瞻博网络 l2 电路服务 (ccc) 是否支持不匹配的封装类型?

网络工程 杜松 聚光灯 杜松 瞻博网络 低密度脂蛋白
2021-07-24 02:05:27

我正在l2circuit cccEX4500 和 MX204 之间构建一个(draft-martini)。

问题是我需要encapsulation-type在任一侧都有不匹配的 l2circuit

东海岸EX4550-32F(Junos:15.1R7-S11.1,lo0.0: 10.8.224.191)侧l2电路服务配置encapsulation-type ethernet如图:

root@SWITCH01-T.RF> show configuration | display set | match xe-0/0/14   
set interfaces xe-0/0/14 enable
set interfaces xe-0/0/14 encapsulation ethernet-ccc
set interfaces xe-0/0/14 unit 0 family ccc
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 virtual-circuit-id 2
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 no-control-word
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 mtu 1522
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 encapsulation-type ethernet
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 ignore-encapsulation-mismatch
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 ignore-mtu-mismatch
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 pseudowire-status-tlv
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 connection-protection
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 oam bfd-liveness-detection minimum-receive-interval 1000
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 oam bfd-liveness-detection multiplier 5
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 oam bfd-liveness-detection transmit-interval minimum-interval 1000

{master:0}

西海岸MX204(Junos:19.4R3-S6.1,lo0.0: 10.8.224.187)侧l2电路服务配置encapsulation-type ethernet-vlan如图:

set interfaces et-0/0/0 enable
set interfaces et-0/0/0 vlan-tagging
set interfaces et-0/0/0 encapsulation extended-vlan-ccc
set interfaces et-0/0/0 unit 0 vlan-id-list 3113
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 virtual-circuit-id 2
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 no-control-word
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 mtu 1522
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 encapsulation-type ethernet-vlan
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 ignore-encapsulation-mismatch
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 ignore-mtu-mismatch
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 pseudowire-status-tlv
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 connection-protection
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 oam bfd-liveness-detection minimum-receive-interval 1000
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 oam bfd-liveness-detection multiplier 5
set protocols l2circuit neighbor 10.8.224.191 interface et-0/0/0.0 oam bfd-liveness-detection transmit-interval minimum-interval 1000

控制平面在此配置中启动:

root@SWITCH01-T.RF> show l2circuit connections 
Layer-2 Circuit Connections:
...
Legend for interface status  
Up -- operational            
Dn -- down                   
Neighbor: 10.8.224.187 
    Interface                 Type  St     Time last up          # Up trans
    xe-0/0/14.0(vc 2)         rmt   Up     Dec 21 17:41:51 2021           1
      Remote PE: 10.8.224.187, Negotiated control-word: No Encapsulation: VLAN
      Incoming label: 300016, Outgoing label: 104
      Negotiated PW status TLV: Yes
      local PW status code: 0x00000000, Neighbor PW status code: 0x00000000
      Connection protection: Yes
      Local interface: xe-0/0/14.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No

{master:0}
root@SWITCH01-T.RF>

在西海岸:

Neighbor: 10.8.224.191 
    Interface                 Type  St     Time last up          # Up trans
    et-0/0/0.0(vc 2)          rmt   Up     Dec 21 18:42:37 2021           1
      Remote PE: 10.8.224.191, Negotiated control-word: No Encapsulation: ETHERNET
      Incoming label: 104, Outgoing label: 300016
      Negotiated PW status TLV: Yes
      local PW status code: 0x00000000, Neighbor PW status code: 0x00000000
      Connection protection: Yes
      Local interface: et-0/0/0.0, Status: Up, Encapsulation: VLAN
      Flow Label Transmit: No, Flow Label Receive: No

root@rf-rtr1-l>

所有传输接口和环回都启用了 LDP 和 RSVP。

东海岸自民党信息:

root@SWITCH01-T.RF> show ldp session detail 
Address: 10.8.224.187, State: Operational, Connection: Open, Hold time: 22
  Session ID: 10.8.224.191:0--10.8.224.187:0
  Next keepalive in 2 seconds
  Active, Maximum PDU: 4096, Hold time: 30, Neighbor count: 2
  Neighbor types: discovered configured-layer2
  Keepalive interval: 10, Connect retry interval: 1
  Local address: 10.8.224.191, Remote address: 10.8.224.187
  Up for 02:25:59
  Capabilities advertised: none
  Capabilities received: none
  Protection: disabled
  Session flags: none
  Local - Restart: disabled, Helper mode: enabled
  Remote - Restart: disabled, Helper mode: enabled
  Local maximum neighbor reconnect time: 120000 msec
  Local maximum neighbor recovery time: 240000 msec
  Local Label Advertisement mode: Downstream unsolicited
  Remote Label Advertisement mode: Downstream unsolicited
  Negotiated Label Advertisement mode: Downstream unsolicited
  MTU discovery: enabled
  Nonstop routing state: Not in sync
  Next-hop addresses received:
    10.8.224.187
    10.8.224.176
    gr-0/0/27.202

{master:0}
root@SWITCH01-T.RF>

西海岸自民党信息:

root@rf-rtr1-l> show ldp session detail       
Address: 10.8.224.191, State: Operational, Connection: Open, Hold time: 23
  Session ID: 10.8.224.187:0--10.8.224.191:0
  Next keepalive in 3 seconds
  Passive, Maximum PDU: 4096, Hold time: 30, Neighbor count: 2
  Neighbor types: discovered configured-layer2
  Keepalive interval: 10, Connect retry interval: 1
  Local address: 10.8.224.187, Remote address: 10.8.224.191
  Up for 02:24:49
  Capabilities advertised: none
  Capabilities received: none
  Protection: disabled
  Session flags: none
  Local - Restart: disabled, Helper mode: enabled
  Remote - Restart: disabled, Helper mode: enabled
  Local maximum neighbor reconnect time: 120000 msec
  Local maximum neighbor recovery time: 240000 msec
  Local Label Advertisement mode: Downstream unsolicited
  Remote Label Advertisement mode: Downstream unsolicited
  Negotiated Label Advertisement mode: Downstream unsolicited
  MTU discovery: enabled
  Nonstop routing state: Not in sync
  Next-hop addresses received:
    10.8.224.177
    10.8.224.188
    10.8.224.191
    gr-0/0/0.202

root@rf-rtr1-l>

但是,我还不能 ping 整个服务(两个客户端都连接在 192.168.150.0/24 中)。

问题:

  • 瞻博网络是否支持不匹配的 l2circuit 封装类型?
  • 如果是这样,我需要做什么来解决这个问题?

2021-12-24 更新...

使用以下内容重新配置我的实验室后,我仍然显示 martini 控制平面已启动并且数据平面已损坏...

这是我正在使用的西海岸马提尼 PE mx204 配置...

root@rf-rtr1-l> show configuration | display set | match et-0/0/0 
set interfaces et-0/0/0 enable
set interfaces et-0/0/0 vlan-tagging
set interfaces et-0/0/0 encapsulation flexible-ethernet-services
set interfaces et-0/0/0 unit 0 encapsulation vlan-ccc
set interfaces et-0/0/0 unit 0 vlan-id 3113
set interfaces et-0/0/0 unit 0 input-vlan-map pop
set interfaces et-0/0/0 unit 0 output-vlan-map push
set protocols l2circuit neighbor 10.8.224.190 interface et-0/0/0.0 virtual-circuit-id 3
set protocols l2circuit neighbor 10.8.224.190 interface et-0/0/0.0 no-control-word

root@rf-rtr1-l>

这是东海岸马提尼配置,我使用(现在在QFX Model: qfx5200-48yJunos: 18.4R2-S9.2)...

root@switch02-t> show configuration | display set | match xe-0/0/14 
set interfaces xe-0/0/14 enable
set interfaces xe-0/0/14 encapsulation ethernet-ccc
set interfaces xe-0/0/14 unit 0 family ccc
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 virtual-circuit-id 3
set protocols l2circuit neighbor 10.8.224.187 interface xe-0/0/14.0 no-control-word

{master:0}
root@switch02-t>

西海岸show l2circuit connections extensive...

Neighbor: 10.8.224.190 
    Interface                 Type  St     Time last up          # Up trans
    et-0/0/0.0(vc 3)          rmt   Up     Dec 24 07:18:33 2021           1
      Remote PE: 10.8.224.190, Negotiated control-word: No
      Incoming label: 118, Outgoing label: 26
      Negotiated PW status TLV: No
      Local interface: et-0/0/0.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No
    Connection History:
        Dec 24 07:18:33 2021  PE route changed     
        Dec 24 07:18:33 2021  Out lbl Update                        26
        Dec 24 07:18:33 2021  In lbl Update                        118
        Dec 24 07:18:33 2021  loc intf up                   et-0/0/0.0

root@rf-rtr1-l>

和东海岸 QFX 开关...

Neighbor: 10.8.224.187 
    Interface                 Type  St     Time last up          # Up trans
    xe-0/0/14.0(vc 3)         rmt   Up     Dec 22 22:18:44 2021           1
      Remote PE: 10.8.224.187, Negotiated control-word: No
      Incoming label: 26, Outgoing label: 118
      Negotiated PW status TLV: No
      Local interface: xe-0/0/14.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No
    Connection History:
        Dec 22 22:18:44 2021  status update timer  
        Dec 22 22:18:43 2021  PE route changed     
        Dec 22 22:18:43 2021  Out lbl Update                       118
        Dec 22 22:18:43 2021  In lbl Update                         26
        Dec 22 22:18:43 2021  loc intf up                  xe-0/0/14.0

{master:0}
root@switch02-t>

我检查了双方的路由表,推送/弹出条目看起来不错(这是一个单跳拓扑,所以这些服务上没有推送 IGP 标签)

2个回答

瞻博网络确实支持不匹配的封装,但从技术上讲,这对于您要完成的任务来说不是必需的。坦率地说,Juniper 针对不同封装类型以及它们如何与不同 L2 服务互操作的术语并不直观。十多年来,这一直是让我感到沮丧的事情。

我离题了,这应该对你有用。

拓扑

CE1 <== ETHERNET ==> PE1 <== LDP ==> PE2 <== VLAN ==> CE2

我正在使用 Spirent 来模拟 CE,它们都运行 EBGP 和一对用于 PE 的 MX204。

CE1

192.85.1.2
AS1111
Untagged

CE2

192.85.1.1
AS2222
Tagged with VLAN 3113

PE1(CE接口)

set interfaces xe-0/1/0 encapsulation ethernet-ccc
set interfaces xe-0/1/0 unit 0 family ccc

PE1 (L2CKT)

set protocols l2circuit neighbor 2.2.2.2 interface xe-0/1/0.0 virtual-circuit-id 2
set protocols l2circuit neighbor 2.2.2.2 interface xe-0/1/0.0 no-control-word

PE2 (L2CKT)

set protocols l2circuit neighbor 1.1.1.1 interface xe-0/1/0.0 virtual-circuit-id 2
set protocols l2circuit neighbor 1.1.1.1 interface xe-0/1/0.0 no-control-word

PE2(CE接口)

set interfaces xe-0/1/0 enable
set interfaces xe-0/1/0 vlan-tagging
set interfaces xe-0/1/0 encapsulation flexible-ethernet-services
set interfaces xe-0/1/0 unit 0 encapsulation vlan-ccc
set interfaces xe-0/1/0 unit 0 vlan-id 3113
set interfaces xe-0/1/0 unit 0 input-vlan-map pop
set interfaces xe-0/1/0 unit 0 output-vlan-map push

您会注意到您的配置存在一些差异,我将重点介绍主要差异。我怀疑您看到的是单向流量,这是因为由于缺少 VLAN 标记,其中一个 CE 没有收到预期的信息。

  1. 使用vlan-id而不是vlan-id-list更简单,如果您需要终止多个 VLAN,我建议每个 VLAN 使用一个子接口/单元,类似于如何配置。

  2. input-vlan-map pop意味着远端正在ethernet-ccc并且应该接收未标记的数据包,因此它会在入口(来自 CE)上弹出标记。

  3. output-vlan-map push 这意味着本地 PE 正在从远程 PE 接收未标记的数据包,并且应该在向 CE 发送流量之前施加配置的 VLAN 标记 (3113)。

一个常见的陷阱

set interfaces xe-0/1/0 unit 0 output-vlan-map push vlan-id 3113

不一样

set interfaces xe-0/1/0 unit 0 vlan-id 3113

事实上,如果你将两者结合起来,你会双推 3113,尽管它并不那么明显。

我离题了,这是最终结果的样子。

PE1

Neighbor: 2.2.2.2 
    Interface                 Type  St     Time last up          # Up trans
    xe-0/1/0.0(vc 2)          rmt   Up     Dec 23 14:37:01 2021           1
      Remote PE: 2.2.2.2, Negotiated control-word: No
      Incoming label: 17, Outgoing label: 17
      Negotiated PW status TLV: No
      Local interface: xe-0/1/0.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No

PE2

Neighbor: 1.1.1.1 
    Interface                 Type  St     Time last up          # Up trans
    xe-0/1/0.0(vc 2)          rmt   Up     Dec 23 14:37:01 2021           1
      Remote PE: 1.1.1.1, Negotiated control-word: No
      Incoming label: 17, Outgoing label: 17
      Negotiated PW status TLV: No
      Local interface: xe-0/1/0.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No

尽管有明显的 VLAN 标记/操作,但封装是匹配的。这是属于“不太直观”的范畴的事情之一。

最后,这里显示了 Spirent 端口之间建立的 BGP 会话所产生的转发平面。

在此处输入图片说明

编辑

将原始答案保留在此处以记录 Juniper 的某些文档似乎与 Jordan 在 l2circuit 配置方面的专业知识相冲突。查看他的回答以获取更多详细信息...

问题:瞻博网络是否支持不匹配的 l2circuit 封装类型?回答:没有
引用瞻博网络 MPLS 部署指南

Martini 隧道的标准行为要求两端具有相同的封装类型和 VLAN-ID。Junos 确实允许在 Martini 隧道的每一侧以不匹配的 VLAN-ID 和每侧不同的封装类型的形式出现非标准行为 - 例如,一侧为以太网,另一侧为 vlan。

其它你可能感兴趣的问题
上一篇Cisco 3548XL VLAN,无路由器 下一篇DHCP 服务器如何知道新 IP 地址应该位于哪个网络接口和子网