目  录

1 隧道策略

1.1 隧道策略简介

1.1.1 隧道策略实现方式

1.1.2 隧道策略匹配规则

1.1.3 支持的隧道类型

1.1.4 隧道选择示例

1.2 隧道策略配置限制和指导

1.3 配置隧道绑定策略

1.4 配置首选隧道策略

1.5 配置负载分担策略

1.5.1 全局配置缺省的负载分担策略

1.5.2 在隧道策略视图下配置负载分担策略

1.6 隧道策略显示和维护

1.7 隧道策略配置举例‌

1.7.1 首选隧道策略配置举例

1.7.2 隧道绑定策略配置举例

1.7.3 首选隧道和负载分担策略配置举例

1.8 隧道策略配置举例‌

1.8.1 首选隧道策略配置举例

1.8.2 隧道绑定策略配置举例

1.8.3 首选隧道和负载分担策略配置举例

2 隧道迭代器

2.1 隧道迭代器简介

2.1.1 隧道迭代器的产生背景

2.1.2 隧道迭代器的实现

2.1.3 过滤器

2.2 隧道迭代器配置任务简介

2.3 创建隧道迭代器

2.4 配置过滤器

2.4.1 过滤器配置任务简介

2.4.2 配置IPv4地址前缀列表

2.4.3 配置IPv6地址前缀列表

2.4.4 配置团体属性列表

2.4.5 配置扩展团体属性列表

2.4.6 配置RD属性列表

2.4.7 配置if-match子句

2.5 配置隧道迭代器应用的隧道策略

2.6 应用隧道迭代器

2.7 隧道迭代器的显示和维护

2.7.1 显示过滤器的信息

2.7.2 显示隧道迭代器的信息

2.7.3 清除过滤器的统计信息

2.8 隧道迭代器配置举例‌

2.8.1 配置跨域VPN-OptionB方式隧道迭代器示例

2.8.2 配置跨域VPN-OptionC方式隧道迭代器示例

2.8.3 配置HoVPN隧道迭代器示例

2.8.4 配置IPv6跨域VPN-OptionB方式隧道迭代器示例

 

1 隧道策略

1.1  隧道策略简介

隧道策略提供了灵活的隧道选择方法，可以满足VPN（例如MPLS VPN、EVPN）对隧道的多种选择要求，例如指定首选隧道、流量在隧道间负载分担等。当VPN的两个PE（Provider Edge，服务提供商网络边缘）设备之间存在多种隧道、每种隧道都有多条时，利用隧道策略合理地选择隧道，不仅有利于服务提供商网络的管理和规划，还可以降低PE设备的处理开销。

1.1.1  隧道策略实现方式

1. 隧道绑定策略

隧道绑定是指将某个目的地址与某条隧道进行绑定。通过在VPN下应用该绑定隧道，使该VPN到指定目的地址的流量只能承载在指定隧道上。

2. 首选隧道策略

每条首选隧道对应一个隧道接口、一个隧道捆绑接口或一条SRv6 TE Policy隧道。如果对端PE地址与首选隧道的目的地址相同，则通过该首选隧道转发到达该PE的流量。如果存在多条目的地址相同的首选隧道，则选择配置的第一条首选隧道；如果第一条首选隧道不可用，则选择下一条首选隧道；以此类推。也就是说到达同一个目的地址只能存在一条首选隧道，不会在多条隧道间进行负载分担。该方式为MPLS VPN显式指定了一条首选隧道，选择的隧道是明确的、可以预期的，便于网络流量规划。推荐使用该方式配置隧道策略。

3. 负载分担策略

选择多条隧道，流量在隧道之间进行负载分担：隧道的选择顺序和负载分担的隧道数目用户可配，隧道类型越靠前，其优先级越高。

采用该方式时，单个VPN的流量分担到多条隧道上，不同隧道的延时差别可能很大，设备或上层应用对报文进行排序处理可能会导致比较大的延迟。因此，不推荐使用此方式配置隧道策略。

1.1.2  隧道策略匹配规则

如果隧道策略中同时配置了上述方式，则优先选择隧道绑定策略，即：

(1)     如果对端PE地址与某条绑定隧道的目的地址相同，则采用隧道绑定策略指定的隧道转发流量。对于SRv6 TE Policy组，隧道的目的地址为SRv6 TE Policy组目的节点地址。对于SRv6 TE Policy，隧道的目的地址为SRv6 TE Policy的目的节点地址。

(2)     如果不存在隧道目的地址与对端PE地址相同的绑定隧道，则采用与对端PE地址相同的某条首选隧道，通过首选隧道策略指定的隧道/捆绑隧道/SRv6 TE Policy隧道转发流量。

(3)     如果不存在隧道目的地址与对端PE地址相同的首选隧道，则根据负载分担方式选择隧道。

1.1.3  支持的隧道类型

隧道策略支持多种类型的隧道，包括：

·     MPLS TE（MPLS Traffic Engineering，MPLS流量工程）隧道，详细介绍请参见“MPLS配置指导”中的“MPLS TE”。

·     GRE（Generic Routing Encapsulation，通用路由封装）隧道，详细介绍请参见“三层技术-IP业务配置指导”中的“GRE”。

·     MPLS LSP，仅负载分担策略支持。

·     SRv6 TE Policy隧道和SRv6 TE Policy组隧道，详细介绍请参见“Segment Routing”中的“SRv6 TE Policy”。

1.1.4  隧道选择示例

图1-1 VPN隧道选择示例图

 

 

如图1-1所示，当PE 1和PE 2之间存在多条隧道，且PE 1和PE 2连接多个VPN时，可以采用如下方式部署VPN的流量：

·     隧道绑定策略：在同一隧道策略中为VPN的不同目的地址分别指定转发流量的隧道，从而实现同一VPN下不同目的地址的流量通过不同的隧道转发。

·     首选隧道策略：配置多个隧道策略，每个隧道策略中分别指定一条首选隧道，不同的VPN引用不同的隧道策略，从而实现不同VPN的流量通过不同的隧道转发。

·     负载分担策略：在隧道策略中指定隧道的选择顺序和负载分担的隧道数目，配置VPN引用该隧道策略，从而实现每个VPN的流量都在多条隧道之间进行负载分担。

1.2  隧道策略配置限制和指导

为了实现某个VPN实例独占某条隧道，需要在隧道策略中使用preferred-path命令将该隧道配置为首选隧道，并只在该VPN实例内引用此隧道策略。

1.3  配置隧道绑定策略

(1)     进入系统视图。

system-view

(2)     进入MPLS TE隧道对应的Tunnel接口视图。

interface tunnel number mode mpls-te

(3)     配置MPLS TE隧道只能用于隧道绑定策略。

mpls te reserved-for-binding

缺省情况下，MPLS TE隧道可以用于各种方式的隧道策略。

绑定隧道为TE隧道时，必须配置本命令。

(4)     退回系统视图。

quit

(5)     创建隧道策略，并进入隧道策略视图。

tunnel-policy tunnel-policy-name [ default ]

(6)     配置隧道与目的IP进行绑定，从而限制该隧道只能承载特定的VPN业务。

binding-destination dest-ip-address { te { tunnel number }&<1-n> } [ ignore-destination-check ] [ down-switch ]

binding-destination dest-ipv6-address { srv6-policy group srv6-policy-group-id | srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value } } [ ignore-destination-check ] [ down-switch ]

缺省情况下，未将目的IP与任何隧道绑定。

同一个隧道策略下可以配置多个不同目的IP地址。

 

1.4  配置首选隧道策略

1. 配置限制和指导

在SRv6 TE Policy组网中，如果路由根据color属性进行隧道迭代，即路由携带了扩展团体属性color值或通过default-color命令指定了color值，则隧道策略中preferred-path命令指定的首选隧道不会生效，设备会根据color属性和select-seq命令指定的隧道优先顺序匹配合适的隧道进行转发。

2. 配置步骤

(1)     进入系统视图。

system-view

(2)     创建隧道策略，并进入隧道策略视图。

tunnel-policy tunnel-policy-name [ default ]

(3)     配置指定的隧道或捆绑隧道为首选隧道。

preferred-path { srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number | tunnel-bundle number } [ preference value ]

缺省情况下，未配置首选隧道。

为了提高承载隧道的可靠性，还可以将多条MPLS TE隧道关联，形成一条捆绑隧道，指定该捆绑隧道为首选隧道。

 

1.5  配置负载分担策略

1.5.1  全局配置缺省的负载分担策略

1. 功能简介

执行本配置后，MPLS VPN未绑定隧道策略、绑定的隧道策略不存在、绑定已有的隧道策略但该隧道策略配置为空时，MPLS VPN均会采用本配置指定的缺省负载分担策略来选择隧道。

2. 配置步骤

(1)     进入系统视图。

system-view

(2)     配置缺省的隧道选择顺序和负载分担数量。

tunnel-policy-default select-seq [ strict ] { cr-lsp | flex-algo-lsp | gre | lsp | sr-lsp | srv6-policy | srv6-policy-group } * load-balance-number number [ color-match ]

缺省情况下，按照LSP隧道－>GRE隧道－>CR-LSP隧道－>SRLSP隧道－>SRv6 TE Policy隧道－>SRv6 TE Policy组隧道->通过Flex-Algo算法计算的LSP隧道的优先级顺序选择隧道，负载分担的隧道数目为1。

1.5.2  在隧道策略视图下配置负载分担策略

(1)     进入系统视图。

system-view

(2)     创建隧道策略，并进入隧道策略视图。

tunnel-policy tunnel-policy-name [ default ]

(3)     配置隧道的选择顺序和负载分担的隧道数目。

select-seq [ strict ] { cr-lsp | flex-algo-lsp | gre | lsp | sr-lsp | srv6-policy | srv6-policy-group } * load-balance-number number [ color-match ]

缺省情况下，以tunnel-policy-default select-seq load-balance-number命令的配置为准。

1.6  隧道策略显示和维护

可在任意视图下执行以下命令：

·     显示隧道的信息。

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }

·     显示IPv4隧道信息。

display tunnel-info ipv4 { all | destination ipv4-address | statistics }

·     显示IPv6隧道信息。

display tunnel-info ipv6 { all | destination ipv6-address | statistics }

·     显示隧道策略的信息。

display tunnel-policy [ tunnel-policy-name ]

1.7  隧道策略配置举例‌

1.7.1  首选隧道策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在两个MPLS VPN实例vpn1和vpn2，vpn1首选MPLS TE隧道Tunnel1，vpn2首选MPLS TE隧道Tunnel2。如果Tunnel1或Tunnel2出现故障，则vpn1和vpn2可以通过LDP LSP转发流量。

2. 组网图

图1-2 首选隧道策略配置组网图

 

表1-1 组网图示例接口与设备实际接口对应关系

组网图示例接口	设备实际接口
Interface1	GigabitEthernet0/0/1
Interface2	GigabitEthernet0/0/2
Interface4	GigabitEthernet0/0/4
Interface5	GigabitEthernet0/0/5

 

表1-2 组网图接口与IP地址对应关系

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE0/0/1	10.1.1.1/24	P	Loop0	2.2.2.9/32
PE 1	Loop0	1.1.1.9/32		GE0/0/4	172.1.1.2/24
	GE0/0/1	10.1.1.2/24		GE0/0/5	172.2.1.1/24
	GE0/0/2	10.2.1.2/24	PE 2	Loop0	3.3.3.9/32
	GE0/0/4	172.1.1.1/24		GE0/0/1	10.3.1.2/24
CE 2	GE0/0/1	10.2.1.1/24		GE0/0/2	10.4.1.2/24
CE 3	GE0/0/1	10.3.1.1/24		GE0/0/4	172.2.1.2/24
CE 4	GE0/0/1	10.4.1.1/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] ip address 172.1.1.1 24

[PE1-GigabitEthernet0/0/4] isis enable 1

[PE1-GigabitEthernet0/0/4] isis circuit-level level-2

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] ip address 172.1.1.2 24

[P-GigabitEthernet0/0/4] isis enable 1

[P-GigabitEthernet0/0/4] isis circuit-level level-2

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] ip address 172.2.1.1 24

[P-GigabitEthernet0/0/5] isis enable 1

[P-GigabitEthernet0/0/5] isis circuit-level level-2

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] ip address 172.2.1.2 24

[PE2-GigabitEthernet0/0/4] isis enable 1

[PE2-GigabitEthernet0/0/4] isis circuit-level level-2

[PE2-GigabitEthernet0/0/4] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls enable

[PE1-GigabitEthernet0/0/4] mpls ldp enable

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls enable

[P-GigabitEthernet0/0/4] mpls ldp enable

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls enable

[P-GigabitEthernet0/0/5] mpls ldp enable

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls enable

[PE2-GigabitEthernet0/0/4] mpls ldp enable

[PE2-GigabitEthernet0/0/4] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls te enable

[PE1-GigabitEthernet0/0/4] rsvp enable

[PE1-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE1-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE1-GigabitEthernet0/0/4] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls te enable

[P-GigabitEthernet0/0/4] rsvp enable

[P-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls te enable

[P-GigabitEthernet0/0/5] rsvp enable

[P-GigabitEthernet0/0/5] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/5] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/5] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls te enable

[PE2-GigabitEthernet0/0/4] rsvp enable

[PE2-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE2-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE2-GigabitEthernet0/0/4] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet0/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet0/0/1] quit

[PE1] interface gigabitethernet 0/0/2

[PE1-GigabitEthernet0/0/2] ip binding vpn-instance vpn2

[PE1-GigabitEthernet0/0/2] ip address 10.2.1.2 24

[PE1-GigabitEthernet0/0/2] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet0/0/1] ip address 10.3.1.2 24

[PE2-GigabitEthernet0/0/1] quit

[PE2] interface gigabitethernet 0/0/2

[PE2-GigabitEthernet0/0/2] ip binding vpn-instance vpn2

[PE2-GigabitEthernet0/0/2] ip address 10.4.1.2 24

[PE2-GigabitEthernet0/0/2] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet0/0/1] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] ip address 10.2.1.1 24

[CE2-GigabitEthernet0/0/1] quit

# 配置CE 3。

<Sysname> system-view

[Sysname] sysname CE3

[CE3] interface gigabitethernet 0/0/1

[CE3-GigabitEthernet0/0/1] ip address 10.3.1.1 24

[CE3-GigabitEthernet0/0/1] quit

# 配置CE 4。

<Sysname> system-view

[Sysname] sysname CE4

[CE4] interface gigabitethernet 0/0/1

[CE4-GigabitEthernet0/0/1] ip address 10.4.1.1 24

[CE4-GigabitEthernet0/0/1] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65420

[CE2-bgp-default] peer 10.2.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置CE 3。

[CE3] bgp 65430

[CE3-bgp-default] peer 10.3.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.3.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# 配置CE 4。

[CE4] bgp 65440

[CE4-bgp-default] peer 10.4.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.4.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] ip vpn-instance vpn2

[PE2-bgp-default-vpn2] peer 10.4.1.1 as-number 65440

[PE2-bgp-default-vpn2] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[PE2-bgp-default-ipv4-vpn2] quit

[PE2-bgp-default-vpn2] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 创建隧道策略preferredte1，并指定首选隧道为Tunnel1。

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# 创建隧道策略preferredte2，并指定首选隧道为Tunnel2。

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

(8)     配置VPN实例引用隧道策略

# 配置vpn1实例引用隧道策略preferredte1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy preferredte1

[PE1-vpn-instance-vpn1] quit

# 配置vpn2实例引用隧道策略preferredte2。

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] tnl-policy preferredte2

4. 验证配置

# 在PE 1上查看VPN实例vpn1和vpn2的路由表，可以看到vpn1内到达CE 3的流量通过Tunnel1转发，vpn2内到达CE 4的流量通过Tunnel2转发。

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 6        Routes : 6

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

10.1.1.0/24        Direct  0   0           10.1.1.2        GE0/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       GE0/0/1

10.1.1.255/32      Direct  0   0           10.1.1.2        GE0/0/1

10.3.1.0/24        BGP     255 0           3.3.3.9         Tun1

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

[PE1] display ip routing-table vpn-instance vpn2

 

Destinations : 6        Routes : 6

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

10.2.1.0/24        Direct  0   0           10.2.1.2        GE0/0/2

10.2.1.2/32        Direct  0   0           127.0.0.1       GE0/0/2

10.2.1.255/32      Direct  0   0           10.2.1.2        GE0/0/2

10.4.1.0/24        BGP     255 0           3.3.3.9         Tun2

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1可以ping通CE 3，CE 2可以ping通CE 4。

# 当Tunnel1出现故障时，PE 1通过LDP LSP转发vpn1的流量，CE 1仍然可以ping通CE 3。Tunnel2出现故障时，与此类似。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy preferredte1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 100:2

 tnl-policy preferredte2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy preferredte1

 preferred-path tunnel 1

#

tunnel-policy preferredte2

 preferred-path tunnel 2

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet0/0/2

 port link-mode route

 ip binding vpn-instance vpn2

 ip address 10.2.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.2.1.1 as-number 65420

  #

  address-family ipv4 unicast

   peer 10.2.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/5

 port link-mode route

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 200:2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface GigabitEthernet0/0/2

 port link-mode route

 ip binding vpn-instance vpn2

 ip address 10.4.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.4.1.1 as-number 65440

  #

  address-family ipv4 unicast

   peer 10.4.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.2.1.1 255.255.255.0

#

bgp 65420

 peer 10.2.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.2.1.2 enable

#

return

·     CE 3：

#

 sysname CE3

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.3.1.1 255.255.255.0

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

·     CE 4：

#

 sysname CE4

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.4.1.1 255.255.255.0

#

bgp 65440

 peer 10.4.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.4.1.2 enable

#

return

1.7.2  隧道绑定策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在1个MPLS VPN实例vpn1，该VPN实例使用MPLS TE隧道Tunnel1和Tunnel2转发流量。VPN实例vpn1不会使用LDP LSP转发流量。

2. 组网图

图1-3 隧道绑定策略配置组网图

 

表1-3 组网图示例接口与设备实际接口对应关系

组网图示例接口	设备实际接口
Interface1	GigabitEthernet0/0/1
Interface4	GigabitEthernet0/0/4
Interface5	GigabitEthernet0/0/5

 

表1-4 组网图接口与IP地址对应关系

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	3.3.3.9/32
	GE0/0/1	10.1.1.2/24		GE0/0/1	10.3.1.2/24
	GE0/0/4	172.1.1.1/24		GE0/0/4	172.2.1.2/24
P	Loop0	2.2.2.9/32	CE 1	GE0/0/1	10.1.1.1/24
	GE0/0/4	172.1.1.2/24	CE 2	GE0/0/1	10.3.1.1/24
	GE0/0/5	172.2.1.1/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] ip address 172.1.1.1 24

[PE1-GigabitEthernet0/0/4] isis enable 1

[PE1-GigabitEthernet0/0/4] isis circuit-level level-2

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] ip address 172.1.1.2 24

[P-GigabitEthernet0/0/4] isis enable 1

[P-GigabitEthernet0/0/4] isis circuit-level level-2

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] ip address 172.2.1.1 24

[P-GigabitEthernet0/0/5] isis enable 1

[P-GigabitEthernet0/0/5] isis circuit-level level-2

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] ip address 172.2.1.2 24

[PE2-GigabitEthernet0/0/4] isis enable 1

[PE2-GigabitEthernet0/0/4] isis circuit-level level-2

[PE2-GigabitEthernet0/0/4] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls enable

[PE1-GigabitEthernet0/0/4] mpls ldp enable

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls enable

[P-GigabitEthernet0/0/4] mpls ldp enable

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls enable

[P-GigabitEthernet0/0/5] mpls ldp enable

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls enable

[PE2-GigabitEthernet0/0/4] mpls ldp enable

[PE2-GigabitEthernet0/0/4] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls te enable

[PE1-GigabitEthernet0/0/4] rsvp enable

[PE1-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE1-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE1-GigabitEthernet0/0/4] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls te enable

[P-GigabitEthernet0/0/4] rsvp enable

[P-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls te enable

[P-GigabitEthernet0/0/5] rsvp enable

[P-GigabitEthernet0/0/5] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/5] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/5] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls te enable

[PE2-GigabitEthernet0/0/4] rsvp enable

[PE2-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE2-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE2-GigabitEthernet0/0/4] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet0/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet0/0/1] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet0/0/1] ip address 10.3.1.2 24

[PE2-GigabitEthernet0/0/1] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet0/0/1] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] ip address 10.3.1.1 24

[CE2-GigabitEthernet0/0/1] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65430

[CE2-bgp-default] peer 10.3.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.3.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 配置MPLS TE隧道Tunnel1只能用于隧道绑定策略。

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] mpls te reserved-for-binding

[PE1-Tunnel1] quit

# 配置MPLS TE隧道Tunnel2只能用于隧道绑定策略。

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] mpls te reserved-for-binding

[PE1-Tunnel2] quit

# 创建隧道策略binding，并配置隧道与MP-BGP对等体的IP地址进行绑定，从而限制MPLS TE隧道Tunnel1和Tunnel2只能承载特定VPN的业务。

[PE1] tunnel-policy binding

[PE1-tunnel-policy-binding] binding-destination 3.3.3.9 te tunnel 1 tunnel 2

[PE1-tunnel-policy-binding] quit

(8)     配置VPN实例引用隧道策略

# 配置vpn1实例引用隧道策略binding。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy binding

[PE1-vpn-instance-vpn1] quit

4. 验证配置

# 在PE 1上查看VPN实例vpn1的路由表，可以看到vpn1内到达CE 2的流量通过Tunnel1和Tunnel2转发。

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 6        Routes : 6

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

10.1.1.0/24        Direct  0   0           10.1.1.2        GE0/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       GE0/0/1

10.1.1.255/32      Direct  0   0           10.1.1.2        GE0/0/1

10.3.1.0/24        BGP     255 0           3.3.3.9         Tun1

                   BGP     255 0           3.3.3.9         Tun2

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1可以ping通CE 2。

# 当Tunnel1和Tunnel2均出现故障时，PE 1不会通过LDP LSP转发vpn1的流量，CE 1无法ping通CE 2。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy binding

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy binding

 binding-destination 3.3.3.9 te tunnel 1 tunnel 2

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 mpls te reserved-for-binding

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 mpls te reserved-for-binding

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/5

 port link-mode route

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.3.1.1 255.255.255.0

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

1.7.3  首选隧道和负载分担策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口分别为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在多个MPLS VPN实例：vpn1、vpn2和vpn3。每个VPN实例使用的隧道策略如表1-5所示。

表1-5 VPN实例使用的隧道策略列表

VPN实例	隧道策略
vpn1	首选MPLS TE隧道Tunnel1
vpn2	首选MPLS TE隧道Tunnel2
Vpn3	按照LDP LSP、MPLS TE隧道的顺序选择隧道，负载分担数目为1

 

2. 组网图

图1-4 首选隧道策略配置组网图

 

表1-6 组网图示例接口与设备实际接口对应关系

组网图示例接口	设备实际接口
Interface1	GigabitEthernet0/0/1
Interface2	GigabitEthernet0/0/2
Interface3	GigabitEthernet0/0/3
Interface4	GigabitEthernet0/0/4
Interface5	GigabitEthernet0/0/5

 

表1-7 组网图接口与IP地址对应关系

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	3.3.3.9/32
	GE0/0/1	10.1.1.2/24		GE0/0/1	10.3.1.2/24
	GE0/0/2	10.2.1.2/24		GE0/0/2	10.4.1.2/24
	GE0/0/3	10.5.1.2/24		GE0/0/3	10.6.1.2/24
	GE0/0/4	172.1.1.1/24		GE0/0/4	172.2.1.2/24
P	Loop0	2.2.2.9/32	CE 3	GE0/0/1	10.3.1.1/24
	GE0/0/4	172.1.1.2/24	CE 4	GE0/0/1	10.4.1.1/24
	GE0/0/5	172.2.1.1/24	CE 5	GE0/0/1	10.5.1.1/24
CE 1	GE0/0/1	10.1.1.1/24	CE 6	GE0/0/1	10.6.1.1/24
CE 2	GE0/0/1	10.2.1.1/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] ip address 172.1.1.1 24

[PE1-GigabitEthernet0/0/4] isis enable 1

[PE1-GigabitEthernet0/0/4] isis circuit-level level-2

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] ip address 172.1.1.2 24

[P-GigabitEthernet0/0/4] isis enable 1

[P-GigabitEthernet0/0/4] isis circuit-level level-2

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] ip address 172.2.1.1 24

[P-GigabitEthernet0/0/5] isis enable 1

[P-GigabitEthernet0/0/5] isis circuit-level level-2

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] ip address 172.2.1.2 24

[PE2-GigabitEthernet0/0/4] isis enable 1

[PE2-GigabitEthernet0/0/4] isis circuit-level level-2

[PE2-GigabitEthernet0/0/4] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls enable

[PE1-GigabitEthernet0/0/4] mpls ldp enable

[PE1-GigabitEthernet0/0/4] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls enable

[P-GigabitEthernet0/0/4] mpls ldp enable

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls enable

[P-GigabitEthernet0/0/5] mpls ldp enable

[P-GigabitEthernet0/0/5] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls enable

[PE2-GigabitEthernet0/0/4] mpls ldp enable

[PE2-GigabitEthernet0/0/4] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] mpls te enable

[PE1-GigabitEthernet0/0/4] rsvp enable

[PE1-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE1-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE1-GigabitEthernet0/0/4] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface gigabitethernet 0/0/4

[P-GigabitEthernet0/0/4] mpls te enable

[P-GigabitEthernet0/0/4] rsvp enable

[P-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/4] quit

[P] interface gigabitethernet 0/0/5

[P-GigabitEthernet0/0/5] mpls te enable

[P-GigabitEthernet0/0/5] rsvp enable

[P-GigabitEthernet0/0/5] mpls te max-link-bandwidth 10000

[P-GigabitEthernet0/0/5] mpls te max-reservable-bandwidth 5000

[P-GigabitEthernet0/0/5] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] mpls te enable

[PE2-GigabitEthernet0/0/4] rsvp enable

[PE2-GigabitEthernet0/0/4] mpls te max-link-bandwidth 10000

[PE2-GigabitEthernet0/0/4] mpls te max-reservable-bandwidth 5000

[PE2-GigabitEthernet0/0/4] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] ip vpn-instance vpn3

[PE1-vpn-instance-vpn3] route-distinguisher 100:3

[PE1-vpn-instance-vpn3] vpn-target 333:3

[PE1-vpn-instance-vpn3] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet0/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet0/0/1] quit

[PE1] interface gigabitethernet 0/0/2

[PE1-GigabitEthernet0/0/2] ip binding vpn-instance vpn2

[PE1-GigabitEthernet0/0/2] ip address 10.2.1.2 24

[PE1-GigabitEthernet0/0/2] quit

[PE1] interface gigabitethernet 0/0/3

[PE1-GigabitEthernet0/0/3] ip binding vpn-instance vpn3

[PE1-GigabitEthernet0/0/3] ip address 10.5.1.2 24

[PE1-GigabitEthernet0/0/3] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] ip vpn-instance vpn3

[PE2-vpn-instance-vpn3] route-distinguisher 200:3

[PE2-vpn-instance-vpn3] vpn-target 333:3

[PE2-vpn-instance-vpn3] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet0/0/1] ip address 10.3.1.2 24

[PE2-GigabitEthernet0/0/1] quit

[PE2] interface gigabitethernet 0/0/2

[PE2-GigabitEthernet0/0/2] ip binding vpn-instance vpn2

[PE2-GigabitEthernet0/0/2] ip address 10.4.1.2 24

[PE2-GigabitEthernet0/0/2] quit

[PE2] interface gigabitethernet 0/0/3

[PE2-GigabitEthernet0/0/3] ip binding vpn-instance vpn3

[PE2-GigabitEthernet0/0/3] ip address 10.6.1.2 24

[PE2-GigabitEthernet0/0/3] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet0/0/1] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] ip address 10.2.1.1 24

[CE2-GigabitEthernet0/0/1] quit

# 配置CE 3。

<Sysname> system-view

[Sysname] sysname CE3

[CE3] interface gigabitethernet 0/0/1

[CE3-GigabitEthernet0/0/1] ip address 10.3.1.1 24

[CE3-GigabitEthernet0/0/1] quit

# 配置CE 4。

<Sysname> system-view

[Sysname] sysname CE4

[CE4] interface gigabitethernet 0/0/1

[CE4-GigabitEthernet0/0/1] ip address 10.4.1.1 24

[CE4-GigabitEthernet0/0/1] quit

# 配置CE 5。

<Sysname> system-view

[Sysname] sysname CE5

[CE5] interface gigabitethernet 0/0/1

[CE5-GigabitEthernet0/0/1] ip address 10.5.1.1 24

[CE5-GigabitEthernet0/0/1] quit

# 配置CE 6。

<Sysname> system-view

[Sysname] sysname CE6

[CE6] interface gigabitethernet 0/0/1

[CE6-GigabitEthernet0/0/1] ip address 10.6.1.1 24

[CE6-GigabitEthernet0/0/1] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65420

[CE2-bgp-default] peer 10.2.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置CE 3。

[CE3] bgp 65430

[CE3-bgp-default] peer 10.3.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.3.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# 配置CE 4。

[CE4] bgp 65440

[CE4-bgp-default] peer 10.4.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.4.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

# 配置CE 5。

[CE5] bgp 65450

[CE5-bgp-default] peer 10.5.1.2 as-number 100

[CE5-bgp-default] address-family ipv4 unicast

[CE5-bgp-default-ipv4] peer 10.5.1.2 enable

[CE5-bgp-default-ipv4] import-route direct

[CE5-bgp-default-ipv4] quit

[CE5-bgp-default] quit

# 配置CE 6。

[CE6] bgp 65460

[CE6-bgp-default] peer 10.6.1.2 as-number 100

[CE6-bgp-default] address-family ipv4 unicast

[CE6-bgp-default-ipv4] peer 10.6.1.2 enable

[CE6-bgp-default-ipv4] import-route direct

[CE6-bgp-default-ipv4] quit

[CE6-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] ip vpn-instance vpn3

[PE1-bgp-default-vpn3] peer 10.5.1.1 as-number 65450

[PE1-bgp-default-vpn3] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn3] peer 10.5.1.1 enable

[PE1-bgp-default-ipv4-vpn3] quit

[PE1-bgp-default-vpn3] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] ip vpn-instance vpn2

[PE2-bgp-default-vpn2] peer 10.4.1.1 as-number 65440

[PE2-bgp-default-vpn2] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[PE2-bgp-default-ipv4-vpn2] quit

[PE2-bgp-default-vpn2] quit

[PE2-bgp-default] ip vpn-instance vpn3

[PE2-bgp-default-vpn3] peer 10.6.1.1 as-number 65460

[PE2-bgp-default-vpn3] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn3] peer 10.6.1.1 enable

[PE2-bgp-default-ipv4-vpn3] quit

[PE2-bgp-default-vpn3] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 创建隧道策略preferredte1，并指定首选隧道为Tunnel1。

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# 创建隧道策略preferredte2，并指定首选隧道为Tunnel2。

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

# 创建隧道策略select-lsp，按照LDP LSP、MPLS TE隧道的顺序选择隧道，负载分担数目为1。

[PE1] tunnel-policy select-lsp

[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1

[PE1-tunnel-policy-select-lsp] quit

(8)     配置VPN实例引用隧道策略

# 配置vpn1引用隧道策略preferredte1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy preferredte1

[PE1-vpn-instance-vpn1] quit

# 配置vpn2引用隧道策略preferredte2。

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] tnl-policy preferredte2

[PE1-vpn-instance-vpn2] quit

# 配置vpn3引用隧道策略select-lsp。

[PE1] ip vpn-instance vpn3

[PE1-vpn-instance-vpn3] tnl-policy select-lsp

4. 验证配置

# 在PE 1上查看VPN实例vpn1和vpn2的路由表，可以看到vpn1内到达CE 3的流量通过Tunnel1转发，vpn2内到达CE 4的流量通过Tunnel2转发。

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 6        Routes : 6

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

10.1.1.0/24        Direct  0   0           10.1.1.2        GE0/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       GE0/0/1

10.1.1.255/32      Direct  0   0           10.1.1.2        GE0/0/1

10.3.1.0/24        BGP     255 0           3.3.3.9         Tun1

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

[PE1] display ip routing-table vpn-instance vpn2

 

Destinations : 6        Routes : 6

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

10.2.1.0/24        Direct  0   0           10.2.1.2        GE0/0/2

10.2.1.2/32        Direct  0   0           127.0.0.1       GE0/0/2

10.2.1.255/32      Direct  0   0           10.2.1.2        GE0/0/2

10.4.1.0/24        BGP     255 0           3.3.3.9         Tun2

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# 在PE 1上查看VPN实例vpn3的IP转发表，并查看MPLS转发表，可以看到vpn3内到达CE 6的流量通过LDP LSP转发。

[PE1] display fib vpn-instance vpn3

Route destination count: 6

Directly-connected host count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.5.1.2/32        127.0.0.1       UH       GE0/0/3                  Null

10.5.1.1/32        10.5.1.1        UH       GE0/0/3                  Null

10.5.1.0/24        10.5.1.2        U        GE0/0/3                  Null

10.6.1.0/24        3.3.3.9         UGR      3                        1277

10.5.1.255/32      10.5.1.2        UBH      GE0/0/3                  Null

255.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

[PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

 

Flags: T - Forwarded through a tunnel

       N - Forwarded through the outgoing interface to the nexthop IP address

       B - Backup forwarding information

       A - Active forwarding information

       M - P2MP forwarding information

 

NID        Tnl-Type   Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0          LOCAL      NA   -        GE0/0/4                  172.1.1.2

1          CRLSP      NA   1279     GE0/0/4                  172.1.1.2

2          CRLSP      NA   1278     GE0/0/4                  172.1.1.2

3          LSP        NA   1150     GE0/0/4                  172.1.1.2

268435457  TE         TA   -        1

268435458  TE         TA   -        2

# CE 1可以ping通CE 3，CE 2可以ping通CE 4，CE 5可以ping通CE 6。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy preferredte1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 100:2

 tnl-policy preferredte2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

ip vpn-instance vpn3

 route-distinguisher 100:3

 tnl-policy select-lsp

 vpn-target 333:3 import-extcommunity

 vpn-target 333:3 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy preferredte1

 preferred-path tunnel 1

#

tunnel-policy preferredte2

 preferred-path tunnel 2

#

tunnel-policy select-lsp

 select-seq lsp cr-lsp load-balance-number 1

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet0/0/2

 port link-mode route

 ip binding vpn-instance vpn2

 ip address 10.2.1.2 255.255.255.0

#

interface GigabitEthernet0/0/3

 port link-mode route

 ip binding vpn-instance vpn3

 ip address 10.5.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.2.1.1 as-number 65420

  #

  address-family ipv4 unicast

   peer 10.2.1.1 enable

 #

 ip vpn-instance vpn3

  peer 10.5.1.1 as-number 65450

  #

  address-family ipv4 unicast

   peer 10.5.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/5

 port link-mode route

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 200:2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

ip vpn-instance vpn3

 route-distinguisher 200:3

 vpn-target 333:3 import-extcommunity

 vpn-target 333:3 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface GigabitEthernet0/0/2

 port link-mode route

 ip binding vpn-instance vpn2

 ip address 10.4.1.2 255.255.255.0

#

interface GigabitEthernet0/0/3

 port link-mode route

 ip binding vpn-instance vpn3

 ip address 10.6.1.2 255.255.255.0

#

interface GigabitEthernet0/0/4

 port link-mode route

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.4.1.1 as-number 65440

  #

  address-family ipv4 unicast

   peer 10.4.1.1 enable

 #

 ip vpn-instance vpn3

  peer 10.6.1.1 as-number 65460

  #

  address-family ipv4 unicast

   peer 10.6.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.2.1.1 255.255.255.0

#

bgp 65420

 peer 10.2.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.2.1.2 enable

#

return

·     CE 3：

#

 sysname CE3

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.3.1.1 255.255.255.0

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

·     CE 4：

#

 sysname CE4

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.4.1.1 255.255.255.0

#

bgp 65440

 peer 10.4.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.4.1.2 enable

#

return

·     CE 5：

#

 sysname CE5

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.5.1.1 255.255.255.0

#

bgp 65450

 peer 10.5.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.5.1.2 enable

#

return

·     CE 6：

#

 sysname CE6

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.6.1.1 255.255.255.0

#

bgp 65460

 peer 10.6.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.6.1.2 enable

#

return

1.8  隧道策略配置举例‌

1.8.1  首选隧道策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在两个MPLS VPN实例vpn1和vpn2，vpn1首选MPLS TE隧道Tunnel1，vpn2首选MPLS TE隧道Tunnel2。如果Tunnel1或Tunnel2出现故障，则vpn1和vpn2可以通过LDP LSP转发流量。

2. 组网图

图1-5 首选隧道策略配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	Vlan-int11	10.1.1.1/24	P	Loop0	2.2.2.9/32
PE 1	Loop0	1.1.1.9/32		Vlan-int12	172.2.1.1/24
	Vlan-int11	10.1.1.2/24		Vlan-int13	172.1.1.2/24
	Vlan-int13	172.1.1.1/24	PE 2	Loop0	3.3.3.9/32
	Vlan-int12	10.2.1.2/24		Vlan-int12	172.2.1.2/24
CE 2	Vlan-int12	10.2.1.1/24		Vlan-int11	10.3.1.2/24
CE 3	Vlan-int11	10.3.1.1/24		Vlan-int13	10.4.1.2/24
CE 4	Vlan-int13	10.4.1.1/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] vlan 11

[PE1-vlan11] quit

[PE1] vlan 12

[PE1-vlan12] quit

[PE1] vlan 13

[PE1-vlan13] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] port access vlan 11

[PE1-GigabitEthernet0/0/1] quit

[PE1] interface gigabitethernet 0/0/2

[PE1-GigabitEthernet0/0/2] port access vlan 12

[PE1-GigabitEthernet0/0/2] quit

[PE1] interface gigabitethernet 0/0/3

[PE1-GigabitEthernet0/0/3] port access vlan 13

[PE1-GigabitEthernet0/0/3] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] ip address 172.1.1.1 24

[PE1-Vlan-interface13] isis enable 1

[PE1-Vlan-interface13] isis circuit-level level-2

[PE1-Vlan-interface13] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] vlan 12

[P-vlan12] quit

[P] vlan 13

[P-vlan13] quit

[P] interface gigabitethernet 0/0/1

[P-GigabitEthernet0/0/1] port access vlan 12

[P-GigabitEthernet0/0/1] quit

[P] interface gigabitethernet 0/0/2

[P-GigabitEthernet0/0/2] port access vlan 13

[P-GigabitEthernet0/0/2] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] ip address 172.1.1.2 24

[P-Vlan-interface13] isis enable 1

[P-Vlan-interface13] isis circuit-level level-2

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] ip address 172.2.1.1 24

[P-Vlan-interface12] isis enable 1

[P-Vlan-interface12] isis circuit-level level-2

[P-Vlan-interface12] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] vlan 11

[PE2-vlan11] quit

[PE2] vlan 12

[PE2-vlan12] quit

[PE2] vlan 13

[PE2-vlan13] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] port access vlan 11

[PE2-GigabitEthernet0/0/1] quit

[PE2] interface gigabitethernet 0/0/2

[PE2-GigabitEthernet0/0/2] port access vlan 12

[PE2-GigabitEthernet0/0/2] quit

[PE2] interface gigabitethernet 0/0/3

[PE2-GigabitEthernet0/0/3] port access vlan 13

[PE2-GigabitEthernet0/0/3] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] ip address 172.2.1.2 24

[PE2-Vlan-interface12] isis enable 1

[PE2-Vlan-interface12] isis circuit-level level-2

[PE2-Vlan-interface12] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls enable

[PE1-Vlan-interface13] mpls ldp enable

[PE1-Vlan-interface13] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls enable

[P-Vlan-interface13] mpls ldp enable

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls enable

[P-Vlan-interface12] mpls ldp enable

[P-Vlan-interface12] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls enable

[PE2-Vlan-interface12] mpls ldp enable

[PE2-Vlan-interface12] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls te enable

[PE1-Vlan-interface13] rsvp enable

[PE1-Vlan-interface13] mpls te max-link-bandwidth 10000

[PE1-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[PE1-Vlan-interface13] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls te enable

[P-Vlan-interface13] rsvp enable

[P-Vlan-interface13] mpls te max-link-bandwidth 10000

[P-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls te enable

[P-Vlan-interface12] rsvp enable

[P-Vlan-interface12] mpls te max-link-bandwidth 10000

[P-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface12] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls te enable

[PE2-Vlan-interface12] rsvp enable

[PE2-Vlan-interface12] mpls te max-link-bandwidth 10000

[PE2-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[PE2-Vlan-interface12] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] ip binding vpn-instance vpn1

[PE1-Vlan-interface11] ip address 10.1.1.2 24

[PE1-Vlan-interface11] quit

[PE1] interface vlan-interface 12

[PE1-Vlan-interface12] ip binding vpn-instance vpn2

[PE1-Vlan-interface12] ip address 10.2.1.2 24

[PE1-Vlan-interface12] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] ip binding vpn-instance vpn1

[PE2-Vlan-interface11] ip address 10.3.1.2 24

[PE2-Vlan-interface11] quit

[PE2] interface vlan-interface 13

[PE2-Vlan-interface13] ip binding vpn-instance vpn2

[PE2-Vlan-interface13] ip address 10.4.1.2 24

[PE2-Vlan-interface13] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 11

[CE1-vlan11] quit

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] port access vlan 11

[CE1-GigabitEthernet0/0/1] quit

[CE1] interface vlan-interface 11

[CE1-Vlan-interface11] ip address 10.1.1.1 24

[CE1-Vlan-interface11] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 12

[CE2-vlan12] quit

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] port access vlan 12

[CE2-GigabitEthernet0/0/1] quit

[CE2] interface vlan-interface 12

[CE2-Vlan-interface12] ip address 10.2.1.1 24

[CE2-Vlan-interface12] quit

# 配置CE 3。

<Sysname> system-view

[Sysname] sysname CE3

[CE3] vlan 11

[CE3-vlan11] quit

[CE3] interface gigabitethernet 0/0/1

[CE3-GigabitEthernet0/0/1] port access vlan 11

[CE3-GigabitEthernet0/0/1] quit

[CE3] interface vlan-interface 11

[CE3-Vlan-interface11] ip address 10.3.1.1 24

[CE3-Vlan-interface11] quit

# 配置CE 4。

<Sysname> system-view

[Sysname] sysname CE4

[CE4] vlan 13

[CE4-vlan13] quit

[CE4] interface gigabitethernet 0/0/1

[CE4-GigabitEthernet0/0/1] port access vlan 13

[CE4-GigabitEthernet0/0/1] quit

[CE4] interface vlan-interface 13

[CE4-Vlan-interface13] ip address 10.4.1.1 24

[CE4-Vlan-interface13] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65420

[CE2-bgp-default] peer 10.2.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置CE 3。

[CE3] bgp 65430

[CE3-bgp-default] peer 10.3.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.3.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# 配置CE 4。

[CE4] bgp 65440

[CE4-bgp-default] peer 10.4.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.4.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] ip vpn-instance vpn2

[PE2-bgp-default-vpn2] peer 10.4.1.1 as-number 65440

[PE2-bgp-default-vpn2] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[PE2-bgp-default-ipv4-vpn2] quit

[PE2-bgp-default-vpn2] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 创建隧道策略preferredte1，并指定首选隧道为Tunnel1。

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# 创建隧道策略preferredte2，并指定首选隧道为Tunnel2。

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

(8)     配置VPN实例引用隧道策略

# 配置vpn1实例引用隧道策略preferredte1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy preferredte1

[PE1-vpn-instance-vpn1] quit

# 配置vpn2实例引用隧道策略preferredte2。

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] tnl-policy preferredte2

4. 验证配置

# 在PE 1上查看VPN实例vpn1和vpn2的路由表，可以看到vpn1内到达CE 3的流量通过Tunnel1转发，vpn2内到达CE 4的流量通过Tunnel2转发。

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 11       Routes : 11

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

10.1.1.0/24        Direct  0   0           10.1.1.2        Vlan11

10.1.1.2/32        Direct  0   0           127.0.0.1       InLoop0

10.1.1.255/32      Direct  0   0           10.1.1.2        Vlan11

10.3.1.0/24        BGP     255 0           3.3.3.9         Tun1

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

[PE1] display ip routing-table vpn-instance vpn2

 

Destinations : 11       Routes : 11

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

10.2.1.0/24        Direct  0   0           10.2.1.2        Vlan12

10.2.1.2/32        Direct  0   0           127.0.0.1       InLoop0

10.2.1.255/32      Direct  0   0           10.2.1.2        Vlan12

10.4.1.0/24        BGP     255 0           3.3.3.9         Tun2

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1可以ping通CE 3，CE 2可以ping通CE 4。

# 当Tunnel1出现故障时，PE 1通过LDP LSP转发vpn1的流量，CE 1仍然可以ping通CE 3。Tunnel2出现故障时，与此类似。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy preferredte1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 100:2

 tnl-policy preferredte2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

vlan 11 to 13

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy preferredte1

 preferred-path tunnel 1

#

tunnel-policy preferredte2

 preferred-path tunnel 2

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface Vlan-interface12

 ip binding vpn-instance vpn2

 ip address 10.2.1.2 255.255.255.0

#

interface Vlan-interface13

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/3

 port link-mode bridge

 port access vlan 13

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.2.1.1 as-number 65420

  #

  address-family ipv4 unicast

   peer 10.2.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

vlan 12 to 13

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface12

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface13

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 13

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 200:2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

vlan 11 to 13

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface Vlan-interface12

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface13

 ip binding vpn-instance vpn2

 ip address 10.4.1.2 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/3

 port link-mode bridge

 port access vlan 13

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.4.1.1 as-number 65440

  #

  address-family ipv4 unicast

   peer 10.4.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

vlan 11

#

interface Vlan-interface11

 ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

vlan 12

#

interface Vlan-interface12

 ip address 10.2.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 12

#

bgp 65420

 peer 10.2.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.2.1.2 enable

#

return

·     CE 3：

#

 sysname CE3

#

vlan 11

#

interface Vlan-interface11

 ip address 10.3.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

·     CE 4：

#

 sysname CE4

#

vlan 13

#

interface Vlan-interface13

 ip address 10.4.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 13

#

bgp 65440

 peer 10.4.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.4.1.2 enable

#

return

1.8.2  隧道绑定策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在1个MPLS VPN实例vpn1，该VPN实例使用MPLS TE隧道Tunnel1和Tunnel2转发流量。VPN实例vpn1不会使用LDP LSP转发流量。

2. 组网图

图1-6 隧道绑定策略配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	3.3.3.9/32
	Vlan-int11	10.1.1.2/24		Vlan-int11	10.3.1.2/24
	Vlan-int13	172.1.1.1/24		Vlan-int12	172.2.1.2/24
P	Loop0	2.2.2.9/32	CE 1	Vlan-int11	10.1.1.1/24
	Vlan-int12	172.2.1.1/24	CE 2	Vlan-int11	10.3.1.1/24
	Vlan-int13	172.1.1.2/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] vlan 11

[PE1-vlan11] quit

[PE1] vlan 13

[PE1-vlan13] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] port access vlan 11

[PE1-GigabitEthernet0/0/1] quit

[PE1] interface gigabitethernet 0/0/2

[PE1-GigabitEthernet0/0/2] port access vlan 13

[PE1-GigabitEthernet0/0/2] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] ip address 172.1.1.1 24

[PE1-Vlan-interface13] isis enable 1

[PE1-Vlan-interface13] isis circuit-level level-2

[PE1-Vlan-interface13] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] vlan 12

[P-vlan12] quit

[P] vlan 13

[P-vlan13] quit

[P] interface gigabitethernet 0/0/1

[P-GigabitEthernet0/0/1] port access vlan 12

[P-GigabitEthernet0/0/1] quit

[P] interface gigabitethernet 0/0/2

[P-GigabitEthernet0/0/2] port access vlan 13

[P-GigabitEthernet0/0/2] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] ip address 172.1.1.2 24

[P-Vlan-interface13] isis enable 1

[P-Vlan-interface13] isis circuit-level level-2

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] ip address 172.2.1.1 24

[P-Vlan-interface12] isis enable 1

[P-Vlan-interface12] isis circuit-level level-2

[P-Vlan-interface12] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] vlan 11

[PE2-vlan11] quit

[PE2] vlan 12

[PE2-vlan12] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] port access vlan 11

[PE2-GigabitEthernet0/0/1] quit

[PE2] interface gigabitethernet 0/0/2

[PE2-GigabitEthernet0/0/2] port access vlan 12

[PE2-GigabitEthernet0/0/2] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] ip address 172.2.1.2 24

[PE2-Vlan-interface12] isis enable 1

[PE2-Vlan-interface12] isis circuit-level level-2

[PE2-Vlan-interface12] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls enable

[PE1-Vlan-interface13] mpls ldp enable

[PE1-Vlan-interface13] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls enable

[P-Vlan-interface13] mpls ldp enable

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls enable

[P-Vlan-interface12] mpls ldp enable

[P-Vlan-interface12] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls enable

[PE2-Vlan-interface12] mpls ldp enable

[PE2-Vlan-interface12] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls te enable

[PE1-Vlan-interface13] rsvp enable

[PE1-Vlan-interface13] mpls te max-link-bandwidth 10000

[PE1-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[PE1-Vlan-interface13] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls te enable

[P-Vlan-interface13] rsvp enable

[P-Vlan-interface13] mpls te max-link-bandwidth 10000

[P-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls te enable

[P-Vlan-interface12] rsvp enable

[P-Vlan-interface12] mpls te max-link-bandwidth 10000

[P-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface12] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls te enable

[PE2-Vlan-interface12] rsvp enable

[PE2-Vlan-interface12] mpls te max-link-bandwidth 10000

[PE2-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[PE2-Vlan-interface12] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] ip binding vpn-instance vpn1

[PE1-Vlan-interface11] ip address 10.1.1.2 24

[PE1-Vlan-interface11] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] ip binding vpn-instance vpn1

[PE2-Vlan-interface11] ip address 10.3.1.2 24

[PE2-Vlan-interface11] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 11

[CE1-vlan11] quit

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] port access vlan 11

[CE1-GigabitEthernet0/0/1] quit

[CE1] interface vlan-interface 11

[CE1-Vlan-interface11] ip address 10.1.1.1 24

[CE1-Vlan-interface11] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 11

[CE2-vlan11] quit

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] port access vlan 11

[CE2-GigabitEthernet0/0/1] quit

[CE2] interface vlan-interface 11

[CE2-Vlan-interface11] ip address 10.3.1.1 24

[CE2-Vlan-interface11] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65430

[CE2-bgp-default] peer 10.3.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.3.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 配置MPLS TE隧道Tunnel1只能用于隧道绑定策略。

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] mpls te reserved-for-binding

[PE1-Tunnel1] quit

# 配置MPLS TE隧道Tunnel2只能用于隧道绑定策略。

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] mpls te reserved-for-binding

[PE1-Tunnel2] quit

# 创建隧道策略binding，并配置隧道与MP-BGP对等体的IP地址进行绑定，从而限制MPLS TE隧道Tunnel1和Tunnel2只能承载特定VPN的业务。

[PE1] tunnel-policy binding

[PE1-tunnel-policy-binding] binding-destination 3.3.3.9 te tunnel 1 tunnel 2

[PE1-tunnel-policy-binding] quit

(8)     配置VPN实例引用隧道策略

# 配置vpna实例引用隧道策略binding。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy binding

[PE1-vpn-instance-vpn1] quit

4. 验证配置

# 在PE 1上查看VPN实例vpn1的IP转发表，并查看MPLS转发表，可以看到vpn1内到达CE 2的流量通过Tunnel1和Tunnel2转发。

[PE1] display fib vpn-instance vpn1

Route destination count: 9

Directly-connected host count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

10.1.1.0/24        10.1.1.2        U        Vlan11                   Null

10.1.1.1/32        10.1.1.1        UH       Vlan11                   Null

10.1.1.2/32        127.0.0.1       UH       InLoop0                  Null

10.1.1.255/32      10.1.1.2        UBH      Vlan11                   Null

10.3.1.0/24        3.3.3.9         UGR      268435457                600127

10.3.1.0/24        3.3.3.9         UGR      268435458                600127

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

127.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

255.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

[PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

 

Flags: T - Forwarded through a tunnel

       N - Forwarded through the outgoing interface to the nexthop IP address

       B - Backup forwarding information

       A - Active forwarding information

       M - P2MP forwarding information

 

NID        Tnl-Type   Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0          LOCAL      NA   -        Vlan13                   172.1.1.2

1          LSP        NA   24127    Vlan13                   172.1.1.2

2          CRLSP      NA   24256    Vlan13                   172.1.1.2

3          CRLSP      NA   24255    Vlan13                   172.1.1.2

268435457  TE         TA   -        2

268435458  TE         TA   -        3

# CE 1可以ping通CE 2。

# 当Tunnel1和Tunnel2均出现故障时，PE 1不会通过LDP LSP转发vpn1的流量，CE 1无法ping通CE 2。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy binding

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

vlan 11

#

vlan 13

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy binding

 binding-destination 3.3.3.9 te tunnel 1 tunnel 2

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface Vlan-interface13

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 13

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 mpls te reserved-for-binding

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 mpls te reserved-for-binding

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

vlan 12 to 13

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface12

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface13

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 13

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

vlan 11 to 12

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface Vlan-interface12

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 12

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

vlan 11

#

interface Vlan-interface11

 ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

vlan 11

#

interface Vlan-interface11

 ip address 10.3.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

1.8.3  首选隧道和负载分担策略配置举例

1. 组网需求

PE 1上存在到达PE 2的多条隧道：

·     2条MPLS TE隧道，对应的隧道接口分别为Tunnel1和Tunnel2。

·     1条LDP LSP隧道。

在PE 1上存在多个MPLS VPN实例：vpn1、vpn2和vpn3。每个VPN实例使用的隧道策略如表1-8所示。

表1-8 VPN实例使用的隧道策略列表

VPN实例	隧道策略
vpn1	首选MPLS TE隧道Tunnel1
vpn2	首选MPLS TE隧道Tunnel2
Vpn3	按照LDP LSP、MPLS TE隧道的顺序选择隧道，负载分担数目为1

 

2. 组网图

图1-7 首选隧道和负载分担策略配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	3.3.3.9/32
	Vlan-int11	10.1.1.2/24		Vlan-int11	10.3.1.2/24
	Vlan-int12	10.2.1.2/24		Vlan-int12	172.2.1.2/24
	Vlan-int13	172.1.1.1/24		Vlan-int13	10.4.1.2/24
	Vlan-int14	10.5.1.2/24		Vlan-int14	10.6.1.2/24
P	Loop0	2.2.2.9/32	CE 3	Vlan-int11	10.3.1.1/24
	Vlan-int12	172.2.1.1/24	CE 4	Vlan-int13	10.4.1.1/24
	Vlan-int13	172.1.1.2/24	CE 5	Vlan-int14	10.5.1.1/24
CE 1	Vlan-int11	10.1.1.1/24	CE 6	Vlan-int14	10.6.1.1/24
CE 2	Vlan-int12	10.2.1.1/24

 

3. 配置步骤

(1)     在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通

# 配置PE 1。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 00.0005.0000.0000.0001.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] isis circuit-level level-2

[PE1-LoopBack0] quit

[PE1] vlan 11

[PE1-vlan11] quit

[PE1] vlan 12

[PE1-vlan12] quit

[PE1] vlan 13

[PE1-vlan13] quit

[PE1] vlan 14

[PE1-vlan14] quit

[PE1] interface gigabitethernet 0/0/1

[PE1-GigabitEthernet0/0/1] port access vlan 11

[PE1-GigabitEthernet0/0/1] quit

[PE1] interface gigabitethernet 0/0/2

[PE1-GigabitEthernet0/0/2] port access vlan 12

[PE1-GigabitEthernet0/0/2] quit

[PE1] interface gigabitethernet 0/0/3

[PE1-GigabitEthernet0/0/3] port access vlan 13

[PE1-GigabitEthernet0/0/3] quit

[PE1] interface gigabitethernet 0/0/4

[PE1-GigabitEthernet0/0/4] port access vlan 14

[PE1-GigabitEthernet0/0/4] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] ip address 172.1.1.1 24

[PE1-Vlan-interface13] isis enable 1

[PE1-Vlan-interface13] isis circuit-level level-2

[PE1-Vlan-interface13] quit

# 配置P。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] network-entity 00.0005.0000.0000.0002.00

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] isis enable 1

[P-LoopBack0] isis circuit-level level-2

[P-LoopBack0] quit

[P] vlan 12

[P-vlan12] quit

[P] vlan 13

[P-vlan13] quit

[P] interface gigabitethernet 0/0/1

[P-GigabitEthernet0/0/1] port access vlan 12

[P-GigabitEthernet0/0/1] quit

[P] interface gigabitethernet 0/0/2

[P-GigabitEthernet0/0/2] port access vlan 13

[P-GigabitEthernet0/0/2] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] ip address 172.1.1.2 24

[P-Vlan-interface13] isis enable 1

[P-Vlan-interface13] isis circuit-level level-2

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] ip address 172.2.1.1 24

[P-Vlan-interface12] isis enable 1

[P-Vlan-interface12] isis circuit-level level-2

[P-Vlan-interface12] quit

# 配置PE 2。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 00.0005.0000.0000.0003.00

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] isis circuit-level level-2

[PE2-LoopBack0] quit

[PE2] vlan 11

[PE2-vlan11] quit

[PE2] vlan 12

[PE2-vlan12] quit

[PE2] vlan 13

[PE2-vlan13] quit

[PE2] vlan 14

[PE2-vlan14] quit

[PE2] interface gigabitethernet 0/0/1

[PE2-GigabitEthernet0/0/1] port access vlan 11

[PE2-GigabitEthernet0/0/1] quit

[PE2] interface gigabitethernet 0/0/2

[PE2-GigabitEthernet0/0/2] port access vlan 12

[PE2-GigabitEthernet0/0/2] quit

[PE2] interface gigabitethernet 0/0/3

[PE2-GigabitEthernet0/0/3] port access vlan 13

[PE2-GigabitEthernet0/0/3] quit

[PE2] interface gigabitethernet 0/0/4

[PE2-GigabitEthernet0/0/4] port access vlan 14

[PE2-GigabitEthernet0/0/4] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] ip address 172.2.1.2 24

[PE2-Vlan-interface12] isis enable 1

[PE2-Vlan-interface12] isis circuit-level level-2

[PE2-Vlan-interface12] quit

配置完成后，在各设备上执行display ip routing-table命令，可以看到相互之间都学到了到对方的路由，包括Loopback接口对应的主机路由。

(2)     在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

# 配置PE 1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls enable

[PE1-Vlan-interface13] mpls ldp enable

[PE1-Vlan-interface13] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls enable

[P-Vlan-interface13] mpls ldp enable

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls enable

[P-Vlan-interface12] mpls ldp enable

[P-Vlan-interface12] quit

# 配置PE 2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls enable

[PE2-Vlan-interface12] mpls ldp enable

[PE2-Vlan-interface12] quit

上述配置完成后，PE 1、P、PE 2之间应能建立LDP会话，执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令，可以看到LDP LSP的建立情况。

(3)     在PE 1上创建两条MPLS TE隧道

# 配置PE 1。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface vlan-interface 13

[PE1-Vlan-interface13] mpls te enable

[PE1-Vlan-interface13] rsvp enable

[PE1-Vlan-interface13] mpls te max-link-bandwidth 10000

[PE1-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[PE1-Vlan-interface13] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address 7.1.1.1 255.255.255.0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address 8.1.1.1 255.255.255.0

[PE1-Tunnel2] destination 3.3.3.9

[PE1-Tunnel2] mpls te signaling rsvp-te

[PE1-Tunnel2] mpls te bandwidth 3000

[PE1-Tunnel2] quit

# 配置P。

[P] mpls te

[P-te] quit

[P] rsvp

[P-rsvp] quit

[P] interface vlan-interface 13

[P-Vlan-interface13] mpls te enable

[P-Vlan-interface13] rsvp enable

[P-Vlan-interface13] mpls te max-link-bandwidth 10000

[P-Vlan-interface13] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface13] quit

[P] interface vlan-interface 12

[P-Vlan-interface12] mpls te enable

[P-Vlan-interface12] rsvp enable

[P-Vlan-interface12] mpls te max-link-bandwidth 10000

[P-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[P-Vlan-interface12] quit

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] mpls te enable level-2

[P-isis-1] quit

# 配置PE 2。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] mpls te enable

[PE2-Vlan-interface12] rsvp enable

[PE2-Vlan-interface12] mpls te max-link-bandwidth 10000

[PE2-Vlan-interface12] mpls te max-reservable-bandwidth 5000

[PE2-Vlan-interface12] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

上述配置完成后，在PE 1上执行display interface tunnel命令，可以看到MPLS TE隧道Tunnel1和Tunnel2处于up状态。

(4)     在PE设备上配置VPN实例，将CE接入PE

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] ip vpn-instance vpn3

[PE1-vpn-instance-vpn3] route-distinguisher 100:3

[PE1-vpn-instance-vpn3] vpn-target 333:3

[PE1-vpn-instance-vpn3] quit

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] ip binding vpn-instance vpn1

[PE1-Vlan-interface11] ip address 10.1.1.2 24

[PE1-Vlan-interface11] quit

[PE1] interface vlan-interface 12

[PE1-Vlan-interface12] ip binding vpn-instance vpn2

[PE1-Vlan-interface12] ip address 10.2.1.2 24

[PE1-Vlan-interface12] quit

[PE1] interface vlan-interface 14

[PE1-Vlan-interface14] ip binding vpn-instance vpn3

[PE1-Vlan-interface14] ip address 10.5.1.2 24

[PE1-Vlan-interface14] quit

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] ip vpn-instance vpn3

[PE2-vpn-instance-vpn3] route-distinguisher 200:3

[PE2-vpn-instance-vpn3] vpn-target 333:3

[PE2-vpn-instance-vpn3] quit

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] ip binding vpn-instance vpn1

[PE2-Vlan-interface11] ip address 10.3.1.2 24

[PE2-Vlan-interface11] quit

[PE2] interface vlan-interface 13

[PE2-Vlan-interface13] ip binding vpn-instance vpn2

[PE2-Vlan-interface13] ip address 10.4.1.2 24

[PE2-Vlan-interface13] quit

[PE2] interface vlan-interface 14

[PE2-Vlan-interface14] ip binding vpn-instance vpn3

[PE2-Vlan-interface14] ip address 10.6.1.2 24

[PE2-Vlan-interface14] quit

# 配置CE 1。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 11

[CE1-vlan11] quit

[CE1] interface gigabitethernet 0/0/1

[CE1-GigabitEthernet0/0/1] port access vlan 11

[CE1-GigabitEthernet0/0/1] quit

[CE1] interface vlan-interface 11

[CE1-Vlan-interface11] ip address 10.1.1.1 24

[CE1-Vlan-interface11] quit

# 配置CE 2。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 12

[CE2-vlan12] quit

[CE2] interface gigabitethernet 0/0/1

[CE2-GigabitEthernet0/0/1] port access vlan 12

[CE2-GigabitEthernet0/0/1] quit

[CE2] interface vlan-interface 12

[CE2-Vlan-interface12] ip address 10.2.1.1 24

[CE2-Vlan-interface12] quit

# 配置CE 3。

<Sysname> system-view

[Sysname] sysname CE3

[CE3] vlan 11

[CE3-vlan11] quit

[CE3] interface gigabitethernet 0/0/1

[CE3-GigabitEthernet0/0/1] port access vlan 11

[CE3-GigabitEthernet0/0/1] quit

[CE3] interface vlan-interface 11

[CE3-Vlan-interface11] ip address 10.3.1.1 24

[CE3-Vlan-interface11] quit

# 配置CE 4。

<Sysname> system-view

[Sysname] sysname CE4

[CE4] vlan 13

[CE4-vlan13] quit

[CE4] interface gigabitethernet 0/0/1

[CE4-GigabitEthernet0/0/1] port access vlan 13

[CE4-GigabitEthernet0/0/1] quit

[CE4] interface vlan-interface 13

[CE4-Vlan-interface13] ip address 10.4.1.1 24

[CE4-Vlan-interface13] quit

# 配置CE 5。

<Sysname> system-view

[Sysname] sysname CE5

[CE5] vlan 14

[CE5-vlan14] quit

[CE5] interface gigabitethernet 0/0/1

[CE5-GigabitEthernet0/0/1] port access vlan 14

[CE5-GigabitEthernet0/0/1] quit

[CE5] interface vlan-interface 14

[CE5-Vlan-interface14] ip address 10.5.1.1 24

[CE5-Vlan-interface14] quit

# 配置CE 6。

<Sysname> system-view

[Sysname] sysname CE6

[CE6] vlan 14

[CE6-vlan14] quit

[CE6] interface gigabitethernet 0/0/1

[CE6-GigabitEthernet0/0/1] port access vlan 14

[CE6-GigabitEthernet0/0/1] quit

[CE6] interface vlan-interface 14

[CE6-Vlan-interface14] ip address 10.6.1.1 24

[CE6-Vlan-interface14] quit

配置完成后，在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

(5)     在PE与CE之间建立EBGP对等体，引入VPN路由

# 配置CE 1。

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# 配置CE 2。

[CE2] bgp 65420

[CE2-bgp-default] peer 10.2.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# 配置CE 3。

[CE3] bgp 65430

[CE3-bgp-default] peer 10.3.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.3.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# 配置CE 4。

[CE4] bgp 65440

[CE4-bgp-default] peer 10.4.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.4.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

# 配置CE 5。

[CE5] bgp 65450

[CE5-bgp-default] peer 10.5.1.2 as-number 100

[CE5-bgp-default] address-family ipv4 unicast

[CE5-bgp-default-ipv4] peer 10.5.1.2 enable

[CE5-bgp-default-ipv4] import-route direct

[CE5-bgp-default-ipv4] quit

[CE5-bgp-default] quit

# 配置CE 6。

[CE6] bgp 65460

[CE6-bgp-default] peer 10.6.1.2 as-number 100

[CE6-bgp-default] address-family ipv4 unicast

[CE6-bgp-default-ipv4] peer 10.6.1.2 enable

[CE6-bgp-default-ipv4] import-route direct

[CE6-bgp-default-ipv4] quit

[CE6-bgp-default] quit

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] ip vpn-instance vpn3

[PE1-bgp-default-vpn3] peer 10.5.1.1 as-number 65450

[PE1-bgp-default-vpn3] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn3] peer 10.5.1.1 enable

[PE1-bgp-default-ipv4-vpn3] quit

[PE1-bgp-default-vpn3] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] ip vpn-instance vpn2

[PE2-bgp-default-vpn2] peer 10.4.1.1 as-number 65440

[PE2-bgp-default-vpn2] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[PE2-bgp-default-ipv4-vpn2] quit

[PE2-bgp-default-vpn2] quit

[PE2-bgp-default] ip vpn-instance vpn3

[PE2-bgp-default-vpn3] peer 10.6.1.1 as-number 65460

[PE2-bgp-default-vpn3] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn3] peer 10.6.1.1 enable

[PE2-bgp-default-ipv4-vpn3] quit

[PE2-bgp-default-vpn3] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer ipv4 vpn-instance命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。

(6)     在PE之间建立MP-IBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 配置PE 2。

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

配置完成后，在PE设备上执行display bgp peer vpnv4命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。

(7)     在PE 1上配置隧道策略

# 创建隧道策略preferredte1，并指定首选隧道为Tunnel1。

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# 创建隧道策略preferredte2，并指定首选隧道为Tunnel2。

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

# 创建隧道策略select-lsp，按照LDP LSP、MPLS TE隧道的顺序选择隧道，负载分担数目为1。

[PE1] tunnel-policy select-lsp

[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1

[PE1-tunnel-policy-select-lsp] quit

(8)     配置VPN实例引用隧道策略

# 配置vpn1引用隧道策略preferredte1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy preferredte1

[PE1-vpn-instance-vpn1] quit

# 配置vpn2引用隧道策略preferredte2。

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] tnl-policy preferredte2

[PE1-vpn-instance-vpn2] quit

# 配置vpn3引用隧道策略select-lsp。

[PE1] ip vpn-instance vpn3

[PE1-vpn-instance-vpn3] tnl-policy select-lsp

[PE1-vpn-instance-vpn3] quit

4. 验证配置

# 在PE 1上查看VPN实例vpn1和vpn2的IP转发表，并查看MPLS转发表和LSP信息，可以看到vpn1内到达CE 3的流量通过Tunnel1转发，vpn2内到达CE 4的流量通过Tunnel2转发。

[PE1] display fib vpn-instance vpn1

Route destination count: 9

Directly-connected host count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

10.1.1.0/24        10.1.1.2        U        Vlan11                   Null

10.1.1.1/32        10.1.1.1        UH       Vlan11                   Null

10.1.1.2/32        127.0.0.1       UH       InLoop0                  Null

10.1.1.255/32      10.1.1.2        UBH      Vlan11                   Null

10.3.1.0/24        3.3.3.9         UGR      268435457                600126

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

127.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

255.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

[PE1] display fib vpn-instance vpn2

Route destination count: 9

Directly-connected host count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

10.2.1.0/24        10.2.1.2        U        Vlan12                   Null

10.2.1.1/32        10.2.1.1        UH       Vlan12                   Null

10.2.1.2/32        127.0.0.1       UH       InLoop0                  Null

10.2.1.255/32      10.2.1.2        UBH      Vlan12                   Null

10.4.1.0/24        3.3.3.9         UGR      268435458                600125

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

127.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

255.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

[PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

 

Flags: T - Forwarded through a tunnel

       N - Forwarded through the outgoing interface to the nexthop IP address

       B - Backup forwarding information

       A - Active forwarding information

       M - P2MP forwarding information

 

NID        Tnl-Type   Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0          LOCAL      NA   -        Vlan13                   172.1.1.2

1          CRLSP      NA   24256    Vlan13                   172.1.1.2

2          CRLSP      NA   24255    Vlan13                   172.1.1.2

3          LSP        NA   24127    Vlan13                   172.1.1.2

268435457  TE         TA   -        1

268435458  TE         TA   -        2

[PE1] display mpls lsp

FEC                         Proto       In/Out Label    Out Inter/NHLFE/LSINDEX

1.1.1.9/32                  LDP         3/-             -

2.2.2.9/32                  LDP         24128/3         Vlan13

2.2.2.9/32                  LDP         -/3             Vlan13

3.3.3.9/32                  LDP         24127/24127     Vlan13

3.3.3.9/32                  LDP         -/24127         Vlan13

1.1.1.9/1/26337             RSVP        -/24256         Vlan13

1.1.1.9/2/26337             RSVP        -/24255         Vlan13

172.1.1.2                   Local       -/-             Vlan13

Tunnel1                     Local       -/-             NHLFE1

Tunnel2                     Local       -/-             NHLFE2

# 在PE 1上查看VPN实例vpn3的IP转发表，并查看MPLS转发表，可以看到vpn3内到达CE 6的流量通过LDP LSP转发。

[PE1] display fib vpn-instance vpn3

Route destination count: 9

Directly-connected host count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

10.5.1.0/24        10.5.1.2        U        Vlan14                   Null

10.5.1.1/32        10.5.1.1        UH       Vlan14                   Null

10.5.1.2/32        127.0.0.1       UH       InLoop0                  Null

10.5.1.255/32      10.5.1.2        UBH      Vlan14                   Null

10.6.1.0/24        3.3.3.9         UGR      3                        600127

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

127.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

255.255.255.255/32 127.0.0.1       UH       InLoop0                  Null

[PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

 

Flags: T - Forwarded through a tunnel

       N - Forwarded through the outgoing interface to the nexthop IP address

       B - Backup forwarding information

       A - Active forwarding information

       M - P2MP forwarding information

 

NID        Tnl-Type   Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0          LOCAL      NA   -        Vlan13                   172.1.1.2

1          CRLSP      NA   24256    Vlan13                   172.1.1.2

2          CRLSP      NA   24255    Vlan13                   172.1.1.2

3          LSP        NA   24127    Vlan13                   172.1.1.2

268435457  TE         TA   -        1

268435458  TE         TA   -        2

# CE 1可以ping通CE 3，CE 2可以ping通CE 4，CE 5可以ping通CE 6。

5. 配置文件

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy preferredte1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 100:2

 tnl-policy preferredte2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

ip vpn-instance vpn3

 route-distinguisher 100:3

 tnl-policy select-lsp

 vpn-target 333:3 import-extcommunity

 vpn-target 333:3 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0001.00

#

 mpls lsr-id 1.1.1.9

#

vlan 11 to 14

#

mpls ldp

#

mpls te

#

rsvp

#

tunnel-policy preferredte1

 preferred-path tunnel 1

#

tunnel-policy preferredte2

 preferred-path tunnel 2

#

tunnel-policy select-lsp

 select-seq lsp cr-lsp load-balance-number 1

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface Vlan-interface12

 ip binding vpn-instance vpn2

 ip address 10.2.1.2 255.255.255.0

#

interface Vlan-interface13

 ip address 172.1.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface14

 ip binding vpn-instance vpn3

 ip address 10.5.1.2 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/3

 port link-mode bridge

 port access vlan 13

#

interface GigabitEthernet0/0/4

 port link-mode bridge

 port access vlan 14

#

interface Tunnel1 mode mpls-te

 ip address 7.1.1.1 255.255.255.0

 mpls te bandwidth ct0 2000

 destination 3.3.3.9

#

interface Tunnel2 mode mpls-te

 ip address 8.1.1.1 255.255.255.0

 mpls te bandwidth ct0 3000

 destination 3.3.3.9

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   peer 10.1.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.2.1.1 as-number 65420

  #

  address-family ipv4 unicast

   peer 10.2.1.1 enable

 #

 ip vpn-instance vpn3

  peer 10.5.1.1 as-number 65450

  #

  address-family ipv4 unicast

   peer 10.5.1.1 enable

#

return

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0002.00

#

 mpls lsr-id 2.2.2.9

#

vlan 12 to 13

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface12

 ip address 172.2.1.1 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface13

 ip address 172.1.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 13

#

return

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 111:1 import-extcommunity

 vpn-target 111:1 export-extcommunity

#

ip vpn-instance vpn2

 route-distinguisher 200:2

 vpn-target 222:2 import-extcommunity

 vpn-target 222:2 export-extcommunity

#

ip vpn-instance vpn3

 route-distinguisher 200:3

 vpn-target 333:3 import-extcommunity

 vpn-target 333:3 export-extcommunity

#

isis 1

 cost-style wide

 mpls te enable level-2

 network-entity 00.0005.0000.0000.0003.00

#

 mpls lsr-id 3.3.3.9

#

vlan 11 to 14

#

mpls ldp

#

mpls te

#

rsvp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

 isis enable 1

 isis circuit-level level-2

#

interface Vlan-interface11

 ip binding vpn-instance vpn1

 ip address 10.3.1.2 255.255.255.0

#

interface Vlan-interface12

 ip address 172.2.1.2 255.255.255.0

 isis enable 1

 isis circuit-level level-2

 mpls enable

 mpls ldp enable

 mpls te enable

 mpls te max-link-bandwidth 10000

 mpls te max-reservable-bandwidth 5000

 rsvp enable

#

interface Vlan-interface13

 ip binding vpn-instance vpn2

 ip address 10.4.1.2 255.255.255.0

#

interface Vlan-interface14

 ip binding vpn-instance vpn3

 ip address 10.6.1.2 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet0/0/2

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet0/0/3

 port link-mode bridge

 port access vlan 13

#

interface GigabitEthernet0/0/4

 port link-mode bridge

 port access vlan 14

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 10.3.1.1 as-number 65430

  #

  address-family ipv4 unicast

   peer 10.3.1.1 enable

 #

 ip vpn-instance vpn2

  peer 10.4.1.1 as-number 65440

  #

  address-family ipv4 unicast

   peer 10.4.1.1 enable

 #

 ip vpn-instance vpn3

  peer 10.6.1.1 as-number 65460

  #

  address-family ipv4 unicast

   peer 10.6.1.1 enable

#

return

·     CE 1：

#

 sysname CE1

#

vlan 11

#

interface Vlan-interface11

 ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

return

·     CE 2：

#

 sysname CE2

#

vlan 12

#

interface Vlan-interface12

 ip address 10.2.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 12

#

bgp 65420

 peer 10.2.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.2.1.2 enable

#

return

·     CE 3：

#

 sysname CE3

#

vlan 11

#

interface Vlan-interface11

 ip address 10.3.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 11

#

bgp 65430

 peer 10.3.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.3.1.2 enable

#

return

·     CE 4：

#

 sysname CE4

#

vlan 13

#

interface Vlan-interface13

 ip address 10.4.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 13

#

bgp 65440

 peer 10.4.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.4.1.2 enable

#

return

·     CE 5：

#

 sysname CE5

#

vlan 14

#

interface Vlan-interface14

 ip address 10.5.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 14

#

bgp 65450

 peer 10.5.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.5.1.2 enable

#

return

·     CE 6：

#

 sysname CE6

#

vlan 14

#

interface Vlan-interface14

 ip address 10.6.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 port link-mode bridge

 port access vlan 14

#

bgp 65460

 peer 10.6.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.6.1.2 enable

#

return