在瞻博网络 MX 路由器上的基于 LDP 的 VPLS 实例中传输以太网端口

网络工程 层2 瞻博网络 聚光灯 瞻博网络 vpls
2021-07-16 02:12:30

我们目前正在 Juniper MX 中使用基于 LDP 的第 2 层 VPN 服务 (P2P PW) 传输以太网端口。此 P2P LDP PW 已启动且当前正在运行。以下是针对此的配置:-

set interfaces xe-0/0/1 mtu 9192
set interfaces xe-0/0/1 encapsulation ethernet-ccc
set interfaces xe-0/0/1 unit 0 family ccc
set protocols l2circuit neighbor 10.253.0.12 interface xe-0/0/1.0 virtual-circuit-id 70
set protocols l2circuit neighbor 10.253.0.12 interface xe-0/0/1.0 no-control-word
set protocols l2circuit neighbor 10.253.0.12 interface xe-0/0/1.0 mtu 9192
set protocols l2circuit neighbor 10.253.0.12 interface xe-0/0/1.0 ignore-mtu-mismatch
set routing-instances inter-msc-1 interface xe-0/0/1.0

我们想传输相同的以太网端口,但使用基于 LDP 的 VPLS 实例而不是 l2circuit。

是否可以在瞻博网络 MX 路由器中使用基于 LDP 的第 2 层 VPLS 服务传输以太网端口?如果可以为瞻博网络 MX 共享示例配置,那就太好了。

1个回答

是的,LDP VPLS 是一种非常标准的部署。令人困惑的地方在于根据您正在运行的服务类型的不同类型的 PE-CE 接口封装。对于简单的以太网电路,这很容易。

这是一个简单的例子。

拓扑

CE1 [ge-0/0/0] <=> [ge-0/0/1] PE1 [ge-0/0/0] <= LDP => [ge-0/0/0] PE2 [ge-0/0/1] <=> [ge-0/0/0] CE2

例如,CE1 和 CE2 在同一子网中有一个 IP,并且不知道它们连接到 VPLS。

CE1

set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.10/24

CE2

set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.20/24

对于 PE,我将跳过 LDP 配置,只包括 VPLS 所需的内容。

PE1

set interfaces ge-0/0/1 description to-CE1
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 family vpls

set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set interfaces lo0 unit 0 family mpls
    
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS protocols vpls no-control-word
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls vpls-id 70
set routing-instances VPLS protocols vpls mtu 9192
set routing-instances VPLS protocols vpls ignore-mtu-mismatch
set routing-instances VPLS protocols vpls neighbor 2.2.2.2   # The loopback of the remote LDP neighbor (PE2)

PE2

set interfaces ge-0/0/1 description to-CE2
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 family vpls

set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set interfaces lo0 unit 0 family mpls

set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS protocols vpls no-control-word
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls vpls-id 70
set routing-instances VPLS protocols vpls mtu 9192
set routing-instances VPLS protocols vpls ignore-mtu-mismatch
set routing-instances VPLS protocols vpls neighbor 1.1.1.1  # The loopback of the remote LDP neighbor (PE1)

确认

我们来看看PE1 VPLS的状态:

jhead@PE> show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down
LD -- local site signaled down   CF -- call admission control failure
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby    SN -- Static Neighbor
LB -- Local site not best-site   RB -- Remote site not best-site
VM -- VLAN ID mismatch

Legend for interface status
Up -- operational
Dn -- down

Instance: VPLS
  LDP-VPLS State
  VPLS-id: 70
  Mesh-group connections: __ves__
    Neighbor                  Type  St     Time last up          # Up trans
    2.2.2.2(vpls-id 70)       rmt   Up     Dec  3 21:07:21 2020           1
      Remote PE: 2.2.2.2, Negotiated control-word: No
      Incoming label: 262146, Outgoing label: 262146
      Negotiated PW status TLV: No
      Local interface: lsi.1048577, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS neighbor 2.2.2.2 vpls-id 70
      Flow Label Transmit: No, Flow Label Receive: No

最后,我们可以看到两个 CE 可以通信。

jhead@CE1> ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20): 56 data bytes
64 bytes from 192.168.1.20: icmp_seq=0 ttl=64 time=8.838 ms
64 bytes from 192.168.1.20: icmp_seq=1 ttl=64 time=4.620 ms
64 bytes from 192.168.1.20: icmp_seq=2 ttl=64 time=5.639 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=64 time=3.969 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=64 time=5.594 ms
其它你可能感兴趣的问题
上一篇Junos“请求系统软件验证”安全 下一篇如何根据配置区分第 2 层和第 3 层 Cisco 交换机?