- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-正文
本章节下载: 01-正文 (497.87 KB)
目 录
本文档介绍了ADWAN分支方案智能选路 典型配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文假设您已了解SDWAN、VXLAN、智能选路、SSL、BGP、OSPF、iNQA、NQA、NTP等特性。
本配置举例是在中低端MSR3610-IE-DP路由器Release 6749版本上进行配置和验证的。
在图1所示的SDWAN组网中,CPE 1和CPE 2部署在分支网络中,RR部署在数据中心网络中。现需要实现企业分支与数据中心网络互访,通过智能选路,设备可以按照定义的选路策略为企业分支与数据中心之间的业务流量选择合适的路径。具体组网需求如下:
· CPE 1、CPE 2和RR分别属于Site1、Site2和Site3,设备ID都为1,分别通过GigabitEthernet1/0/3连接到分支网络或数据中心网络的本地设备。在CPE 1、CPE 2和RR之间建立SDWAN隧道,分支网络和数据中心网络通过SDWAN隧道实现互联。
· CPE 1、CPE 2分别为业务流量配置两条优先级相同的链路,当两条链路都符合业务要求时会实现负载分担;RR分别为业务流量配置两条优先级不同的链路,优先为业务流量选择优先级较高的链路。
· CPE 1、CPE 2和RR之间建立SDWAN隧道无法对报文进行加密,通过应用IPsec加密技术对SDWAN隧道上转发的报文进行安全保护。
图1 基于SDWAN组网的智能选路组网图
· 按照图1配置各接口的IP地址和掩码,具体配置过程略。
· 通过FTP、TFTP等协议将证书文件传送到SDWAN server的存储介质中,并配置pki import命令将CA证书、本地证书导入到SDWAN server上指定的PKI域中,过程略。
在SDWAN网络中,SDWAN client与SDWAN server之间建立SSL连接完成CPE与RR之间控制通道的建立:
· RR作为路由反射器,在CPE 1和CPE 2之间反射TTE信息和私网路由。
· 通过配置IPsec功能,对SDWAN隧道上转发的报文进行安全保护。
· 在CPE 1、CPE 2和RR上配置iNQA功能,CPE 1、CPE 2和RR均为Collector,RR同时为Analyzer。
· CPE 1、CPE 2和RR的GigabitEthernet1/0/1接口连接到Internet1,GigabitEthernet1/0/2接口连接到Internet2。在CPE 1、CPE 2和RR上分别创建SDWAN隧道Tunnel 1和Tunnel 2,Tunnel 1的源接口和发送隧道报文的出接口为GigabitEthernet1/0/1,Tunnel 2的源接口和发送隧道报文的出接口为GigabitEthernet1/0/2。
配置智能选路策略,使CPE 1、CPE 2和RR可以分别为不同业务报文(通过DSCP区分)选择最高优先级的一条或者两条链路(负载分担)进行转发。
· 配置业务流量模板1和业务流量模板2,指导DSCP为1和DSCP为2的报文选择最优的SDWAN隧道进行传输。
· 在CPE 1、CPE 2和RR分别配置业务流量模板1的质量策略关联SLA 1、业务流量模板2的质量策略关联SLA 2,按照质量策略为业务流量进行链路质量探测和评估。
· CPE 1、CPE 2和RR的链路负载分担模式均为逐流加权选路模式(缺省模式,无需配置)。
· 发送SDWAN隧道报文的物理接口带宽均符合业务流量带宽要求。
(1) 配置CPE 1
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段11.1.1.0/24,接口GE1/0/2的主IP地址位于网段12.1.1.0/24,所在的OSPF区域ID为0。
<CPE1> system-view
[CPE1] ospf 1
[CPE1-ospf-1] area 0
[CPE1-ospf-1-area-0.0.0.0]] network 11.1.1.0 0.0.0.255
[CPE1-ospf-1-area-0.0.0.0]] network 12.1.1.0 0.0.0.255
[CPE1-ospf-1-area-0.0.0.0]] quit
[CPE1-ospf-1]] quit
(2) 配置CPE 2
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段21.1.1.0/24,接口GE1/0/2的主IP地址位于网段22.1.1.0/24,所在的OSPF区域ID为0。
<CPE2> system-view
[CPE2] ospf 1
[CPE2-ospf-1] area 0
[CPE2-ospf-1-area-0.0.0.0]] network 21.1.1.0 0.0.0.255
[CPE2-ospf-1-area-0.0.0.0]] network 22.1.1.0 0.0.0.255
[CPE2-ospf-1-area-0.0.0.0]] quit
[CPE2-ospf-1]] quit
(3) 配置RR
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段31.1.1.0/24,接口GE1/0/2的主IP地址位于网段32.1.1.0/24,所在的OSPF区域ID为0。
<RR> system-view
[RR] ospf 1
[RR-ospf-1] area 0
[RR-ospf-1-area-0.0.0.0]] network 31.1.1.0 0.0.0.255
[RR-ospf-1-area-0.0.0.0]] network 32.1.1.0 0.0.0.255
[RR-ospf-1-area-0.0.0.0]] quit
[RR-ospf-1]] quit
(1) 配置CPE 1
# 配置CPE 1的站点ID为1,站点名称为Site1,设备ID为1,站点角色为CPE,系统IP为Loopback10接口下的主IP地址。
[CPE1] sdwan site-id 1
[CPE1] sdwan site-name Site1
[CPE1] sdwan device-id 1
[CPE1] sdwan site-role cpe
[CPE1] sdwan system-ip loopback 10
# 配置SDWAN报文的源UDP端口号为3000。
[CPE1] sdwan encapsulation global-udp-port 3000
(2) 配置CPE 2
# 配置CPE 2的站点ID为2,站点名称为Site2,设备ID为1,站点角色为CPE,系统IP为Loopback10接口下的主IP地址。
[CPE2] sdwan site-id 2
[CPE2] sdwan site-name Site2
[CPE2] sdwan device-id 1
[CPE2] sdwan site-role cpe
[CPE2] sdwan system-ip loopback 10
# 配置SDWAN报文的源UDP端口号为3000。
[CPE2] sdwan encapsulation global-udp-port 3000
(3) 配置RR
# 配置RR的站点ID为3,站点名称为Site3,设备ID为1,站点角色为RR,系统IP为Loopback10接口下的主IP地址。
[RR] sdwan site-id 3
[RR] sdwan site-name Site3
[RR] sdwan device-id 1
[RR] sdwan site-role rr
[RR] sdwan system-ip loopback 10
# 配置SDWAN报文的源UDP端口号为3000。
[RR] sdwan encapsulation global-udp-port 3000
(1) 配置CPE 1为SDWAN Client
# 指定SDWAN Server的System IP为130.1.1.1、IP地址为31.1.1.1、TCP端口号为4000,指定与RR(SDWAN server)建立SSL连接时引用的SSL客户端策略为plc1。
[CPE1] ssl client-policy plc1
[CPE1-ssl client-policy plc1] prefer-cipher rsa_aes_256_cbc_sha
[CPE1-ssl client-policy plc1] undo server-verify enable
[CPE1-ssl client-policy plc1] quit
[CPE1] sdwan server system-ip 130.1.1.1 ip 31.1.1.1 port 4000
[CPE1] sdwan ssl-client-policy plc1
(2) 配置CPE 2为SDWAN Client
# 指定SDWAN Server的System IP为130.1.1.1、IP地址为32.1.1.1、TCP端口号为4000,指定与RR(SDWAN server)建立SSL连接时引用的SSL客户端策略为plc1。
[CPE2] ssl client-policy plc1
[CPE2-ssl client-policy plc1] prefer-cipher rsa_aes_256_cbc_sha
[CPE2-ssl client-policy plc1] undo server-verify enable
[CPE2-ssl client-policy plc1] quit
[CPE2] sdwan server system-ip 130.1.1.1 ip 32.1.1.1 port 4000
[CPE2] sdwan ssl-client-policy plc1
(3) 配置RR为SDWAN Server
# 在RR上配置SDWAN Server服务的TCP端口号为4000,与CPE(SDWAN Client)之间建立SSL连接时引用的SSL服务器端策略为plc1,并开启SDWAN Server服务。
[RR] pki domain dm1
[RR-pki-domain-1] public-key rsa general name dm1 length 2048
[RR-pki-domain-1] undo crl check enable
[RR-pki-domain-1] quit
[RR] ssl server-policy plc1
[RR-ssl-server-policy-plcl] pki-domain dm1
[RR-ssl-server-policy-plcl] quit
[RR] sdwan server port 4000
[RR] sdwan ssl-server-policy plc1
[RR] sdwan server enable
(1) 配置CPE 1
# 创建SDWAN隧道接口Tunnel 1,配置Tunnel1的源接口为GigabitEthernet1/0/1,指定发送隧道报文的出接口为GigabitEthernet1/0/1,使用的路由域名称为rd1、路由域ID为10,使用的传输网络名称为internet1、传输网络ID为10,接口ID为30。
[CPE1] interface tunnel1 mode sdwan udp
[CPE1-Tunnel1] source gigabitethernet 1/0/1
[CPE1-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[CPE1-Tunnel1] sdwan routing-domain rd1 id 10
[CPE1-Tunnel1] sdwan transport-network internet1 id 10
[CPE1-Tunnel1] sdwan interface-id 30
[CPE1-Tunnel1] ip address unnumbered interface gigabitethernet 1/0/1
[CPE1-Tunnel1] quit
# 创建SDWAN隧道接口Tunnel 2,配置Tunnel2的源接口为GigabitEthernet1/0/2,指定发送隧道报文的出接口为GigabitEthernet1/0/2,使用的路由域名称为rd2、路由域ID为20,使用的传输网络名称为internet2、传输网络ID为20,接口ID为40。
[CPE1] interface tunnel2 mode sdwan udp
[CPE1-Tunnel2] source gigabitethernet 1/0/2
[CPE1-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[CPE1-Tunnel2] sdwan routing-domain rd2 id 20
[CPE1-Tunnel2] sdwan transport-network internet2 id 20
[CPE1-Tunnel2] sdwan interface-id 40
[CPE1-Tunnel2] ip address unnumbered interface gigabitethernet 1/0/2
[CPE1-Tunnel2] quit
(2) 配置CPE 2
# 创建SDWAN隧道接口Tunnel 1,配置Tunnel1的源接口为GigabitEthernet1/0/1,指定发送隧道报文的出接口为GigabitEthernet1/0/1,使用的路由域名称为rd1、路由域ID为10,使用的传输网络名称为internet1、传输网络ID为10,接口ID为30。
[CPE2] interface tunnel1 mode sdwan udp
[CPE2-Tunnel1] source gigabitethernet 1/0/1
[CPE2-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[CPE2-Tunnel1] sdwan routing-domain rd1 id 10
[CPE2-Tunnel1] sdwan transport-network internet1 id 10
[CPE2-Tunnel1] sdwan interface-id 30
[CPE2-Tunnel1] ip address unnumbered interface gigabitethernet 1/0/1
[CPE2-Tunnel1] quit
# 创建SDWAN隧道接口Tunnel 2,配置Tunnel2的源接口为GigabitEthernet1/0/2,指定发送隧道报文的出接口为GigabitEthernet1/0/2,使用的路由域名称为rd2、路由域ID为20,使用的传输网络名称为internet2、传输网络ID为20,接口ID为40。
[CPE2] interface tunnel2 mode sdwan udp
[CPE2-Tunnel2] source gigabitethernet 1/0/2
[CPE2-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[CPE2-Tunnel2] sdwan routing-domain rd2 id 20
[CPE2-Tunnel2] sdwan transport-network internet2 id 20
[CPE2-Tunnel2] sdwan interface-id 40
[CPE2-Tunnel2] ip address unnumbered interface gigabitethernet 1/0/2
[CPE2-Tunnel2] quit
(3) 配置RR
# 创建SDWAN隧道接口Tunnel 1,配置Tunnel1的源接口为GigabitEthernet1/0/1,指定发送隧道报文的出接口为GigabitEthernet1/0/1,使用的路由域名称为rd1、路由域ID为10,使用的传输网络名称为internet1、传输网络ID为10,接口ID为30。
[RR] interface tunnel1 mode sdwan udp
[RR-Tunnel1] source gigabitethernet 1/0/1
[RR-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[RR-Tunnel1] sdwan routing-domain rd1 id 10
[RR-Tunnel1] sdwan transport-network internet1 id 10
[RR-Tunnel1] sdwan interface-id 30
[RR-Tunnel1] ip address unnumbered interface gigabitethernet 1/0/1
[RR-Tunnel1] quit
# 创建SDWAN隧道接口Tunnel 2,配置Tunnel2的源接口为GigabitEthernet1/0/2,指定发送隧道报文的出接口为GigabitEthernet1/0/2,使用的路由域名称为rd2、路由域ID为20,使用的传输网络名称为internet2、传输网络ID为20,接口ID为40。
[RR] interface tunnel2 mode sdwan udp
[RR-Tunnel2] source gigabitethernet 1/0/2
[RR-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[RR-Tunnel2] sdwan routing-domain rd2 id 20
[RR-Tunnel2] sdwan transport-network internet2 id 20
[RR-Tunnel2] sdwan interface-id 40
[RR-Tunnel2] ip address unnumbered interface gigabitethernet 1/0/2
[RR-Tunnel2] quit
(1) 配置CPE 1
[CPE1] bgp 100
[CPE1-bgp-default] peer 130.1.1.1 as-number 100
[CPE1-bgp-default] peer 130.1.1.1 connect-interface Loopback10
[CPE1-bgp-default] address-family ipv4 tnl-encap-ext
[CPE1-bgp-default-ipv4] peer 130.1.1.1 enable
[CPE1-bgp-default-ipv4] quit
[CPE1-bgp-default] qui
(2) 配置CPE 2
[CPE2] bgp 100
[CPE2-bgp-default] peer 130.1.1.1 as-number 100
[CPE2-bgp-default] peer 130.1.1.1 connect-interface Loopback10
[CPE2-bgp-default] address-family ipv4 tnl-encap-ext
[CPE2-bgp-default-ipv4] peer 130.1.1.1 enable
[CPE2-bgp-default-ipv4] quit
[CPE2-bgp-default] quit
(3) 配置RR
[RR] bgp 100
[RR-bgp-default] peer 110.1.1.1 as-number 100
[RR-bgp-default] peer 110.1.1.1 connect-interface Loopback10
[RR-bgp-default] peer 120.1.1.1 as-number 100
[RR-bgp-default] peer 120.1.1.1 connect-interface Loopback10
[RR-bgp-default] address-family ipv4 tnl-encap-ext
[RR-bgp-default-ipv4] peer 110.1.1.1 enable
[RR-bgp-default-ipv4] peer 120.1.1.1 enable
[RR-bgp-default-ipv4] peer 110.1.1.1 reflect-client
[RR-bgp-default-ipv4] peer 120.1.1.1 reflect-client
[RR-bgp-default-ipv4] quit
[RR-bgp-default] quit
(1) 配置CPE 1
[CPE1] ipsec transform-set tran1
[CPE1-transform-set-tran1] encapsulation-mode transport
[CPE1-transform-set-tran1] esp encryption-algorithm 3des-cbc
[CPE1-transform-set-tran1] esp authentication-algorithm md5
[CPE1-transform-set-tran1] quit
[CPE1] ipsec profile prf1 sdwan
[CPE1-ipsec-profile-sdwan-prf1] transform-set tran1
[CPE1-ipsec-profile-sdwan-prf1] quit
[CPE1] interface tunnel 1
[CPE1-Tunnel1] tunnel protection ipsec profile prf1
[CPE1-Tunnel1] quit
[CPE1] interface tunnel 2
[CPE1-Tunnel1] tunnel protection ipsec profile prf1
[CPE1-Tunnel1] quit
(2) 配置CPE 2
[CPE2] ipsec transform-set tran1
[CPE2-transform-set-tran1] encapsulation-mode transport
[CPE2-transform-set-tran1] esp encryption-algorithm 3des-cbc
[CPE2-transform-set-tran1] esp authentication-algorithm md5
[CPE2-transform-set-tran1] quit
[CPE2] ipsec profile prf1 sdwan
[CPE2-ipsec-profile-sdwan-prf1] transform-set tran1
[CPE2-ipsec-profile-sdwan-prf1] quit
[CPE2] interface tunnel 1
[CPE2-Tunnel1] tunnel protection ipsec profile prf1
[CPE2-Tunnel1] quit
[CPE2] interface tunnel 2
[CPE2-Tunnel1] tunnel protection ipsec profile prf1
[CPE2-Tunnel1] quit
(3) 配置RR
[RR] ipsec transform-set tran1
[RR-transform-set-tran1] encapsulation-mode transport
[RR-transform-set-tran1] esp encryption-algorithm 3des-cbc
[RR-transform-set-tran1] esp authentication-algorithm md5
[RR-transform-set-tran1] quit
[RR] ipsec profile prf1 sdwan
[RR-ipsec-profile-sdwan-prf1] transform-set tran1
[RR-ipsec-profile-sdwan-prf1] quit
[RR] interface tunnel 1
[RR-Tunnel1] tunnel protection ipsec profile prf1
[RR-Tunnel1] quit
[RR] interface tunnel 2
[RR-Tunnel2] tunnel protection ipsec profile prf1
[RR-Tunnel2] quit
(1) 配置CPE 1
[CPE1] ip vpn-instance vpn1
[CPE1-vpn-instance-vpn1] route-distinguisher 1:1
[CPE1-vpn-instance-vpn1] vpn-target 1:1 import-extcommunity
[CPE1-vpn-instance-vpn1] vpn-target 1:1 export-extcommunity
[CPE1-vpn-instance-vpn1] sdwan vn-id 100
[CPE1-vpn-instance-vpn1] quit
[CPE1] interface gigabitethernet 1/0/3
[CPE1-GigabitEthernet1/0/3] ip binding vpn-instance vpn1
[CPE1-GigabitEthernet1/0/3] quit
(2) 配置CPE 2
[CPE2] ip vpn-instance vpn1
[CPE2-vpn-instance-vpn1] route-distinguisher 1:1
[CPE2-vpn-instance-vpn1] vpn-target 1:1 import-extcommunity
[CPE2-vpn-instance-vpn1] vpn-target 1:1 export-extcommunity
[CPE2-vpn-instance-vpn1] sdwan vn-id 100
[CPE2-vpn-instance-vpn1] quit
[CPE1] interface gigabitethernet 1/0/3
[CPE1-GigabitEthernet1/0/3] ip binding vpn-instance vpn1
[CPE1-GigabitEthernet1/0/3] quit
(1) 配置CE 1
<CE1> system-view
[CE1] bgp 200
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
(2) 配置CE 2
<CE2> system-view
[CE2] bgp 300
[CE2-bgp-default] peer 20.1.1.1 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
(3) 配置CPE 1
[CPE1] bgp 100
[CPE1-bgp-default] ip vpn-instance vpn1
[CPE1-bgp-default-vpn1] peer 10.1.1.2 as-number 200
[CPE1-bgp-default-vpn1] address-family ipv4 unicast
[CPE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[CPE1-bgp-default-ipv4-vpn1] import-route direct
[CPE1-bgp-default-ipv4-vpn1] quit
[CPE1-bgp-default-vpn1] quit
[CPE1-bgp-default] quit
(4) 配置CPE 2
[CPE2] bgp 100
[CPE2-bgp-default] ip vpn-instance vpn1
[CPE2-bgp-default-vpn1] peer 20.1.1.2 as-number 300
[CPE2-bgp-default-vpn1] address-family ipv4 unicast
[CPE2-bgp-default-ipv4-vpn1] peer 20.1.1.2 enable
[CPE2-bgp-default-ipv4-vpn1] import-route direct
[CPE2-bgp-default-ipv4-vpn1] quit
[CPE2-bgp-default-vpn1] quit
[CPE2-bgp-default] quit
(1) CPE 1
[CPE1] ip vpn-instance vpn1
[CPE1-vpn-instance-vpn1] address-family ipv4
[CPE1-vpn-ipv4-vpn1] evpn sdwan routing-enable
[CPE1-vpn-ipv4-vpn1] quit
[CPE1-vpn-instance-vpn1] quit
[CPE1] bgp 100
[CPE1-bgp-default] address-family l2vpn evpn
[CPE1-bgp-default-evpn] peer 130.1.1.1 enable
[CPE1-bgp-default-evpn] peer 130.1.1.1 advertise encap-type sdwan
[CPE1-bgp-default-evpn] quit
(2) CPE 2
[CPE2] ip vpn-instance vpn1
[CPE2-vpn-instance-vpn1] address-family ipv4
[CPE2-vpn-ipv4-vpn1] evpn sdwan routing-enable
[CPE2-vpn-ipv4-vpn1] quit
[CPE2-vpn-instance-vpn1] quit
[CPE2] bgp 100
[CPE2-bgp-default] address-family l2vpn evpn
[CPE2-bgp-default-evpn] peer 130.1.1.1 enable
[CPE2-bgp-default-evpn] peer 130.1.1.1 advertise encap-type sdwan
[CPE2-bgp-default-evpn] quit
# 配置BGP EVPN路由反射。
[RR] bgp 100
[RR-bgp-default] address-family l2vpn evpn
[RR-bgp-default-evpn] undo policy vpn-target
[RR-bgp-default-evpn] peer 110.1.1.1 enable
[RR-bgp-default-evpn] peer 110.1.1.1 reflect-client
[RR-bgp-default-evpn] peer 110.1.1.1 advertise encap-type sdwan
[RR-bgp-default-evpn] peer 120.1.1.1 enable
[RR-bgp-default-evpn] peer 120.1.1.1 reflect-client
[RR-bgp-default-evpn] peer 120.1.1.1 advertise encap-type sdwan
[RR-bgp-default-evpn] quit
(1) 配置CPE 1
# 开启iNQA的Collector功能,并绑定Analyzer标识130.1.1.1。
[CPE1] inqa collector
[CPE1-inqa-collector] analyzer 130.1.1.1
[CPE1-inqa-collector] quit
# 开启RIR-SDWAN服务。
[CPE1] rir sdwan
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[CPE1-rir-sdwan] link-select delay 30
[CPE1-rir-sdwan] link-select suppress-period 60
# 配置链路质量探测。
[CPE1-rir-sdwan] link-quality probe interval 30
# 创建SLA 1和SLA 2,分别配置不同的链路质量阈值。
[CPE1-rir-sdwan] sla 1
[CPE1-rir-sdwan-sla-1] jitter threshold 20
[CPE1-rir-sdwan-sla-1] delay threshold 60
[CPE1-rir-sdwan-sla-1] packet-loss threshold 150
[CPE1-rir-sdwan-sla-1] quit
[CPE1-rir-sdwan] sla 2
[CPE1-rir-sdwan-sla-2] jitter threshold 40
[CPE1-rir-sdwan-sla-2] delay threshold 120
[CPE1-rir-sdwan-sla-2] packet-loss threshold 300
[CPE1-rir-sdwan-sla-2] quit
# 创建业务流量模板1和业务流量模板2,分别在业务流量模板下配置相同的链路优先级,配置会话预计使用的带宽和质量策略,并配置CQI算法的时延、时延抖动和丢包率的权重为2、5、7。
[CPE1-rir-sdwan] flow 1
[CPE1-rir-sdwan-flow-1] path sdwan transport-network internet1 preference 10
[CPE1-rir-sdwan-flow-1] path sdwan transport-network internet2 preference 10
[CPE1-rir-sdwan-flow-1] expect-bandwidth 300
[CPE1-rir-sdwan-flow-1] quality-policy sla 1
[CPE1-rir-sdwan-flow-1] cqi-weight delay 2 jitter 5 packet-loss 7
[CPE1-rir-sdwan-flow-1] quit
[CPE1-rir-sdwan] flow 2
[CPE1-rir-sdwan-flow-2] path sdwan transport-network internet1 preference 20
[CPE1-rir-sdwan-flow-2] path sdwan transport-network internet2 preference 20
[CPE1-rir-sdwan-flow-2] expect-bandwidth 300
[CPE1-rir-sdwan-flow-2] quality-policy sla 2
[CPE1-rir-sdwan-flow-2] cqi-weight delay 2 jitter 5 packet-loss 7
[CPE1-rir-sdwan-flow-2] quit
[CPE1-rir-sdwan] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[CPE1] traffic classifier class1
[CPE1-classifier-class1] if-match dscp 1
[CPE1-classifier-class1] quit
[CPE1] traffic classifier class2
[CPE1-classifier-class2] if-match dscp 2
[CPE1-classifier-class2] quit
[CPE1] traffic behavior behav1
[CPE1-behavior-behav1] remark flow-id 1
[CPE1-behavior-behav1] quit
[CPE1] traffic behavior behav2
[CPE1-behavior-behav2] remark flow-id 2
[CPE1-behavior-behav2] quit
[CPE1] qos policy policy1
[CPE1-qospolicy-policy1] classifier class1 behavior behav1
[CPE1-qospolicy-policy1] classifier class2 behavior behav2
[CPE1-qospolicy-policy1] quit
[CPE1] interface gigabitethernet 1/0/3
[CPE1-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[CPE1-GigabitEthernet1/0/3] quit
(2) 配置CPE 2
# 开启iNQA的Collector功能,并绑定Analyzer标识130.1.1.1。
[CPE2] inqa collector
[CPE2-inqa-collector] analyzer 130.1.1.1
[CPE2-inqa-collector] quit
# 开启RIR-SDWAN服务。
[CPE2] rir sdwan
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[CPE2-rir-sdwan] link-select delay 30
[CPE2-rir-sdwan] link-select suppress-period 60
# 配置链路质量探测。
[CPE2-rir-sdwan] link-quality probe interval 30
# 创建SLA 1和SLA 2,分别配置不同的链路质量阈值。
[CPE2-rir-sdwan] sla 1
[CPE2-rir-sdwan-sla-1] jitter threshold 20
[CPE2-rir-sdwan-sla-1] delay threshold 60
[CPE2-rir-sdwan-sla-1] packet-loss threshold 150
[CPE2-rir-sdwan-sla-1] quit
[CPE2-rir-sdwan] sla 2
[CPE2-rir-sdwan-sla-2] jitter threshold 40
[CPE2-rir-sdwan-sla-2] delay threshold 120
[CPE2-rir-sdwan-sla-2] packet-loss threshold 300
[CPE2-rir-sdwan-sla-2] quit
# 创建业务流量模板1和业务流量模板2,分别在业务流量模板下配置相同的链路优先级,配置会话预计使用的带宽和质量策略,并配置CQI算法的时延、时延抖动和丢包率的权重为2、5、7。
[CPE2-rir-sdwan] flow 1
[CPE2-rir-sdwan-flow-1] path sdwan transport-network internet1 preference 10
[CPE2-rir-sdwan-flow-1] path sdwan transport-network internet2 preference 10
[CPE2-rir-sdwan-flow-1] expect-bandwidth 300
[CPE2-rir-sdwan-flow-1] quality-policy sla 1
[CPE2-rir-sdwan-flow-1] cqi-weight delay 2 jitter 5 packet-loss 7
[CPE2-rir-sdwan-flow-1] quit
[CPE2-rir-sdwan] flow 2
[CPE2-rir-sdwan-flow-2] path sdwan transport-network internet1 preference 20
[CPE2-rir-sdwan-flow-2] path sdwan transport-network internet2 preference 20
[CPE2-rir-sdwan-flow-2] expect-bandwidth 300
[CPE2-rir-sdwan-flow-2] quality-policy sla 2
[CPE2-rir-sdwan-flow-2] cqi-weight delay 2 jitter 5 packet-loss 7
[CPE2-rir-sdwan-flow-2] quit
[CPE2-rir-sdwan] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[CPE2] traffic classifier class1
[CPE2-classifier-class1] if-match dscp 1
[CPE2-classifier-class1] quit
[CPE2] traffic classifier class2
[CPE2-classifier-class2] if-match dscp 2
[CPE2-classifier-class2] quit
[CPE2] traffic behavior behav1
[CPE2-behavior-behav1] remark flow-id 1
[CPE2-behavior-behav1] quit
[CPE2] traffic behavior behav2
[CPE2-behavior-behav2] remark flow-id 2
[CPE2-behavior-behav2] quit
[CPE2] qos policy policy1
[CPE2-qospolicy-policy1] classifier class1 behavior behav1
[CPE2-qospolicy-policy1] classifier class2 behavior behav2
[CPE2-qospolicy-policy1] quit
[CPE2] interface gigabitethernet 1/0/3
[CPE2-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[CPE2-GigabitEthernet1/0/3] quit
(3) 配置RR
# 开启iNQA的Analyzer功能,并配置Analyzer标识为130.1.1.1。
[RR] inqa analyzer
[RR-inqa-analyzer] analyzer id 130.1.1.1
[RR-inqa-analyzer] quit
# 开启iNQA的Collector功能,并绑定Analyzer标识130.1.1.1。
[RR] inqa collector
[RR-inqa-collector] analyzer 130.1.1.1
[RR-inqa-collector] quit
# 开启RIR-SDWAN服务。
[RR] rir sdwan
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[RR-rir-sdwan] link-select delay 30
[RR-rir-sdwan] link-select suppress-period 60
# 配置链路质量探测。
[RR-rir-sdwan] link-quality probe interval 30
# 创建SLA 1和SLA 2,分别配置不同的链路质量阈值。
[RR-rir-sdwan] sla 1
[RR-rir-sdwan-sla-1] jitter threshold 20
[RR-rir-sdwan-sla-1] delay threshold 60
[RR-rir-sdwan-sla-1] packet-loss threshold 150
[RR-rir-sdwan-sla-1] quit
[RR-rir-sdwan] sla 2
[RR-rir-sdwan-sla-2] jitter threshold 40
[RR-rir-sdwan-sla-2] delay threshold 120
[RR-rir-sdwan-sla-2] packet-loss threshold 300
[RR-rir-sdwan-sla-2] quit
# 创建业务流量模板1和业务流量模板2,分别在业务流量模板下配置链路优先级、会话预计使用的带宽和质量策略,并配置CQI算法的时延、时延抖动和丢包率的权重为2、5、7。
[RR-rir-sdwan] flow 1
[RR-rir-sdwan-flow-1] path sdwan transport-network internet1 preference 10
[RR-rir-sdwan-flow-1] path sdwan transport-network internet2 preference 20
[RR-rir-sdwan-flow-1] expect-bandwidth 300
[RR-rir-sdwan-flow-1] quality-policy sla 1
[RR-rir-sdwan-flow-1] cqi-weight delay 2 jitter 5 packet-loss 7
[RR-rir-sdwan-flow-1] quit
[RR-rir-sdwan] flow 2
[RR-rir-sdwan-flow-2] path sdwan transport-network internet1 preference 20
[RR-rir-sdwan-flow-2] path sdwan transport-network internet2 preference 10
[RR-rir-sdwan-flow-2] expect-bandwidth 300
[RR-rir-sdwan-flow-2] quality-policy sla 2
[RR-rir-sdwan-flow-2] cqi-weight delay 2 jitter 5 packet-loss 7
[RR-rir-sdwan-flow-2] quit
[RR-rir-sdwan] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[RR] traffic classifier class1
[RR-classifier-class1] if-match dscp 1
[RR-classifier-class1] quit
[RR] traffic classifier class2
[RR-classifier-class2] if-match dscp 2
[RR-classifier-class2] quit
[RR] traffic behavior behav1
[RR-behavior-behav1] remark flow-id 1
[RR-behavior-behav1] quit
[RR] traffic behavior behav2
[RR-behavior-behav2] remark flow-id 2
[RR-behavior-behav2] quit
[RR] qos policy policy1
[RR-qospolicy-policy1] classifier class1 behavior behav1
[RR-qospolicy-policy1] classifier class2 behavior behav2
[RR-qospolicy-policy1] quit
[RR] interface gigabitethernet 1/0/3
[RR-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[RR-GigabitEthernet1/0/3] quit
(1) 配置CPE 1
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[CPE1] tunnel flow-statistics enable
[CPE1] tunnel flow-statistics interval 5
(2) 配置CPE 2
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[CPE2] tunnel flow-statistics enable
[CPE2] tunnel flow-statistics interval 5
(3) 配置RR
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[RR] tunnel flow-statistics enable
[RR] tunnel flow-statistics interval 5
(1) 配置CPE 1
# 开启NTP服务。
<CPE1> system-view
[CPE1] ntp-service enable
# 配置通过NTP协议获取时间。
[CPE1] clock protocol ntp
# 设置RR为CPE 1的NTP服务器。
[CPE1] ntp-service unicast-server 3.3.3.3
(2) 配置CPE 2
# 开启NTP服务。
<CPE2> system-view
[CPE2] ntp-service enable
# 配置通过NTP协议获取时间。
[CPE2] clock protocol ntp
# 设置RR为CPE 2的NTP服务器。
[CPE2] ntp-service unicast-server 3.3.3.3
(3) 配置RR
# 开启NTP服务。
[RR] ntp-service enable
# 设置本地时钟作为参考时钟,层数为2。
[RR] ntp-service refclock-master 2
(1) 查看CPE 1
# 以CPE 1为例。查看设备上TTE连接的信息,可以看到CPE 1与RR、CPE 2分别建立了TTE连接。
[CPE1] display sdwan tte connection
Destination SiteID/DevID/IfID/SysIP: 2/1/30/120.1.1.1
Destination IP/port: 21.1.1.1/3000
Source SiteID/DevID/IfID/SysIP: 1/1/30/110.1.1.1
Source IP/port: 11.1.1.1/3000
Created at: 2023/03/06 14:23:43
Status: Reachable
State changed at: 2023/03/06 14:23:43
Destination SiteID/DevID/IfID/SysIP: 2/1/40/120.1.1.1
Destination IP/port: 22.1.1.1/3000
Source SiteID/DevID/IfID/SysIP: 1/1/40/110.1.1.1
Source IP/port: 12.1.1.1/3000
Created at: 2023/03/06 14:23:43
Status: Reachable
State changed at: 2023/03/06 14:23:43
Destination SiteID/DevID/IfID/SysIP: 3/1/30/130.1.1.1
Destination IP/port: 31.1.1.1/3000
Source SiteID/DevID/IfID/SysIP: 1/1/30/110.1.1.1
Source IP/port: 11.1.1.1/3000
Created at: 2023/03/06 14:23:34
Status: Reachable
State changed at: 2023/03/06 14:23:45
Destination SiteID/DevID/IfID/SysIP: 3/1/40/130.1.1.1
Destination IP/port: 32.1.1.1/3000
Source SiteID/DevID/IfID/SysIP: 1/1/40/110.1.1.1
Source IP/port: 12.1.1.1/3000
Created at: 2023/03/06 14:23:34
Status: Reachable
State changed at: 2023/03/06 14:23:34
Number of connections: 4
# 以CPE 1为例,在设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE 2的路由。
[CPE1] display ip routing-table vpn-instance vpn1
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.4/32 BGP 255 0 10.1.1.2 GE1/0/3
5.5.5.5/32 BGP 255 0 120.1.1.1 Tun2
BGP 255 0 120.1.1.1 Tun1
10.1.1.0/24 Direct 0 0 10.1.1.1 GE1/0/3
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.1 GE1/0/3
20.1.1.0/24 BGP 255 0 120.1.1.1 Tun2
BGP 255 0 120.1.1.1 Tun1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
配置从Branch 1仅发起UDP业务至Data Center,(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为1。查看隧道基于Flow ID的流量速率统计信息,业务流量模板1下Tunnel 1和Tunnel 2都有业务流量。说明设备通过业务流量模板1为DSCP值为1的业务流量,以负载分担的方式选择链路进行传输。
[CPE1] display tunnel flow-statistics
Flow 1:
Interface Out pps Out bps
Tunnel1 30 300000
Tunnel2 30 300000
配置从Branch 1仅发起UDP业务至Data Center,(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为2。查看隧道基于Flow ID的流量速率统计信息,业务流量模板2下Tunnel 1和Tunnel 2都有业务流量。说明设备通过业务流量模板2为DSCP值为2的业务流量,以负载分担的方式选择链路进行传输。
[CPE1] display tunnel flow-statistics
Flow 2:
Interface Out pps Out bps
Tunnel1 30 300000
Tunnel2 30 300000
(2) 查看CPE 2
CPE 2与CPE 1相似,不作介绍。
(3) 查看RR
配置从Data Center仅发起UDP业务至Branch 1(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为1。查看隧道基于Flow ID的流量速率统计信息,仅有业务流量模板1下Tunnel 1有业务流量。说明设备通过业务流量模板1为DSCP值为1的业务流量优先选择Tunnel 1进行传输。
[RR] display tunnel flow-statistics
Flow 1:
Interface Out pps Out bps
Tunnel1 30 300000
配置从Data Center仅发起UDP业务至Branch 1(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为2。查看隧道基于Flow ID的流量速率统计信息,仅有业务流量模板2下的Tunnel 2有业务流量。说明设备通过业务流量模板2为DSCP值为2的业务流量优先选择Tunnel 2进行传输。
[RR] display tunnel flow-statistics
Flow 2:
Interface Out pps Out bps
Tunnel2 30 300000
· CE 1:
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
#
bgp 200
peer 10.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.1 enable
#
· CE 2:
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 20.1.1.2 255.255.255.0
#
bgp 300
peer 20.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.1 enable
#
· CPE 1:
#
ip vpn-instance vpn1
route-distinguisher 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
sdwan vn-id 100
#
address-family ipv4
evpn sdwan routing-enable
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
rir sdwan
link-quality probe interval 30
link-select delay 30
link-select suppress-period 60
sla 1
jitter threshold 20
delay threshold 60
packet-loss threshold 150
sla 2
jitter threshold 40
delay threshold 120
packet-loss threshold 300
flow 1
quality-policy sla 1
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 10
path sdwan transport-network internet2 preference 10
flow 2
quality-policy sla 2
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 20
path sdwan transport-network internet2 preference 20
#
inqa collector
analyzer 130.1.1.1
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
interface LoopBack10
ip address 110.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 11.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
qos apply policy policy1 inbound
#
interface Tunnel1 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/1
source GigabitEthernet1/0/1
tunnel out-interface GigabitEthernet1/0/1
tunnel protection ipsec profile prf1
sdwan interface-id 30
sdwan routing-domain rd1 id 10
sdwan transport-network internet1 id 10
#
interface Tunnel2 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/2
source GigabitEthernet1/0/2
tunnel out-interface GigabitEthernet1/0/2
tunnel protection ipsec profile prf1
sdwan interface-id 40
sdwan routing-domain rd2 id 20
sdwan transport-network internet2 id 20
#
bgp 100
peer 130.1.1.1 as-number 100
peer 130.1.1.1 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 130.1.1.1 enable
#
address-family l2vpn evpn
peer 130.1.1.1 enable
peer 130.1.1.1 advertise encap-type sdwan
#
ip vpn-instance vpn1
peer 10.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
ntp-service enable
ntp-service unicast-server 3.3.3.3
#
ssl client-policy plc1
prefer-cipher rsa_aes_256_cbc_sha
undo server-verify enable
#
ipsec transform-set tran1
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec profile prf1 sdwan
transform-set tran1
#
sdwan site-id 1
sdwan site-name Site1
sdwan device-id 1
sdwan encapsulation global-udp-port 3000
sdwan system-ip LoopBack10
sdwan site-role cpe
sdwan ssl-client-policy plc1
sdwan server system-ip 130.1.1.1 ip 31.1.1.1 port 4000
#
· CPE 2
#
ip vpn-instance vpn1
route-distinguisher 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
sdwan vn-id 100
#
address-family ipv4
evpn sdwan routing-enable
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 21.1.1.0 0.0.0.255
network 22.1.1.0 0.0.0.255
#
rir sdwan
link-quality probe interval 30
link-select delay 30
link-select suppress-period 60
sla 1
jitter threshold 20
delay threshold 60
packet-loss threshold 150
sla 2
jitter threshold 40
delay threshold 120
packet-loss threshold 300
flow 1
quality-policy sla 1
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 10
path sdwan transport-network internet2 preference 10
flow 2
quality-policy sla 2
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 20
path sdwan transport-network internet2 preference 20
#
inqa collector
analyzer 130.1.1.1
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
interface LoopBack10
ip address 120.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 21.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 22.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 20.1.1.1 255.255.255.0
qos apply policy policy1 inbound
#
interface Tunnel1 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/1
source GigabitEthernet1/0/1
tunnel out-interface GigabitEthernet1/0/1
tunnel protection ipsec profile prf1
sdwan interface-id 30
sdwan routing-domain rd1 id 10
sdwan transport-network internet1 id 10
#
interface Tunnel2 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/2
source GigabitEthernet1/0/2
tunnel out-interface GigabitEthernet1/0/2
tunnel protection ipsec profile prf1
sdwan interface-id 40
sdwan routing-domain rd2 id 20
sdwan transport-network internet2 id 20
#
bgp 100
peer 130.1.1.1 as-number 100
peer 130.1.1.1 connect-interface LoopBack10
#
address-family ipv4 unicast
#
address-family ipv4 tnl-encap-ext
peer 130.1.1.1 enable
#
address-family l2vpn evpn
peer 130.1.1.1 enable
peer 130.1.1.1 advertise encap-type sdwan
#
ip vpn-instance vpn1
peer 20.1.1.2 as-number 300
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
ntp-service enable
ntp-service unicast-server 3.3.3.3
#
ssl client-policy plc1
prefer-cipher rsa_aes_256_cbc_sha
undo server-verify enable
#
ipsec transform-set tran1
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec profile prf1 sdwan
transform-set tran1
#
sdwan site-id 2
sdwan site-name Site2
sdwan device-id 1
sdwan encapsulation global-udp-port 3000
sdwan system-ip LoopBack10
sdwan site-role cpe
sdwan ssl-client-policy plc1
sdwan server system-ip 130.1.1.1 ip 31.1.1.1 port 4000
#
· RR
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 31.1.1.0 0.0.0.255
network 32.1.1.0 0.0.0.255
#
rir sdwan
link-quality probe interval 30
link-select delay 30
link-select suppress-period 60
sla 1
jitter threshold 20
delay threshold 60
packet-loss threshold 150
sla 2
jitter threshold 40
delay threshold 120
packet-loss threshold 300
flow 1
quality-policy sla 1
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 10
path sdwan transport-network internet2 preference 20
flow 2
quality-policy sla 2
expect-bandwidth 300
cqi-weight delay 2 jitter 5 packet-loss 7
path sdwan transport-network internet1 preference 20
path sdwan transport-network internet2 preference 10
#
inqa analyzer
analyzer id 130.1.1.1
#
inqa collector
analyzer 130.1.1.1
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
interface LoopBack10
ip address 130.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 31.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 32.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
qos apply policy policy1 inbound
#
interface Tunnel1 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/1
source GigabitEthernet1/0/1
tunnel out-interface GigabitEthernet1/0/1
tunnel protection ipsec profile prf1
sdwan interface-id 30
sdwan routing-domain rd1 id 10
sdwan transport-network internet1 id 10
#
interface Tunnel2 mode sdwan udp
ip address unnumbered interface GigabitEthernet1/0/2
source GigabitEthernet1/0/2
tunnel out-interface GigabitEthernet1/0/2
tunnel protection ipsec profile prf1
sdwan interface-id 40
sdwan routing-domain rd2 id 20
sdwan transport-network internet2 id 20
#
bgp 100
peer 110.1.1.1 as-number 100
peer 110.1.1.1 connect-interface LoopBack10
peer 120.1.1.1 as-number 100
peer 120.1.1.1 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 110.1.1.1 enable
peer 110.1.1.1 reflect-client
peer 120.1.1.1 enable
peer 120.1.1.1 reflect-client
#
address-family l2vpn evpn
undo policy vpn-target
peer 110.1.1.1 enable
peer 110.1.1.1 reflect-client
peer 110.1.1.1 advertise encap-type sdwan
peer 120.1.1.1 enable
peer 120.1.1.1 reflect-client
peer 120.1.1.1 advertise encap-type sdwan
#
ntp-service enable
ntp-service refclock-master 2
#
pki domain dm1
public-key rsa general name dm1 length 2048
undo crl check enable
#
ssl server-policy plc1
pki-domain dm1
#
ipsec transform-set tran1
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec profile prf1 sdwan
transform-set tran1
#
sdwan site-id 3
sdwan site-name Site3
sdwan device-id 1
sdwan encapsulation global-udp-port 3000
sdwan system-ip LoopBack10
sdwan site-role rr
sdwan server port 4000
sdwan server enable
#
在图2所示的Hub-Spoke组网中,CPE 1和CPE 2作为Spoke部署在分支网络中,Hub部署在数据中心网络中。现需要实现企业分支与数据中心网络互访,通过智能选路,设备可以按照定义的选路策略为企业分支与数据中心之间的业务流量选择合适的路径。具体组网需求如下:
· CPE 1、CPE 2和Hub设备分别通过GigabitEthernet1/0/3连接到分支网络或数据中心网络的本地设备,在Hub-Spoke之间配置VXLAN隧道,分支网络和数据中心网络通过VXLAN隧道实现互联。
· CPE 1、CPE 2分别为业务流量配置两条优先级相同的链路,当两条链路都符合业务要求时会实现负载分担;Hub分别为业务流量配置两条优先级不同的链路,优先为业务流量选择优先级较高的链路。
图2 基于VXLAN组网的智能选路组网图
按照5.1 图2配置各接口的IP地址和掩码,具体配置过程略。
在VXLAN网络中,CPE 1、CPE 2、Hub为VTEP设备,CPE 1和Hub之间、CPE 2和Hub之间分别配置两条VXLAN隧道。其中:
· 在CPE 1上创建VXLAN隧道Tunnel 1和Tunnel 2,Tunnel 1的源接口和发送隧道报文的出接口为GigabitEthernet1/0/1,Tunnel 2的源接口和发送隧道报文的出接口为GigabitEthernet1/0/2。
· 在CPE 2上创建VXLAN隧道Tunnel 3和Tunnel 4,Tunnel 3的源接口和发送隧道报文的出接口为GigabitEthernet1/0/1,Tunnel 4的源接口和发送隧道报文的出接口为GigabitEthernet1/0/2。
· 在Hub上创建VXLAN隧道Tunnel 1、Tunnel 2、Tunnel 3、Tunnel 4,Tunnel 1和Tunnel 3的源接口和发送隧道报文的出接口均为GigabitEthernet1/0/1,Tunnel 2和Tunnel 4的源接口和发送隧道报文的出接口均为GigabitEthernet1/0/2。
· CPE 1、CPE 2和Hub分别创建VSI虚接口VSI-interface 1、VSI-interface 2。通过配置VSI实例与VSI虚接口关联,实现在独立的Hub-Spoke组网中,VSI虚接口与VXLAN隧道一一对应。
· CPE 1、CPE 2和Hub为分布式VXLAN IP网关,并在CPE 1、CPE 2和Hub上配置BGP协议,使CPE 1、CPE 2和Hub上分别存在两条及以上到对应Hub侧或Spoke侧的、以VSI虚接口为出接口的等价路由。
· CPE 1、CPE 2和Hub的GigabitEthernet1/0/1接口连接到Internet1,GigabitEthernet1/0/2接口连接到Internet2。
配置智能选路策略,使CPE 1、CPE 2和Hub可以分别为不同业务报文(通过DSCP区分)选择最高优先级的一条或者两条链路(负载分担)进行转发。
· 配置业务流量模板1和业务流量模板2,指导DSCP为1和DSCP为2的报文选择最优的VXLAN隧道进行传输。
· Hub设备为业务流量选路时不进行质量检测,CPE 1、CPE 2设备为业务流量选路时进行质量检测。
· 在CPE 1、CPE 2和Hub分别配置业务流量模板1的质量策略关联SLA 1、业务流量模板2的质量策略关联SLA 2,按照质量策略为业务流量进行链路质量探测和评估。
· CPE 1、CPE 2和Hub的链路负载分担模式均为逐流加权选路模式(缺省模式,无需配置)。
· 发送VXLAN隧道报文的物理接口带宽均符合业务流量带宽要求。
(1) 配置CPE 1
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段11.1.1.0/24,接口GE1/0/2的主IP地址位于网段12.1.1.0/24,所在的OSPF区域ID为0。
<CPE1> system-view
[CPE1] ospf 1
[CPE1-ospf-1] area 0
[CPE1-ospf-1-area-0.0.0.0]] network 11.1.1.0 0.0.0.255
[CPE1-ospf-1-area-0.0.0.0]] network 12.1.1.0 0.0.0.255
[CPE1-ospf-1-area-0.0.0.0]] quit
[CPE1-ospf-1]] quit
(2) 配置CPE 2
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段21.1.1.0/24,接口GE1/0/2的主IP地址位于网段22.1.1.0/24,所在的OSPF区域ID为0。
<CPE2> system-view
[CPE2] ospf 1
[CPE2-ospf-1] area 0
[CPE2-ospf-1-area-0.0.0.0]] network 21.1.1.0 0.0.0.255
[CPE2-ospf-1-area-0.0.0.0]] network 22.1.1.0 0.0.0.255
[CPE2-ospf-1-area-0.0.0.0]] quit
[CPE2-ospf-1]] quit
(3) 配置Hub
# 指定运行OSPF协议的接口GE1/0/1的IP地址位于网段31.1.1.0/24,接口GE1/0/2的主IP地址位于网段32.1.1.0/24,所在的OSPF区域ID为0。
<Hub> system-view
[Hub] ospf 1
[Hub-ospf-1] area 0
[Hub-ospf-1-area-0.0.0.0]] network 31.1.1.0 0.0.0.255
[Hub-ospf-1-area-0.0.0.0]] network 32.1.1.0 0.0.0.255
[Hub-ospf-1-area-0.0.0.0]] quit
[Hub-ospf-1]] quit
(1) 配置CPE 1
# 开启L2VPN能力。
[CPE1] l2vpn enable
# 创建VSI实例vpna和VXLAN 100。
[CPE1] vsi vpna
[CPE1-vsi-vpna] vxlan 100
[CPE1-vsi-vpna-vxlan-100] quit
[CPE1-vsi-vpna] quit
# 创建VSI实例vpnb和VXLAN 200。
[CPE1] vsi vpnb
[CPE1-vsi-vpnb] vxlan 200
[CPE1-vsi-vpnb-vxlan-200] quit
[CPE1-vsi-vpnb] quit
# 在CPE 1和Hub之间建立VXLAN隧道Tunnel 1,指定隧道的源端地址为接口GigabitEthernet1/0/1的地址11.1.1.1,目的端地址为Hub上接口GigabitEthernet1/0/1的地址31.1.1.1。
[CPE1] interface tunnel 1 mode vxlan
[CPE1-Tunnel1] source 11.1.1.1
[CPE1-Tunnel1] destination 31.1.1.1
[CPE1-Tunnel1] quit
# 在CPE 1和Hub之间建立VXLAN隧道Tunnel 2,指定隧道的源端地址为接口GigabitEthernet1/0/2的地址12.1.1.1,目的端地址为Hub上接口GigabitEthernet1/0/2的地址32.1.1.1。
[CPE1] interface tunnel 2 mode vxlan
[CPE1-Tunnel2] source 12.1.1.1
[CPE1-Tunnel2] destination 32.1.1.1
[CPE1-Tunnel2] quit
# 配置Tunnel 1与VXLAN 100关联。
[CPE1] vsi vpna
[CPE1-vsi-vpna] vxlan 100
[CPE1-vsi-vpna-vxlan-100] tunnel 1
[CPE1-vsi-vpna-vxlan-100] quit
[CPE1-vsi-vpna] quit
# 配置Tunnel 2与VXLAN 200关联。
[CPE1] vsi vpnb
[CPE1-vsi-vpnb] vxlan 200
[CPE1-vsi-vpnb-vxlan-200] tunnel 2
[CPE1-vsi-vpnb-vxlan-200] quit
[CPE1-vsi-vpnb] quit
# 创建VSI虚接口VSI-interface 1,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[CPE1] interface vsi-interface 1
[CPE1-Vsi-interface1] ip address 192.168.1.1 255.255.255.0
[CPE1-Vsi-interface1] distributed-gateway local
[CPE1-Vsi-interface1] local-proxy-arp enable
[CPE1-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface 2,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[CPE1] interface vsi-interface 2
[CPE1-Vsi-interface2] ip address 192.168.2.1 255.255.255.0
[CPE1-Vsi-interface2] distributed-gateway local
[CPE1-Vsi-interface2] local-proxy-arp enable
[CPE1-Vsi-interface2] quit
# 配置VXLAN 100所在的VSI实例和接口VSI-interface 1关联,并配置该VSI实例的子网网段为192.168.1.0/24。
[CPE1] vsi vpna
[CPE1-vsi-vpna] gateway vsi-interface 1
[CPE1-vsi-vpna] gateway subnet 192.168.1.0 0.0.0.255
[CPE1-vsi-vpna] quit
# 配置VXLAN 200所在的VSI实例和接口VSI-interface 2关联,并配置该VSI实例的子网网段为192.168.2.0/24。
[CPE1] vsi vpnb
[CPE1-vsi-vpnb] gateway vsi-interface 2
[CPE1-vsi-vpnb] gateway subnet 192.168.2.0 0.0.0.255
[CPE1-vsi-vpnb] quit
(2) 配置CPE 2
# 开启L2VPN能力。
[CPE2] l2vpn enable
# 创建VSI实例vpna和VXLAN 100。
[CPE2] vsi vpna
[CPE2-vsi-vpna] vxlan 100
[CPE2-vsi-vpna-vxlan-100] quit
[CPE2-vsi-vpna] quit
# 创建VSI实例vpnb和VXLAN 200。
[CPE2] vsi vpnb
[CPE2-vsi-vpnb] vxlan 200
[CPE2-vsi-vpnb-vxlan-200] quit
[CPE2-vsi-vpnb] quit
# 在CPE 2和Hub之间建立VXLAN隧道Tunnel 3,指定隧道的源端地址为接口GigabitEthernet1/0/1的地址21.1.1.1,目的端地址为Hub上接口GigabitEthernet1/0/1的地址31.1.1.1。
[CPE2] interface tunnel 3 mode vxlan
[CPE2-Tunnel3] source 21.1.1.1
[CPE2-Tunnel3] destination 31.1.1.1
[CPE2-Tunnel3] quit
# 在CPE 2和Hub之间建立VXLAN隧道Tunnel 4,指定隧道的源端地址为接口GigabitEthernet1/0/2的地址22.1.1.1,目的端地址为Hub上接口GigabitEthernet1/0/2的地址32.1.1.1。
[CPE2] interface tunnel 4 mode vxlan
[CPE2-Tunnel4] source 22.1.1.1
[CPE2-Tunnel4] destination 32.1.1.1
[CPE2-Tunnel4] quit
# 配置Tunnel 3与VXLAN 100关联。
[CPE2] vsi vpna
[CPE2-vsi-vpna] vxlan 100
[CPE2-vsi-vpna-vxlan-100] tunnel 3
[CPE2-vsi-vpna-vxlan-100] quit
[CPE2-vsi-vpna] quit
# 配置Tunnel 4与VXLAN 200关联。
[CPE2] vsi vpnb
[CPE2-vsi-vpnb] vxlan 200
[CPE2-vsi-vpnb-vxlan-200] tunnel 4
[CPE2-vsi-vpnb-vxlan-200] quit
[CPE2-vsi-vpnb] quit
# 创建VSI虚接口VSI-interface 1,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[CPE2] interface vsi-interface 1
[CPE2-Vsi-interface1] ip address 192.168.1.2 255.255.255.0
[CPE2-Vsi-interface1] distributed-gateway local
[CPE2-Vsi-interface1] local-proxy-arp enable
[CPE2-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface 2,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[CPE2] interface vsi-interface 2
[CPE2-Vsi-interface2] ip address 192.168.2.2 255.255.255.0
[CPE2-Vsi-interface2] distributed-gateway local
[CPE2-Vsi-interface2] local-proxy-arp enable
[CPE2-Vsi-interface2] quit
# 配置VXLAN 100所在的VSI实例和接口VSI-interface 1关联,并配置该VSI实例的子网网段为192.168.1.0/24。
[CPE2] vsi vpna
[CPE2-vsi-vpna] gateway vsi-interface 1
[CPE2-vsi-vpna] gateway subnet 192.168.1.0 0.0.0.255
[CPE2-vsi-vpna] quit
# 配置VXLAN 200所在的VSI实例和接口VSI-interface 2关联,并配置该VSI实例的子网网段为192.168.2.0/24。
[CPE2] vsi vpnb
[CPE2-vsi-vpnb] gateway vsi-interface 2
[CPE2-vsi-vpnb] gateway subnet 192.168.2.0 0.0.0.255
[CPE2-vsi-vpnb] quit
(3) 配置Hub
# 开启L2VPN能力。
[Hub] l2vpn enable
# 创建VSI实例vpna和VXLAN 100。
[Hub] vsi vpna
[Hub-vsi-vpna] vxlan 100
[Hub-vsi-vpna-vxlan-100] quit
[Hub-vsi-vpna] quit
# 创建VSI实例vpnb和VXLAN 200。
[Hub] vsi vpnb
[Hub-vsi-vpnb] vxlan 200
[Hub-vsi-vpnb-vxlan-200] quit
[Hub-vsi-vpnb] quit
# 在Hub和CPE 1之间建立VXLAN隧道Tunnel 1,指定隧道的源端地址为接口GigabitEthernet1/0/1的地址31.1.1.1,目的端地址为CPE 1上接口GigabitEthernet1/0/1的地址11.1.1.1。
[Hub] interface tunnel 1 mode vxlan
[Hub-Tunnel1] source 31.1.1.1
[Hub-Tunnel1] destination 11.1.1.1
[Hub-Tunnel1] quit
# 在Hub和CPE 1之间建立VXLAN隧道Tunnel 2,指定隧道的源端地址为接口GigabitEthernet1/0/2的地址32.1.1.1,目的端地址为CPE 1上接口GigabitEthernet1/0/2的地址12.1.1.1。
[Hub] interface tunnel 2 mode vxlan
[Hub-Tunnel2] source 32.1.1.1
[Hub-Tunnel2] destination 12.1.1.1
[Hub-Tunnel2] quit
# 在Hub和CPE 2之间建立VXLAN隧道Tunnel 3,指定隧道的源端地址为接口GigabitEthernet1/0/1的地址31.1.1.1,目的端地址为CPE 2上接口GigabitEthernet1/0/1的地址21.1.1.1。
[Hub] interface tunnel 3 mode vxlan
[Hub-Tunnel3] source 31.1.1.1
[Hub-Tunnel3] destination 21.1.1.1
[Hub-Tunnel3] quit
# 在Hub和CPE 2之间建立VXLAN隧道Tunnel 4,指定隧道的源端地址为接口GigabitEthernet1/0/2的地址32.1.1.1,目的端地址为CPE 2上接口GigabitEthernet1/0/2的地址31.1.1.1。
[Hub] interface tunnel 4 mode vxlan
[Hub-Tunnel4] source 32.1.1.1
[Hub-Tunnel4] destination 22.1.1.1
[Hub-Tunnel4] quit
# 配置Tunnel 1、Tunnel 3与VXLAN 100关联。
[Hub] vsi vpna
[Hub-vsi-vpna] vxlan 100
[Hub-vsi-vpna-vxlan-100] tunnel 1
[Hub-vsi-vpna-vxlan-100] tunnel 3
[Hub-vsi-vpna-vxlan-100] quit
[Hub-vsi-vpna] quit
# 配置Tunnel 2、Tunnel 4与VXLAN 200关联。
[Hub] vsi vpnb
[Hub-vsi-vpnb] vxlan 200
[Hub-vsi-vpnb-vxlan-200] tunnel 2
[Hub-vsi-vpnb-vxlan-200] tunnel 4
[Hub-vsi-vpnb-vxlan-200] quit
[Hub-vsi-vpnb] quit
# 创建VSI虚接口VSI-interface 1,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[Hub] interface vsi-interface 1
[Hub-Vsi-interface1] ip address 192.168.1.3 255.255.255.0
[Hub-Vsi-interface1] distributed-gateway local
[Hub-Vsi-interface1] local-proxy-arp enable
[Hub-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface 2,并为其配置IP地址;指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[Hub] interface vsi-interface 2
[Hub-Vsi-interface2] ip address 192.168.2.3 255.255.255.0
[Hub-Vsi-interface2] distributed-gateway local
[Hub-Vsi-interface2] local-proxy-arp enable
[Hub-Vsi-interface2] quit
# 配置VXLAN 100所在的VSI实例和接口VSI-interface 1关联,并配置该VSI实例的子网网段为192.168.1.0/24。
[Hub] vsi vpna
[Hub-vsi-vpna] gateway vsi-interface 1
[Hub-vsi-vpna] gateway subnet 192.168.1.0 0.0.0.255
[Hub-vsi-vpna] quit
# 配置VXLAN 200所在的VSI实例和接口VSI-interface 2关联,并配置该VSI实例的子网网段为192.168.2.0/24。
[Hub] vsi vpnb
[Hub-vsi-vpnb] gateway vsi-interface 2
[Hub-vsi-vpnb] gateway subnet 192.168.2.0 0.0.0.255
[Hub-vsi-vpnb] quit
(1) 配置CPE 1
[CPE1] bgp 200
[CPE1-bgp-default] peer 192.168.1.3 as-number 100
[CPE1-bgp-default] peer 192.168.2.3 as-number 100
[CPE1-bgp-default] address-family ipv4 unicast
[CPE1-bgp-default-ipv4] balance 4
[CPE1-bgp-default-ipv4] peer 192.168.1.3 enable
[CPE1-bgp-default-ipv4] peer 192.168.2.3 enable
[CPE1-bgp-default-ipv4] quit
[CPE1-bgp-default] quit
(2) 配置CPE 2
[CPE2] bgp 300
[CPE2-bgp-default] peer 192.168.1.3 as-number 100
[CPE2-bgp-default] peer 192.168.2.3 as-number 100
[CPE2-bgp-default] address-family ipv4 unicast
[CPE2-bgp-default-ipv4] balance 4
[CPE2-bgp-default-ipv4] peer 192.168.1.3 enable
[CPE2-bgp-default-ipv4] peer 192.168.2.3 enable
[CPE2-bgp-default-ipv4] quit
[CPE2-bgp-default] quit
(3) 配置Hub
[Hub] bgp 100
[Hub-bgp-default] peer 192.168.1.1 as-number 200
[Hub-bgp-default] peer 192.168.2.1 as-number 200
[Hub-bgp-default] peer 192.168.1.2 as-number 300
[Hub-bgp-default] peer 192.168.2.2 as-number 300
[Hub-bgp-default] address-family ipv4 unicast
[Hub-bgp-default-ipv4] balance 4
[Hub-bgp-default-ipv4] peer 192.168.1.1 enable
[Hub-bgp-default-ipv4] peer 192.168.2.1 enable
[Hub-bgp-default-ipv4] peer 192.168.1.2 enable
[Hub-bgp-default-ipv4] peer 192.168.2.2 enable
[Hub-bgp-default-ipv4] quit
[Hub-bgp-default] quit
(1) 配置CE 1与CPE 1之间建立iBGP对等体
a. 配置CE 1
<CE1> system-view
[CE1] bgp 200
[CE1-bgp-default] peer 10.1.1.1 as-number 200
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
b. 配置CPE 1
[CPE1] bgp 200
[CPE1-bgp-default] peer 10.1.1.2 as-number 200
[CPE1-bgp-default] address-family ipv4 unicast
[CPE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CPE1-bgp-default-ipv4] import-route direct
[CPE1-bgp-default-ipv4] quit
[CPE1-bgp-default] quit
[CPE1-bgp-default] quit
(2) 配置CE 2与CPE 2之间建立iBGP对等体
a. 配置CE 2
<CE2> system-view
[CE2] bgp 300
[CE2-bgp-default] peer 20.1.1.1 as-number 300
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
b. 配置CPE 2
[CPE2] bgp 300
[CPE2-bgp-default] peer 20.1.1.2 as-number 300
[CPE2-bgp-default] address-family ipv4 unicast
[CPE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CPE2-bgp-default-ipv4] import-route direct
[CPE2-bgp-default-ipv4] quit
[CPE2-bgp-default] quit
[CPE2-bgp-default] quit
# 开启RIR客户端功能,配置探测信息同步端口号。
[CPE1] rir
[CPE1-rir] client enable
[CPE1-rir] probe sync-port 65535
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[CPE1-rir] link-select delay 30
[CPE1-rir] link-select suppress-period 60
[CPE1-rir] quit
# 开启NQA客户端功能。
[CPE1] nqa agent enable
# 配置NQA链路通断探测。
[CPE1] rir
[CPE1-rir] probe connect interval 300 timeout 65535
# 创建NQA链路质量探测1和NQA链路质量探测2,分别配置不同的链路质量探测参数。
[CPE1-rir] nqa 1
[CPE1-rir-nqa-1] probe packet-dscp 10
[CPE1-rir-nqa-1] probe interval 60
[CPE1-rir-nqa-1] probe packet-interval 15
[CPE1-rir-nqa-1] probe packet-number 60
[CPE1-rir-nqa-1] probe packet-timeout 500
[CPE1-rir-nqa-1] probe port 65501
[CPE1-rir-nqa-1] quit
[CPE1-rir] nqa 2
[CPE1-rir-nqa-2] probe packet-dscp 20
[CPE1-rir-nqa-2] probe interval 120
[CPE1-rir-nqa-2] probe packet-interval 30
[CPE1-rir-nqa-2] probe packet-number 120
[CPE1-rir-nqa-2] probe packet-timeout 1000
[CPE1-rir-nqa-2] probe port 65502
[CPE1-rir-nqa-2] quit
# 创建SLA 1和SLA 2,分别配置不同的链路质量阈值。
[CPE1-rir] sla 1
[CPE1-rir-sla-1] jitter threshold 20
[CPE1-rir-sla-1] delay threshold 60
[CPE1-rir-sla-1] packet-loss threshold 150
[CPE1-rir-sla-1] quit
[CPE1-rir] sla 2
[CPE1-rir-sla-2] jitter threshold 40
[CPE1-rir-sla-2] delay threshold 120
[CPE1-rir-sla-2] packet-loss threshold 300
[CPE1-rir-sla-2] quit
[CPE1-rir] quit
# 配置VSI虚接口,在接口VSI-interface 1下配置链路类型为MPLS,在接口VSI-interface 2下配置链路类型为Internet。
[CPE1] interface vsi-interface 1
[CPE1-Vsi-interface1] rir link-type internet index 1
[CPE1-Vsi-interface1] quit
[CPE1] interface vsi-interface 2
[CPE1-Vsi-interface2] rir link-type internet index 2
[CPE1-Vsi-interface2] quit
# 配置VXLAN隧道Tunnel 1和Tunnel 2的带宽为30000kbps,并指定发送VXLAN隧道Tunnel 1报文的物理出接口为GigabitEthernet1/0/1,发送VXLAN隧道Tunnel 2报文的物理出接口为GigabitEthernet1/0/2。
[CPE1] interface tunnel 1 mode vxlan
[CPE1-Tunnel1] bandwidth 30000
[CPE1-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[CPE1-Tunnel1] quit
[CPE1] interface tunnel 2 mode vxlan
[CPE1-Tunnel2] bandwidth 30000
[CPE1-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[CPE1-Tunnel2] quit
# 创建业务流量模板1和业务流量模板2,分别业务流量模板下的链路配置相同的链路优先级,并为不同的业务流量模板配置不同的质量策略,并在业务流量模板下分别配置会话预计使用的带宽。
[CPE1] rir
[CPE1-rir] flow 1
[CPE1-rir-flow-1] path link-type internet index 1 preference 10
[CPE1-rir-flow-1] path link-type internet index 2 preference 10
[CPE1-rir-flow-1] expect-bandwidth 300
[CPE1-rir-flow-1] quality-policy sla 1 nqa 1
[CPE1-rir-flow-1] quit
[CPE1-rir] flow 2
[CPE1-rir-flow-2] path link-type internet index 1 preference 20
[CPE1-rir-flow-2] path link-type internet index 2 preference 20
[CPE1-rir-flow-1] expect-bandwidth 300
[CPE1-rir-flow-2] quality-policy sla 2 nqa 2
[CPE1-rir-flow-2] quit
[CPE1-rir] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[CPE1] traffic classifier class1
[CPE1-classifier-class1] if-match dscp 1
[CPE1-classifier-class1] quit
[CPE1] traffic classifier class2
[CPE1-classifier-class2] if-match dscp 2
[CPE1-classifier-class2] quit
[CPE1] traffic behavior behav1
[CPE1-behavior-behav1] remark flow-id 1
[CPE1-behavior-behav1] quit
[CPE1] traffic behavior behav2
[CPE1-behavior-behav2] remark flow-id 2
[CPE1-behavior-behav2] quit
[CPE1] qos policy policy1
[CPE1-qospolicy-policy1] classifier class1 behavior behav1
[CPE1-qospolicy-policy1] classifier class2 behavior behav2
[CPE1-qospolicy-policy1] quit
[CPE1] interface gigabitethernet 1/0/3
[CPE1-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[CPE1-GigabitEthernet1/0/3] quit
# 开启RIR客户端功能,配置探测信息同步端口号。
[CPE2] rir
[CPE2-rir] client enable
[CPE2-rir] probe sync-port 65535
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[CPE2-rir] link-select delay 30
[CPE2-rir] link-select suppress-period 60
[CPE2-rir] quit
# 开启NQA客户端功能。
[CPE2] nqa agent enable
# 配置NQA链路通断探测。
[CPE2] rir
[CPE2-rir] probe connect interval 300 timeout 65535
# 创建NQA链路质量探测1和NQA链路质量探测2,分别配置不同的链路质量探测参数。
[CPE2-rir] nqa 1
[CPE2-rir-nqa-1] probe packet-dscp 10
[CPE2-rir-nqa-1] probe interval 60
[CPE2-rir-nqa-1] probe packet-interval 15
[CPE2-rir-nqa-1] probe packet-number 60
[CPE2-rir-nqa-1] probe packet-timeout 500
[CPE2-rir-nqa-1] probe port 65501
[CPE2-rir-nqa-1] quit
[CPE2-rir] nqa 2
[CPE2-rir-nqa-2] probe packet-dscp 20
[CPE2-rir-nqa-2] probe interval 120
[CPE2-rir-nqa-2] probe packet-interval 30
[CPE2-rir-nqa-2] probe packet-number 120
[CPE2-rir-nqa-2] probe packet-timeout 1000
[CPE2-rir-nqa-2] probe port 65502
[CPE2-rir-nqa-2] quit
# 创建SLA 1和SLA 2,分别配置不同的链路质量阈值。
[CPE2-rir] sla 1
[CPE2-rir-sla-1] jitter threshold 20
[CPE2-rir-sla-1] delay threshold 60
[CPE2-rir-sla-1] packet-loss threshold 150
[CPE2-rir-sla-1] quit
[CPE2-rir] sla 2
[CPE2-rir-sla-2] jitter threshold 40
[CPE2-rir-sla-2] delay threshold 120
[CPE2-rir-sla-2] packet-loss threshold 300
[CPE2-rir-sla-2] quit
[CPE2-rir] quit
# 配置VSI虚接口,在接口VSI-interface 1下配置链路类型为MPLS,在接口VSI-interface 2下配置链路类型为Internet。
[CPE2] interface vsi-interface 1
[CPE2-Vsi-interface1] rir link-type internet index 1
[CPE2-Vsi-interface1] quit
[CPE2] interface vsi-interface 2
[CPE2-Vsi-interface2] rir link-type internet index 2
[CPE2-Vsi-interface2] quit
# 配置VXLAN隧道Tunnel 1和Tunnel 2的带宽为30000kbps,并指定发送VXLAN隧道Tunnel 1报文的物理出接口为GigabitEthernet1/0/1,发送VXLAN隧道Tunnel 2报文的物理出接口为GigabitEthernet1/0/2。
[Hub] interface tunnel 1 mode vxlan
[Hub-Tunnel1] bandwidth 30000
[Hub-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[Hub-Tunnel1] quit
[Hub] interface tunnel 2 mode vxlan
[Hub-Tunnel2] bandwidth 30000
[Hub-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[Hub-Tunnel2] quit
# 创建业务流量模板1和业务流量模板2,分别业务流量模板下的链路配置相同的链路优先级,并为不同的业务流量模板配置不同的质量策略,并在业务流量模板下分别配置会话预计使用的带宽。
[CPE2] rir
[CPE2-rir] flow 1
[CPE2-rir-flow-1] path link-type internet index 1 preference 10
[CPE2-rir-flow-1] path link-type internet index 2 preference 10
[CPE2-rir-flow-1] expect-bandwidth 300
[CPE2-rir-flow-1] quality-policy sla 1 nqa 1
[CPE2-rir-flow-1] quit
[CPE2-rir] flow 2
[CPE2-rir-flow-2] path link-type internet index 1 preference 20
[CPE2-rir-flow-2] path link-type internet index 2 preference 20
[CPE2-rir-flow-1] expect-bandwidth 300
[CPE2-rir-flow-2] quality-policy sla 2 nqa 2
[CPE2-rir-flow-2] quit
[CPE2-rir] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[CPE2] traffic classifier class1
[CPE2-classifier-class1] if-match dscp 1
[CPE2-classifier-class1] quit
[CPE2] traffic classifier class2
[CPE2-classifier-class2] if-match dscp 2
[CPE2-classifier-class2] quit
[CPE2] traffic behavior behav1
[CPE2-behavior-behav1] remark flow-id 1
[CPE2-behavior-behav1] quit
[CPE2] traffic behavior behav2
[CPE2-behavior-behav2] remark flow-id 2
[CPE2-behavior-behav2] quit
[CPE2] qos policy policy1
[CPE2-qospolicy-policy1] classifier class1 behavior behav1
[CPE2-qospolicy-policy1] classifier class2 behavior behav2
[CPE2-qospolicy-policy1] quit
[CPE2] interface gigabitethernet 1/0/3
[CPE2-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[CPE2-GigabitEthernet1/0/3] quit
# 开启RIR服务器功能,配置探测信息同步端口号。
[Hub] rir
[Hub-rir] server enable
[Hub-rir] probe sync-port 65535
# 配置选路延迟时间为30秒,选路调整周期为60秒。
[Hub-rir] link-select delay 30
[Hub-rir] link-select suppress-period 60
[Hub-rir] quit
# 开启NQA服务器功能,并在NQA服务器上配置UDP监听服务。
[Hub] nqa server enable
[Hub] nqa server udp-echo 31.1.1.1 65501 high-performance-mode
[Hub] nqa server udp-echo 31.1.1.1 65502 high-performance-mode
[Hub] nqa server udp-echo 32.1.1.1 65501 high-performance-mode
[Hub] nqa server udp-echo 32.1.1.1 65502 high-performance-mode
# 配置VSI-interface 1的链路类型为Internet,编号为1;配置VSI-interface 2的链路类型为Internet,编号为2。
[Hub] interface vsi-interface 1
[Hub-Vsi-interface1] rir link-type internet index 1
[Hub-Vsi-interface1] quit
[Hub] interface vsi-interface 2
[Hub-Vsi-interface2] rir link-type internet index 2
[Hub-Vsi-interface2] quit
# 配置VXLAN隧道Tunnel 1、Tunnel 2、Tunnel 3和Tunnel 4的带宽为30000kbps,并指定发送VXLAN隧道Tunnel 1和Tunnel 3报文的物理出接口为GigabitEthernet1/0/1,发送VXLAN隧道Tunnel 2和Tunnel 4报文的物理出接口为GigabitEthernet1/0/2。
[Hub] interface tunnel 1 mode vxlan
[Hub-Tunnel1] bandwidth 30000
[Hub-Tunnel1] tunnel out-interface gigabitethernet 1/0/1
[Hub-Tunnel1] quit
[Hub] interface tunnel 2 mode vxlan
[Hub-Tunnel2] bandwidth 30000
[Hub-Tunnel2] tunnel out-interface gigabitethernet 1/0/2
[Hub-Tunnel2] quit
[Hub] interface tunnel 3 mode vxlan
[Hub-Tunnel3] bandwidth 30000
[Hub-Tunnel3] tunnel out-interface gigabitethernet 1/0/1
[Hub-Tunnel3] quit
[Hub] interface tunnel 4 mode vxlan
[Hub-Tunnel4] bandwidth 30000
[Hub-Tunnel4] tunnel out-interface gigabitethernet 1/0/2
[Hub-Tunnel4] quit
# 创建业务流量模板1和业务流量模板2,分别为业务流量模板下的链路配置不同的链路优先级,并在业务流量模板下分别配置会话预计使用的带宽。两个业务流量模板都不配置质量策略。
[Hub] rir
[Hub-rir] flow 1
[Hub-rir-flow-1] path link-type internet index 1 preference 10
[Hub-rir-flow-1] path link-type internet index 2 preference 20
[Hub-rir-flow-1] expect-bandwidth 300
[Hub-rir-flow-1] quit
[Hub-rir] flow 2
[Hub-rir-flow-2] path link-type internet index 1 preference 20
[Hub-rir-flow-2] path link-type internet index 2 preference 10
[Hub-rir-flow-2] expect-bandwidth 300
[Hub-rir-flow-2] quit
[Hub-rir] quit
# 配置QoS策略重标记流量,并将策略应用在接口GigabitEthernet1/0/3上,其中DSCP为1的报文Flow ID标记为1,DSCP为2的报文Flow ID标记为2。
[Hub] traffic classifier class1
[Hub-classifier-class1] if-match dscp 1
[Hub-classifier-class1] quit
[Hub] traffic classifier class2
[Hub-classifier-class2] if-match dscp 2
[Hub-classifier-class2] quit
[Hub] traffic behavior behav1
[Hub-behavior-behav1] remark flow-id 1
[Hub-behavior-behav1] quit
[Hub] traffic behavior behav2
[Hub-behavior-behav2] remark flow-id 2
[Hub-behavior-behav2] quit
[Hub] qos policy policy1
[Hub-qospolicy-policy1] classifier class1 behavior behav1
[Hub-qospolicy-policy1] classifier class2 behavior behav2
[Hub-qospolicy-policy1] quit
[Hub] interface gigabitethernet 1/0/3
[Hub-GigabitEthernet1/0/3] qos apply policy policy1 inbound
[Hub-GigabitEthernet1/0/3] quit
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[CPE1] tunnel flow-statistics enable
[CPE1] tunnel flow-statistics interval 5
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[CPE2] tunnel flow-statistics enable
[CPE2] tunnel flow-statistics interval 5
# 开启隧道基于Flow ID的流量速率统计功能,并配置统计时间间隔为5秒。
[Hub] tunnel flow-statistics enable
[Hub] tunnel flow-statistics interval 5
(1) 配置CPE 1
# 开启NTP服务。
<CPE1> system-view
[CPE1] ntp-service enable
# 配置通过NTP协议获取时间。
[CPE1] clock protocol ntp
# 设置RR为CPE 1的NTP服务器。
[CPE1] ntp-service unicast-server 3.3.3.3
(2) 配置CPE 2
# 开启NTP服务。
<CPE2> system-view
[CPE2] ntp-service enable
# 配置通过NTP协议获取时间。
[CPE2] clock protocol ntp
# 设置RR为CPE 2的NTP服务器。
[CPE2] ntp-service unicast-server 3.3.3.3
(3) 配置Hub
# 开启NTP服务。
[Hub] ntp-service enable
# 设置本地时钟作为参考时钟,层数为2。
[Hub] ntp-service refclock-master 2
(1) 查看等价路由
# 在Hub上查看目的地址为CE 1的路由信息,可以看到两条出接口为VSI虚接口的等价路由。
[Hub] display ip routing-table 10.1.1.2
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 BGP 255 0 192.168.1.1 Vsi1
BGP 255 0 192.168.2.1 Vsi2
# 在Hub上查看目的地址为CE 2的路由信息,可以看到两条出接口为VSI虚接口的等价路由。
[Hub] display ip routing-table 20.1.1.2
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
20.1.1.0/24 BGP 255 0 192.168.1.2 Vsi1
BGP 255 0 192.168.2.2 Vsi2
(2) 查看TCP连接
# 在CPE1设备上查看TCP连接信息,可以看到两条对端的端口号为65535的TCP连接建立完成,CPE1设备可以使用该TCP连接将链路探测质量结果同步到对应的Hub设备。(本地端口号或对端端口号为179的TCP连接由BGP协议运行时生成)
[CPE1] display tcp
*: TCP connection with authentication
Local Addr:port Foreign Addr:port State PCB
0.0.0.0:179 10.1.1.2:0 LISTEN 0xffffffffffffffa2
0.0.0.0:179 192.168.1.3:0 LISTEN 0xffffffffffffffa1
0.0.0.0:179 192.168.2.3:0 LISTEN 0xffffffffffffffa3
0.0.0.0:65535 0.0.0.0:0 LISTEN 0xffffffffffffff9d
10.1.1.1:13632 10.1.1.2:179 ESTABLISHED 0xffffffffffffffa0
11.1.1.1:13633 31.1.1.1:65535 ESTABLISHED 0xffffffffffffffa4
12.1.1.1:13634 32.1.1.1:65535 ESTABLISHED 0xffffffffffffffa5
192.168.1.1:179 192.168.1.3:8900 ESTABLISHED 0xffffffffffffffa6
192.168.2.1:13635 192.168.2.3:179 ESTABLISHED 0xffffffffffffffa7
# 在CPE2设备上查看TCP连接信息,可以看到两条对端的端口号为65535的TCP连接建立完成,CPE2设备可以使用该TCP连接将链路探测质量结果同步到对应的Hub设备。(本地端口号或对端端口号为179的TCP连接由BGP协议运行时生成)
[CPE2] display tcp
*: TCP connection with authentication
Local Addr:port Foreign Addr:port State PCB
0.0.0.0:179 20.1.1.2:0 LISTEN 0xffffffffffffffa2
0.0.0.0:179 192.168.1.3:0 LISTEN 0xffffffffffffffa1
0.0.0.0:179 192.168.2.3:0 LISTEN 0xffffffffffffffa3
0.0.0.0:65535 0.0.0.0:0 LISTEN 0xffffffffffffff9d
20.1.1.1:27968 20.1.1.2:179 ESTABLISHED 0xffffffffffffffa0
21.1.1.1:27971 31.1.1.1:65535 ESTABLISHED 0xffffffffffffffa6
22.1.1.1:27970 32.1.1.1:65535 ESTABLISHED 0xffffffffffffffa5
192.168.1.2:27972 192.168.1.3:179 ESTABLISHED 0xffffffffffffffa8
192.168.2.2:179 192.168.2.3:8896 ESTABLISHED 0xffffffffffffffa7
# 在Hub设备上查看TCP连接信息,可以看到四条本地端口号为65535的TCP连接建立完成,Spoke(CPE1和CPE2)设备可以使用该TCP连接将链路探测质量结果同步到对应的Hub设备。(本地端口号或对端端口号为179的TCP连接由BGP协议运行时生成)
[Hub] display tcp
*: TCP connection with authentication
Local Addr:port Foreign Addr:port State PCB
0.0.0.0:179 192.168.1.1:0 LISTEN 0xffffffffffffffa5
0.0.0.0:179 192.168.1.2:0 LISTEN 0xffffffffffffffa4
0.0.0.0:179 192.168.2.1:0 LISTEN 0xffffffffffffffa3
0.0.0.0:179 192.168.2.2:0 LISTEN 0xffffffffffffffa2
0.0.0.0:65535 0.0.0.0:0 LISTEN 0xffffffffffffff9d
31.1.1.1:65535 11.1.1.1:13633 ESTABLISHED 0xffffffffffffffb2
31.1.1.1:65535 21.1.1.1:27971 ESTABLISHED 0xffffffffffffffac
32.1.1.1:65535 12.1.1.1:13634 ESTABLISHED 0xffffffffffffffb3
32.1.1.1:65535 22.1.1.1:27970 ESTABLISHED 0xffffffffffffffab
192.168.1.3:179 192.168.1.2:27972 ESTABLISHED 0xffffffffffffffad
192.168.1.3:8900 192.168.1.1:179 ESTABLISHED 0xffffffffffffffb0
192.168.2.3:179 192.168.2.1:13635 ESTABLISHED 0xffffffffffffffb4
192.168.2.3:8896 192.168.2.2:179 ESTABLISHED 0xffffffffffffffa8
(3) 查看业务流量的选路信息。
¡ 查看CPE 1
# 配置CE 1仅发起UDP业务至数据中心(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为1。查看隧道基于Flow ID的流量速率统计信息,业务流量模板1下Tunnel 1和Tunnel 2都有业务流量。说明设备通过业务流量模板1为DSCP值为1的业务流量以负载分担的方式选择链路进行传输。
[CPE1] display tunnel flow-statistics
Flow 1:
Interface Out pps Out bps
Tunnel1 30 300000
Tunnel2 30 300000
# 配置CE 1仅发起UDP业务至数据中心(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为2。查看隧道基于Flow ID的流量速率统计信息,业务流量模板2下Tunnel 1和Tunnel 2都有业务流量。说明设备通过业务流量模板2为DSCP值为2的业务流量以负载分担的方式选择链路进行传输。
[CPE1] display tunnel flow-statistics
Flow 2:
Interface Out pps Out bps
Tunnel1 30 300000
Tunnel2 30 300000
¡ 查看CPE 2
CPE 2与CPE 1相似,不作介绍。
¡ 查看Hub
# 配置数据中心仅发起UDP业务至CE 1(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为1。查看隧道基于Flow ID的流量速率统计信息,仅有业务流量模板1下Tunnel 1有业务流量。说明设备通过业务流量模板1为DSCP值为1的业务流量优先选择Tunnel 1进行传输。
[Hub] display tunnel flow-statistics
Flow 1:
Interface Out pps Out bps
Tunnel1 30 300000
# 配置数据中心仅发起UDP业务至CE 1(业务对应多个会话,即有多个不同五元组的业务流量),业务流量的DSCP值为2。查看隧道基于Flow ID的流量速率统计信息,仅有业务流量模板2下的Tunnel 2有业务流量。说明设备通过业务流量模板2为DSCP值为2的业务流量优先选择Tunnel 2进行传输。
[Hub] display tunnel flow-statistics
Flow 2:
Interface Out pps Out bps
Tunnel2 30 300000
· CE 1:
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface LoopBack1
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
#
bgp 200
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.1 enable
#
· CE 2:
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 20.1.1.2 255.255.255.0
#
bgp 300
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.1 enable
#
· CPE 1:
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
rir
probe sync-port 65535
client enable
probe connect interval 300 timeout 65535
link-select delay 30
link-select suppress-period 60
sla 1
jitter threshold 20
delay threshold 60
packet-loss threshold 150
sla 2
jitter threshold 40
delay threshold 120
packet-loss threshold 300
nqa 1
probe packet-dscp 10
probe interval 60
probe packet-number 60
probe packet-interval 15
probe packet-timeout 500
probe port 65501
nqa 2
probe packet-dscp 20
probe interval 120
probe packet-number 120
probe packet-interval 30
probe packet-timeout 1000
probe port 65502
flow 1
path link-type internet index 1 preference 10
path link-type internet index 2 preference 10
quality-policy sla 1 nqa 1
expect-bandwidth 300
flow 2
path link-type internet index 1 preference 20
path link-type internet index 2 preference 20
quality-policy sla 2 nqa 2
expect-bandwidth 300
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
gateway subnet 192.168.1.0 0.0.0.255
vxlan 100
tunnel 1
#
vsi vpnb
gateway vsi-interface 2
gateway subnet 192.168.2.0 0.0.0.255
vxlan 200
tunnel 2
#
interface LoopBack10
ip address 110.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 11.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 10.1.1.1 255.255.255.0
qos apply policy policy1 inbound
#
interface Vsi-interface1
ip address 192.168.1.1 255.255.255.0
local-proxy-arp enable
rir link-type internet index 1
distributed-gateway local
#
interface Vsi-interface2
ip address 192.168.2.1 255.255.255.0
local-proxy-arp enable
rir link-type internet index 2
distributed-gateway local
#
interface Tunnel1 mode vxlan
bandwidth 30000
source 11.1.1.1
destination 31.1.1.1
tunnel out-interface GigabitEthernet1/0/1
#
interface Tunnel2 mode vxlan
bandwidth 30000
source 12.1.1.1
destination 32.1.1.1
tunnel out-interface GigabitEthernet1/0/2
#
bgp 200
peer 10.1.1.2 as-number 200
peer 192.168.1.3 as-number 100
peer 192.168.2.3 as-number 100
#
address-family ipv4 unicast
balance 4
import-route direct
peer 10.1.1.2 enable
peer 192.168.1.3 enable
peer 192.168.2.3 enable
#
ntp-service enable
ntp-service unicast-server 3.3.3.3
#
ssl client-policy plc1
prefer-cipher rsa_aes_256_cbc_sha
undo server-verify enable
#
· CPE 2:
#
ip vpn-instance vpn1
route-distinguisher 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 21.1.1.0 0.0.0.255
network 22.1.1.0 0.0.0.255
#
rir
probe sync-port 65535
client enable
probe connect interval 300 timeout 65535
link-select delay 30
link-select suppress-period 60
sla 1
jitter threshold 20
delay threshold 60
packet-loss threshold 150
sla 2
jitter threshold 40
delay threshold 120
packet-loss threshold 300
nqa 1
probe packet-dscp 10
probe interval 60
probe packet-number 60
probe packet-interval 15
probe packet-timeout 500
probe port 65501
nqa 2
probe packet-dscp 20
probe interval 120
probe packet-number 120
probe packet-interval 30
probe packet-timeout 1000
probe port 65502
flow 1
path link-type internet index 1 preference 10
path link-type internet index 2 preference 10
quality-policy sla 1 nqa 1
expect-bandwidth 300
flow 2
path link-type internet index 1 preference 20
path link-type internet index 2 preference 20
quality-policy sla 2 nqa 2
expect-bandwidth 300
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
gateway subnet 192.168.1.0 0.0.0.255
vxlan 100
tunnel 3
#
vsi vpnb
gateway vsi-interface 2
gateway subnet 192.168.2.0 0.0.0.255
vxlan 200
tunnel 4
#
interface LoopBack10
ip address 120.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 21.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 22.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 20.1.1.1 255.255.255.0
qos apply policy policy1 inbound
#
interface Vsi-interface1
ip address 192.168.1.2 255.255.255.0
local-proxy-arp enable
rir link-type internet index 1
distributed-gateway local
#
interface Vsi-interface2
ip address 192.168.2.2 255.255.255.0
local-proxy-arp enable
rir link-type internet index 2
distributed-gateway local
#
interface Tunnel3 mode vxlan
bandwidth 3000
source 21.1.1.1
destination 31.1.1.1
tunnel out-interface GigabitEthernet1/0/1
#
interface Tunnel4 mode vxlan
bandwidth 3000
source 22.1.1.1
destination 32.1.1.1
tunnel out-interface GigabitEthernet1/0/2
#
bgp 300
peer 20.1.1.2 as-number 300
peer 192.168.1.3 as-number 100
peer 192.168.2.3 as-number 100
#
address-family ipv4 unicast
balance 4
import-route direct
peer 20.1.1.2 enable
peer 192.168.1.3 enable
peer 192.168.2.3 enable
#
ntp-service enable
ntp-service unicast-server 3.3.3.3
#
sdwan server system-ip 130.1.1.1 ip 31.1.1.1 port 4000
#
· Hub:
#
tunnel flow-statistics enable
tunnel flow-statistics interval 5
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 31.1.1.0 0.0.0.255
network 32.1.1.0 0.0.0.255
#
rir
probe sync-port 65535
server enable
link-select delay 30
link-select suppress-period 60
flow 1
path link-type internet index 1 preference 10
path link-type internet index 2 preference 20
expect-bandwidth 300
flow 2
path link-type internet index 1 preference 20
path link-type internet index 2 preference 10
expect-bandwidth 300
#
traffic classifier class1 operator and
if-match dscp 1
#
traffic classifier class2 operator and
if-match dscp 2
#
traffic behavior behav1
remark flow-id 1
#
traffic behavior behav2
remark flow-id 2
#
qos policy policy1
classifier class1 behavior behav1
classifier class2 behavior behav2
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
gateway subnet 192.168.1.0 0.0.0.255
vxlan 100
tunnel 1
tunnel 3
#
vsi vpnb
gateway vsi-interface 2
gateway subnet 192.168.2.0 0.0.0.255
vxlan 200
tunnel 2
tunnel 4
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
interface LoopBack10
ip address 130.1.1.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 31.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 32.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
qos apply policy policy1 inbound
#
interface Vsi-interface1
ip address 192.168.1.3 255.255.255.0
local-proxy-arp enable
rir link-type internet index 1
distributed-gateway local
#
interface Vsi-interface2
ip address 192.168.2.3 255.255.255.0
local-proxy-arp enable
rir link-type internet index 2
distributed-gateway local
#
interface Tunnel1 mode vxlan
bandwidth 30000
source 31.1.1.1
destination 11.1.1.1
tunnel out-interface GigabitEthernet1/0/1
#
interface Tunnel2 mode vxlan
bandwidth 30000
source 32.1.1.1
destination 12.1.1.1
tunnel out-interface GigabitEthernet1/0/2
#
interface Tunnel3 mode vxlan
bandwidth 30000
source 31.1.1.1
destination 21.1.1.1
tunnel out-interface GigabitEthernet1/0/1
#
interface Tunnel4 mode vxlan
bandwidth 30000
source 32.1.1.1
destination 22.1.1.1
tunnel out-interface GigabitEthernet1/0/2
#
bgp 100
peer 192.168.1.1 as-number 200
peer 192.168.1.2 as-number 300
peer 192.168.2.1 as-number 200
peer 192.168.2.2 as-number 300
#
address-family ipv4 unicast
balance 4
import-route direct
peer 192.168.1.1 enable
peer 192.168.1.2 enable
peer 192.168.2.1 enable
peer 192.168.2.2 enable
#
nqa server enable
nqa server udp-echo 31.1.1.1 65501 high-performance-mode
nqa server udp-echo 31.1.1.1 65502 high-performance-mode
nqa server udp-echo 32.1.1.1 65501 high-performance-mode
nqa server udp-echo 32.1.1.1 65502 high-performance-mode
#
ntp-service enable
ntp-service refclock-master 2
#
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
