標籤的CDP封包。當配置為交叉連線的IOS XR路由器收到這些CDP資料包時,有多個方案可以確定這些資料包會發生什麼情況:
在此拓撲中,路由器1可以將其本地PE router2視為CDP鄰居或遠端CE router4,具體取決於配置。
3.3.1 L2VPN PE的主介面上未啟用CDP
來自L2VPN CE的CDP資料包通過交叉連線傳輸。如果主介面配置為l2transport,或者如果有與未標籤的CDP幀匹配的子介面,則兩個L2VPN CE將相互檢視(使用show cdp neighbors命令)。
以下是主介面的範例:
interface GigabitEthernet0/0/0/1
l2transport
!
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1
neighbor 10.0.0.11 pw-id 8
!
!
!
!
以下是未標籤的子介面的範例:
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 8
!
!
!
!
在這兩個示例中,CDP資料包是通過交叉連線傳輸的,並且CE將彼此視為CDP鄰居。CE未將PE視為CDP鄰居:
router1#sh cdp nei gigabitEthernet 0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
router4 Gig 0/1 168 R S ME-3400G- Gig 0/1
3.3.2在L2VPN PE的主介面上啟用CDP
PE處理未標籤的CDP資料包,PE和CE將彼此視為鄰居。但是,在L2VPN PE的主介面上啟用CDP時,CE看不到遠端CE。
請注意:
- 不能在配置為l2transport的主介面上配置CDP。
- 在主非l2傳輸介面上配置CDP時,PE會擷取CDP資料包。即使已將l2傳輸子介面配置為匹配未標籤的CDP資料包(使用encapsulation untagged或encapsulation default命令)也會發生這種情況。在這種情況下,CDP資料包不會傳輸到遠端站點。
3.4生成樹
如果L2VPN CE是乙太網交換機,並且正在向L2VPN PE傳送生成樹BPDU,則這些BPDU將作為常規流量處理,並根據L2VPN配置進行傳輸。
如果主介面配置為l2transport,或者如果存在使用encapsulation untagged或encapsulation default命令配置的l2transport子介面,則STP或MST BPDU會以未標籤的方式傳送,並通過點對點交叉連線進行傳輸。
每個VLAN生成樹Plus(PVST+)或快速PVST+(PVRST+)傳送標籤的BPDU,如果存在與BPDU的dot1q標籤匹配的l2傳輸子介面,則會傳輸這些標籤BPDU。
以下是拓撲範例:
Router2和router3正在傳輸未標籤的訊框和具有dot1q標籤2的訊框:
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 8
!
!
p2p p2p9
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 9
!
!
!
!
交換器1收到來自交換器4的VLAN 1中的未標籤BPDU和VLAN2中的已標籤BPDU;其根埠位於Gi0/1上,指向switch4:
switch1#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 8
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0019.552b.b580
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
通過此配置,站點A的生成樹域與站點B的生成樹域合併。潛在的問題是某個站點的生成樹不穩定可能會傳播到另一個站點。
如果您確信一個站點僅通過一個PW連線到另一個站點,並且沒有後門鏈路可引入物理環路,則最好不要在兩個站點上運行生成樹。這會將兩個生成樹網域分隔開來。為此,請在CE上配置生成樹bpdu過濾器,或在PE上配置乙太網服務訪問清單,以丟棄BPDU使用的目標MAC地址的幀。PE上的乙太網服務訪問清單可用於丟棄具有BPDU目標MAC或不希望通過PW轉發的其他型別L2協定的幀。
您可以在兩個站點之間傳輸的每個l2transport(sub)介面下使用這個訪問清單:
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd
60 deny any host 0100.0ccd.cdce
70 permit any any
!
RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.1
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!
RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!
ethernet-services ACL開始丟棄BPDU:
RP/0/RSP1/CPU0:router2#sh access-lists ethernet-services block-invalid-frames
hardware ingress location 0/0/CPU0
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f (41 hw matches)
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd (63 hw matches)
60 deny any host 0100.0ccd.cdce
70 permit any any (8 hw matches)
Switch1不再從switch4接收BPDU,因此switch1現在成為根:
switch1#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p
在連結上停用跨距樹狀目錄的風險如下:如果在站點之間建立了後門連線,則會引入物理環路,並且生成樹無法中斷環路。因此,當您在PW上禁用生成樹時,請確保站點之間沒有冗餘鏈路,並且PW仍是站點之間的唯一連線。
如果站點之間存在多個連線,請使用類似於VPLS的解決方案以及生成樹的接入網關版本,如MST接入網關(MSTAG)或PVST+接入網關(PVSTAG)。 有關詳細資訊,請參見「多點服務」部分。
4.多點服務
有關多點L2功能的完整說明,請參閱實施多點第2層服務。
由於點對點交叉連線中只有兩個介面,因此L2VPN交換機將接收的所有資料都接收在一端,並在另一端進行轉發。
當網橋域中有兩個以上的介面時,乙太網交換機必須做出交換決策,以便根據幀的目的MAC地址確定幀轉發的位置。交換機根據收到的幀的源MAC地址進行MAC學習,並構建MAC地址表。
交換器使用此方法轉送訊框:
- 廣播幀被泛洪到所有埠。使用風暴控制限制廣播泛洪速率。
- 組播幀會泛洪到橋接域中的所有埠,配置網際網路組管理協定(IGMP)或組播偵聽程式發現(MLD)監聽時除外。使用風暴控制以限制組播泛洪速率。
- 目的MAC地址不屬於橋接域mac地址表一部分的單播幀(未知單播)會在橋接域中的所有埠上泛洪。使用風暴控制以限制未知的單點傳播泛洪速率。
- 目的MAC地址是網橋域mac地址表一部分的單播幀將轉發到已獲取目的MAC地址的埠。
在Cisco IOS XR軟體中,廣播網域或模擬LAN稱為橋接網域。這與Cisco IOS軟體術語中的VLAN類似,不同之處在於,IOS中的VLAN連結到VLAN編號,該編號在TRUNK上用作dot1q標籤。Cisco IOS XR軟體中的網橋域未連結到dot1q VLAN標籤號。您可以使用EVC模型來操作dot1q標籤,並在同一個網橋域中具有不同dot1q VLAN編號的dot1q子介面,或者具有未標籤的介面。
網橋域基本上是一個廣播域,其中廣播和組播幀被泛洪。一個mac-address-table與每個網橋域關聯(除非配置手動禁用MAC學習,這種情況非常罕見)。 這通常對應一個IPv4或IPv6子網,其中網橋域中的所有主機都直接連線。
網橋域可以分組在一個網橋組中。這是檢查組態的便利方法。您可以對網橋組執行一個show命令,而不是對每個網橋域執行一個show命令。網橋組沒有mac-address-table或其他關聯;它僅用於配置和show命令。
4.1本地交換
這是一個非常基本的例子:
Router2、router3和router4通過ASR 9000連線,ASR 9000模擬這三台路由器之間的LAN。
這三台路由器的介面配置如下:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/39.2
interface GigabitEthernet0/1/0/39.2
ipv4 address 192.168.2.2 255.255.255.0
encapsulation dot1q 2
!
router3#sh run int gig 0/1
Building configuration...
Current configuration : 203 bytes
!
interface GigabitEthernet0/1
port-type nni
switchport access vlan 2
switchport trunk allowed vlan 1,2
switchport mode trunk
end
router3#sh run int vlan 2
Building configuration...
Current configuration : 61 bytes
!
interface Vlan2
ip address 192.168.2.3 255.255.255.0
end
router3#
RP/0/RSP0/CPU0:router4#sh run int ten 0/0/1/0.2
interface TenGigE0/0/1/0.2
ipv4 address 192.168.2.4 255.255.255.0
encapsulation dot1q 2
!
router1收到帶有dot1q標籤2的資料包,並將其轉發給帶有dot1q標籤2的其他路由器。
在此基本情況中,AC上有兩個選項:
- 由於所有AC都使用dot1q標籤2,因此您可以將其保留在幀上,並使用與輸入介面上接收到的dot1q標籤在輸出介面上轉發幀。不需要使用rewrite ingress tag pop 1 symmetric命令。
- 您可以在入口方向上彈出傳入的dot1q標籤2,並在出口方向上對稱推送dot1q標籤2。雖然在這種基本情況下不需要此步驟,但最好在開始時以這種方式配置網橋域,因為它為將來提供了更大的靈活性。以下是初始設定後可能發生變更的兩個範例:
- 如果在橋接域中稍後引入路由的BVI介面,則必須在BVI上處理資料包,而不進行標籤。詳情請參閱BVI部分。
- 稍後將新增使用不同dot1q標籤的新AC。dot1q標籤2將在輸入方向上彈出,另一個dot1q標籤將在輸出方向上推送到新介面,反之亦然。
在router1上的每個AC上彈出dot1q標籤:
RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/38.2
interface GigabitEthernet0/1/0/38.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP0/CPU0:router1#sh run int TenGigE0/2/0/4.2
interface TenGigE0/2/0/4.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
使用以下三種AC檢視網橋域的配置:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain engineering
interface TenGigE0/2/0/4.2
!
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/38.2
!
!
!
!
必須在網橋組下配置網橋域。如果需要來自此客戶的其他網橋域,則可以在同一個網橋組customer1下配置這些網橋域。如果新的網橋域屬於其他客戶,則可以建立新的網橋組。這些示例使用客戶對網橋域進行分組,但網橋域可以按任何標準進行分組。
使用show run l2vpn bridge group customer1 bridge-domain engineering命令顯示網橋域的配置。
使用show run l2vpn bridge group customer1命令檢視所有網橋域的配置。
使用show l2vpn bridge-domain bd-name engineering命令或show l2vpn bridge-domain group customer1命令顯示有關網橋域的資訊。
RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name
engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
Gi0/1/0/38.2, state: up, Static MAC addresses: 0
Te0/2/0/4.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name
engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (00:18:06 ago)
No status change since creation
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 185066, sent 465
bytes: received 13422918, sent 34974
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: GigabitEthernet0/1/0/38.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40005; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 8, sent 12287
bytes: received 770, sent 892418
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: TenGigE0/2/0/4.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1040001; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 463, sent 11839
bytes: received 35110, sent 859028
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
如果要檢查每個AC上是否接收和傳送了資料包,請使用show l2vpn bridge-domain group customer1 bd-name engineering det命令。
如果要檢查mac-address-table,請將mac-address關鍵字新增到show l2vpn forwarding bridge-domain命令:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
------------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
每次在橋接域中接收到幀時,由線卡在硬體中執行MAC學習。MAC地址表也有軟體快取,但此軟體表不能連續更新以匹配硬體條目。在最新代碼中輸入show命令時,會嘗試將軟體表與硬體表重新同步。在最多15秒之後,即使重新同步沒有完成(例如,如果表很大),它也會列印軟體mac-address-table的當前狀態。 使用l2vpn resynchronize forwarding mac-address-table命令手動重新同步軟體和硬體表。
RP/0/RSP0/CPU0:router1#term mon
RP/0/RSP0/CPU0:router1#l2vpn resynchronize forwarding mac-address-table
location 0/1/CPU0
RP/0/RSP0/CPU0:router1#LC/0/1/CPU0:May 28 18:25:35.734 : vkg_l2fib_mac_cache[357]
%PLATFORM-
PLAT_L2FIB_MAC_CACHE-6-RESYNC_COMPLETE : The resynchronization of the MAC
address table is complete
0/1/CPU0
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
系統日誌消息指示重新同步過程何時完成,因此啟用terminal monitor以便檢視消息很有用。
「重新同步時間」列顯示上次從硬體表中重新同步MAC地址的時間。
location關鍵字是傳入或傳出線路卡的位置。MAC地址在硬體中的線卡之間交換,因此每個AC或PW線卡上都可以知道MAC地址。detail關鍵字可以提供軟體表的最新版本:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address detail location 0/1/CPU0
Bridge-domain name: customer1:engineering, id: 5, state: up
MAC learning: enabled
MAC port down flush: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC Secure: disabled, Logging: disabled
DHCPv4 snooping: profile not known on this node
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
IGMP snooping: disabled, flooding: enabled
Bridge MTU: 1500 bytes
Number of bridge ports: 3
Number of MAC addresses: 4
Multi-spanning tree instance: 0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
GigabitEthernet0/1/0/3.2, state: oper up
Number of MAC: 2
Statistics:
packets: received 187106, sent 757
bytes: received 13571342, sent 57446
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 0019.552b.b581, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
Mac Address: 0019.552b.b5c3, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
GigabitEthernet0/1/0/38.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 18, sent 14607
bytes: received 1950, sent 1061882
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 0024.986c.6417, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local
TenGigE0/2/0/4.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
Mac Address: 6c9c.ed3e.e484, LC learned: 0/2/CPU0
Resync Age: 0d 0h 0m 0s, Flag: remote
該命令的詳細版本提供在網橋域中獲知的MAC地址總數,以及在每個AC下獲知的MAC地址數量。
hardware關鍵字直接從入口或出口轉發引擎輪詢硬體mac-address-table:
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware ingress location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware egress location 0/2/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 14s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 1s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 10s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 13s N/A
RP/0/RSP0/CPU0:router1#
4.2完整託管服務
之前的本地交換示例是基本的,因為只有路由器連線到網橋域。但是,開始連線L2交換機後,可以引入環路,並需要STP才能中斷環路:
在此拓撲中,router1、router2和router3都配置有網橋域,其所有介面都顯示在圖中。如果router4向router1傳送廣播(例如ARP請求),router1將其湧向router2和router3,router2將其湧向router3,router3將其湧向router2。這會導致回圈和廣播風暴。
要中斷環路,請使用STP。STP有多種型別,但Cisco IOS XR軟體僅提供一種完整實施,即MST。
此外,Cisco IOS XR軟體還支援PVSTAG和MSTAG等協定的訪問網關版本。這些是協定在特定拓撲(通常用於VPLS)中使用的靜態、受限版本,在MSTAG和PVSTAG部分中進行了說明。在Cisco IOS XR軟體中,如果拓撲包含多個交換器,且需要完整的生成樹實作,則MST是唯一選項。
每台路由器上配置兩個子介面,並將其新增到橋接域。對於router1,配置為:
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
!
!
!
MST在主介面上配置。在本例中,VLAN 2被分配給例項1,而所有其他VLAN仍保持預設例項0。(更實際的配置將在例項之間平均分配VLAN。)
STP網路中的根網橋的選擇取決於配置的優先順序和每個裝置的嵌入式網橋ID。具有最低優先順序的裝置,或具有相同最低優先順序的裝置但具有最低網橋ID,將被選為根網橋。在本例中,router3的優先順序低於例項0的router1,因此router3是例項0的根。Router1的優先順序低於例項1的router3,因此router1是例項1的根。
以下是router1的組態:
spanning-tree mst customer1
name customer1
revision 1
instance 0
priority 28672
!
instance 1
vlan-ids 2
priority 24576
!
interface TenGigE0/0/0/1
!
interface GigabitEthernet0/0/0/1
!
!
以下是router3上的組態:
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
spanning-tree mst 0 priority 24576
spanning-tree mst 1 priority 28672
所有交換機上的名稱、修訂版和VLAN到例項的對映必須相同。
現在,檢查router1上的跨距樹狀目錄狀態:
RP/0/RSP1/CPU0:router1#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed
Operating in dot1q mode
MSTI 0 (CIST):
VLANS Mapped: 1,3-4094
CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0
Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 28672 (priority 28672 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.1
Te0/0/0/1 128.1 2000 DSGN FWD 28672 4055.3912.f1e6 128.1
MSTI 1:
VLANS Mapped: 2
Root ID Priority 24576
Address 4055.3912.f1e6
This bridge is the root
Int Cost 0
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 24576 4055.3912.f1e6 128.2
Te0/0/0/1 128.1 2000 DSGN FWD 24576 4055.3912.f1e6 128.1
Router3是例項0的根,因此router1在Gi0/0/0/1上有一個指向router3的根埠。Router1是例項1的根,因此router1是該例項所有介面的指定網橋。
Router2被阻塞,例如Te0/1/0/0上的例項0:
RP/0/RSP1/CPU0:router2#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed
Operating in dot1q mode
MSTI 0 (CIST):
VLANS Mapped: 1,3-4094
CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0
Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.2
Te0/1/0/0 128.1 2000 ALT BLK 28672 4055.3912.f1e6 128.1
MSTI 1:
VLANS Mapped: 2
Root ID Priority 24576
Address 4055.3912.f1e6
Int Cost 2000
Max Age 20 sec, Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6
Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 32768 f025.72a7.b13e 128.2
Te0/1/0/0 128.1 2000 ROOT FWD 24576 4055.3912.f1e6 128.1
RP/0/RSP1/CPU0:router2#
Te0/1/0/0.2正在轉發,而Te0/1/0/0.3處於阻塞狀態。當STP Blocked值為0x0時,條件為false,因此介面處於轉發狀態;當STP Blocked值為0x1時,條件為true,因此介面被阻止。
使用show uidb data命令以確認此情況並顯示網路處理器中存在的介面資料:
RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.2
ingress | i Blocked
STP Blocked 0x0
RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.3
ingress | i Blocked
STP Blocked 0x1
4.3 BVI
配置網橋域會建立L2域。為了退出該L2域,請連線橋接域內主機與外部世界之間路由的L3路由器。在上圖中,主機1可以使用router4或router5退出本地子網並到達Internet。
其中配置了網橋域的Router1和Router2是ASR 9000路由器,它們可以路由IPv4和IPv6流量。因此,這兩台路由器可以將IP流量從橋接域中取出,並將其路由到Internet本身,而不是依賴L3路由器。為此,您需要配置BVI,它是插入橋接域的L3介面,以便路由進出橋接域的資料包。
從邏輯上說,情況是這樣的:
以下是組態:
RP/0/RSP1/CPU0:router1#sh run int bvi 2
interface BVI2
ipv4 address 192.168.2.1 255.255.255.0
!
RP/0/RSP1/CPU0:router1#sh run int bvi 3
interface BVI3
ipv4 address 192.168.3.1 255.255.255.0
!
RP/0/RSP1/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
routed interface BVI3
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
routed interface BVI2
!
!
!
RP/0/RSP1/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
BVI是一個未標籤的L3介面,因此,如果您希望讓BVI處理網橋域的AC上接收到的資料包,則必須將AC配置為彈出所有傳入標籤。否則,BVI無法理解標籤並丟棄資料包。在BVI上無法配置dot1q子介面,因此必須像在上一個示例中在Gi0/0/0/1.2上所做的那樣在AC上彈出標籤。
由於BVI介面是虛擬介面,因此可以啟用的功能受到一些限制。這些限制在Cisco ASR 9000系列路由器上配置整合路由和橋接:配置IRB的限制。ASR 9000上的BVI介面不支援以下功能:
- 存取控制清單(ACL)。 但是,可以在網橋域的每個L2埠上配置L2 ACL。
- IP快速重新路由(FRR)
- Netflow
- MoFRR(僅組播快速重新路由)
- MPLS標籤交換
- mVPNv4
- 服務品質(QoS)
- 流量映象
- BVI的未編號介面
- 視訊監視(Vidmon)
BVI可以採用虛擬路由和轉發(VRF)配置,以便通過MPLS轉發BVI上接收的流量,但必須使用per-vrf label-allocation-mode。
如果需要這些限制功能之一,則不能使用BVI。另一種解決方案是在路由器的兩個連線埠之間使用外部回送纜線,其中一個連線埠位於橋接網域中,且一個連線埠設定為正常路由介面,所有功能均可設定。
4.4 VPLS
4.4.1概述
VPLS能夠通過MPLS PW將多個站點的橋接域合併到一個大型橋接域。不同站點的主機似乎直接連線到同一個L2網段,因為它們的流量在L2VPN PE之間的全網狀MPLS PW上透明封裝:
需要全網狀PW,以確保每台主機都能接收來自其他所有主機的流量。結果是,L2VPN PE不會將在VPLS PW上接收的幀轉發到其其他VPLS PW上。PW可以是全網狀,因此每個PE直接接收流量,不需要在PW之間轉發流量,因為轉發會導致環路。這稱為水準分割規則。
路由器正在運行MAC學習。在mac-address-table中存在MAC地址後,您只能通過PW將目的MAC地址的幀轉發到此MAC地址從中獲知的L2VPN PE。這樣可避免核心層出現不必要的流量重複。廣播和組播泛洪到所有PW,以確保所有主機都能接收它們。IGMP偵聽之類的功能非常有用,因為它允許僅在存在接收器或組播路由器時向PE傳送組播幀。這減少了核心層中的通訊量,儘管仍存在多個相同資料包的副本,當需要向每個PE傳送這些副本時,必須傳送這些副本。
必須在虛擬轉發例項(VFI)下配置全網狀的PW:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
在VFI下配置的PW是核心中完全網狀的PW。它們是同一水準分割組(SHG)的一部分,以確保在一個PW上接收的幀不會轉發到另一個PW。
可以配置接入PW,它們被視為一種AC型別,未在VFI下配置。有關詳細資訊,請參見H-VPLS部分。
router2、router3和router4上的組態非常類似,而所有路由器都有其他三台路由器作為VFI下的鄰居。
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (23:06:02 ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 234039, sent 7824
bytes: received 16979396, sent 584608
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16049 16042
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 15:57:36 (00:25:29 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 555, sent 285
bytes: received 36308, sent 23064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16050 16040
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:00:56 (00:22:09 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 184, sent 158
bytes: received 12198, sent 14144
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000b
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16051 289974
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225483
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:02:38 (00:20:27 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 137
bytes: received 0, sent 12064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
PW到10.0.0.12的本地標籤為16049,這表示使用標籤16049接收乙太網幀。交換決策基於此MPLS標籤,因為倒數第二的MPLS跳可能已經跳過IGP標籤。仍然可以有一個明確的空標籤,但切換決策基於PW標籤:
RP/0/RSP0/CPU0:router1#sh mpls forwarding labels 16049
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ----------
16049 Pop PW(10.0.0.12:2) BD=5 point2point 58226
標籤的show mpls forwarding labels命令會提供網橋域編號,您可以使用該編號查詢目標mac地址和接收資料包的PW(鄰居和pw-id)。然後,您可以在mac-address-table中建立指向該鄰居的條目:
RP/0/RSP0/CPU0:router1#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a01 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/1/CPU0 0d 0h 0m 0s N/A
4.4.2 PW型別和傳輸標籤
預設情況下,VPLS PW作為型別5(乙太網)PW協商。任何VLAN標籤操作後(當配置了rewrite命令時),任何內容都會通過PW傳送到AC。
用於LDP信令的Cisco IOS XR軟體版本4.1.0和帶BGP的版本4.3.1允許您在鄰居下配置pw類,並在pw類下配置傳輸模式vlan直通。這樣會交涉虛擬連線(VC)型別4(乙太網路VLAN)PW,其在設定rewrite指令時,會傳輸VLAN標籤處理之後從AC傳出的任何內容。
EFP上的VLAN標籤操作可確保幀上至少留有一個VLAN標籤,因為如果幀上有VC型別4 PW,則需要dot1q標籤。使用傳輸模式vlan傳輸模式時,不會向幀新增虛擬標籤0。
不支援在同一VFI下混合使用型別4和型別5 PW。所有PW必須屬於同一型別。
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.13 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.14 pw-id 2
pw-class VC4-PT
!
!
!
!
!
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail |
i "PW:|PW type"
MAC withdraw for Access PW: enabled
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
4.4.3自動發現和信令
上述示例基於VFI下所有鄰居的手動配置。MPLS LDP用於與鄰居的PW信令。
將新的VPLS PE新增到網路時,請配置PE以將PW新增到其每個本地網橋域中的所有現有PE。所有現有PE必須重新配置才能有到新PE的PW,因為所有PE必須完全網格化。隨著PE和網橋域數量的增加,這可能成為操作方面的挑戰。
一種解決方案是讓PE通過BGP自動發現其他PE。雖然對IBGP也有全網狀要求,但可以通過使用路由反射器來提升它。因此,新PE通常配置為與少數路由反射器對等,所有其他PE都接收其更新,新PE則接收來自其他PE的更新。
為了通過BGP發現其他PE,每個PE都配置為vpls-vpws地址系列,並在BGP中通告它們希望參與的橋接域。一旦發現屬於同一橋接域的其他對等點,則為每個對等點建立一個PW。BGP是用於此自動發現的協定。
將PW傳送到自動發現的PE有兩個選項:BGP和LDP。在這些示例中,您將使用BGP信令和LDP信令將以前的拓撲轉換為BGP自動發現。
4.4.3.1 BGP自動發現和BGP訊號
在路由器bgp和鄰居(其他PE或路由反射器)下配置address-family l2vpn vpls-vpws:
router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!
新的地址系列對鄰居有效,但還沒有任何PE宣佈它參與橋域:
RP/0/RSP0/CPU0:router1#sh bgp neighbor 10.0.0.3 | i Address family L2VPN
Address family L2VPN VPLS: advertised and received
P/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 77
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 77 77 77 77 77 77
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 252950 53252 77 0 0 1w0d 0
10.0.0.10 0 65000 941101 47439 77 0 0 00:10:18 0
在L2VPN網橋域配置模式下配置自動發現bgp和signaling-protocol bgp。router1上的設定如下:
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 11
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 11
!
!
!
!
!
!
router2上的設定為:
RP/0/RSP1/CPU0:router2#sh run l2vpn bridge group customer1
Thu May 30 15:25:55.638 CEST
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 13
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 13
!
!
!
!
!
!
對於每個橋接域,不同PE上的vpn-id和路由目標相同,但每個PE都具有唯一的虛擬邊緣識別符號(VE-ID)。 每個PE通過BGP發現VPN中的其他PE並使用BGP來向PW發出訊號。結果是各種普華永道交織在一起:
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 103 103 103 103 103 103
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 254944 53346 103 0 0 1w0d 6
10.0.0.10 0 65000 944859 47532 103 0 0 01:40:22 6
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 10.0.0.11:32769 (default for vrf customer1:finance)
*> 11:10/32 0.0.0.0 nolabel 16060
*>i12:10/32 10.0.0.12 16060 nolabel
*>i13:10/32 10.0.0.13 16060 nolabel
*>i14:10/32 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.11:32770 (default for vrf customer1:engineering)
*> 11:10/32 0.0.0.0 nolabel 16075
*>i12:10/32 10.0.0.12 16075 nolabel
*>i13:10/32 10.0.0.13 16075 nolabel
*>i14:10/32 10.0.0.14 289944 nolabel
Route Distinguisher: 10.0.0.12:32768
*>i12:10/32 10.0.0.12 16060 nolabel
* i 10.0.0.12 16060 nolabel
Route Distinguisher: 10.0.0.12:32769
*>i12:10/32 10.0.0.12 16075 nolabel
* i 10.0.0.12 16075 nolabel
Route Distinguisher: 10.0.0.13:32769
*>i13:10/32 10.0.0.13 16060 nolabel
* i 10.0.0.13 16060 nolabel
Route Distinguisher: 10.0.0.13:32770
*>i13:10/32 10.0.0.13 16075 nolabel
* i 10.0.0.13 16075 nolabel
Route Distinguisher: 10.0.0.14:32768
*>i14:10/32 10.0.0.14 289959 nolabel
* i 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.14:32769
*>i14:10/32 10.0.0.14 289944 nolabel
* i 10.0.0.14 289944 nolabel
Processed 14 prefixes, 20 paths
以下是router3通告的字首(10.0.0.13),如router1上所見;字首通過兩個路由反射器10.0.0.3和10.0.0.10接收:
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32770 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32770
Versions:
Process bRIB/RIB SendTblVer
Speaker 92 92
Last Modified: May 30 15:10:44.100 for 01:23:38
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 92
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32769 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32769
Versions:
Process bRIB/RIB SendTblVer
Speaker 93 93
Last Modified: May 30 15:10:44.100 for 01:25:02
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 93
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10
Router1已建立一些PW:
RP/0/RSP0/CPU0:router1#sh l2vpn discovery bridge-domain
Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16060 10 10 05/30/2013 15:07:39
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289959 10 10 10.0.0.14 05/30/2013 15:11:22
Bridge group: customer1, bridge-domain: engineering, id: 5, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16075 10 10 05/30/2013 15:08:54
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289944 10 10 10.0.0.14 05/30/2013 15:11:22
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain autodiscovery bgp
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10120, sent 43948
bytes: received 933682, sent 2989896
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000c
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16062 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225484
Create time: 30/05/2013 15:09:52 (01:29:44 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:44 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2679, sent 575
bytes: received 171698, sent 51784
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000e
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16063 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225486
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 11, sent 574
bytes: received 1200, sent 51840
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc0000010
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16064 289960
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225488
Create time: 30/05/2013 15:11:22 (01:28:15 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:15 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 561
bytes: received 0, sent 50454
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243532, sent 51089
bytes: received 17865888, sent 3528732
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000d
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16077 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225485
Create time: 30/05/2013 15:09:52 (01:29:45 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:45 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2677, sent 574
bytes: received 171524, sent 51670
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000f
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16078 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225487
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 17, sent 572
bytes: received 1560, sent 51636
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000011
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16079 289945
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225489
Create time: 30/05/2013 15:11:22 (01:28:16 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:16 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 559
bytes: received 0, sent 50250
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
4.4.3.2 BGP自動探索和LDP訊號
使用address-family l2vpn vpls-vpws命令的BGP配置與BGP信令的配置完全相同。修改L2VPN配置,以便通過signaling-protocol ldp命令使用LDP信令。
所有四台PE上使用相同的配置:
router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol ldp
vpls-id 65000:3
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol ldp
vpls-id 65000:2
!
!
!
!
!
!
vpls-id由BGP自治系統(AS)編號和vpn-id組成。
來自router1的三個show命令說明已使用發現的PE建立了PW:
RP/0/RSP0/CPU0:router1#sh l2vpn discovery
Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3,
signaling protocol: LDP
VPLS-ID: 65000:3
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46
Bridge group: customer1, bridge-domain: engineering, id: 5,
signaling protocol: LDP
VPLS-ID: 65000:2
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10362, sent 45038
bytes: received 956240, sent 3064016
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:3
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000003
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16006 16033
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:3 65000:3
Group ID 0x3 0x0
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225475
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:25 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 40
bytes: received 12160, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16016 16020
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:22 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16049 289970
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 30/05/2013 17:11:46 (00:05:04 ago)
Last time status changed: 30/05/2013 17:11:51 (00:04:59 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243774, sent 52179
bytes: received 17888446, sent 3602852
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned (Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:2
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16027 16042
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:2 65000:2
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:26 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 41
bytes: received 12160, sent 3690
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16043 16021
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:2 65000:2
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:23 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16050 289974
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:2 65000:2
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 30/05/2013 17:11:46 (00:05:05 ago)
Last time status changed: 30/05/2013 17:11:51 (00:05:00 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
4.4.4 MAC刷新和退出
VPLS中的轉發基於mac地址表,該地址表通過學習接收幀的源MAC地址動態建立。如果網橋域中發生拓撲更改,可以通過不同的AC或VPLS鄰居到達主機。如果繼續根據現有mac-address-table轉發幀,則該主機的流量將無法到達其目的地。
對於L2VPN PE,有多種方法可以檢測拓撲更改:
- 網橋域中的埠開啟或關閉。
- 當L2VPN PE運行完全MST實施或生成樹訪問網關協定時,會處理生成樹拓撲更改通知(TCN)BPDU。故障鏈路不能是PE上的本地鏈路,但在拓撲中可能更遠。PE會攔截TCN。
當L2VPN PE檢測到拓撲更改時,它會採取兩種操作:
- PE刷新受拓撲更改影響的網橋域的mac-address-table。當為PVSTAG或每VLAN快速生成樹接入網關(PVRSTAG)配置PE時,在一個VLAN子介面中檢測到的TCN BPDU會影響該物理介面上的所有VLAN和網橋域。
- PE通過MPLS LDP MAC撤銷消息向VPLS鄰居發出訊號,指示它們可以刷新其mac-address-table。所有收到MAC撤銷LDP消息的遠端L2VPN PE都會刷新其mac-address-table,流量會再次泛洪。根據新拓撲重建mac-address-tables。
在連線埠翻動發生變化時,MAC撤銷訊息的預設行為會隨時間而變更:
- 傳統上,在Cisco IOS XR軟體中,L2VPN PE在AC關閉時傳送MAC撤銷消息。其目的是讓遠端PE刷新受影響的橋接域的MAC地址表,以便從另一個埠獲取指向被關閉埠後面的MAC地址。
- 但是,這給一些使用RFC 4762的遠端PE帶來了互操作性問題,並清除所有PE上指向的MAC地址(傳送MAC撤銷消息的PE除外)。RFC 4762假定PE會在AC啟動時傳送MAC撤銷消息,但在AC關閉時不會傳送。在Cisco IOS XR軟體版本4.2.1後,預設行為是僅在橋接器網域連線埠開啟時傳送LDP MAC撤銷訊息,以便更好地遵守RFC。已新增配置命令以恢復到舊行為。
以下是Cisco IOS XR軟體版本4.2.1後具有預設行為的show命令:
RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain bd-name engineering det |
i "PW:|VFI|neighbor|MAC w"
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 4
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 2
VFI Statistics:
重要的一行是在網橋埠關閉時傳送的MAC撤消,在Cisco IOS XR軟體版本4.2.1之後,該命令現在預設處於禁用狀態。該命令還提供在網橋域中傳送和接收的MAC撤退消息的數量。大量退出消息表示網橋域不穩定。
這是回覆為舊行為的組態:
l2vpn
bridge group customer1
bridge-domain finance
mac
withdraw state-down
!
!
!
!
4.4.5 H-VPLS
VPLS要求在L2VPN PE之間實現全網狀PW,以確保任何PE能夠在一跳中到達任何其他PE後面的主機,而無需一個PE將幀從一個PW反射到另一個PW。這是水準分割規則的基礎,該規則防止PE將幀從一個PW轉發到另一個PW。即使在特殊情況下,MAC地址表中的目標MAC地址指向另一個PW,幀也會被丟棄。
全網狀的PW意味著隨著PE數量的增長,PW的數量可能會變得非常高,因此這會帶來可擴充性問題。
您可以使用分層的PE減少此拓撲中的PW數量:
在此拓撲中:
- 使用者提供商邊緣(U-PE)裝置具有到CE的AC。
- U-PE裝置通過MPLS點對點PW將CE業務傳輸到網路提供商邊緣(N-PE)裝置。
- N-PE是與其他N-PE完全嚙合的核心VPLS PE。
- 在N-PE上,來自U-PE的PW被視為訪問PW,非常類似於AC。U-PE不與其他N-PE網狀網的一部分,因此N-PE可以將接入PW視為AC,並將流量從接入PW轉發到作為VPLS全網狀網一部分的核心PW。
- 在VFI下配置N-PE之間的核心PW,以確保水準分割規則應用於在VFI下配置的所有核心PW。
- 來自U-PE的訪問PW未在VFI下配置,因此它們不屬於與VFI PW相同的SHG。流量可以從接入PW轉發到VFI PW,反之亦然。
- U-PE可以使用PW冗餘功能將主PW設定為主N-PE,將備用PW設定為備用N-PE。當主PW關閉時,備用裝置將接管。
在以下範例中,U-PE1(10.0.0.15)配置了N-PE1(10.0.0.11)和N-PE2(10.0.0.12)的PW冗餘:
RP/0/RP0/CPU0:U-PE1#sh run int ten 0/1/0/5.2
interface TenGigE0/1/0/5.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/0/RP0/CPU0:U-PE1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p engineering-0-1-0-5
interface TenGigE0/1/0/5.2
neighbor 10.0.0.11 pw-id 15
backup neighbor 10.0.0.12 pw-id 15
!
!
!
!
!
RP/0/RP0/CPU0:U-PE1#sh l2vpn xconnect group customer1
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- -----------------------------
customer1 engineering-0-1-0-5
UP Te0/1/0/5.2 UP 10.0.0.11 15 UP
Backup
10.0.0.12 15 SB
---------------------------------------------------------------------------------
PW到10.0.0.12處於備用狀態。在N-PE1上,有一個通向10.0.0.15的接入PW和一個不在VFI下的AC。
N-PE1正在通過接入PW和VFI PW獲取一些MAC地址:
RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: up, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:N-PE1#sh l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A
在N-PE2(10.0.0.12)上,接入PW處於備用狀態:
RP/0/RSP0/CPU0:N-PE2#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE2#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 1, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: standby, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
4.4.6水準分割組(SHG)
水準分割規則規定在一個VFI PW上接收的幀不能通過另一個VFI PW轉發。VFI N-PE可以全網狀。
此水準分割通過SHG實施:
- 來自一個SHG的成員無法相互轉發幀,但可以將幀轉發到其他SHG的成員。
- 預設情況下,所有VFI PW都分配給SHG 1。這可確保VFI PW之間沒有轉發,以便實施水準分割規則。在VFI PW上接收的資料包可以轉發到AC和訪問PW,因為它們不是同一個SHG的一部分。
- 預設情況下,所有AC和訪問PW都不屬於SHG組,這意味著在AC或訪問PW上接收的資料包可以轉發到同一網橋域中的另一個AC或訪問PW。
- 如果目標是防止在AC和訪問PW之間轉發,可以使用split-horizon group命令將AC和訪問PW分配給SHG 2。
RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
split-horizon group
!
interface GigabitEthernet0/1/0/3.2
split-horizon group
!
neighbor 10.0.0.15 pw-id 15
split-horizon group
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
在此配置中,在Gi 0/0/0/1.2和Gi 0/1/0/3.2、Gi 0/0/0/1.2和10.0.0.15或Gi 0/1/0/3.2和10.0.0.15之間沒有轉發。但是,在AC和VFI PW之間仍可能存在流量轉發,因為它們屬於不同的SHG(1和2)。
RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering detail |
i "state is|List of|VFI|Split"
Split Horizon Group: none
ACs: 2 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/0/0/1.2, state is unresolved
Split Horizon Group: enabled
AC: GigabitEthernet0/1/0/3.2, state is up
Split Horizon Group: enabled
List of Access PWs:
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
Split Horizon Group: enabled
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
VFI Statistics:
4.4.7冗餘
在嘗試引入冗餘時,可以有一個雙連線到VPLS域的站點:
如果連線到switch1的主機傳送了廣播,則switch1會將其轉發到router1和switch2。Router1具有全網狀PW,因此存在一個PW到router2,而router1通過該PW轉發廣播。Router2將廣播轉送到switch2,switch2將廣播轉送到switch1。這會導致實體回圈。
4.4.7.1生成樹
完整MST實現不能與VPLS一起使用,因為該實現在主介面上傳送MST BPDU,以便控制該介面上所有VLAN的轉發狀態。使用VPLS時,每個網橋域都有VFI,因此您無法在主介面上傳送所有VFI的BPDU。
預設情況下,生成樹BPDU通過VPLS和點對點PW傳輸。
如果switch1和switch2傳送的是每個VLAN BPDU或未標籤的MST BPDU,並且如果BPDU與router1和router2上的l2傳輸子介面匹配,則通過VPLS傳輸BPDU。交換機在Gi 0/1介面上看到彼此的BPDU,並且生成樹會中斷環路並阻塞一個埠。
Switch2是VLAN 2的根:
switch2#sh spanning-tree vlan 2
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0024.985e.6a00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Desg FWD 20000 128.1 P2p Bound(PVST)
Gi0/2 Desg FWD 20000 128.2 P2p Bound(PVST)
交換機1的根埠位於Gi 0/1上,並且正在阻塞Gi 0/2:
switch1#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p
問題在於BPDU也傳輸到遠端站點,並且一個站點中的生成樹不穩定會傳播到連線到VPLS域的所有站點。隔離每個站點而不通過VPLS傳輸BPDU會更安全。
一種解決方案是使用STP的接入網關版本。這是該協定的有限實施,其中L2VPN PE配置為傳送一些靜態BPDU,以便顯示為連線到生成樹根。L2VPN PE不會將從CE接收的BPDU傳輸到遠端站點,因此每個站點都有自己的生成樹域。
4.4.7.2 MSTAG
如生成樹一節所述,MST傳送未標籤的BPDU,但這些BPDU控制介面上所有VLAN的轉發狀態。
VLAN可以分組到多個例項中,每個例項都有自己的轉發狀態。
VLAN通常會進行分組,以便流量可以在多個路徑之間均勻分佈。當有兩條路徑時,一半的流量屬於在第一條路徑上轉發而在第二條路徑上阻塞的例項。流量的另一半屬於在第一路徑上阻塞,而在第二路徑上轉發流量的例項。這樣可以在穩定的條件下實現兩條路徑之間的負載均衡。否則,有一個路徑通常被完全阻塞,並且僅當主路徑關閉時才啟用。
以下是典型的MSTAG拓撲:
在本實驗示例中,例項1具有VLAN 2,例項0具有其他VLAN。(在更現實的情況中,VLAN在多個例項之間分佈,以便在例項之間實現良好的流量負載平衡。) 因為有些VLAN的流量比其它的VLAN要多得多,所以每個例項中的VLAN數量不一定相同。
這是MST例項0的配置:
- Router1和router2將根據MSTAG設定傳送一些靜態BPDU。它們不會處理來自網路的傳入BPDU,也不會嘗試運行完整實施。使用MSTAG時,兩個L2VPN PE僅根據它們的MSTAG配置傳送靜態BPDU。
- Router1設定為透過成為例項0的根來吸引該例項的流量。
- Router2配置了例項0的次佳根優先順序,以便在router1發生故障或switch1和router1之間發生AC故障時,它成為新的根優先順序。
- 在通向router2的埠Gi 0/1上,為switch2配置了較高的生成樹開銷,以確保其通向根的主路徑位於Gig 0/2上通過switch1和router1。
- Switch2選擇Gi 0/2作為instance0的根埠,選擇Gi 0/1作為備用埠,以防根埠丟失。
- 因此,來自屬於例項0的VLAN中該站點的流量通過router1通過VPLS到達其他站點。
對於MST例項1(VLAN 2),配置顛倒:
- Router2的設定旨在透過成為例項1的根來吸引該例項的流量。
- Router1配置了例項1的次優根優先順序,這樣在router2發生故障或switch2和router2之間發生AC故障時,它就成為新的根橋。
- 在連線到router1的埠Gi 0/1上,為switch1配置了較高的生成樹開銷,以確保其通往根的主路徑位於Gig 0/2上,通過switch2和router2。
- 交換機1選擇Gi 0/2作為例項1的根埠,選擇Gi 0/1作為備用埠,以防根埠丟失。
- 因此,來自屬於例項1(在本例中為VLAN 2)的VLAN中該站點的流量通過router2到達VPLS上的其他站點。
- router1和router2上必須有一個子介面,才能擷取未標籤的TCN並通過點對點PW轉送到另一個路由器。因為switch1和switch2可能會丟失其直接鏈路並相互隔離,所以router1和router2必須通過點對點PW在它們之間轉發TCN。
- PE還會擷取TCN,刷新其mac地址表,並將LDP MAC撤銷傳送到遠端PE。
以下是router1上的組態:
RP/0/RSP0/CPU0:router1#sh run int gigabitEthernet 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!
RP/0/RSP0/CPU0:router1#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0001
instance 0
root-id 0000.0000.0001
priority 4096
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 8192
root-priority 4096
!
!
!
RP/0/RSP0/CPU0:router1#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0001
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3048
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 369
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 322
在此組態中,請注意:
- 在MST例項0中,根網橋為0000.0000.0001,即router1的網橋ID。
- 在MST例項1中,根網橋為0000.0000.0002,即router2的網橋ID。
- 路由器1的網橋優先順序在例項0中為4096(成為根),在例項1中為8192(成為次優根)。
- 路由器1的網橋優先順序在例項0中為8192(成為次優根),在例項1中為4096(成為根)。
- GigabitEthernet0/1/0/3.1上的點對點交叉連線將未標籤的MST TCN傳輸到另一台路由器。
在dot1q子介面上配置了輸出ACL,以便丟棄尚未遷移到MST的另一站點可以傳送的每個VLAN BPDU。此配置可防止CE交換機在為MST配置的介面上收到每VLAN BPDU時宣告介面不一致。
router2上的組態非常類似:
RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!
RP/0/RSP0/CPU0:router2#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0002
instance 0
root-id 0000.0000.0001
priority 8192
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 4096
root-priority 4096
!
!
!
RP/0/RSP0/CPU0:router2#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0002
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3186
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 365
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 177
以下是switch 1上的基本設定:
switch1#sh run | b spanning-tree
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch1#sh run int gig 0/1 | i spanning
spanning-tree mst 1 cost 100000
switch1#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p
因此,例項0中的流量通過router1轉發,例項1中的流量通過switch2和router2轉發。
switch2上的配置使用與switch1相同的命令:
switch2#sh run | b spanning
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch2#sh run int gig 0/1 | i spanning
spanning-tree mst 0 cost 100000
switch2#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
例如,交換機2通過switch1和router1與instance0通訊,通過router2與instance1通訊。
流量是負載均衡的,因為一個例項通過router1退出站點,另一個例項通過router2退出站點。
如果router1和switch1之間的鏈路斷開,則兩個例項都會通過router2。
switch1#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p
switch2#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 100000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p
在這種故障型別中可以實現快速收斂,因為已經選擇通過次優根的路徑作為備用路徑。使用MSTAG時,MST BPDU不會通過VPLS傳輸,因此站點會與其他站點的不穩定性隔離開來。
4.4.7.3 PVSTAG或PVRSTAG
MSTAG是VPLS的首選接入網關協定,因為它使用快速生成樹,並且因為可以使用例項而不是每個VLAN上的BPDU進行擴展。
如果站點無法遷移到MST,並且唯一的解決方案是繼續運行PVST+或PVRST,則可以使用PVSTAG或PVRSTAG,但實施僅限於一個特定的拓撲:
在此拓撲中,最重要的限制是只能有一個CE交換機。不能有MSTAG拓撲中的兩台交換機。在MSTAG中,您可以配置點對點PW,以便在站點被分割為兩個部分時,將未標籤的流量(包括BPDU TCN)從一個PE傳輸到另一個PE。使用PVST和PVRST時,TCN會進行標籤,以便它們與要通過VPLS傳輸的資料流量匹配相同的子介面。路由器必須根據MAC地址和協定型別識別BPDU,才能將TCN轉發到另一端。由於當前不支援此功能,因此要求僅有一個CE裝置。
早於Cisco IOS XR軟體版本4.3.0的版本中的另一個要求是套件組合介面不能用作AC。Cisco IOS XR軟體版本4.3.0已解除此限制。
其原理與MSTAG非常相似。PVSTAG路由器傳送靜態BPDU,以便CE看起來已連線到直接連線到(虛擬)根的交換機,其開銷為0。為了負載均衡流量,可以為router3上的根配置某些VLAN,為router4上的根配置其他VLAN。
以下是router3上的組態範例:
RP/0/RSP1/CPU0:router3#sh run int gigabitEthernet 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP1/CPU0:router3#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0001
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0001
!
!
!
RP/0/RSP1/CPU0:router3#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0
以下是router4上的組態範例:
RP/0/RSP1/CPU0:router4#sh run int gig 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router4#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!
RP/0/RSP1/CPU0:router4#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0002
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0002
!
!
!
RP/0/RSP1/CPU0:router4#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0
以下是CE switch3上的配置示例:
switch3#sh spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p
switch3#sh spanning-tree vlan 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 4 128.1 P2p
Gi0/2 Root FWD 4 128.2 P2p
PVSTAG的配置與MSTAG非常相似,不同之處在於在MSTAG示例中,將主網關的根優先順序和優先順序配置為4096,將備份網關的優先順序配置為8192。
域中的所有其他交換機的優先順序可能高於PVSTAG或PVRSTAG中配置的優先順序。
您可以調整CE交換機上的介面開銷,以影響哪個埠成為根埠以及哪個埠被阻塞。
4.4.7.4 MC-LAG
使用VPLS的MC-LAG配置比使用雙向PW冗餘的點對點PW更簡單。PE不需要一個主PW和三個備用PW,而只需全網狀VPLS PW(VPLS標準配置):
在此拓撲中,請注意:
- MC-LAG在左側的兩個VPLS PE之間運行:router2和router4。
- 在正常情況下,套件組合成員在router1和router2之間為作用中狀態,並在router1和router4之間處於待命狀態。
- Router2在VPLS橋接域下配置了捆綁子介面,因此router2將流量轉發到遠端VPLS PE。拓撲圖中顯示了兩個站點,但可能還有更多站點。
- 遠端PE通過router2從router1和後面裝置獲取MAC地址,因此PE通過router2轉發這些目標MAC地址的流量。
- 當router1和router2之間的連結關閉或router2關閉時,router1和router4之間的套件組合成員會處於使用中狀態。
- 與路由器2類似,router4的捆綁子介面也配置在VPLS網橋域下。
- 當router4上的套件組合子介面開啟時,router4會將LDP MAC撤銷訊息傳送至遠端VPLS PE,以便讓它們知道有拓撲變更。
以下是router3上的組態:
RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
配置MC-LAG捆綁後,將其新增到與任何其他AC一樣的VPLS配置下。
以下是router5上的對應組態:
RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!
RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/0/RSP1/CPU0:router5#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!
在正常情況下,router3和router6之間的套件組合成員處於活動狀態,而router5和router6之間的成員處於備用狀態:
RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x0001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8000, 0xa002 1000000
Link is marked as Standby by mLACP peer
RP/0/RSP1/CPU0:router3#
router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+---------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)
router6#
來自CE的流量在router3上接收並轉發到遠端PE:
RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP1/CPU0:router3#sh l2vpn forwarding bridge-domain customer1:
engineering mac location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
001d.4603.1f01 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
最後一個命令說明router3正在其套件組合上學習某些MAC位址,且作用中成員位於router3上。在router5上,沒有透過套件組合學習的MAC位址,因為本機成員處於待命狀態:
RP/0/RSP1/CPU0:router5#sh l2vpn forwarding bridge-domain customer1:engineering
mac location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f01 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A
當router3和router6之間的套件組合成員關閉時,套件組合成員在router5上會變為活動狀態。MC-LAG VPLS PE會傳送LDP MAC撤銷訊息,以便遠端PE清除其mac-address-table,並通過新的活動MC-LAG PE路由器5得知MAC位址。
當作用中MC-LAG套件組合成員從router3移至router5時,Router2會收到來自router3和router5的MAC撤銷訊息:
RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1 detail |
i "state is|withd|bridge-domain"
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/1/0/3.3, state is up
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/0/0/1.2, state is unresolved
AC: GigabitEthernet0/1/0/3.2, state is up
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
MAC withdraw message: send 2 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1
router2上的MAC位址從router3(10.0.0.13)移動到router5(10.0.0.14):
RP/0/RSP0/CPU0:router2#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f02 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A
使用MC-LAG,站點可以使用單個捆綁包通過VPLS連線到其他站點。MC-LAG提供鏈路和PE冗餘,但在邏輯上,它仍是一個用於到達其他站點的捆綁介面。該捆綁包不需要生成樹,而且可以在CE上配置BPDU過濾器,以確保站點之間不會通過VPLS交換BPDU。
另一種方法是在套件組合的AC上設定乙太網路服務存取清單,以捨棄BPDU的目標MAC位址,如此一來BPDU就不會在站點之間傳輸。但是,如果在站點之間引入後門鏈路,則生成樹無法中斷環路,因為它沒有在MC-LAG捆綁包上運行。因此,請仔細評估是否禁用MC-LAG捆綁包上的生成樹。如果精心維護站點之間的拓撲,最好通過MC-LAG實現冗餘,而無需生成樹。
4.4.7.5 ASR 9000 nV邊緣集群
MC-LAG解決方案無需使用生成樹即可提供冗餘。一個缺點是一個MC-LAG PE的捆綁成員處於備用狀態,因此這是一個主用 — 備用解決方案,不能最大限度地提高鏈路利用率。
另一個設計選項是使用ASR 9000 nV邊緣集群,以便客戶工程師可以同時擁有每個集群機架的捆綁成員:
此解決方案的另一個好處是減少了PW的數量,因為每個站點上的每個群集僅有一個PW。當每個站點有兩個PE時,每個PE必須為每個站點上的兩個PE各有一個PW。
配置的簡單性是另一個優點。該配置看起來像一個非常基本的VPLS配置,帶有橋接域,帶捆綁包AC和VFI PW:
RP/1/RSP0/CPU0:router2#sh bundle bundle-ether 222
Bundle-Ether222
Status: Up
Local links : 2 / 0 / 2
Local bandwidth : 20000000 (20000000) kbps
MAC address (source): 0024.f71e.d309 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64
Wait while timer: 2000 ms
Load balancing: Default
LACP: Not operational
Flap suppression timer: Off
Cisco extensions: Disabled
mLACP: Not configured
IPv4 BFD: Not configured
Port Device State Port ID B/W, kbps
-------------------- ------------- ----------- -------------- ----------
Te0/0/0/8 Local Active 0x8000, 0x0005 10000000
Link is Active
Te1/0/0/8 Local Active 0x8000, 0x0001 10000000
Link is Active
RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.2
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.3
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
RP/1/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/1/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
冗餘由雙宿主到兩個機架的捆綁式AC提供,以便在捆綁式成員故障或機架故障時捆綁式保持運行。
當站點僅通過群集連線到VPLS域時,其拓撲與MC-LAG在生成樹方面類似。因此,該捆綁包不需要生成樹,而且可以在CE上配置BPDU過濾器,以確保站點之間不會通過VPLS交換BPDU。
另一種方法是在套件組合的AC上設定乙太網路服務存取清單,以捨棄BPDU的目標MAC位址,如此一來BPDU就不會在站點之間傳輸。但是,如果在站點之間引入了後門鏈路,則生成樹無法中斷環路,因為它沒有在CE-PE捆綁包上運行。因此,請仔細評估是否在CE-PE捆綁包上禁用生成樹。如果精心維護站點之間的拓撲,最好通過群集實現冗餘,而無需生成樹。
4.4.7.6基於ICCP的服務多宿主(ICCP-SM)(PMCLAG(偽MCLAG)和主用/主用)
版本4.3.1中引入了一項新功能,以克服MC-LAG的侷限性,即某些套件組合連結會因為停留在備用模式而未使用。在稱為偽MCLAG的新功能中,從DHD到附件點(PoA)的所有鏈路都在使用中,但VLAN會在不同的捆綁包之間拆分。
4.5流量風暴控制
在L2廣播域中,存在主機行為不當並傳送廣播或組播幀高速率的風險,這些幀必須在網橋域中的任意位置泛洪。另一個風險是建立L2回圈(不會被跨距樹狀目錄破壞),這會導致廣播和組播封包回圈。廣播和組播資料包的高速率會影響廣播域中主機的效能。
將一個輸入幀(廣播、組播或未知的單播幀)複製到網橋域中的多個出口埠也會影響網路中的交換裝置的效能。建立同一資料包的多個副本可能需要佔用大量資源,具體取決於必須在裝置內複製資料包的位置。例如,由於交換矩陣的組播複製功能,將廣播複製到多個不同插槽不是問題。當網路處理器必須建立同一資料包的多個副本,以便在網路處理器正在處理的某些埠上傳送時,網路處理器的效能會受到影響。
為了在發生風暴時保護裝置,流量風暴控制功能允許您配置橋域AC上要接受的最大廣播、組播和未知單播速率。有關詳細資訊,請參閱在VPLS網橋下實施流量風暴控制。
捆綁包AC介面或VFI PW不支援流量風暴控制,但非捆綁包AC和訪問PW支援流量風暴控制。此功能預設會停用;除非設定風暴控制,否則您接受任何廣播速率、組播和未知單播。
以下是組態範例:
RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
neighbor 10.0.0.15 pw-id 15
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
vfi customer1-engineering
neighbor 10.0.0.10 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1w1d ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 5 (5 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control:
Broadcast: enabled(1000)
Multicast: enabled(10000)
Unknown unicast: enabled(10000)
Static MAC addresses:
Statistics:
packets: received 251295, sent 3555258
bytes: received 18590814, sent 317984884
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
<snip>
風暴控制丟棄計數器始終出現在show l2vpn bridge-domain detail命令的輸出中。由於該功能在預設情況下是禁用的,因此只有在配置了該功能後,計數器才會開始報告丟棄。
配置的速率可能因網路之間的流量模式而異。在配置速率之前,思科建議您瞭解正常情況下廣播、組播或未知單播幀的速率。然後,在配置的速率中新增一個大於正常速率的邊距。
4.6 MAC移動
如果網路不穩定(如介面翻動),可以從新介面獲取MAC地址。這是正常的網路收斂,mac-address-table會動態更新。
但是,MAC經常移動通常表示網路不穩定,如L2環路期間嚴重的不穩定。MAC地址安全功能可讓您報告MAC移動並採取糾正措施,例如關閉違規埠。
即使未配置糾正操作,也可以配置logging命令,以便通過MAC移動消息來警告您網路不穩定:
l2vpn
bridge group customer1
bridge-domain engineering
mac
secure
action none
logging
!
!
在本例中,操作配置為無,因此當檢測到MAC移動時,除了記錄系統日誌消息之外,不會執行任何操作。以下是訊息範例:
LC/0/0/CPU0:Dec 13 13:38:23.396 : l2fib[239]:
%L2-L2FIB-5-SECURITY_MAC_SECURE_VIOLATION_AC : MAC secure in AC
GigabitEthernet0_0_0_4.1310 detected violated packet - source MAC:
0000.0000.0001, destination MAC: 0000.0001.0001; action: none
4.7 IGMP和MLD窺探
預設情況下,組播幀會泛洪到網橋域中的所有埠。當您使用高速率流(如IP電視(IPTV)服務)時,所有埠上都會轉發大量流量並通過多個PW進行複製。如果所有電視流都通過一個介面轉發,則可能會造成埠擁塞。唯一的選擇是設定功能(例如IGMP或MLD窺探),其會攔截多點傳播控制封包,以便追蹤接收者和多點傳播路由器,並在適當的時候在連線埠上轉送流。
有關這些功能的詳細資訊,請參閱Cisco ASR 9000系列路由器IOS XR 7.9.x版組播配置指南。
5.其他L2VPN主題
5.1負載平衡
當L2VPN PE需要通過MPLS PW傳送幀時,乙太網幀被封裝到具有一個或多個標籤的MPLS幀中;至少有一個PW標籤,可能還有一個IGP標籤才能到達遠端PE。
MPLS幀通過MPLS網路傳輸到遠端L2VPN PE。通常有多條路徑可到達目標PE:
PE1可以在P1和P2之間選擇作為通向PE2的第一台MPLS P路由器。如果選擇P1,則PE1在P3和P4之間選擇,依此類推。可用路徑基於IGP拓撲和MPLS TE隧道路徑。
MPLS服務提供商更願意平等地利用所有鏈路,而不是一條擁塞的鏈路與其他未充分利用的鏈路。這個目標並不總是容易實現的,因為一些PW比其他的PW承載更多流量,而且PW流量所採用的路徑取決於核心中使用的雜湊演算法。多個高頻寬PW可以雜湊到同一鏈路,從而造成擁塞。
一個非常重要的要求是,來自一個流的所有資料包都可以遵循相同的路徑。否則,將導致幀順序混亂,從而影響應用程式的品質或效能。
思科路由器上MPLS網路中的負載均衡通常基於底部MPLS標籤之後的資料。
- 如果底部標籤後的資料以0x4或0x6開頭,則MPLS P路由器會假定MPLS資料包內存在IPv4或IPv6資料包,並嘗試根據從幀提取的源和目標IPv4或IPv6地址的雜湊值進行負載平衡。理論上,這不能適用於封裝並通過PW傳輸的乙太網幀,因為目的MAC地址遵循底部標籤。但最近分配了以0x4和0x6開頭的MAC地址範圍。MPLS P路由器可能會錯誤地認為乙太網報頭實際上是IPv4報頭,並根據假設IPv4源地址和目的地址對幀進行雜湊。來自PW的乙太網幀可以在MPLS核心中的不同路徑上雜湊,這會導致PW中的幀順序不齊和應用品質問題。解決方案是在可以連線到點對點或VPLS PW的pw類下配置控制字。控制字將緊接在MPLS標籤之後插入。控制字不以0x4或0x6開頭,因此避免了問題。
RP/1/RSP0/CPU0:router#sh run l2vpn bridge group customer1 bridge-domain
engineering
l2vpn
pw-class control-word
encapsulation mpls
control-word
!
!
bridge group customer1
bridge-domain engineering
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
pw-class control-word
!
<snip>
RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
<snip>
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
PW class control-word, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.10
PW type Ethernet, control word enabled, interworking none
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 281708 16043
Group ID 0x4 0x5
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word enabled enabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x7 0x7
(control word) (control word)
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------ - 如果MPLS標籤堆疊底部之後立即出現的資料不是以0x4或0x6開頭,則P路由器會根據底部標籤進行負載均衡。來自一個PW的所有流量都遵循相同的路徑,因此不會發生無序資料包,但在高頻寬PW的情況下,這可能導致某些鏈路擁塞。在Cisco IOS XR軟體版本4.2.1中,ASR 9000支援流量感知傳輸(FAT)PW功能。此功能在L2VPN PE上運行,在點對點或VPLS PW的兩端之間進行協商。入口L2VPN PE檢測AC和L2VPN配置上的流,並在MPLS標籤堆疊底部的PW MPLS標籤下插入新的MPLS流標籤。輸入PE根據源和目標MAC地址(預設)或源和目標IPv4地址(可配置)檢測流量。 預設情況下使用MAC地址;建議使用IPv4地址,但必須手動配置。
利用FAT PW功能,入口L2VPN PE每個src-dst-mac或src-dst-ip插入一個底部MPLS標籤。MPLS P路由器(在PE之間)在可用路徑上雜湊幀,然後根據MPLS堆疊底部的FAT PW流標籤到達目標PE。這通常可以在核心層提供更好的頻寬利用率,除非PW只傳送少數src-dst-mac或src-dst-ip會話。思科建議您使用控制字,這樣可以避免在流標籤之後立即出現以0x4和0x6開頭的MAC地址。這可確保雜湊值基於偽IP地址而不基於流標籤。
利用此功能,來自一個PW的流量在核心中的多個路徑上負載均衡(如果可用)。應用程式流量不會受到資料包順序錯誤的影響,因為從同一源(MAC或IP)發往同一目標(MAC或IP)的所有流量都遵循相同的路徑。
以下是組態範例:
l2vpn
pw-class fat-pw
encapsulation mpls
control-word
load-balancing
flow-label both
!
!
!
bridge group customer1
bridge-domain engineering
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
pw-class fat-pw
RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
<snip>
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
PW class fat-pw, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.10
PW type Ethernet, control word enabled, interworking none
Sequencing not set
Load Balance Hashing: src-dst-ip
Flow Label flags configured (Tx=1,Rx=1), negotiated (Tx=1,Rx=1)
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 281708 16043
Group ID 0x4 0x5
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word enabled enabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x7 0x7
(control word) (control word)
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
5.2日誌記錄
可在L2VPN配置模式下配置不同型別的日誌消息。配置l2vpn日誌記錄以接收L2VPN事件的系統日誌警報,並配置日誌記錄偽線以確定PW狀態何時更改:
l2vpn
logging
bridge-domain
pseudowire
nsr
!
如果配置了許多PW,消息可能會泛洪日誌。
5.3 ethernet-services access-list
您可以使用乙太網路服務存取清單來捨棄來自特定主機的流量,或驗證路由器是否正在從l2transport介面上的主機取得封包:
RP/0/RSP0/CPU0:router#sh run ethernet-services access-list count-packets
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3
20 permit any any
!
RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group count-packets egress
!
RP/0/RSP0/CPU0:router#sh access-lists ethernet-services count-packets
hardware egress location 0/1/CPU0
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3 (5 hw matches)
20 permit any any (30 hw matches)
只能使用hardware關鍵字檢視硬體匹配項。根據access-group的方向使用ingress或egress關鍵字。還指定了應用訪問清單的介面的線路卡位置。
您還可以將ipv4存取清單套用到l2傳輸介面上,作為安全或疑難排解功能:
RP/0/RSP0/CPU0:router#sh run ipv4 access-list count-pings
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2
20 permit ipv4 any any
!
RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ipv4 access-group count-pings ingress
!
RP/0/RSP0/CPU0:router#sh access-lists ipv4 count-pings hardware ingress
location 0/1/CPU0
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2 (5 hw matches)
20 permit ipv4 any any (6 hw matches)
5.4乙太網出口過濾器
在AC的出口方向上,假設沒有可判斷輸出VLAN標籤的rewrite ingress tag pop <>symmetric命令。在這種情況下,根據encapsulation命令檢查以確保傳出幀具有正確的VLAN標籤。
以下是組態範例:
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
!
interface GigabitEthernet0/1/0/39.2 l2transport
encapsulation dot1q 2
!
l2vpn
bridge group customer2
bridge-domain test
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/3.3
!
interface GigabitEthernet0/1/0/39.2
!
!
!
!
在此組態中:
- GigabitEthernet0/1/0/39.2上收到dot1q標籤2的廣播會保留其傳入標籤,因為沒有rewrite ingress命令。
- 該廣播被dot1q標籤2從GigabitEthernet0/1/0/3.2泛洪出去,但這不會導致問題,因為GigabitEthernet0/1/0/3.2也配置了dot1q標籤2。
- 該廣播也會從GigabitEthernet0/1/0/3.3泛洪出去,從而保留其原始標籤2,因為GigabitEthernet0/1/0/3.3上沒有rewrite命令。GigabitEthernet0/1/0/3.3上的encapsulation dot1q 3命令不會在輸出方向上選中。
- 結果是,對於GigabitEthernet0/1/0/39上接收到標籤2的一個廣播,有兩個標籤2的廣播從GigabitEthernet0/1/0/3傳出。重複的流量可能會導致一些應用程式問題。
- 解決方案是設定嚴格的乙太網路輸出過濾器,以確保封包離開子介面時具有正確的VLAN標籤。否則,不會轉發資料包並丟棄資料包。
interface GigabitEthernet0/1/0/3.2 l2transport
ethernet egress-filter strict
!
interface GigabitEthernet0/1/0/3.3 l2transport
ethernet egress-filter strict
!
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
2.0 |
13-Jan-2025 |
已新增Alt文本。更新的PII、SEO、品牌要求、機器翻譯、樣式要求、目標連結、文章描述和格式。 |
1.0 |
07-Aug-2013 |
初始版本 |
意見