EVE-NG Topology
Huawei eNSP
Huawei router ไม่สามารถคอนฟิกนอกตัวโปรแกรม eNSP เลยต้อง run eNSP ใน Windows แล้วใช้ Port Binding เพื่อเชื่อมต่อกับ Router ตัวอื่น
การคอนฟิก INFRA-STRUCTURE
Infra-Structure ประกอบไปด้วย Router หลายๆ ยี่ห้อ โดย Nokia, Huawei, Cisco ทำหน้าที่เป็น PE (Provider Edge) Router หรือบางทีเรียกว่า LER (Label Edge Router) ส่วน Juniper vMX ทำหน้าที่เป็น P (Provider) Router หรือบางทีเรียกว่า LSR (Label Switch Router)
Infra-Structure จะรัน OSPF Protocol enable Opaque เพื่อ support การใช้งาน Traffic Engineering. ใช้ RSVP-TE เพื่อสร้าง LSP Path. IP และ Port Assignment ตามรูป
NOKIA-PE1(10.10.10.1) คอนฟิก Infra-Structure
คอนฟิก Interface , OSPF, MPLS และ RSVP
A:NOKIA-PE1#
/configure
port 1/1/2
description "To_vMX-P2_ge-0/0/0"
ethernet
exit
no shutdown
exit
port 1/1/4
description "To_vMX-P3_ge-0/0/1"
ethernet
exit
no shutdown
exit
/configure router
interface "system"
address 10.10.10.1/32
no shutdown
exit
interface "to_vMX_P2"
address 192.168.12.1/24
port 1/1/2
no shutdown
exit
interface "to_vMX_P3"
address 192.168.13.1/24
port 1/1/4
no shutdown
exit
/configure router
ospf 10.10.10.1
traffic-engineering
area 0.0.0.0
interface "system"
no shutdown
exit
interface "to_vMX_P2"
interface-type point-to-point
mtu 1500
no shutdown
exit
interface "to_vMX_P3"
interface-type point-to-point
mtu 1500
no shutdown
exit
exit
exit
/configure router
mpls
interface "system"
no shutdown
exit
interface "to_vMX_P2"
no shutdown
exit
interface "to_vMX_P3"
no shutdown
exit
exit
/configure router
rsvp
interface "system"
no shutdown
exit
interface "to_vMX_P2"
no shutdown
exit
interface "to_vMX_P3"
no shutdown
exit
no shutdown
exit
vMX-P2 (10.10.10.2) คอนฟิก Infra-Structure
คอนฟิก Interface , OSPF, MPLS และ RSVP
lab@vMX_P2> show configuration | display set set interfaces ge-0/0/0 unit 0 family inet address 192.168.23.2/24 set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/1 unit 0 family inet address 192.168.12.2/24 set interfaces ge-0/0/1 unit 0 family mpls set interfaces ge-0/0/2 unit 0 family inet address 192.168.24.2/24 set interfaces ge-0/0/2 unit 0 family mpls set interfaces ge-0/0/3 unit 0 family inet address 192.168.25.2/24 set interfaces ge-0/0/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.10.10.2/32 set interfaces lo0 unit 0 family mpls set routing-options router-id 10.10.10.2 set protocols rsvp interface lo0.0 set protocols rsvp interface ge-0/0/0.0 set protocols rsvp interface ge-0/0/1.0 set protocols rsvp interface ge-0/0/2.0 set protocols rsvp interface ge-0/0/3.0 set protocols mpls interface ge-0/0/1.0 set protocols mpls interface ge-0/0/0.0 set protocols mpls interface ge-0/0/2.0 set protocols mpls interface ge-0/0/3.0 set protocols mpls interface lo0.0 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p lab@vMX_P2>
vMX-P3 (10.10.10.3) คอนฟิก Infra-Structure
คอนฟิก Interface , OSPF, MPLS และ RSVP
lab@vMX_P3> show configuration | display set set interfaces ge-0/0/0 description To_vMX_ge-0/0/0 set interfaces ge-0/0/0 unit 0 family inet address 192.168.23.3/24 set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/1 description To_NOKIA_PE1_1/1/4 set interfaces ge-0/0/1 unit 0 family inet address 192.168.13.3/24 set interfaces ge-0/0/1 unit 0 family mpls set interfaces ge-0/0/2 description To_Cisco_PE5_e0/0 set interfaces ge-0/0/2 unit 0 family inet address 192.168.35.3/24 set interfaces ge-0/0/2 unit 0 family mpls set interfaces ge-0/0/3 description To_Huawei_GE0/0/2 set interfaces ge-0/0/3 unit 0 family inet address 192.168.34.3/24 set interfaces ge-0/0/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.10.10.3/32 set interfaces lo0 unit 0 family mpls set routing-options router-id 10.10.10.3 set protocols rsvp interface lo0.0 set protocols rsvp interface ge-0/0/0.0 set protocols rsvp interface ge-0/0/1.0 set protocols rsvp interface ge-0/0/2.0 set protocols rsvp interface ge-0/0/3.0 set protocols mpls interface lo0.0 set protocols mpls interface ge-0/0/0.0 set protocols mpls interface ge-0/0/1.0 set protocols mpls interface ge-0/0/2.0 set protocols mpls interface ge-0/0/3.0 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p lab@vMX_P3>
Huawei-PE4 (10.10.10.4) คอนฟิก Infra-Structure
คอนฟิก Interface , OSPF, MPLS และ RSVP
<Huawei>display current-configuration # mpls lsr-id 10.10.10.4 mpls mpls te label advertise non-null mpls rsvp-te mpls te cspf # interface GigabitEthernet0/0/0 description To_vMX-PE2_ge-0/0/0 ip address 192.168.24.4 255.255.255.0 ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls te mpls rsvp-te # interface GigabitEthernet0/0/1 description To_Cisco_e0/2 ip address 192.168.45.4 255.255.255.0 ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls te mpls rsvp-te # interface GigabitEthernet0/0/2 description To_vMX-P3_ge-0/0/3 ip address 192.168.34.4 255.255.255.0 ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls te mpls rsvp-te # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 ospf enable 1 area 0.0.0.0 # ospf 1 router-id 10.10.10.4 opaque-capability enable area 0.0.0.0 mpls-te enable # <Huawei>
Cisco-PE5 (10.10.10.5) คอนฟิก Infra-Structure
คอนฟิก Interface , OSPF, MPLS และ RSVP
CISCO-PE5#show running-config ! interface Loopback0 ip address 10.10.10.5 255.255.255.255 ip ospf 1 area 0 ! interface Ethernet0/0 description To_vMX-PE3_ge-0/0/2 ip address 192.168.35.5 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls traffic-eng tunnels ip rsvp bandwidth ! interface Ethernet0/1 description To_vMX-PE2_ge-0/0/3 ip address 192.168.25.5 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls traffic-eng tunnels ip rsvp bandwidth ! interface Ethernet0/2 description To_Huawei_0/0/1 ip address 192.168.45.5 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls traffic-eng tunnels ip rsvp bandwidth ! router ospf 1 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0 router-id 10.10.10.5 ! CISCO-PE5#
แสดงสถานะ Infra-Structure
ในที่นี้ขอแสดงแค่ OSPF state นะครับ. โดย State Full คือเป็น Neighbor กันและ Update LSA กันครบแล้วและจำนวน Neighbor แสดงครบตามที่คอนฟิกไว้
NOKIA-PE1(10.10.10.1) แสดงสถานะ OSPF
A:NOKIA-PE1# show router ospf neighbor =============================================================================== OSPFv2 (0) all neighbors =============================================================================== Interface-Name Rtr Id State Pri RetxQ TTL Area-Id ------------------------------------------------------------------------------- to_vMX_P2 10.10.10.2 Full 128 0 37 0.0.0.0 to_vMX_P3 10.10.10.3 Full 128 0 34 0.0.0.0 ------------------------------------------------------------------------------- No. of Neighbors: 2 =============================================================================== A:NOKIA-PE1#
vMX-P2(10.10.10.2) แสดงสถานะ OSPF
lab@vMX_P2> show ospf neighbor Address Interface State ID Pri Dead 192.168.23.3 ge-0/0/0.0 Full 10.10.10.3 128 33 192.168.12.1 ge-0/0/1.0 Full 10.10.10.1 1 34 192.168.24.4 ge-0/0/2.0 Full 10.10.10.4 1 37 192.168.25.5 ge-0/0/3.0 Full 10.10.10.5 1 39 lab@vMX_P2>
vMX-P3 (10.10.10.3) แสดงสถานะ OSPF
lab@vMX_P3> show ospf neighbor Address Interface State ID Pri Dead 192.168.23.2 ge-0/0/0.0 Full 10.10.10.2 128 39 192.168.13.1 ge-0/0/1.0 Full 10.10.10.1 1 31 192.168.35.5 ge-0/0/2.0 Full 10.10.10.5 1 32 192.168.34.4 ge-0/0/3.0 Full 10.10.10.4 1 31 lab@vMX_P3>
Huawei-PE4(10.10.10.4) แสดงสถานะ OSPF
<Huawei>display ospf 1 peer brief OSPF Process 1 with Router ID 10.10.10.4 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 10.10.10.2 Full 0.0.0.0 GigabitEthernet0/0/1 10.10.10.5 Full 0.0.0.0 GigabitEthernet0/0/2 10.10.10.3 Full ---------------------------------------------------------------------------- <Huawei>
Cisco-PE5(10.10.10.5) แสดงสถานะ OSPF
CISCO-PE5#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.10.10.4 0 FULL/ - 00:00:39 192.168.45.4 Ethernet0/2 10.10.10.2 0 FULL/ - 00:00:34 192.168.25.2 Ethernet0/1 10.10.10.3 0 FULL/ - 00:00:39 192.168.35.3 Ethernet0/0 CISCO-PE5#
การคอนฟิก TE-Tunnel
TE Tunnel เป็น Logical Interface เอาไว้ Forward traffic ในตัวอย่างนี้ใช้ RSVP-TE ในการ Signalling เพื่อสร้าง LSP (Label Switch Path).TE Tunnel เป็น Uni-direction เร้าเตอร์แต่ละตัวคอนฟิกอิสระจากกัน. TE-Tunnel ในตัวอย่างนี้ทำ Primary และ Hot-Standby ระหว่าง PE เร้าเตอร์ โดยคอนฟิกเป็น Explicit Path ให้ทั้งขาไปและขากลับ ไปในทิศทางเดียวกัน.
เมื่อ Primary LSP Down. TE-Tunnel จะ switch traffic ไปใช้ Hot-Standby LSP ในทันที ทำให้ packet loss น้อยลง แต่ถ้าทั้ง Primary และ Hot-Standby Down จะทำให้ TE-Tunnel Down. ยกเว้นทำ Secondary Loose หรือ Best Effort หรือภาษาบ้านๆ ว่า Path ตามเวรตามกรรมไว้ โดย Secondary Loose จะสร้าง LSP path ใหม่ตาม IGP (OSPF) โปรโตคอล ในตัวอย่างนี้ทำ Secondary Loose ไว้ที่ TE Tunnel ระหว่าง NOKIA-PE1 กับ Huawei-PE4.
ปกติ TE-Tunnel เมื่อคอนฟิกแล้วจะยังไม่ถูกใช้งาน ในเร้าเตอร์แต่ละยี่ห้อจะมีการเรียกใช้งานได้หลายวิธีและแตกต่างกัน ในที่นี้จะเรียกใช้ TE-Tunnel โดย Nokia ใช้คอมมาน auto-bind rsvp-te, Huawei สร้าง tunnel-policy RSVP-TE, Cisco ใช้ IGP-Shortcut ตามตัวอย่างคอนฟิกด้านล่าง
#== NOKIA ==
/configure service vprn 100 customer 1 create
auto-bind rsvp-te
#== Huawei ==
ip vpn-instance COTTON
ipv4-family
tnl-policy RSVP-TE
#
tunnel-policy RSVP-TE
tunnel select-seq cr-lsp load-balance-number 1
#== Cisco ==
interface Tunnel1
tunnel mpls traffic-eng autoroute announce Note. เมื่อมีการแทรกหรือลบโหนดหรือแก้ไขปรับเปลี่ยน Wan Link ก็อย่าลืมนึกถึง Explicit Path นะครับ
การคอนฟิก TE-Tunnel ระหว่างไซต์ NOKIA-PE1 กับ Huawei-PE4
คอนฟิกระหว่าง NOKIA-PE1 - Huawei-PE4 มี secondary best-effort (loose)
ด้วย. ถ้า Primary, Hot-Standby down เร้าเตอร์จะพยายามสร้าง LSP ใหม่ตาม IGP โปรโตคอล
NOKIA-PE1(10.10.10.1) --> Huawei-PE4(10.10.10.4) TE Tunnel Configuration
A:NOKIA-PE1#
/configure router
mpls
path "PE1-P2-PE4_path"
hop 1 10.10.10.2 strict
hop 2 10.10.10.4 strict
no shutdown
exit
path "PE1-P3-PE4_path"
hop 1 10.10.10.3 strict
hop 3 10.10.10.4 strict
no shutdown
exit
path "Best-Effort_path"
no shutdown
exit
lsp "to_PE4_lsp"
to 10.10.10.4
cspf
revert-timer 2
primary "PE1-P2-PE4_path"
exit
secondary "PE1-P3-PE4_path"
standby
exit
secondary "Best-Effort_path"
exit
no shutdown
exit
no shutdown
exit
Huawei-PE4(10.10.10.4) --> NOKIA-PE1(10.10.10.1) TE Tunnel Configuration
<Huawei>display current-configuration # explicit-path PE4-P2-PE1 next hop 192.168.24.2 next hop 192.168.12.1 next hop 10.10.10.1 # explicit-path PE4-P3-PE1 next hop 192.168.34.3 next hop 192.168.13.1 next hop 10.10.10.1 # interface Tunnel0/0/1 description To_NOKIA-PE1 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 10.10.10.1 mpls te tunnel-id 1 mpls te record-route mpls te path explicit-path PE4-P2-PE1 mpls te path explicit-path PE4-P3-PE1 secondary mpls te backup hot-standby mode revertive wtr 120 mpls te backup ordinary best-effort mpls te commit #
แสดงสถานะ TE-Tunnel ระหว่างไซต์ NOKIA-PE1 กับ Huawei-PE4
NOKIA-PE1(10.10.10.1) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary Up, Hot-Standby Up. ส่วน Best-Effort Down(ปกติ).
ผล Trace ทั้ง Primary และ Standby ก็เป็นไปตามที่คอนฟิกไว้
A:NOKIA-PE1# show router mpls lsp "to_PE4_lsp" path =============================================================================== MPLS LSP to_PE4_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE4_lsp To : 10.10.10.4 Adm State : Up Oper State : Up ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P2-PE4_path 192.168.12.2 Primary 1/1/2 Up Up PE1-P3-PE4_path 192.168.13.3 Standby 1/1/4 Up Up Best-Effort_path n/a Secondary n/a Up Dwn =============================================================================== A:NOKIA-PE1# oam lsp-trace "to_PE4_lsp" path "PE1-P2-PE4_path" lsp-trace to to_PE4_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.2 rtt=57.5ms rc=8(DSRtrMatchLabel) rsc=1 2 10.10.10.4 rtt=12.1ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1# oam lsp-trace "to_PE4_lsp" path "PE1-P3-PE4_path" lsp-trace to to_PE4_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.3 rtt=59.9ms rc=8(DSRtrMatchLabel) rsc=1 2 10.10.10.4 rtt=10.6ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1#
Huawei-PE4(10.10.10.4) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary Up, Hot-Standby Up. ส่วน Best-Effort ไม่แสดงผล.
ผล Trace ทั้ง Primary และ Standby ก็เป็นไปตามที่คอนฟิกไว้
<Huawei>display mpls te tunnel-interface Tunnel 0/0/1
----------------------------------------------------------------
Tunnel0/0/1
----------------------------------------------------------------
Tunnel State Desc : UP
Active LSP : Primary LSP
Session ID : 1
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.1
Admin State : UP Oper State : UP
Primary LSP State : UP
Main LSP State : READY LSP ID : 18
Hot-Standby LSP State : UP
Main LSP State : READY LSP ID : 32784
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/1
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/1 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 192.168.24.2/[300640 ]
1 10.10.10.2 140 ms Transit 192.168.12.1/[262140 ]
2 10.10.10.1 20 ms Egress
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/1 hot-standby
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/1 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 192.168.34.3/[300688 ]
1 10.10.10.3 90 ms Transit 192.168.13.1/[262139 ]
2 10.10.10.1 20 ms Egress
<Huawei>
การคอนฟิก TE-Tunnel ระหว่างไซต์ NOKIA-PE1 กับ Cisco-PE5
คอนฟิกระหว่าง NOKIA-PE1 - Cisco-PE5 ไม่มีคอนฟิก secondary best-effort (loose) . ถ้าทั้ง Primary และ Hot-Standby down ก็จะทำให้ TE-Tunnel Down.
NOKIA-PE1(10.10.10.1) --> Cisco-PE5 (10.10.10.5) TE Tunnel Configuration
A:NOKIA-PE1#
/configure router
mpls
path "PE1-P3-PE5_path"
hop 1 10.10.10.3 strict
hop 2 10.10.10.5 strict
no shutdown
exit
path "PE1-P2-PE5_path"
hop 1 10.10.10.2 strict
hop 2 10.10.10.5 strict
no shutdown
exit
lsp "to_PE5_lsp"
to 10.10.10.5
cspf
revert-timer 2
primary "PE1-P3-PE5_path"
exit
secondary "PE1-P2-PE5_path"
standby
exit
no shutdown
exit
no shutdown
exit
Cisco-PE5 (10.10.10.5) --> NOKIA-PE1(10.10.10.1) TE Tunnel Configuration
CISCO-PE5#show running-config ! interface Tunnel1 description To_NOKIA-PE1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 10.10.10.1 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 1 explicit name PE5-P3-PE1 tunnel mpls traffic-eng path-option protect 1 explicit name PE5-P2-PE1 no routing dynamic ! ip explicit-path name PE5-P3-PE1 enable next-address 10.10.10.3 next-address 10.10.10.1 ! ip explicit-path name PE5-P2-PE1 enable next-address 10.10.10.2 next-address 10.10.10.1 !
แสดงสถานะ TE-Tunnel ระหว่างไซต์ NOKIA-PE1 กับ Cisco-PE5
NOKIA-PE1(10.10.10.1) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary Up, Hot-Standby Up.
ผล Trace ทั้ง Primary และ Standby ก็เป็นไปตามที่คอนฟิกไว้
A:NOKIA-PE1#show router mpls lsp "to_PE5_lsp" path =============================================================================== MPLS LSP to_PE5_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE5_lsp To : 10.10.10.5 Adm State : Up Oper State : Up ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P3-PE5_path 192.168.13.3 Primary 1/1/4 Up Up PE1-P2-PE5_path 192.168.12.2 Standby 1/1/2 Up Up =============================================================================== A:NOKIA-PE1# oam lsp-trace "to_PE5_lsp" path "PE1-P3-PE5_path" lsp-trace to to_PE5_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.3 rtt=55.5ms rc=8(DSRtrMatchLabel) rsc=1 2 192.168.35.5 rtt=26.3ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1# oam lsp-trace "to_PE5_lsp" path "PE1-P2-PE5_path" lsp-trace to to_PE5_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.2 rtt=61.1ms rc=8(DSRtrMatchLabel) rsc=1 2 192.168.25.5 rtt=6.66ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1#
Cisco-PE5(10.10.10.5) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary และ Hot-Standby แสดงผลถูกต้อง
Active path เป็น explicit path option 1 ถูกต้อง
ผล Trace เป็นไปตาม active path ถูกต้อง ส่วน standby trace ผมหาคอมมานไม่เจอ
CISCO-PE5#show mpls traffic-eng tunnels tunnel 1
Name: CISCO-PE5_t1 (Tunnel1) Destination: 10.10.10.1
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type explicit PE5-P3-PE1 (Basis for Setup, path weight 11)
Path Protection: 0 Common Link(s), 0 Common Node(s)
path protect option 1, type explicit PE5-P2-PE1 (Basis for Protect, path weight 11)
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
#-- snip --
CISCO-PE5#show mpls traffic-eng tunnels tunnel 1 protection
CISCO-PE5_t1
LSP Head, Tunnel1, Admin: up, Oper: up
Src 10.10.10.5, Dest 10.10.10.1, Instance 256
Fast Reroute Protection: None
Path Protection: 0 Common Link(s), 0 Common Node(s)
Primary lsp path:192.168.35.3 192.168.13.1
10.10.10.1
Protect lsp path:192.168.25.2 192.168.12.1
10.10.10.1
#-- snip --
CISCO-PE5#traceroute mpls traffic-eng tunnel 1
Tracing MPLS TE Label Switched Path on Tunnel1, timeout is 2 seconds
#-- snip --
Type escape sequence to abort.
0 192.168.35.5 MRU 1500 [Labels: 300736 Exp: 0]
L 1 10.10.10.3 MRU 1514 [Labels: 262141 Exp: 7] 59 ms
! 2 10.10.10.1 11 ms
CISCO-PE5#
การคอนฟิก TE-Tunnel ระหว่างไซต์ Huawei-PE4 กับ Cisco-PE5
คอนฟิกระหว่าง Huawei-PE4 กับ Cisco-PE5 มีแค่ Primary กับ Hot-Standby. ถ้าทั้ง Primary และ Standby down ก็จะทำให้ TE-Tunnel Down.
Huawei-PE4(10.10.10.4) --> Cisco-PE5(10.10.10.5) TE Tunnel Configuration
<Huawei>display current-configuration # explicit-path PE4-P2-PE5 next hop 192.168.24.2 next hop 192.168.25.5 next hop 10.10.10.5 # explicit-path PE4-P3-PE5 next hop 192.168.34.3 next hop 192.168.35.5 next hop 10.10.10.5 # interface Tunnel0/0/5 description To_Cisco-PE5 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 10.10.10.5 mpls te tunnel-id 5 mpls te record-route mpls te path explicit-path PE4-P2-PE5 mpls te path explicit-path PE4-P3-PE5 secondary mpls te backup hot-standby mode revertive wtr 120 mpls te commit #
Cisco-PE5(10.10.10.5) --> Huawei-PE4(10.10.10.4) TE Tunnel Configuration
CISCO-PE5#show running-config ! interface Tunnel4 description To_Huawei-PE4 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 10.10.10.4 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 1 explicit name PE5-P2-PE4 tunnel mpls traffic-eng path-option protect 1 explicit name PE5-P3-PE4 no routing dynamic ! ip explicit-path name PE5-P2-PE4 enable next-address 10.10.10.2 next-address 10.10.10.4 ! ip explicit-path name PE5-P3-PE4 enable next-address 10.10.10.3 next-address 10.10.10.4 !
แสดงสถานะ TE-Tunnel ระหว่างไซต์ Huawei-PE4 กับ Cisco-PE5
Huawei-PE4(10.10.10.4) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary Up, Standby Up.
ผล Trace ทั้ง Primary และ Standby ก็เป็นไปตามที่คอนฟิกไว้
<Huawei>display mpls te tunnel-interface Tunnel 0/0/5
----------------------------------------------------------------
Tunnel0/0/5
----------------------------------------------------------------
Tunnel State Desc : UP
Active LSP : Primary LSP
Session ID : 5
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.5
Admin State : UP Oper State : UP
Primary LSP State : UP
Main LSP State : READY LSP ID : 1
Hot-Standby LSP State : UP
Main LSP State : READY LSP ID : 32770
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/5
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/5 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 192.168.24.2/[300032 ]
1 10.10.10.2 130 ms Transit 192.168.25.5/[0 ]
2 192.168.25.5 10 ms Egress
<Huawei>
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/5 hot-standby
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/5 , press CTRL_C to break.
TTL Replier Time Type Downstream
0 Ingress 192.168.34.3/[300096 ]
1 10.10.10.3 60 ms Transit 192.168.35.5/[0 ]
2 192.168.35.5 30 ms Egress
<Huawei>
Cisco-PE5(10.10.10.5) แสดงสถานะ TE-Tunnel และ LSP Trace
TE-Tunnel Oper: Up. Primary Up, Protect Up. Active path=explicit path option 1 ถูกต้อง
Primary LSP, Protect LSP Path แสดงผลถูกต้อง
ผล Trace เป็นไปตาม Active Path ถูกต้อง
CISCO-PE5#show mpls traffic-eng tunnels tunnel 4
Name: CISCO-PE5_t4 (Tunnel4) Destination: 10.10.10.4
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type explicit PE5-P2-PE4 (Basis for Setup, path weight 11)
Path Protection: 0 Common Link(s), 0 Common Node(s)
path protect option 1, type explicit PE5-P3-PE4 (Basis for Protect, path weight 11)
Config Parameters:
Bandwidth: 0 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 0 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
#-- snip --
CISCO-PE5#show mpls traffic-eng tunnels tunnel 4 protection
CISCO-PE5_t4
LSP Head, Tunnel4, Admin: up, Oper: up
Src 10.10.10.5, Dest 10.10.10.4, Instance 4
Fast Reroute Protection: None
Path Protection: 0 Common Link(s), 0 Common Node(s)
Primary lsp path:192.168.25.2 192.168.24.4
10.10.10.4
Protect lsp path:192.168.35.3 192.168.34.4
10.10.10.4
#-- snip --
CISCO-PE5#traceroute mpls traffic-eng tunnel 4
Tracing MPLS TE Label Switched Path on Tunnel4, timeout is 2 seconds
#-- snip --
Type escape sequence to abort.
0 192.168.25.5 MRU 1500 [Labels: 300400 Exp: 0]
L 1 10.10.10.2 MRU 1514 [Labels: 1054 Exp: 7] 204 ms
! 2 10.10.1
CISCO-PE5#
การคอนฟิก MP-BGP
MP-BGP หรือบางทีก็เรียกว่า bgp-vpn เพื่อเอาไว้รับส่ง Route ที่เป็น vpn ในตัวอย่างนี้ทำ vpn-ipv4 อย่างเดียวโดยมีการ Peer กันแบบ full mesh ระหว่าง PE Router. จะเห็นว่าที่ P router ไม่จำเป็นต้องมีคอนฟิก MP-BGP เลย
NOKIA-PE1(10.10.10.1) คอนฟิก MP-BGP
peer ไปหา Huawei-PE4(10.10.10.4) และ Cisco-PE5(10.10.10.5) โดยคอฟฟิก family เป็น vpn-ipv4 เท่านั้น
/configure
router
autonomous-system 65000
router-id 10.10.10.1
bgp
group "PE"
family vpn-ipv4
peer-as 65000
neighbor 10.10.10.4
exit
neighbor 10.10.10.5
exit
exit
no shutdown
exit
Huawei-PE4(10.10.10.4) คอนฟิก MP-BGP
peer ไปหา Nokia-PE1(10.10.10.1) และ Cisco-PE5(10.10.10.5) โดย enable ipv4-family vpnv4 และ disable ipv4-family unicast (เอาไว้รับส่ง global routing table ในตัวอย่างนี้ไม่จำเป็น)
<Huawei>display current-configuration # bgp 65000 router-id 10.10.10.4 group PE internal peer PE connect-interface LoopBack0 peer 10.10.10.1 as-number 65000 peer 10.10.10.1 group PE peer 10.10.10.1 description To_NOKIA_PE1 peer 10.10.10.5 as-number 65000 peer 10.10.10.5 group PE peer 10.10.10.5 description To_Cisco_PE5 # ipv4-family unicast undo synchronization undo peer PE enable undo peer 10.10.10.1 enable undo peer 10.10.10.5 enable # ipv4-family vpnv4 policy vpn-target peer PE enable peer 10.10.10.1 enable peer 10.10.10.1 group PE peer 10.10.10.5 enable peer 10.10.10.5 group PE #
Cisco-PE5(10.10.10.5) คอนฟิก MP-BGP
peer ไปหา Nokia-PE1(10.10.10.1) และ Huawei-PE4(10.10.10.4) โดย enable family vpnv4 และ disable family ipv4 (เอาไว้รับส่ง grobal routing table ในตัวอย่างนี้ไม่จำเป็น)
CISCO-PE5#show running-config ! router bgp 65000 bgp log-neighbor-changes neighbor 10.10.10.1 remote-as 65000 neighbor 10.10.10.1 update-source Loopback0 neighbor 10.10.10.4 remote-as 65000 neighbor 10.10.10.4 update-source Loopback0 ! address-family ipv4 no neighbor 10.10.10.1 activate no neighbor 10.10.10.4 activate exit-address-family ! address-family vpnv4 neighbor 10.10.10.1 activate neighbor 10.10.10.1 send-community extended neighbor 10.10.10.4 activate neighbor 10.10.10.4 send-community extended exit-address-family !
แสดงสถานะ MP-BGP
State เป็น Estrablished family VPN-IPv4 ถูกต้องทุกไซต์
NOKIA-PE1(10.10.10.1) แสดงสถานะ MP-BGP
A:NOKIA-PE1# show router bgp neighbor =============================================================================== BGP Neighbor =============================================================================== ------------------------------------------------------------------------------- Peer : 10.10.10.4 Group : PE ------------------------------------------------------------------------------- Peer AS : 65000 Peer Port : 59886 Peer Address : 10.10.10.4 Local AS : 65000 Local Port : 179 Local Address : 10.10.10.1 Peer Type : Internal State : Established Last State : Established Last Event : recvKeepAlive Last Error : Cease (Connection Collision Resolution) Local Family : VPN-IPv4 Remote Family : VPN-IPv4 #---- snipped ----- ------------------------------------------------------------------------------- Peer : 10.10.10.5 Group : PE ------------------------------------------------------------------------------- Peer AS : 65000 Peer Port : 179 Peer Address : 10.10.10.5 Local AS : 65000 Local Port : 50407 Local Address : 10.10.10.1 Peer Type : Internal State : Established Last State : Active Last Event : recvKeepAlive Last Error : Cease (Administrative Shutdown) Local Family : VPN-IPv4 Remote Family : VPN-IPv4 #---- snipped -----
Huawei-PE4(10.10.10.4) แสดงสถานะ MP-BGP
<Huawei>display bgp vpnv4 all peer BGP local router ID : 10.10.10.4 Local AS number : 65000 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.10.10.1 4 65000 60 58 0 00:26:59 Established 3 10.10.10.5 4 65000 337 309 0 05:02:14 Established 3 <Huawei>
Cisco-PE5(10.10.10.5) แสดงสถานะ MP-BGP
CISCO-PE5#show ip bgp vpnv4 all summary BGP router identifier 10.10.10.5, local AS number 65000 #--snipped -- Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.1 4 65000 83 88 157 0 0 00:38:01 3 10.10.10.4 4 65000 319 349 157 0 0 05:12:49 3 CISCO-PE5#
การคอนฟิก PE-CE
ที่ PE เร้าเตอร์จะคอนฟิก VRF และ enable Routing Protocol เพื่อให้บริการ Layer3 กับอุปกรณ์ฝั่ง CE (Customer Edge) โดย PE-CE แต่ละไซต์ตามตัวอย่างนี้ใช้ Route Protocol ที่ไม่เหมือนกัน. ที่ PE เร้าเตอร์นอกจากสร้าง VRF และ enable Route Protocol แล้วยังต้องการ Redistribute Route จาก VRF เข้า MP-BPG เพื่อส่ง Prefix ให้ PE เร้าเตอร์ตัวอื่น และ Redistribute Route จาก MP-BGP เข้า VRF ด้วย
CE เร้าเตอร์ไม่จำเป็นต้องทำ VRF ตัวอย่างนี้คอนฟิกให้เหมือนเร้าเตอร์ธรรมดา และ Enable Route Protocol และคอนฟิกให้ตรงกับ PE เร้าเตอร์ พารามิเตอร์ต่างๆ ดูจากรูปด้านล่างเลยครับ
การคอนฟิก eBGP PE-CE ระหว่างไซต์ NOKIA-PE1 กับ NOKIA-CE
NOKIA-PE1(100.100.100.1) คอนฟิก eBGP PE-CE
คอนฟิก vprn, bgp, redistribute directed กับ bgp-vpn เข้า bgp ipv4 เพื่อเร้าส่งให้ NOKIA-CE. NOKIA-PE มีความพิเศษอย่างนึงคือไม่ต้อง redistribute จากเร้าจาก vprn เข้า MP-BGP โดยเร้าเตอร์จะทำให้โดยอัตโนมัติ
A:NOKIA-PE1#
/configure
port 1/1/1
description "To_NOKIA-CE_1/1/1"
ethernet
mode access
exit
no shutdown
exit
/configure service
vprn 100 customer 1 create
autonomous-system 65000
route-distinguisher 65000:1100
auto-bind rsvp-te
vrf-target target:65000:100
interface "loopback100" create
address 100.100.100.1/32
loopback
exit
interface "to_NOKIA-CE_1/1/1" create
address 172.16.101.1/24
sap 1/1/1 create
exit
exit
bgp
router-id 100.100.100.1
group "NOKIA-CE"
export "COTTON-EXPORT"
peer-as 65100
neighbor 172.16.101.2
exit
exit
no shutdown
exit
service-name "COTTON"
no shutdown
exit
/configure router
policy-options
begin
policy-statement "COTTON-EXPORT"
entry 5
from
protocol direct
exit
action accept
exit
exit
entry 10
from
protocol bgp-vpn
exit
action accept
exit
exit
exit
commit
exit
NOKIA-CE(100.100.100.101) คอนฟิก eBGP PE-CE
ที่ CE ไม่จำเป็นต้องสร้าง vprn. คอนฟิก bgp ที่ global routing ได้เลย และก็ redistribute direct เข้า bgp ด้วย
A:NOKIA-CE#
/configure
port 1/1/1
description "To_NOKIA-PE_1/1/1"
ethernet
exit
no shutdown
exit
router
interface "system"
address 100.100.100.101/32
no shutdown
exit
interface "to_NOKIA-PE1"
address 172.16.101.2/24
port 1/1/1
no shutdown
exit
autonomous-system 65100
router-id 100.100.100.101
/configure router
policy-options
begin
policy-statement "DIRECT"
entry 10
from
protocol direct
exit
to
protocol bgp
exit
action accept
exit
exit
default-action reject
exit
commit
exit
/configure router
bgp
group "NOKIA-PE"
export "DIRECT"
peer-as 65000
neighbor 172.16.101.1
exit
exit
no shutdown
exit
การคอนฟิก OSPF PE-CE ระหว่างไซต์ Huawei-PE4 กับ Mikrotik-CE
Huawei-PE4(100.100.100.4) คอนฟิก OSPF PE-CE
คอนฟิก vpn-instance, ospf , redistribute จาก bgp-vpn เข้า ospf และ จาก ospf, direct เข้า bgp-vpn
<Huawei>display current-configuration # ip vpn-instance COTTON ipv4-family route-distinguisher 65000:1100 tnl-policy RSVP-TE vpn-target 65000:100 export-extcommunity vpn-target 65000:100 import-extcommunity # interface GigabitEthernet0/0/3 description To_Mikrotik_CE_eth4 ip binding vpn-instance COTTON ip address 172.16.104.1 255.255.255.0 ospf network-type p2p ospf enable 100 area 0.0.0.0 # interface LoopBack100 ip binding vpn-instance COTTON ip address 100.100.100.4 255.255.255.255 ospf enable 100 area 0.0.0.0 # bgp 65000 # ipv4-family vpn-instance COTTON import-route direct import-route ospf 100 # ospf 100 router-id 100.100.100.4 vpn-instance COTTON import-route bgp area 0.0.0.0 # tunnel-policy RSVP-TE tunnel select-seq cr-lsp load-balance-number 1 # <Huawei>
Mikrotik-CE(100.100.100.104) คอนฟิก OSPF PE-CE
สร้าง bridge interface ชื่อ loopback100 ใส่ IP ให้กับ Interface และ enable OSPF
การคอนฟิก ISIS PE-CE ระหว่างไซต์ Cisco-PE5 กับ Cisco-CE
Cisco-PE5(100.100.100.5) คอนฟิก ISIS Level-1 PE-CE
คอนฟิก vrf, isis level-1 , redistribute จาก bgp-vpn เข้า isis และ จาก isis, connected เข้า bgp-vpn
CISCO-PE5#show running-config ! ip vrf COTTON rd 65000:1100 route-target export 65000:100 route-target import 65000:100 ! interface Loopback100 ip vrf forwarding COTTON ip address 100.100.100.5 255.255.255.255 ip router isis isis circuit-type level-1 ! interface Ethernet0/3 description To_CISCO-CE_e0/0 ip vrf forwarding COTTON ip address 172.16.105.1 255.255.255.0 ip router isis isis circuit-type level-1 isis network point-to-point ! router isis vrf COTTON net 49.0100.0000.0000.0005.00 is-type level-1 redistribute bgp 65000 level-1 ! router bgp 65000 ! address-family ipv4 vrf COTTON redistribute connected redistribute isis level-1 exit-address-family ! CISCO-PE5#
Cisco-CE5(100.100.100.105) คอนฟิก ISIS Level-1 PE-CE
ไม่ต้อง vrf. คอนฟิก isis level-1 และ enable ใต้ interface เลย
CISCO-CE#show running-config ! interface Loopback100 ip address 100.100.100.105 255.255.255.255 ip router isis isis circuit-type level-1 ! interface Ethernet0/0 description To_CISCO-PE5_e0/3 no switchport ip address 172.16.105.2 255.255.255.0 ip router isis duplex auto isis circuit-type level-1 isis network point-to-point ! router isis net 49.0100.0000.0000.0105.00 is-type level-1 ! CISCO-CE#
แสดงสถานะ eBGP PE-CE ระหว่างไซต์ NOKIA-PE1 - NOKIA-CE
NOKIA-PE1(100.100.100.1) แสดงสถานะ eBGP PE-CE
bgp ที่ peer ไปหา CE state established. route table vprn 100 ได้รับเร้าครบถูกต้อง
A:NOKIA-PE1# show router 100 bgp neighbor
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.101.2
Group : NOKIA-CE
-------------------------------------------------------------------------------
Peer AS : 65100 Peer Port : 179
Peer Address : 172.16.101.2
Local AS : 65000 Local Port : 50616
Local Address : 172.16.101.1
Peer Type : External
State : Established Last State : Active
Last Event : recvKeepAlive
Last Error : Unrecognized Error
Local Family : IPv4
Remote Family : IPv4
#-- snip --
A:NOKIA-PE1# show router 100 route-table
===============================================================================
Route Table (Service: 100)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
100.100.100.1/32 Local Local 00h05m54s 0
loopback100 0
100.100.100.4/32 Remote BGP VPN 00h03m19s 170
10.10.10.4 (tunneled:RSVP:2) 0
100.100.100.5/32 Remote BGP VPN 00h03m22s 170
10.10.10.5 (tunneled:RSVP:1) 0
100.100.100.101/32 Remote BGP 00h04m53s 170
172.16.101.2 0
100.100.100.104/32 Remote BGP VPN 00h03m19s 170
10.10.10.4 (tunneled:RSVP:2) 0
100.100.100.105/32 Remote BGP VPN 00h03m22s 170
10.10.10.5 (tunneled:RSVP:1) 0
172.16.101.0/24 Local Local 00h05m43s 0
to_NOKIA-CE_1/1/1 0
172.16.104.0/24 Remote BGP VPN 00h03m19s 170
10.10.10.4 (tunneled:RSVP:2) 0
172.16.105.0/24 Remote BGP VPN 00h03m22s 170
10.10.10.5 (tunneled:RSVP:1) 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:NOKIA-PE1#
NOKIA-CE(100.100.100.101) แสดงสถานะ eBGP PE-CE
bgp ที่ peer ไปหา PE state established. ได้รับ Route ครบ. ปิงไปหา Mikrotik-CE(100.100.100.104) OK. ปิงไปหา Cisco-CE(100.100.100.105) OK.
A:NOKIA-CE# show router bgp neighbor 172.16.101.1
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.101.1
Group : NOKIA-PE
-------------------------------------------------------------------------------
Peer AS : 65000 Peer Port : 179
Peer Address : 172.16.101.1
Local AS : 65100 Local Port : 49625
Local Address : 172.16.101.2
Peer Type : External
State : Established Last State : Active
Last Event : recvKeepAlive
Last Error : Hold Timer Expire
Local Family : IPv4
Remote Family : IPv4
#-- snip --
A:NOKIA-CE# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
100.100.100.1/32 Remote BGP 00h15m15s 170
172.16.101.1 0
100.100.100.4/32 Remote BGP 00h15m15s 170
172.16.101.1 0
100.100.100.5/32 Remote BGP 00h15m15s 170
172.16.101.1 0
100.100.100.101/32 Local Local 00h49m24s 0
system 0
100.100.100.104/32 Remote BGP 00h15m15s 170
172.16.101.1 0
100.100.100.105/32 Remote BGP 00h15m15s 170
172.16.101.1 0
172.16.101.0/24 Local Local 00h49m14s 0
to_NOKIA-PE1 0
172.16.104.0/24 Remote BGP 00h15m15s 170
172.16.101.1 0
172.16.105.0/24 Remote BGP 00h15m15s 170
172.16.101.1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:NOKIA-CE#
A:NOKIA-CE# ping source 100.100.100.101 100.100.100.104
PING 100.100.100.104 56 data bytes
64 bytes from 100.100.100.104: icmp_seq=1 ttl=62 time=10.3ms.
64 bytes from 100.100.100.104: icmp_seq=2 ttl=62 time=64.2ms.
64 bytes from 100.100.100.104: icmp_seq=3 ttl=62 time=27.8ms.
64 bytes from 100.100.100.104: icmp_seq=4 ttl=62 time=10.4ms.
64 bytes from 100.100.100.104: icmp_seq=5 ttl=62 time=9.57ms.
---- 100.100.100.104 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 9.57ms, avg = 24.5ms, max = 64.2ms, stddev = 21.0ms
A:NOKIA-CE#
A:NOKIA-CE# ping source 100.100.100.101 100.100.100.105
PING 100.100.100.105 56 data bytes
64 bytes from 100.100.100.105: icmp_seq=1 ttl=252 time=5.27ms.
64 bytes from 100.100.100.105: icmp_seq=2 ttl=252 time=5.09ms.
64 bytes from 100.100.100.105: icmp_seq=3 ttl=252 time=10.7ms.
64 bytes from 100.100.100.105: icmp_seq=4 ttl=252 time=10.1ms.
64 bytes from 100.100.100.105: icmp_seq=5 ttl=252 time=5.76ms.
---- 100.100.100.105 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 5.09ms, avg = 7.37ms, max = 10.7ms, stddev = 2.46ms
A:NOKIA-CE# แสดงสถานะ OSPF PE-CE ระหว่างไซต์ Huawei-PE4 กับ Mikrotik-CE
Huawei-PE4(100.100.100.4) แสดงสถานะ OSPF PE-CE
OSPF ที่ต่อกับ CE state Full. route table vpn COTTON ได้รับเร้าครบถูกต้อง
<Huawei>display ospf 100 peer brief
OSPF Process 100 with Router ID 100.100.100.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/3 10.10.0.138 Full
----------------------------------------------------------------------------
<Huawei>
<Huawei>display ip routing-table vpn-instance COTTON
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: COTTON
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
100.100.100.1/32 IBGP 255 0 RD 10.10.10.1 Tunnel0/0/1
100.100.100.4/32 Direct 0 0 D 127.0.0.1 LoopBack100
100.100.100.5/32 IBGP 255 0 RD 10.10.10.5 Tunnel0/0/5
100.100.100.101/32 IBGP 255 0 RD 10.10.10.1 Tunnel0/0/1
100.100.100.104/32 OSPF 10 11 D 172.16.104.2 GigabitEthernet0/0/3
100.100.100.105/32 IBGP 255 20 RD 10.10.10.5 Tunnel0/0/5
172.16.101.0/24 IBGP 255 0 RD 10.10.10.1 Tunnel0/0/1
172.16.104.0/24 Direct 0 0 D 172.16.104.1 GigabitEthernet0/0/3
172.16.104.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.16.105.0/24 IBGP 255 0 RD 10.10.10.5 Tunnel0/0/5
<Huawei>
Mikrotik-CE(100.100.100.104) แสดงสถานะ OSPF PE-CE
OSPF ที่ต่อกับ PE state Full. ได้รับ Route ครบ. ปิงไปหา NOKIA-CE(100.100.100.101) OK. ปิงไปหา Cisco-CE(100.100.100.105) OK.
[admin@MikroTik] > routing ospf neighbor print
0 instance=default router-id=100.100.100.4 address=172.16.104.1
interface=ether4 priority=1 dr-address=0.0.0.0 backup-dr-address=0.0.0.0
state="Full" state-changes=4 ls-retransmits=0 ls-requests=0 db-summaries=0
adjacency=1h36m51s
[admin@MikroTik] >
[admin@MikroTik] > routing ospf route print
# DST-ADDRESS STATE COST GATEWAY INTERFACE
0 100.100.100.1/32 ext-2 1 172.16.104.1 ether4
1 100.100.100.4/32 intra-area 10 172.16.104.1 ether4
2 100.100.100.5/32 ext-2 1 172.16.104.1 ether4
3 100.100.100.101/32 ext-2 1 172.16.104.1 ether4
4 100.100.100.104/32 intra-area 10 0.0.0.0 loopback100
5 100.100.100.105/32 ext-2 20 172.16.104.1 ether4
6 172.16.101.0/24 ext-2 1 172.16.104.1 ether4
7 172.16.104.0/24 intra-area 10 0.0.0.0 ether4
8 172.16.105.0/24 ext-2 1 172.16.104.1 ether4
[admin@MikroTik] >
[admin@MikroTik] > ping 100.100.100.101 src-address=100.100.100.104
SEQ HOST SIZE TTL TIME STATUS
0 100.100.100.101 56 62 30ms
1 100.100.100.101 56 62 29ms
2 100.100.100.101 56 62 28ms
3 100.100.100.101 56 62 29ms
4 100.100.100.101 56 62 38ms
sent=5 received=5 packet-loss=0% min-rtt=28ms avg-rtt=30ms max-rtt=38ms
[admin@MikroTik] > ping 100.100.100.105 src-address=100.100.100.104
SEQ HOST SIZE TTL TIME STATUS
0 100.100.100.105 56 252 37ms
1 100.100.100.105 56 252 38ms
2 100.100.100.105 56 252 39ms
3 100.100.100.105 56 252 38ms
4 100.100.100.105 56 252 38ms
sent=5 received=5 packet-loss=0% min-rtt=37ms avg-rtt=38ms max-rtt=39ms
[admin@MikroTik] >
แสดงสถานะ ISIS PE-CE ระหว่างไซต์ Cisco-PE4 กับ Cisco-CE
Cisco-PE5(100.100.100.5) แสดงสถานะ ISIS Level-1 PE-CE
isis level-1 ที่ต่อกับ PE state UP. route table vrf COTTON ครบ ถูกต้อง
CISCO-PE5#show isis neighbors
Tag null:
System Id Type Interface IP Address State Holdtime Circuit Id
CISCO-CE L1 Et0/3 172.16.105.2 UP 23 01
CISCO-PE5#
CISCO-PE5#show ip route vrf COTTON
Routing Table: COTTON
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 6 subnets
B 100.100.100.1 [200/0] via 10.10.10.1, 00:54:30
B 100.100.100.4 [200/0] via 10.10.10.4, 00:08:27
C 100.100.100.5 is directly connected, Loopback100
B 100.100.100.101 [200/0] via 10.10.10.1, 00:24:50
B 100.100.100.104 [200/12] via 10.10.10.4, 00:08:27
i L1 100.100.100.105 [115/20] via 172.16.105.2, 06:34:40, Ethernet0/3
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
B 172.16.101.0/24 [200/0] via 10.10.10.1, 00:54:30
B 172.16.104.0/24 [200/0] via 10.10.10.4, 00:08:27
C 172.16.105.0/24 is directly connected, Ethernet0/3
L 172.16.105.1/32 is directly connected, Ethernet0/3
CISCO-PE5#
Cisco-CE5(100.100.100.105) แสดงสถานะ OSPF PE-CE
ไม่จำเป็นต้องคอนฟิก vrf. สถานะ isis level-1 ที่ต่อกับ PE state UP. ได้รับ Route ครบ. ปิงไปหา NOKIA-CE(100.100.100.101) OK. ปิงไปหา Mikrotik-CE(100.100.100.104) OK.
CISCO-CE#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
CISCO-PE5 L1 Et0/0 172.16.105.1 UP 27 00
CISCO-CE#
CISCO-CE#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 6 subnets
i L1 100.100.100.1 [115/10] via 172.16.105.1, 00:11:47, Ethernet0/0
i L1 100.100.100.4 [115/10] via 172.16.105.1, 00:15:46, Ethernet0/0
i L1 100.100.100.5 [115/20] via 172.16.105.1, 00:15:46, Ethernet0/0
i L1 100.100.100.101 [115/10] via 172.16.105.1, 00:11:47, Ethernet0/0
i L1 100.100.100.104 [115/10] via 172.16.105.1, 00:15:46, Ethernet0/0
C 100.100.100.105 is directly connected, Loopback100
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
i L1 172.16.101.0/24 [115/10] via 172.16.105.1, 00:11:47, Ethernet0/0
i L1 172.16.104.0/24 [115/10] via 172.16.105.1, 00:15:46, Ethernet0/0
C 172.16.105.0/24 is directly connected, Ethernet0/0
L 172.16.105.2/32 is directly connected, Ethernet0/0
CISCO-CE#
CISCO-CE#ping 100.100.100.101 source 100.100.100.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.101, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.105
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms
CISCO-CE#
CISCO-CE#ping 100.100.100.104 source 100.100.100.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.104, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.105
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/22/38 ms
CISCO-CE#
สำหรับการคอนฟิก MPLS L3VPN ก็มีเพียงเท่านี้ ต่อไปจะเป็น Fail-Over test.
Fail-Over Test Scenario 1
คราวนี้เราจะมาลอง Shutdown 2 Link เพื่อดูสถานะของ TE-Tunnel, Primary LSP, Hot-Standby LSP, LSP Trace และทดลองปิงเทสที่ไซต์ CE
จากการ Shutdown link 2 จุดตามรูป จะทำให้ LSP ระหว่าง
NOKIA-PE1 - Huawei PE4 Primary Down, Hot-Standby Up. TE-Tunnel ยังคง Up
NOKIA-PE1 - Cisco-PE5 Primary Down, Hot-Standby Up. TE-Tunnel ยังคง
Up
Huawei PE4 - Cisco-PE5 Primary Down , Hot-Standby Down.
ทำให้ TE-Tunnel Down
NOKIA-PE1(10.10.10.1) แสดงผลหลัง fail-over test scenario 1
จะเห็นว่า LSP (หรือที่ผมใช้คำว่า TE-Tunnel มาตลอด) ที่ไปหา Huawei-PE4 Oper:Up เพราะยังมี Hot-Standby path Up อยู่ ผล trace ก็ไปตามทาง Standby LSP ที่คอนฟิกไว้
LSP ที่ไปหา Cisco-PE5 Oper:Up เพราะยังมี Standby path Up อยู่ ผล trace ก็ไปตามทาง Standby LSP ที่คอนฟิกไว้
A:NOKIA-PE1# show router mpls lsp "to_PE4_lsp" path =============================================================================== MPLS LSP to_PE4_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE4_lsp To : 10.10.10.4 Adm State : Up Oper State : Up ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P2-PE4_path n/a Primary n/a Up Dwn Best-Effort_path n/a Secondary n/a Up Dwn PE1-P3-PE4_path 192.168.13.3 Standby 1/1/4 Up Up =============================================================================== A:NOKIA-PE1# show router mpls lsp "to_PE5_lsp" path =============================================================================== MPLS LSP to_PE5_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE5_lsp To : 10.10.10.5 Adm State : Up Oper State : Up ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P3-PE5_path n/a Primary n/a Up Dwn PE1-P2-PE5_path 192.168.12.2 Standby 1/1/2 Up Up =============================================================================== A:NOKIA-PE1# A:NOKIA-PE1# oam lsp-trace "to_PE4_lsp" lsp-trace to to_PE4_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.3 rtt=59.1ms rc=8(DSRtrMatchLabel) rsc=1 2 10.10.10.4 rtt=42.0ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1# A:NOKIA-PE1# oam lsp-trace "to_PE5_lsp" lsp-trace to to_PE5_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.2 rtt=272ms rc=8(DSRtrMatchLabel) rsc=1 2 192.168.25.5 rtt=50.9ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1#
Huawei-PE4(10.10.10.4) แสดงผลหลัง fail-over test scenario 1
จะเห็นว่า TE-Tunnel ที่ไปหา NOKIA-PE1 Oper Up เพราะยังมี Hot-Standby path Up อยู่ ผล trace ก็ไปตามทาง Hot-Standby LSP ที่คอนฟิกไว้
ส่วน TE-Tunnel Cisco-PE5 Oper:Down เพราะทั้ง Primary และ Hot-Standby LSP ดาวน์ และไม่ได้คอนฟิก secondary best-effort ไว้
<Huawei>display mpls te tunnel-interface Tunnel 0/0/1
----------------------------------------------------------------
Tunnel0/0/1
----------------------------------------------------------------
Tunnel State Desc : UP
Active LSP : Hot-Standby LSP
Session ID : 1
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.1
Admin State : UP Oper State : UP
Primary LSP State : DOWN
Main LSP State : SETTING UP
Hot-Standby LSP State : UP
Main LSP State : READY LSP ID : 32784
<Huawei>
<Huawei>display mpls te tunnel-interface Tunnel 0/0/5
----------------------------------------------------------------
Tunnel0/0/5
----------------------------------------------------------------
Tunnel State Desc : DOWN
Active LSP : -
Session ID : 5
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.5
Admin State : UP Oper State : DOWN
Primary LSP State : DOWN
Main LSP State : SETTING UP
Hot-Standby LSP State : DOWN
Main LSP State : SETTING UP LSP ID : 32770
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/1
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/1 , press CTRL_C t
o break.
TTL Replier Time Type Downstream
0 Ingress 192.168.34.3/[299920 ]
1 10.10.10.3 100 ms Transit 192.168.13.1/[262142 ]
2 10.10.10.1 10 ms Egress
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/5
Error: The specified LSP does not exist.
<Huawei>
Cisco-PE5(10.10.10.5) แสดงผลหลัง fail-over test scenario 1
จะเห็นว่า TE-Tunnel ที่ไปหา NOKIA-PE1 Oper Up เพราะยังมี Hot-Standby path Up อยู่ ผล trace ก็ไปตามทาง Hot-Standby LSP ที่คอนฟิกไว้
ส่วน TE-Tunnel ที่ไปหา Huawei-PE4 Oper:Down เพราะทั้ง Primary และ Hot-Standby LSP ดาวน์
CISCO-PE5#show mpls traffic-eng tunnels tunnel 1
Name: To_NOKIA-PE1 (Tunnel1) Destination: 10.10.10.1
Status:
Admin: up Oper: up Path: valid Signalling: connected
path protect option 1, type explicit PE5-P2-PE1 (Basis for Protect, path weight 11)
path option 1, type explicit PE5-P3-PE1
#-- snip --
CISCO-PE5#show mpls traffic-eng tunnels tunnel 4
Name: To_Huawei-PE4 (Tunnel4) Destination: 10.10.10.4
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 1, type explicit PE5-P2-PE4
Path Protection: Backup lsp in use.
path protect option 1, type explicit PE5-P3-PE4
#-- snip --
CISCO-PE5#traceroute mpls traffic-eng tunnel 1
Tracing MPLS TE Label Switched Path on Tunnel1, timeout is 2 seconds
#-- snip --
Type escape sequence to abort.
0 192.168.25.5 MRU 1500 [Labels: 300064 Exp: 0]
L 1 10.10.10.2 MRU 1514 [Labels: 262137 Exp: 7] 65 ms
! 2 10.10.10.1 11 ms
CISCO-PE5#
CISCO-PE5#traceroute mpls traffic-eng tunnel 4
Tracing MPLS TE Label Switched Path on Tunnel4, timeout is 2 seconds
#-- snip --
Type escape sequence to abort.
0 192.168.45.5 MRU 0 [No Label]
Q 1 *
CISCO-PE5#
NOKIA-CE(100.100.100.101) แสดงผลหลัง fail-over test scenario 1
ปิงไปหา Mikrotik-CE(100.100.100.104) OK
ปิงไปหา Cisco-CE(100.100.100.105) OK
A:NOKIA-CE# ping source 100.100.100.101 100.100.100.104 PING 100.100.100.104 56 data bytes 64 bytes from 100.100.100.104: icmp_seq=1 ttl=62 time=52.5ms. 64 bytes from 100.100.100.104: icmp_seq=2 ttl=62 time=25.9ms. 64 bytes from 100.100.100.104: icmp_seq=3 ttl=62 time=14.7ms. 64 bytes from 100.100.100.104: icmp_seq=4 ttl=62 time=42.2ms. 64 bytes from 100.100.100.104: icmp_seq=5 ttl=62 time=14.8ms. ---- 100.100.100.104 PING Statistics ---- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min = 14.7ms, avg = 30.0ms, max = 52.5ms, stddev = 15.1ms A:NOKIA-CE# ping source 100.100.100.101 100.100.100.105 PING 100.100.100.105 56 data bytes 64 bytes from 100.100.100.105: icmp_seq=1 ttl=252 time=7.85ms. 64 bytes from 100.100.100.105: icmp_seq=2 ttl=252 time=5.31ms. 64 bytes from 100.100.100.105: icmp_seq=3 ttl=252 time=5.27ms. 64 bytes from 100.100.100.105: icmp_seq=4 ttl=252 time=5.43ms. 64 bytes from 100.100.100.105: icmp_seq=5 ttl=252 time=4.70ms. ---- 100.100.100.105 PING Statistics ---- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min = 4.70ms, avg = 5.71ms, max = 7.85ms, stddev = 1.10ms A:NOKIA-CE#
Mikrotik-CE(100.100.100.104) แสดงผลหลัง fail-over test scenario 1
ปิงไปหา NOKIA-CE(100.100.100.101) OK
ปิงไปหา Cisco-CE(100.100.100.105) ไม่เจอ เพราะ TE-Tunnel ระหว่าง Huawei-PE4 กับ Cisco-PE5 Down
[admin@MikroTik] > ping 100.100.100.101 src-address=100.100.100.104
SEQ HOST SIZE TTL TIME STATUS
0 100.100.100.101 56 62 33ms
1 100.100.100.101 56 62 38ms
2 100.100.100.101 56 62 38ms
3 100.100.100.101 56 62 28ms
4 100.100.100.101 56 62 28ms
sent=5 received=5 packet-loss=0% min-rtt=28ms avg-rtt=33ms max-rtt=38ms
[admin@MikroTik] >
[admin@MikroTik] > ping 100.100.100.101 src-address=100.100.100.105
SEQ HOST SIZE TTL TIME STATUS
0 could not make s...
1 could not make s...
2 could not make s...
3 could not make s...
4 could not make s...
sent=5 received=0 packet-loss=100%
[admin@MikroTik] >
Cisco-CE(100.100.100.105) แสดงผลหลัง fail-over test scenario 1
ปิงไปหา NOKIA-CE(100.100.100.101) OK
ปิงไปหา Mikrotik-CE(100.100.100.104) ไม่เจอ เพราะ TE-Tunnel ระหว่าง Huawei-PE4 กับ Cisco-PE5 Down
CISCO-CE#ping 100.100.100.101 source 100.100.100.105 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.100.101, timeout is 2 seconds: Packet sent with a source address of 100.100.100.105 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms CISCO-CE# CISCO-CE#ping 100.100.100.104 source 100.100.100.105 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.100.104, timeout is 2 seconds: Packet sent with a source address of 100.100.100.105 ..... Success rate is 0 percent (0/5) CISCO-CE#
Fail-Over Test Scenario 2
คราวนี้เราจะมาลอง Shutdown 3 Link เพื่อดูสถานะของ TE-Tunnel, Primary LSP, Hot-Standby LSP, LSP Trace และทดลองปิงเทสที่ไซต์ CE
จากการ Shutdown link 2 จุดตามรูป จะทำให้ LSP ระหว่าง
NOKIA-PE1 - Huawei PE4 Primary Down, Hot-Standby Down. Tunnel ยังคง Up เพราะมี Best-Effort ที่ยังสร้าง LSP path ได้
NOKIA-PE1 - Cisco-PE5 Primary Down, Hot-Standby Down. Tunnel Down
Huawei PE4 - Cisco-PE5 Primary Down , Hot-Standby Up. Tunnel Up
NOKIA-PE1(10.10.10.1) แสดงผลหลัง fail-over test scenario 2
จะเห็นว่า LSP ที่ไปหา Huawei-PE4 Oper:Up ถึงแม้ทั้ง Primary และ Hot-Standby Down. เพราะมี Best-Effort_path ที่ยังสามารถสร้าง LSP ใหม่ได้ ผล trace ก็ไปตามเส้นทางใหม่
LSP ที่ไปหา Cisco-PE5 Oper:Down เพราะทั้ง Primary และ Standby Down
A:NOKIA-PE1# show router mpls lsp "to_PE4_lsp" path =============================================================================== MPLS LSP to_PE4_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE4_lsp To : 10.10.10.4 Adm State : Up Oper State : Up ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P2-PE4_path n/a Primary n/a Up Dwn Best-Effort_path 192.168.12.2 Secondary 1/1/2 Up Up PE1-P3-PE4_path n/a Standby n/a Up Dwn =============================================================================== A:NOKIA-PE1# A:NOKIA-PE1# show router mpls lsp "to_PE5_lsp" path =============================================================================== MPLS LSP to_PE5_lsp Path =============================================================================== ------------------------------------------------------------------------------- LSP Name : to_PE5_lsp To : 10.10.10.5 Adm State : Up Oper State : Down ------------------------------------------------------------------------------- Path Name Next Hop Type Out I/F Adm Opr ------------------------------------------------------------------------------- PE1-P3-PE5_path n/a Primary n/a Up Dwn PE1-P2-PE5_path n/a Standby n/a Up Dwn =============================================================================== A:NOKIA-PE1# A:NOKIA-PE1# oam lsp-trace "to_PE4_lsp" lsp-trace to to_PE4_lsp: 0 hops min, 0 hops max, 116 byte packets 1 10.10.10.2 rtt=57.1ms rc=8(DSRtrMatchLabel) rsc=1 2 10.10.10.3 rtt=61.9ms rc=8(DSRtrMatchLabel) rsc=1 3 10.10.10.4 rtt=14.5ms rc=3(EgressRtr) rsc=1 A:NOKIA-PE1# A:NOKIA-PE1# oam lsp-trace "to_P5_lsp" lsp-trace to to_P5_lsp: 0 hops min, 0 hops max, 0 byte packets Send failed. The lsp-name does not exist. A:NOKIA-PE1#
Huawei-PE4(10.10.10.4) แสดงผลหลัง fail-over test scenario 2
TE-Tunnel ที่ไปหา NOKIA-PE1 Oper:Up ถึงแม้ทั้ง Primary และ Hot-Standby Down. เพราะมี Best-Effort_path ที่ยังสามารถสร้าง LSP ใหม่ได้ ผล trace ก็เป็นไปตามทาง LSP ใหม่
ส่วน TE-Tunnel Cisco-PE5 Oper:Up เพราะ Standby LSP Up ผล trace ก็เป็นไปตามทาง standby
<Huawei>display mpls te tunnel-interface Tunnel 0/0/1
----------------------------------------------------------------
Tunnel0/0/1
----------------------------------------------------------------
Tunnel State Desc : UP
Active LSP : Best-Effort LSP
Session ID : 1
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.1
Admin State : UP Oper State : UP
Primary LSP State : DOWN
Main LSP State : SETTING UP
Hot-Standby LSP State : DOWN
Main LSP State : SETTING UP
Best-Effort LSP State : UP
Main LSP State : READY LSP ID : 32785
<Huawei>
<Huawei>display mpls te tunnel-interface Tunnel 0/0/5
----------------------------------------------------------------
Tunnel0/0/5
----------------------------------------------------------------
Tunnel State Desc : UP
Active LSP : Hot-Standby LSP
Session ID : 5
Ingress LSR ID : 10.10.10.4 Egress LSR ID: 10.10.10.5
Admin State : UP Oper State : UP
Primary LSP State : DOWN
Main LSP State : SETTING UP
Hot-Standby LSP State : UP
Main LSP State : READY LSP ID : 32770
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/1
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/1 , press CTRL_C t
o break.
TTL Replier Time Type Downstream
0 Ingress 192.168.34.3/[300160 ]
1 10.10.10.3 110 ms Transit 192.168.23.2/[300240 ]
2 10.10.10.2 60 ms Transit 192.168.12.1/[262142 ]
3 10.10.10.1 30 ms Egress
<Huawei>
<Huawei>tracert lsp te Tunnel 0/0/5
LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/5 , press CTRL_C t
o break.
TTL Replier Time Type Downstream
0 Ingress 192.168.34.3/[300016 ]
1 10.10.10.3 110 ms Transit 192.168.35.5/[0 ]
2 192.168.35.5 10 ms Egress
<Huawei>
Cisco-PE5(10.10.10.5) แสดงผลหลัง fail-over test scenario 2
จะเห็นว่า TE-Tunnel ที่ไปหา NOKIA-PE1 Oper Down เพราะ Primary และ Hot-Standby Down
ส่วน TE-Tunnel ที่ไปหา Huawei-PE4 Oper:Up เพราะ Hot-Standby Up ผล trace ก็เป็นไปตามทาง Hot-Standby
CISCO-PE5#show mpls traffic-eng tunnels tunnel 1
Name: To_NOKIA-PE1 (Tunnel1) Destination: 10.10.10.1
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 1, type explicit PE5-P3-PE1
Path Protection: Backup lsp in use.
path protect option 1, type explicit PE5-P2-PE1
#-- snip --
CISCO-PE5#show mpls traffic-eng tunnels tunnel 4
Name: To_Huawei-PE4 (Tunnel4) Destination: 10.10.10.4
Status:
Admin: up Oper: up Path: valid Signalling: connected
path protect option 1, type explicit PE5-P3-PE4 (Basis for Protect, path weight 11)
path option 1, type explicit PE5-P2-PE4
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
#-- snip --
CISCO-PE5#traceroute mpls traffic-eng tunnel 4
Tracing MPLS TE Label Switched Path on Tunnel4, timeout is 2 seconds
#-- snip --
Type escape sequence to abort.
0 192.168.35.5 MRU 1500 [Labels: 300048 Exp: 0]
L 1 10.10.10.3 MRU 1514 [Labels: 1045 Exp: 7] 61 ms
! 2 10.10.10.4 77 ms
CISCO-PE5#
NOKIA-CE(100.100.100.101) แสดงผลหลัง fail-over test scenario 1
ปิงไปหา Mikrotik-CE(100.100.100.104) OK
ปิงไปหา Cisco-CE(100.100.100.105) ไม่เจอ. เพิ่มเติมนะครับ MP-BGP PE1-PE5 ยังคง established ถึงแม้ Tunnel จะ Down. NOKIA-PE ยังคงได้รับ Route มาจาก Cisco-PE5 แต่จะไม่เอาลง Route-Table 100 เพราะ resolve rsvp-te tunnel ไม่เจอ. พอไม่เอาลง Route-Table 100 ก็จะไม่ประกาศไปหา NOKIA-CE ทำให้ NOKIA-CE ตอนปิงฟ้อง No route to destination.
A:NOKIA-CE# ping source 100.100.100.101 100.100.100.104 PING 100.100.100.104 56 data bytes 64 bytes from 100.100.100.104: icmp_seq=1 ttl=62 time=15.7ms. 64 bytes from 100.100.100.104: icmp_seq=2 ttl=62 time=21.2ms. 64 bytes from 100.100.100.104: icmp_seq=3 ttl=62 time=22.2ms. 64 bytes from 100.100.100.104: icmp_seq=4 ttl=62 time=21.7ms. 64 bytes from 100.100.100.104: icmp_seq=5 ttl=62 time=13.5ms. ---- 100.100.100.104 PING Statistics ---- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min = 13.5ms, avg = 18.9ms, max = 22.2ms, stddev = 3.58ms A:NOKIA-CE# A:NOKIA-CE# ping source 100.100.100.101 100.100.100.105 PING 100.100.100.105 56 data bytes No route to destination. Address: 100.100.100.105, Router: Base No route to destination. Address: 100.100.100.105, Router: Base No route to destination. Address: 100.100.100.105, Router: Base No route to destination. Address: 100.100.100.105, Router: Base No route to destination. Address: 100.100.100.105, Router: Base ---- 100.100.100.105 PING Statistics ---- 5 packets transmitted, 0 packets received, 100% packet loss A:NOKIA-CE#
Mikrotik-CE(100.100.100.104) แสดงผลหลัง fail-over test scenario 2
ปิงไปหา NOKIA-CE(100.100.100.101) OK
ปิงไปหา Cisco-CE(100.100.100.105) OK
[admin@MikroTik] > ping 100.100.100.105 src-address=100.100.100.104
SEQ HOST SIZE TTL TIME STATUS
0 100.100.100.105 56 252 37ms
1 100.100.100.105 56 252 38ms
2 100.100.100.105 56 252 39ms
3 100.100.100.105 56 252 38ms
4 100.100.100.105 56 252 38ms
sent=5 received=5 packet-loss=0% min-rtt=37ms avg-rtt=38ms max-rtt=39ms
[admin@MikroTik] > ping 100.100.100.101 src-address=100.100.100.104
SEQ HOST SIZE TTL TIME STATUS
0 100.100.100.101 56 62 33ms
1 100.100.100.101 56 62 28ms
2 100.100.100.101 56 62 37ms
3 100.100.100.101 56 62 38ms
4 100.100.100.101 56 62 38ms
sent=5 received=5 packet-loss=0% min-rtt=28ms avg-rtt=34ms max-rtt=38ms
[admin@MikroTik] >
Cisco-CE(100.100.100.105) แสดงผลหลัง fail-over test scenario 2
ปิงไปหา NOKIA-CE(100.100.100.101) ไม่เจอ เพราะ TE-Tunnel ระหว่าง NOKIA-PE1 กับ Cisco-PE5 Down
ปิงไปหา Mikrotik-CE(100.100.100.104) OK
CISCO-CE#ping 100.100.100.101 source 100.100.100.105 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.100.101, timeout is 2 seconds: Packet sent with a source address of 100.100.100.105 ..... Success rate is 0 percent (0/5) CISCO-CE# CISCO-CE#ping 100.100.100.104 source 100.100.100.105 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.100.104, timeout is 2 seconds: Packet sent with a source address of 100.100.100.105 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 22/31/39 ms CISCO-CE#
อื่นๆ
Download text files including full configuration, show , ping test,
failover scenario1, failover scenario 2 of all nodes.
Software version
1 NOKIA-PE1, NOKIA-CE version TiMOS-L-12.0.R6
2 Juniper vMX version 14.1R1.10
3 Huawei eNSP version 1.2.00.510 V100R002C00
4 Cisco-PE5 version 15.5
2 Juniper vMX version 14.1R1.10
3 Huawei eNSP version 1.2.00.510 V100R002C00
4 Cisco-PE5 version 15.5
5 Cisco-CE version 15.5
6 Mikrotik-CE
แล็ปนี้ก็มีเพียงเท่านี้ ขอบคุณสำหรับการแวะเข้ามานะครับ
Good job
ReplyDeleteThanks bro..
Delete