路由器 : Cisco ASR 9000 系列汇聚服务路由器

IOS XP L2VPN服务和功能

2016 年 10 月 25 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈

简介

本文描述基本层2 (L2) VPN (L2VPN)拓扑。展示基本示例为了展示设计、服务、功能和配置是有用的。请参阅Cisco ASR 9000系列聚合服务路由器L2VPN和以太网服务配置指南,版本4.3.x关于其他信息。

贡献由吉恩克里斯托夫乘坐了和大卫鲍尔斯, Cisco TAC工程师。

1. 点到点和多点服务

L2VPN功能提供能力提供点到点和多点服务。

1.1点对点服务

点对点服务基本上模拟在两端节点之间的传输电路,因此端节点看上去在点对点链路直接地连接。这可以用于连接两个站点。

116453-technote-ios-xr-l2vpn-01.jpg

实际上,可以有在两端节点之间的多个路由器,并且可以有提供点对点服务的多设计。

一个路由器能执行在两的本地交换其接口之间:

116453-technote-ios-xr-l2vpn-02.jpg

可以也有一多协议标签交换(MPLS) pseudowire (PW)在两路由器之间:

116453-technote-ios-xr-l2vpn-03.jpg

路由器能在两PWs之间的交换机帧;在这种情况下,这是多分段PW :

116453-technote-ios-xr-l2vpn-04.jpg


冗余通过PW冗余功能是可用的:

116453-technote-ios-xr-l2vpn-05.jpg

其他设计是可用的,但是不可能所有列出此处。

1.2多点服务

多点服务模拟广播域,以便在该网桥域连接的所有主机看上去逻辑上连接到同一个以太网段:

116453-technote-ios-xr-l2vpn-06.jpg

所有主机可以连接到同一路由器/交换机:

116453-technote-ios-xr-l2vpn-07.jpg

多个交换机能执行传统以太网交换;必须用于生成树为了中断环路:

116453-technote-ios-xr-l2vpn-08.jpg


虚拟专用LAN服务(VPLS)使用MPLS PWs,让您扩大在多个站点之间的广播域:

116453-technote-ios-xr-l2vpn-09.jpg

分层的VPLS可以用于为了增加可扩展性:

116453-technote-ios-xr-l2vpn-10.jpg

2. 附件电路

2.1 ASR 9000以太网虚拟电路

2.1.1流入接口匹配

附件电路的(ACs)基本规则包括:

  • 在接口必须接收数据包配置与l2transport关键字为了由L2VPN功能处理。
  • 此接口可以是主接口, l2transport命令配置在接口配置模式下,或者子接口, l2transport关键字在子接口号以后配置。
  • 长匹配查找确定数据包的流入接口。 长匹配查找检查这些条件按此顺序匹配流入数据包到子接口:
    1. 流入的帧有两dot1q标记并且匹配子接口配置与同样两dot1q标记(建立隧道的802.1Q或者QinQ)。这是最长的可能匹配。
    2. 流入的帧有两dot1q标记并且匹配子接口配置与同样dot1q为第二标记首先标记和其中任一
    3. 流入的帧有一dot1q标记并且匹配子接口配置与同一dot1q标记和确切的关键字。
    4. 流入的帧有一个或更多dot1q标记并且匹配子接口配置与其中一dot1q标记。
    5. 流入的帧没有dot1q标记并且匹配用封装无标记命令配置的子接口。
    6. 流入的帧不能匹配其他子接口,因此匹配用encapsulation default命令配置的子接口。
    7. 流入的帧不能匹配其他子接口,因此匹配为l2transport配置的主接口。 
  • 在不使用以太网虚拟连接的传统路由器上(EVC)型号, VLAN标记配置在子接口下从帧删除(弹出),在他们由L2VPN功能前传输。
  • 在Cisco ASR 9000系列聚合服务使用EVC基础设施的路由器,默认操作是保留现有标记。请使用重写命令修改默认。
  • 如果有网桥虚拟接口(BVI)在网桥域,应该弹出所有流入标记没有任何标记,因为BVI是路由接口。请参阅BVI部分关于详细信息。

这是说明这些规则的几示例:

  1. 基本示例是,当必须传输时在物理端口接收的所有流量,是否有一VLAN标记。如果配置l2transport在主接口下,在该物理端口接收的所有流量由L2VPN功能传输:

    interface GigabitEthernet0/0/0/2
    l2transport
    如果有该主接口子接口,主接口捉住未由任何子接口匹配的所有帧;这是长匹配规则。

  2. 捆绑接口和子接口可以配置作为l2transport :

    interface Bundle-Ether1
    l2transport
  3. 请使用encapsulation default在l2transport子接口下匹配未由与长匹配的另一子接口匹配的所有标记为或未标签的数据流。(请参见示例4)。l2transport关键字配置在子接口名称,不在子接口下和在主接口:

    interface GigabitEthernet0/1/0/3.1 l2transport
    encapsulation default
    如果要匹配仅无标记帧,请配置无标记的封装

  4. 当有多个子接口时,请运行在流入的帧的长匹配测验为了确定流入接口:

    interface GigabitEthernet0/1/0/3.1 l2transport
    encapsulation default
    !
    interface GigabitEthernet0/1/0/3.2 l2transport
    encapsulation dot1q 2
    !
    interface GigabitEthernet0/1/0/3.3 l2transport
    encapsulation dot1q 2 second-dot1q 3
    在此配置中,请注释那:

    • 有一外面VLAN标记2和一内在VLAN标记的3一QinQ帧可能匹配.1, .2或者.3子接口,但是分配到.3子接口由于长匹配规则。在.3的两标记比在.2的一标记不长和长比在.1的标记。
    • 有一外面VLAN标记2和一内在VLAN标记的4一QinQ帧分配到.2子接口,因为encapsulation dot1q 2能匹配有VLAN标记的2 dot1q帧,但是能也匹配有一外面标记2.参考的示例的5 (确切的关键字) QinQ帧,如果不要匹配QinQ帧。
    • 有一外面VLAN标记的3一QinQ帧匹配.1子接口。
    • 有VLAN标记的2一dot1q帧匹配.2子接口。
    • 有VLAN标记的3一dot1q帧匹配.1子接口。

  5. 要匹配dot1q帧而不是QinQ帧,请使用确切的关键字:

    interface GigabitEthernet0/1/0/3.2 l2transport
    encapsulation dot1q 2 exact
    因为匹配有正确地一VLAN标记的,仅帧此配置不匹配有一外面VLAN标记的2 QinQ帧。

  6. 请使用无标记关键字为了匹配仅无标记帧例如思科设备发现协议(CDP)数据包或多个生成树网桥协议数据单元(BPDU) :

    interface GigabitEthernet0/1/0/3.1 l2transport
    encapsulation default
    !
    interface GigabitEthernet0/1/0/3.2 l2transport
    encapsulation untagged
    !
    interface GigabitEthernet0/1/0/3.3 l2transport
    encapsulation dot1q 3
    在此配置中,请注释那:

    • 有VLAN的Dot1q帧标记3或有一外面标记的3 QinQ帧匹配.3子接口。
    • 其他dot1q或QinQ帧匹配.1子接口。
    • 没有VLAN标记匹配的帧.2子接口。

  7. 所有关键字可以使用作为通配符:

    interface GigabitEthernet0/1/0/3.4 l2transport
    encapsulation dot1q 4 second-dot1q any
    !
    interface GigabitEthernet0/1/0/3.5 l2transport
    encapsulation dot1q 4 second-dot1q 5
    两子接口.4和.5可能匹配有标记的4和5 QinQ帧,但是帧分配到.5子接口,因为它更加特定。这是长匹配规则。

  8. 可以使用范围VLAN标记:

    interface GigabitEthernet0/1/0/3.6 l2transport
    encapsulation dot1q 6-10
  9. 多个VLAN标记值或范围可以是列出的为第一或第二dot1q标记:

    interface GigabitEthernet0/1/0/3.7 l2transport
    encapsulation dot1q 6 , 7 , 8-10
    !
    interface GigabitEthernet0/1/0/3.11 l2transport
    encapsulation dot1q 11 second-dot1q 1 , 2 , 3 , 4-6 , 10
    您能列出最多九个值。如果更多值要求,必须分配他们到另一子接口。在范围的组的值为了缩短列表。

  10. 因为这是封装QinQ帧的思科方法encapsulation dot1q second-dot1q命令使用以太网类型0x8100外面和内在标记。根据IEEE,然而,应该为802.1q有一VLAN标记的帧保留以太网类型0x8100,并且应该用于与以太网类型0x88a8的一外面标记QinQ帧。与以太网类型0x88a8的外面标记可以配置与dot1ad关键字:

    interface GigabitEthernet0/1/0/3.12 l2transport
    encapsulation dot1ad 12 dot1q 100
  11. 为了使用旧有以太网类型0x9100或0x9200 QinQ外面标记,请使用dot1q tunneling ethertype命令在QinQ子接口的主接口下:

    interface GigabitEthernet0/1/0/3
    dot1q tunneling ethertype [0x9100|0x9200]
    !
    interface GigabitEthernet0/1/0/3.13 l2transport
    encapsulation dot1q 13 second-dot1q 100
    外面标记有0x9100或0x9200以太网类型,并且内在标记有dot1q以太网类型0x8100。

  12. 流入的帧可以分配到子接口,根据源MAC地址:

    interface GigabitEthernet0/1/0/3.14 l2transport
    encapsulation dot1q 14 ingress source-mac 1.1.1

2.1.2 VLAN处理

一个基于EVC的平台的默认行为是保持在流入的帧的VLAN标记。

interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3

在此配置中,当帧转发时,有VLAN标记的3一流入dot1q帧保持其VLAN标记3。当帧转发时,有一外面VLAN标记3和一内在标记的100一流入QinQ帧保持两标记不可更改。

但是, EVC基础设施允许您操作标记用重写命令,因此您能弹出(删除),翻译或者推送(请添加)标记到流入VLAN标记堆叠。

这是几示例:

  • pop关键字让您从一流入dot1q帧删除QinQ标记。此示例删除流入QinQ帧的外面标记13并且传送有dot1q标记的100帧在上面:
interface GigabitEthernet0/1/0/3.13 l2transport
encapsulation dot1q 13 second-dot1q 100
rewrite ingress tag pop 1 symmetric

行为总是对称,因此意味着外面标记13在入口方向在输出方向弹出并且推送。

  • 翻译关键字让您由一两新的标记替换一两流入标记:
RP/0/RSP0/CPU0:router2(config-subif)#interface GigabitEthernet0/1/0/3.3 
l2transport
RP/0/RSP0/CPU0:router2(config-subif)# encapsulation dot1q 3
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate ?
1-to-1 Replace the outermost tag with another tag
1-to-2 Replace the outermost tag with two tags
2-to-1 Replace the outermost two tags with one tag
2-to-2 Replace the outermost two tags with two other tags
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1 ?
dot1ad Push a Dot1ad tag
dot1q Push a Dot1Q tag
RP/0/RSP0/CPU0:router2(config-subif)#rewrite ingress tag translate 1-to-1
dot1q 4
RP/0/RSP0/CPU0:router2(config-subif)#show config
Building configuration...
!! IOS XR Configuration 4.3.0
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag translate 1-to-1 dot1q 4 symmetric
!
end

因为它是唯一的支持的模式,对称关键字自动地被添加。

  • 推送关键字让您添加QinQ标记到一流入dot1q帧:
interface GigabitEthernet0/1/0/3.4 l2transport
encapsulation dot1q 4
rewrite ingress tag push dot1q 100 symmetric

一外面QinQ标记100被添加到有dot1q标记的4.流入的帧。在输出方向, QinQ标记弹出。

2.2 Cisco IOS XR非EVC路由器工作情况(CRS和XR12000)

匹配在非EVC平台的VLAN的语法不使用封装关键字:

RP/0/RP0/CPU0:router1#config
RP/0/RP0/CPU0:router1(config)#int gig 0/0/0/2.3 l2transport
RP/0/RP0/CPU0:router1(config-subif)#dot1q ?
vlan Configure a VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan ?
<1-4094> Configure first (outer) VLAN ID on the subinterface
RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 ?
<1-4094> Configure second (inner 802.1Q) VLAN ID on the subinterface
any Match frames with any second 802.1Q VLAN ID

RP/0/RP0/CPU0:router1(config-subif)#dot1q vlan 3 100

VLAN标记处理不可能配置,因为唯一的可能的行为是弹出在dot1qdot1ad命令指定的所有标记。默认情况下这执行,那么那里是没有重写命令。

3. 点对点服务

注意

使用命令查找工具仅限注册用户)可获取有关本部分所使用命令的详细信息。

命令输出解释程序工具仅限注册用户)支持某些 show 命令。请使用Output Interpreter Tool为了查看show命令输出分析。

3.1本地交换

3.1.1主接口

基本结构是在两主接口之间的本地交叉连接:

116453-technote-ios-xr-l2vpn-11.jpg


Router2采取在美国兵接收的所有流量0/1/0/1并且寄它给Te 0/0/0/3反之亦然。

当router1和router3在此拓扑方面时看上去有一个直接背对背电缆,这不是实际情形,因为router2实际上翻译在TenGigE和千兆以太网接口之间。Router2能运行在这两个接口的功能;访问控制表(ACL),例如,能丢弃数据包或策略映射为了整形或速率限制低优先级流量的特定类型。

基本点到点交叉连接配置在配置作为在router2的l2transport的两主接口之间:

interface GigabitEthernet0/1/0/1
l2transport
!
!
interface TenGigE0/0/0/3
l2transport
!
!
l2vpn
xconnect group test
p2p p2p1
interface TenGigE0/0/0/3
interface GigabitEthernet0/1/0/1
!

在router1和router3,主接口配置与CDP和IPv4地址:

RP/0/RP0/CPU0:router1#sh run int Gi 0/0/0/1
interface GigabitEthernet0/0/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!

RP/0/RP0/CPU0:router1#
RP/0/RP0/CPU0:router1#sh cdp nei Gi 0/0/0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
router3.cisco.c Gi0/0/0/1 132 R ASR9K Ser Te0/0/0/3
RP/0/RP0/CPU0:router1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/8/32 ms

Router1看到router3作为CDP邻居,并且能ping 10.1.1.2 (router3接口地址),好象两路由器直接地连接。

由于没有在router2配置的子接口,有VLAN标记的流入的帧传输透明地,当dot1q子接口在router1和router3时配置:

RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2
ipv4 address 10.1.2.1 255.255.255.0
dot1q vlan 2
!

RP/0/RP0/CPU0:router1#ping 10.1.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms

在10,000 ping以后从router1到router3,您能使用show interface显示l2vpn命令为了保证在一个AC的router2接收的ping请求在另一个AC转发,并且ping回复在背面被处理同一个方式。

RP/0/RSP0/CPU0:router2#sh int gig 0/1/0/1
GigabitEthernet0/1/0/1 is up, line protocol is up
Interface state transitions: 1
Hardware is GigabitEthernet, address is 0024.986c.63f1 (bia 0024.986c.63f1)
Description: static lab connection to acdc 0/0/0/1 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 1000Mb/s, SXFD, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:01:07
5 minute input rate 28000 bits/sec, 32 packets/sec
5 minute output rate 28000 bits/sec, 32 packets/sec
10006 packets input, 1140592 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 6 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10007 packets output, 1140832 bytes, 0 total output drops
Output 0 broadcast packets, 7 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions


RP/0/RSP0/CPU0:router2#sh int ten 0/0/0/3
TenGigE0/0/0/3 is up, line protocol is up
Interface state transitions: 3
Hardware is TenGigE, address is 0024.98ea.038b (bia 0024.98ea.038b)
Layer 1 Transport Mode is LAN
Description: static lab connection to putin 0/0/0/3 - dont change
Layer 2 Transport Mode
MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 10000Mb/s, LR, link type is force-up
output flow control is off, input flow control is off
loopback not set,
Last input 00:00:00, output 00:00:06
Last clearing of "show interface" counters 00:01:15
5 minute input rate 27000 bits/sec, 30 packets/sec
5 minute output rate 27000 bits/sec, 30 packets/sec
10008 packets input, 1140908 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 8 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10006 packets output, 1140592 bytes, 0 total output drops
Output 0 broadcast packets, 6 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions


RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- -------------------------- --------------------------
test p2p1 UP Te0/0/0/3 UP Gi0/1/0/1 UP
-------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det

Group test, XC p2p1, state is up; Interworking none
AC: TenGigE0/0/0/3, state is up
Type Ethernet
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 10008, sent 10006
bytes: received 1140908, sent 1140592
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 10006, sent 10008
bytes: received 1140592, sent 1140908

RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface gigabitEthernet 0/1/0/1
hardware ingress detail location 0/1/CPU0
Local interface: GigabitEthernet0/1/0/1, Xconnect id: 0x1880003, Status: up
Segment 1
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound
Statistics:
packets: received 10022, sent 10023
bytes: received 1142216, sent 1142489
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound

Platform AC context:
Ingress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00580003, SHG: None
Ingress uIDB: 0x0003, Egress uIDB: 0x0003, NP: 3, Port Learn Key: 0
NP3
Ingress uIDB:
Flags: L2, Status
Stats Ptr: 0x0d842c, uIDB index: 0x0003, Wire Exp Tag: 0
BVI Bridge Domain: 0, BVI Source XID: 0x01000000
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
QOS ID: 0, QOS Format ID: 0
Local Switch dest XID: 0x00000001
UIDB IF Handle: 0x00000000, Source Port: 1, Num VLANs: 0
Xconnect ID: 0x00580003, NP: 3
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0003, LAG pointer: 0x0000
Split Horizon Group: None

RP/0/RSP0/CPU0:router2#sh l2vpn forwarding interface Te 0/0/0/3 hardware egress
detail location 0/0/CPU0
Local interface: TenGigE0/0/0/3, Xconnect id: 0x1080001, Status: up
Segment 1
AC, TenGigE0/0/0/3, Ethernet port mode, status: Bound
Statistics:
packets: received 10028, sent 10027
bytes: received 1143016, sent 1142732
packets dropped: PLU 0, tail 0
bytes dropped: PLU 0, tail 0
Segment 2
AC, GigabitEthernet0/1/0/1, Ethernet port mode, status: Bound

Platform AC context:
Egress AC: Local Switch, State: Bound
Flags: Remote is Simple AC
XID: 0x00000001, SHG: None
Ingress uIDB: 0x0007, Egress uIDB: 0x0007, NP: 0, Port Learn Key: 0
NP0
Egress uIDB:
Flags: L2, Status, Done
Stats ptr: 0x000000
VPLS SHG: None
L2 ACL Format: 0, L2 ACL ID: 0, IPV4 ACL ID: 0, IPV6 ACL ID: 0
VLAN1: 0, VLAN1 etype: 0x0000, VLAN2: 0, VLAN2 etype: 0x0000
UIDB IF Handle: 0x04000240, Search VLAN Vector: 0
QOS ID: 0, QOS format: 0
Xconnect ID: 0x00000001, NP: 0
Type: AC, Remote type: AC
Flags: Learn enable
uIDB Index: 0x0007, LAG pointer: 0x0000
Split Horizon Group: None

3.1.2子接口和VLAN处理

用Cisco IOS软件术语,是类似switchport mode access接口和dot1q子接口是类似中继的此示例有一个AC :

116453-technote-ios-xr-l2vpn-12.jpg


典型地此拓扑使用一个网桥域,因为通常有超过VLAN的两个端口,虽然您能使用点到点交叉连接,如果只有两个端口。此部分描述灵活重写功能如何给您多种方式操作VLAN。

3.1.2.1主接口和Dot1q子接口

在本例中,主接口在一端,并且dot1q子接口在另一侧:

这是在router1的主接口:

RP/0/RP0/CPU0:router1#sh run int gig 0/0/0/1
interface GigabitEthernet0/0/0/1
description static lab connection to router2 0/1/0/1
cdp
ipv4 address 10.1.1.1 255.255.255.0
!

这是在router2的dot1q子接口:

RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/1
interface GigabitEthernet0/1/0/1
description static lab connection to router1 0/0/0/1
l2transport

RP/0/RSP0/CPU0:router2#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric

RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p2
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1

当前有在TenGigE0/0/0/3.2子接口名称的一个l2transport关键字。Router3发送有标记的2 dot1q帧,匹配在router2的TenGigE0/0/0/3.2子接口。

流入标记2在入口方向删除由rewrite ingress tag pop 1对称命令。因为标记在TenGigE0/0/0/3.2的入口方向删除,数据包是发送的无标记在GigabitEthernet0/1/0/1的输出方向。

Router1发送无标记帧,匹配主接口GigabitEthernet0/1/0/1。

没有重写on命令GigabitEthernet0/1/0/1,因此标记没有弹出,推送或者翻译。

当数据包必须转发在TenGigE0/0/0/3.2外面时, dot1q标记2推送的归结于在rewrite ingress tag pop 1命令的对称关键字。命令pops在入口方向的一标记,但是对称地推送在输出方向的一标记。这是在router3的一示例:

RP/0/RSP0/CPU0:router3#sh run int ten 0/0/0/3.2
interface TenGigE0/0/0/3.2
ipv4 address 10.1.1.2 255.255.255.0
encapsulation dot1q 2

监控与同样show interface的子接口计数器并且显示l2vpn命令:

RP/0/RSP0/CPU0:router2#clear counters
Clear "show interface" counters on all interfaces [confirm]
RP/0/RSP0/CPU0:router2#clear l2vpn forwarding counters
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#
RP/0/RSP0/CPU0:router2#sh int TenGigE0/0/0/3.2
TenGigE0/0/0/3.2 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0024.98ea.038b
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 2
Ethertype Any, MAC Match src any, dest any
loopback not set,
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 00:00:27
1000 packets input, 122000 bytes
0 input drops, 0 queue drops, 0 input errors
1002 packets output, 122326 bytes
0 output drops, 0 queue drops, 0 output errors


RP/0/RSP0/CPU0:router2#sh l2vpn xconnect detail

Group test, XC p2p2, state is up; Interworking none
AC: TenGigE0/0/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1080001; interworking none
Statistics:
packets: received 1001, sent 1002
bytes: received 118080, sent 118318
drops: illegal VLAN 0, illegal length 0
AC: GigabitEthernet0/1/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x1880003; interworking none
Statistics:
packets: received 1002, sent 1001
bytes: received 114310, sent 114076

正如所料,在TenGigE0/0/0/3.2接收的数据包数量匹配发送的数据包编号在GigabitEthernet0/1/0/1的反之亦然。

与封装的3.1.2.2子接口

而不是在GigabitEthernet0/1/0/1的主接口,您能使用子接口以encapsulation default为了捉住所有帧或以无标记的封装为了匹配仅无标记帧:

RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged

RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric

RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1

在GigabitEthernet0/1/0/1.1的3.1.2.3入口方向

而不是在入口方向的pop标记2在TenGigE0/0/0/3.2,您在TenGigE0/0/0/3.2能推送在入口方向的标记2在GigabitEthernet0/1/0/1.1和不执行任何东西:

RP/0/RSP0/CPU0:router2#sh run int  TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2

RP/0/RSP0/CPU0:router2#sh run interface GigabitEthernet0/1/0/1.1
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation untagged
rewrite ingress tag push dot1q 2 symmetric

RP/0/RSP0/CPU0:router2#sh run int TenGigE0/0/0/3.2
interface TenGigE0/0/0/3.2 l2transport
encapsulation dot1q 2

RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p3
interface TenGigE0/0/0/3.2
interface GigabitEthernet0/1/0/1.1

因此,您能看到EVC型号用封装重写命令提供您较大适应性匹配和操作VLAN标记。

3.2虚拟私有通讯社

3.2.1概述

虚拟私有通讯社(VPWS),亦称Ethernet over MPLS (EoMPLS),允许两个L2VPN服务商边缘设备以隧道传输在MPLS网云的L2VPN流量。两L2VPN观点扫描器在有一个MPLS核心的两个不同的站点典型地连接在他们之间。两个ACs连接在每个L2VPN PE由在MPLS网络的PW连接,是MPLS PW。

116453-technote-ios-xr-l2vpn-13.jpg


每个PE需要有MPLS标签为了到达远程PE的环回。此标签,通常呼叫内部网关路由协议(IGP)标签,可以通过MPLS标签转发协议(LDP)或MPLS流量工程(TE)了解。

两观点扫描器建立在他们自己之间的一瞄准的MPLS LDP会话他们能如此设立和控制PW的状态。一个PE通告对另一个PE PW识别的MPLS标签。

注意:当BGP可以用于发信号时,在本文没有包括。

在其本地AC的router2接收的流量在MPLS标签栈被封装:

  • 外面MPLS标签是到达router3环回的IGP标签。如果标签直接地连接,这可能是隐式空标签;这意味着IGP标签不会被添附。
  • 内在MPLS标签是router3通告的PW标签通过瞄准的LDP会话。
  • 可以有PW控制字在MPLS标签以后,根据配置和封装种类。默认情况下控制字在以太网接口没有使用,并且必须明确地配置,当需要。
  • 传输的L2帧在数据包跟随。
  • 一些VLAN标记在PW传输,根据配置和PW类型。

倒数第二的跳,在MPLS核心的router3,弹出IGP标签或用明确NULL标签之前替换它。因此,在router3接收的帧的顶部有意义的标签是router3发信号对PW的router2的PW标签。因此, router3知道用该MPLS标签接收的该流量应该交换到AC连接对router4。

前一个示例中,您应该首先证实每个L2VPN是否有远程PE的环回的一个MPLS标签。这是示例如何检查在router2的标签:

RP/0/RSP1/CPU0:router2#sh mpls forwarding prefix 10.0.0.11/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16008 16009 10.0.0.11/32 Te0/0/0/1 10.0.23.2 681260

AC配置仍然是相同的:

RP/0/RSP1/CPU0:router2#sh run int gig 0/0/0/1.2
Wed May 1 13:56:07.668 CEST
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2

由于没有重写入口pop命令,流入VLAN标记2在PW传输。请参阅类型4和5 PWs关于详细信息。

L2VPN配置指定本地AC和远程L2VPN PE与必须配比在每一侧,并且一定是唯一为每个邻居的PW ID :

RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222

在router3的对应的配置是:

RP/0/RSP0/CPU0:router3#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!

RP/0/RSP0/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p4
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222

请使用detail命令显示l2vpn的xconnect为了查看在交叉连接的详细信息:

RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail

Group test, XC p2p4, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38448
bytes: received 12644, sent 2614356
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (21:31:00 ago)
Last time status changed: 30/04/2013 16:36:42 (21:25:16 ago)
Statistics:
packets: received 38448, sent 186
bytes: received 2614356, sent 12644

在此配置中,请注释那:

  • 因为在AC的流入标记没有弹出, AC的最大传输单元(MTU)是1504。MTU必须配比在每一侧,或者PW不出现。
  • 186数据包在AC在PW接收和被发送了正如所料。
  • 38448数据包在PW在AC接收和被发送了正如所料。
  • 在router2的本地标签是16026并且是router3使用作为内部标签的标签。因为IGP标签由倒数第二的MPLS跳,弹出数据包在router2接收用该MPLS标签,当顶部标签。Router2知道应该交换流入的帧用该PW标签到AC美国兵0/0/0/1.2 :
RP/0/RSP1/CPU0:router2#sh mpls forwarding labels 16026
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16026 Pop PW(10.0.0.11:222) Gi0/0/0/1.2 point2point 2620952

3.2.2 PW和AC耦合了状态

在点到点交叉连接, AC和PW被耦合。因此,如果AC断开, L2VPN PE通过LDP表明对远程PE PW状态应该发生故障。当PW冗余配置时,这触发收敛。请参阅冗余部分关于详细信息。

在本例中, AC下来在router2和发送对router3的‘AC Down' PW状态:

RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test xc-name p2p4 detail
Wed May 1 23:38:55.542 CEST

Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/0/0/1.2, state is down
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x840006; interworking none
Statistics:
packets: received 186, sent 38544
bytes: received 12644, sent 2620884
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.11, PW ID 222, state is down ( remote standby )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, protocol LDP
Source address 10.0.0.13
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16026 16031
Group ID 0x4000280 0x6000180
Interface GigabitEthernet0/0/0/1.2 GigabitEthernet0/1/0/3.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/04/2013 16:30:58 (1d07h ago)
Last time status changed: 01/05/2013 14:05:07 (09:33:47 ago)
Statistics:
packets: received 38544, sent 186
bytes: received 2620884, sent 12644

Router3知道PW应该发生故障,因为远程AC发生故障:

RP/0/RSP0/CPU0:router3#sh l2vpn xconnect group test xc-name p2p4 detail

Group test, XC p2p4, state is down; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 38545, sent 186
bytes: received 2620952, sent 12644
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16031 16026
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 30/04/2013 16:37:57 (1d07h ago)
Last time status changed: 01/05/2013 14:11:33 (09:35:50 ago)
Statistics:
packets: received 186, sent 38545
bytes: received 12644, sent 2620952

3.2.3类型4和类型5 PWs

可以使用PWs的两种类型-类型4和类型5。

  • 类型4 PW是公认的基于vlan的PW。入口PE不应该删除将在PW传输的流入VLAN标记。

    在基于EVC的平台上例如ASR 9000,问题是流入ACs也许有弹出流入VLAN标记的重写命令,那么那里也许不在PW将传输的所有VLAN标记。为了论及此可能性, EVC平台插入一假的VLAN标记0在类型的4 PWs帧顶部。类型4 PWs配置与vlan命令的传输模式。应该EVC根据远程PE并且应该了解顶部VLAN标记是将剥离的假的标记。

    然而,如果使用一个类型4在EVC平台和一个非EVC平台之间的PW,这也许导致互操作性问题。非EVC平台不考虑顶部VLAN标记,因为假的VLAN标记和传送有假的VLAN标记的0帧作为外面标记。EVC平台有能力操作在流入的帧接收的VLAN标记用重写命令。该VLAN处理结果在类型4与额外的假的标记0的PW传输在上面。

    最近的Cisco IOS XR软件版本提供能力使用类型4 PW,不用使用假的标记0用传输模式VLAN转接命令。在以太网的VLAN标记处理流点(EFP)必须保证至少一标记保持,因为必须有在类型传输的VLAN标记4 PW,并且,因为,在这种情况下,没有符合该要求的假的标记。在帧的标记,在流入接口标记重写通过PW后传输透明地。
  • 类型5 PW是公认的以太网基于端口的PW。在主接口接收的入口PE传输帧或,在子接口标记删除后,当数据包在子接口接收。没有需求发送在类型5 PW的一标记的帧,并且假的标记没有乘基于EVC的平台添加。基于EVC的平台有能力操作在流入的帧接收的VLAN标记用重写命令。该VLAN处理结果是否在类型5 PW传输,标记为或无标记。

默认情况下, L2VPN观点扫描器设法如在此示例中看到协商类型5 PW, :

RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet, control word disabled, interworking none
PW type Ethernet Ethernet

PW类型以太网指示一个类型5 PW。

这是在PW的router2发送由router1和封装的ARP请求的嗅探器捕获对router3 :

Frame 38: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)

MPLS标签16031是router3通告的PW标签。嗅探器捕获被采取了在倒数第二的跳之间,并且router3,那么那里是没有IGP标签。

被封装的以太网帧在PW标签之后启动。可以有PW控制字,但是没有在本例中配置。

即使它是类型5 PW,在AC 2接收的流入VLAN标记由router2传输,因为没有在AC弹出它的重写命令。来自AC的结果,在重写处理传输后,因为没有自动标记弹出在基于EVC的平台。注意没有与类型5 PW的假的VLAN标记0。

如果用rewrite ingress tag pop 1对称命令配置,没有在PW传输的VLAN标记。

这是类型4与PW中集集团的配置的PW的示例在router2和router3的。

注意:如果配置在仅一端的一个类型4, PW坚持下来和报告的Error:不匹配的PW类型’。

l2vpn
pw-class VLAN
encapsulation mpls
transport-mode vlan
!
!
xconnect group test
p2p p2p4
neighbor 10.0.0.11 pw-id 222
pw-class VLAN
!
!
!
!

PW类型以太网VLAN指示一个类型4 PW。

RP/0/RSP1/CPU0:router2#sh l2vpn xconnect group test det | i " PW type"
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN

当前有一假的标记0插入在传输的帧顶部:

Frame 15: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Ethernet II, Src: Cisco_2f:dc:04 (00:0b:60:2f:dc:04), Dst: Cisco_1e:93:50
(00:24:f7:1e:93:50)
MultiProtocol Label Switching Header, Label: 16031, Exp: 0, S: 1, TTL: 251
Ethernet II, Src: Cisco_03:1f:46 (00:1d:46:03:1f:46), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 0
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2
Address Resolution Protocol (request)

出口基于EVC的PE删除假的标记并且传送有标记的2帧在其本地AC。出口PE应用在其在PW接收的帧的AC配置的本地标记处理。如果其本地AC配置作为对称rewrite ingress tag的pop 1,在输出方向必须推送已配置的标记,因此一新的标记推送在PW 2顶部接收的标记。重写命令非常灵活,但是您应该仔细评估什么您要达到在PW的每侧。

3.2.4 Multisegment PW

有L2VPN PE有PW,而不是物理接口,作为AC的是可能的:

116453-technote-ios-xr-l2vpn-14.jpg

Router5收到在PW的数据包从router2并且转换在其其他PW的数据包对router3。router5所以交换在PWs之间为了创建在router2和router3之间的一multisegment PW。

在router2的配置当前指向router5作为远程PE :

RP/0/RSP1/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.12 pw-id 222
!
!
!
!

在router5的配置基本:

RP/0/RSP0/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p5
neighbor 10.0.0.11 pw-id 223
!
neighbor 10.0.0.13 pw-id 222
!
description R2-R5-R3
!
!
!

description命令可选和插入在交换类型长度值(TLV)的PW由router5发送对每个远程PE (router2和router3)。说明是有用的,当您需要排除故障PW问题时,当有一个路由器在执行PW交换的中部时。

输入嘘l2vpn xconnect命令为了查看交换TLV的PW :

RP/0/RSP0/CPU0:router5#sh l2vpn xconnect group test det

Group test, XC p2p5, state is down; Interworking none
Description: R2-R5-R3
PW: neighbor 10.0.0.11, PW ID 223, state is down ( provisioned )
PW class not set, XC ID 0xc0000002
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16042 unknown
Group ID 0x4000280 0x0
Interface GigabitEthernet0/0/0/1.2 unknown
MTU 1504 unknown
Control word disabled unknown
PW type Ethernet unknown
VCCV CV type 0x2 0x0
(none)
(LSP ping verification)
VCCV CC type 0x4 0x0
(none)
(TTL expiry)
------------ ------------------------------ -----------------------------
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.13, PW ID: 222
Description: R1-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 3221225474
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:30 (00:00:06 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000001
Encapsulation MPLS, protocol LDP
Source address 10.0.0.12
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16043 16056
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x4 0x6
(router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing PW Switching TLVs (Label Mapping message):
Local IP Address: 10.0.0.12, Remote IP Address: 10.0.0.11, PW ID: 223
Description: R2-R5-R3
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Statistics for MS-PW:
packets: received 0
bytes: received 0
MIB cpwVcIndex: 0
Create time: 02/05/2013 15:37:53 (00:34:43 ago)
Last time status changed: 02/05/2013 16:12:35 (00:00:01 ago)
Last time PW went down: 02/05/2013 16:12:30 (00:00:06 ago)

Router5发送交换TLV的PW对与对router2并且发送PW交换TLV的其PW详细信息的router3对与其PW详细信息的router2对router3。

3.2.5冗余

点对点PW可以用于连接两个站点,但是这两个站点应该保持已连接在PE或AC失败的情况下。

3.2.5.1核心冗余

如果做影响重路由在MPLS核心的任何拓扑更改, MPLS PW立即继承新的路径。

在PWs的3.2.5.2套件

如果有在CE和PE之间的一个捆绑成员链路故障用户边缘(CE)设备可以连接到PE通过以太网套件为了提供链路冗余。套件保持,即使一个捆绑链路成员断开。注意这不提供PE冗余,因为PE失败减少整个套件。

冗余的一个方法将安排多个电路传输由点到点PWs。每个电路是一个以太网套件的成员在两CES之间的:

116453-technote-ios-xr-l2vpn-15.jpg

PE不终止套件和传输帧透明地在PW,包括CES交换在他们之间的链路汇聚控制协议(LACP)帧。

使用此设计, AC的损耗或PE导致一个捆绑成员断开,但是套件保持。

注意:LACP BPDU未在L2VPN早于Cisco IOS XR软件版本4.2.1传输由在版本的ASR 9000。

CE仍然是在此设计的一个单点故障。在CE能使用的其他冗余功能包括:

  • 多机箱林克聚合组(MC-LAG)
  • ASR 9000网络虚拟化(nV)集群
  • 虚拟交换系统(VSS)在Cisco IOS交换机
  • 虚拟端口信道(vPC)在思科连结交换机

从PE的角度,有AC和MPLS PW之间的简单点对点连接。

3.2.5.3 PW冗余

观点扫描器能也提供冗余呼叫PW冗余的功能。

116453-technote-ios-xr-l2vpn-15a.jpg

Router2有主要的PW对router3。在正常情况下流量从router1到router6漫过该主要的PW。Router2也没有一个备份PW对router4在热备件,但是,在正常情况下,在该PW的通信流。

如果有一问题与主要的PW,与主要的PW (router3)的远程PE,或者与在远程PE (router3)的AC, router2立即激活备份PW,并且流量开始流经它。当问题是解决的时,流量移动回到主要的PW。

在router2的配置是:

RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/1/0/3.2
neighbor 10.0.0.13 pw-id 222
backup neighbor 10.0.0.14 pw-id 222
!
!
!
!
!

在router3和router4的标准配置是:

RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p6
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 222
!
!
!
!

在稳定情况下,对router3的PW是活跃的,并且对router4的PW在备用状态:

RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
--------------------- ------------------ ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 UP
Backup
10.0.0.14 222 SB
------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det

Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51412, sent 25628
bytes: received 3729012, sent 1742974
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ -------------------------- --------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ -------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25628, sent 51412
bytes: received 1742974, sent 3729012

Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is standby ( all ready )
Backup for neighbor 10.0.0.13 PW ID 222 ( inactive )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ --------------------------- --------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ --------------------------- --------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x20 (Standby) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:21:26 ago)
Last time status changed: 03/05/2013 15:17:34 (00:07:55 ago)
MAC withdraw message: send 0 receive 0
RP/0/RSP0/CPU0:router2#

由于AC状态和PW状态被耦合, router3信号的对router2的AC down',当在router3的AC断开。Router2减少其主要的PW并且激活备份PW :

RP/0/RSP0/CPU0:May  3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN : 
Pseudowire with address 10.0.0.13, id 222, state is Down
RP/0/RSP0/CPU0:May 3 15:34:08.772 : l2vpn_mgr[1121]: %L2-L2VPN_PW-3-UPDOWN :
Pseudowire with address 10.0.0.14, id 222, state is Up

RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p6 UP Gi0/1/0/3.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router2#sh l2vpn xconnect group test det

Group test, XC p2p6, state is up; Interworking none
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0xc40003; interworking none
Statistics:
packets: received 51735, sent 25632
bytes: received 3752406, sent 1743230
drops: illegal VLAN 0, illegal length 0
PW: neighbor 10.0.0.13, PW ID 222, state is down ( local ready )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ---------------------------
Label 16049 16059
Group ID 0x6000180 0x4000280
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ---------------------------
Incoming Status (PW Status TLV):
Status code: 0x6 (AC Down) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225477
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0

Backup PW:
PW: neighbor 10.0.0.14, PW ID 222, state is up ( established )
Backup for neighbor 10.0.0.13 PW ID 222 ( active )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------- -----------------------------
Label 16050 289971
Group ID 0x6000180 0x4000100
Interface GigabitEthernet0/1/0/3.2 GigabitEthernet0/0/0/1.2
MTU 1504 1504
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------- -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225478
Create time: 03/05/2013 15:04:03 (00:30:14 ago)
Last time status changed: 03/05/2013 15:34:08 (00:00:09 ago)
MAC withdraw message: send 0 receive 0
Statistics:
packets: received 25632, sent 51735
bytes: received 1743230, sent 3752406
RP/0/RSP0/CPU0:router2#

当在router3的AC恢复时, router2恢复活动主要的PW对router3,并且对router4的PW回到备用状态。

备份PW也激活,当router3断开时,并且router2丢失路由对其环回。

下个合理的步骤将引入与两观点扫描器的双向PW冗余在每个站点:

116453-technote-ios-xr-l2vpn-16.jpg


然而,当两PWs是活跃的环路同时介绍到网络时, PWs此全网状遇到问题。环路需要利用被中断,通常生成树协议。然而,您不在一个站点希望生成树不稳定性传播到另一个站点。因此,不运行在这些的生成树PWs和不合并在两个站点之间的生成树最好的。它更加简单,如果有两个站点之间的一个逻辑链接,以便生成树没有要求。

一解决方案将使用在两观点扫描器之间的一个MC-LAG套件在一个站点和他们的本地CE。仅一两观点扫描器有其捆绑成员激活,以便其对远程站点的PW是活跃的。另一个PE有其捆绑成员在备用状态并且有其PW到远程站点下来。使用在两个站点之间的一PW激活,环路只没有介绍。与激活PW的PE也有一待机PW对第二个PE在远程站点。

在稳定情况下,活动捆绑成员是在router2和router3,并且激活PW在他们之间。这是在router3的配置:

RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!

RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!

RP/0/RSP1/CPU0:router3#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!
RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ --------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------

RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222

Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps
-------------------- --------------- -------- -------------- ----------
Gi0/0/0/1 Local Active 0x8001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8002, 0xa002 1000000
Link is marked as Standby by mLACP peer

在router5,本地捆绑成员和主要的PW对router2在备用状态,并且备份PW对router4发生故障:

RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!

RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!

RP/0/RSP1/CPU0:router5#sh run l2vpn xconnect group test
l2vpn
xconnect group test
p2p p2p7
interface Bundle-Ether222.2
neighbor 10.0.0.11 pw-id 222
backup neighbor 10.0.0.12 pw-id 222
!
!
!
!
!

RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- --------------------------
test p2p7 DN BE222.2 UP 10.0.0.11 222 SB
Backup
10.0.0.12 222 DN
------------------------------------------------------------------------------
RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222

Bundle-Ether222
Status: mLACP hot standby
Local links : 0 / 1 / 1
Local bandwidth : 0 (0) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Standby
Foreign links : 1 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Standby 0x8002, 0xa002 1000000
mLACP peer is active
Gi0/0/0/1 10.0.0.13 Active 0x8001, 0x9001 1000000
Link is Active

在router6,而router5的捆绑成员在备用状态, router3的捆绑成员是活跃的:

router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)

当router3的捆绑成员断开时, router6有其激活成员对router5 :

router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Gi0/1(D) Gi0/2(P)

因为bundle-ether222下来在router5,对router2的耦合的PW同时断开:

RP/0/RSP1/CPU0:router3#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 DN BE222.2 DN 10.0.0.11 222 DN
Backup
10.0.0.12 222 DN
-----------------------------------------------------------------------------

Router2检测其对router3的PW发生故障并且激活其备份PW对router5 :

RP/0/RSP0/CPU0:router2#sh l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ -------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.13 222 DN
Backup
10.0.0.14 222 UP
-----------------------------------------------------------------------------

Router5有其捆绑成员激活以及其主要的PW对router2 :

RP/0/RSP1/CPU0:router5#sh bundle bundle-ether 222

Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps
-------------------- ----------- ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x8002, 0xa002 1000000
Link is Active
Gi0/0/0/1 10.0.0.13 Configured 0x8003, 0x9001 1000000
Link is down
RP/0/RSP1/CPU0:router5#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p7 UP BE222.2 UP 10.0.0.11 222 UP
Backup
10.0.0.12 222 DN
-------------------------------------------------------------------------------

3.2.5.4 ASR 9000 nV边缘团星

根据MC-LAG和PW冗余优良的上一个设计工作为冗余,然而,因为一些捆绑成员在备用状态,他们不在平稳的情况下运载流量。

如果想要所有捆绑成员激活,下面稳定情况,您能以从CE的捆绑成员使用ASR 9000集群连接对PE的每货架:

116453-technote-ios-xr-l2vpn-17.jpg

此设计提供冗余在CE和PE、货架失败和核心链路故障之间的一个捆绑成员链路故障-,只要集群双重附加对MPLS核心,并且有在核心的冗余。两货架不必须代管并且可能在不同的位置。相互货架链路在此图表中没有代表。

如果想要在CE的冗余,您能使用多机箱解决方案CE :

  • MC-LAG
  • ASR 9000 nV集群
  • VSS
  • vPC

在ASR 9000集群的配置非常基本:

interface TenGigE0/0/0/8
bundle id 222 mode on
!
interface TenGigE1/0/0/8
bundle id 222 mode on
!
interface Bundle-Ether222
!
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface Bundle-Ether222.2
neighbor 10.0.0.13 pw-id 8
!
!
!
!

思科推荐您配置静态LACP系统MAC地址和套件MAC地址为了避免一个指定机架控制器切换引起的MAC地址更改。此示例显示如何查找地址:

RP/1/RSP0/CPU0:router2#sh int bundle-ether 222 | i address is
Hardware is Aggregated Ethernet interface(s), address is 0024.f71e.d309
Internet address is Unknown
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#int bundle-ether 222
RP/1/RSP0/CPU0:router2(config-if)#mac-address 0024.f71e.d309
RP/1/RSP0/CPU0:router2(config-if)#commit
RP/1/RSP0/CPU0:router2(config-if)#end
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#sh lacp system-id

Priority MAC Address
-------- -----------------
0x8000 00-24-f7-1e-d3-05
RP/1/RSP0/CPU0:router2#
RP/1/RSP0/CPU0:router2#conf
RP/1/RSP0/CPU0:router2(config)#lacp system mac 0024.f71e.d305
RP/1/RSP0/CPU0:router2(config)#commit
RP/1/RSP0/CPU0:router2(config)#end

总之,这是套件以太222用每货架的(十0/0/0/8一个成员在货架0和十1/0/0/8在货架1)和为点到点交叉连接配置的套件子接口:

RP/1/RSP0/CPU0:router2#sh l2vpn xconnect group test
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- ---------------------------
test p2p8 UP BE222.2 UP 10.0.0.13 8 UP
-------------------------------------------------------------------------------

3.3 CDP

Cisco路由器和交换机通常发送CDP数据包,不用dot1q标记。有确定的多个方案什么发生在这些CDP数据包,当他们由为交叉连接时配置的IOS XP路由器接收:

116453-technote-ios-xr-l2vpn-18.jpg

在此拓扑方面, router1能看到其本地PE router2作为CDP邻居或远程CE router4,根据配置。

3.3.1在L2VPN PE主接口没启用的CDP

从L2VPN CE的CDP数据包在交叉连接传输。两L2VPN CES互相看到(与使用show cdp neighbors命令),如果主接口配置作为l2transport或,如果有匹配无标记CDP帧的子接口。

这是主接口的示例:

interface GigabitEthernet0/0/0/1
l2transport
!
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1
neighbor 10.0.0.11 pw-id 8
!
!
!
!

这是一无标记子接口的示例:

interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 8
!
!
!
!

在这两示例中, CDP数据包在交叉连接传输,并且CES互相看到作为CDP邻居。CE看不到PE作为CDP邻居:

router1#sh cdp nei gigabitEthernet 0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
router4 Gig 0/1 168 R S ME-3400G- Gig 0/1

3.3.2在L2VPN PE主接口启用的CDP

PE处理无标记CDP数据包,并且PE和CE互相看到作为邻居。然而,当CDP在L2VPN PE的主接口时,启用CE看不到远程CE。

注意, :

  • 您不能配置在配置作为l2transport的主接口的CDP。
  • 当CDP在主non-l2transport接口时,配置PE截断CDP数据包。这发生,即使有配置的l2transport子接口匹配无标记CDP数据包(与无标记使用的封装encapsulation default命令)。CDP数据包在这种情况下没有传输到远程站点。

3.4生成树

如果L2VPN CE是以太网交换机和发送生成树BPDU对L2VPN PE,这些BPDU被处理作为正常数据流和根据L2VPN配置传输。

STP或MST BPDU发送的无标记和通过点到点交叉连接传输,如果主接口配置作为l2transport或,如果有用封装无标记encapsulation default命令配置的l2transport子接口。

每VLAN生成树加强(PVST+)或急流PVST+ (PVRST+)发送标记了传输的BPDU,如果有匹配BPDU的dot1q标记的l2transport子接口。

这是拓扑示例:

116453-technote-ios-xr-l2vpn-19.jpg


Router2和router3传输无标记帧和帧有dot1q标记的2 :

interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
l2vpn
xconnect group test
p2p p2p8
interface GigabitEthernet0/0/0/1.2
neighbor 10.0.0.11 pw-id 8
!
!
p2p p2p9
interface GigabitEthernet0/0/0/1.1
neighbor 10.0.0.11 pw-id 9
!
!
!
!

Switch1接收在VLAN1的无标记BPDU和在VLAN2的标记为的BPDU从switch4;其根端口在往switch4的Gi0/1 :

switch1#sh spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 8
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p

switch1#sh spanning-tree vlan 2

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0019.552b.b580
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p

使用此配置,在站点A的生成树域与在B侧的生成树域合并。潜在问题是在一个站点的生成树不稳定性也许传播到另一个站点。

如果确信一个站点通过对另一个站点的一PW仅连接,并且没有可能引入一条物理环路的背后链路,它是一个好想法不运行在两个站点的生成树。这保持两个生成树域隔离。要执行此,请配置在CES的一生成树bpdufilter或者配置以太网服务access-list在丢弃有BPDU使用的目标MAC地址的帧的观点扫描器。以太网服务access-list在观点扫描器可以使用丢弃有BPDU目的地MAC或您不要在PW转发的其他的帧L2协议。

这是access-list该您可能使用在传输在两个站点之间的每个l2transport (子)接口下:

ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd
60 deny any host 0100.0ccd.cdce
70 permit any any
!

RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.1
interface GigabitEthernet0/0/0/1.1 l2transport
encapsulation untagged
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!

RP/0/RSP1/CPU0:router2#sh run int GigabitEthernet0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group block-invalid-frames ingress
ethernet-services access-group block-invalid-frames egress
!

以太网服务ACL开始下降BPDU :

RP/0/RSP1/CPU0:router2#sh access-lists ethernet-services block-invalid-frames 
hardware ingress location 0/0/CPU0
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f (41 hw matches)
20 deny any host 0180.c200.0010
30 deny any host 0100.0c00.0000
40 deny any host 0100.0ccc.cccc
50 deny any host 0100.0ccc.cccd (63 hw matches)
60 deny any host 0100.0ccd.cdce
70 permit any any (8 hw matches)

Switch1不再接收从switch4的BPDU,因此switch1当前是根:

switch1#sh spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p

switch1#sh spanning-tree vlan 2

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 001d.4603.1f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------------
Gi0/1 Desg FWD 4 128.1 P2p

禁用的生成树风险在链路的是这:如果一背后连接创建在站点之间,引入一条物理环路,并且生成树不能中断环路。因此,当您禁用在PW时的生成树,请保证没有站点之间的冗余链路,并且PW保持站点之间的唯一的连接。

如果有站点之间的多个连接,请与生成树的接入网关版本一起请使用一解决方案类似VPLS,例如MST接入网关(MSTAG)或PVST+接入网关(PVSTAG)。请参阅关于多点服务的部分关于详细信息。

4. 多点服务

注意

使用命令查找工具仅限注册用户)可获取有关本部分所使用命令的详细信息。

命令输出解释程序工具仅限注册用户)支持某些 show 命令。请使用Output Interpreter Tool为了查看show命令输出分析。

请参阅实现多点Layer2服务关于多点L2功能的完整说明。

使用在点到点交叉连接的两个接口, L2VPN交换机在另一侧只采取在侧接收的一切并且转发它。

当有超过在网桥域时的两个接口,以太网交换机在哪里必须做出交换决定为了确定传送根据他们的目标MAC地址的帧。交换机执行根据接收并且构件a mac-address-table帧的源MAC地址的MAC学习。

交换机传送在此方法的帧:

  • 广播帧被充斥到所有端口。请使用风暴控制为了限制广播泛滥速率。
  • 组播帧被充斥到网桥域的所有端口,除了,当互联网组管理协议(IGMP)或组播监听程序监听的发现号(MLD)时配置。请使用风暴控制为了限制组播泛滥速率。
  • 有不作为部分mac-address-table网桥域的目标MAC地址的单播帧(未知单播)在网桥域的所有端口被充斥。请使用风暴控制为了限制单播泛洪速率。
  • 有是一部分的mac-address-table网桥域的目标MAC地址的单播帧转发到了解目标MAC地址的端口。

在Cisco IOS XR软件,广播域或仿真LAN呼叫网桥域。这类似于VLAN在Cisco IOS软件术语方面,除了在IOS的VLAN与使用作为在中继的dot1q标记的VLAN号连接。在Cisco IOS XR软件的一个网桥域与dot1q vlan标签没有连接。您能使用EVC型号为了操作dot1q标记和有用不同的dot1q vlan编号的dot1q子接口在同一个网桥域或有无标记接口。

网桥域是基本上广播和组播帧被充斥的一广播域。一个人mac-address-table关联与每个网桥域(除非MAC学习由配置手工禁用,是非常少见的)。这通常对应于在网桥域的所有主机直接地连接的一IPv4或IPv6子网。

网桥域可以在网桥组内分组。这是一个方便方式检查配置。您能执行一show命令为网桥组而不是一个show命令为每个网桥域。网桥组没有mac-address-table或其他关联;它使用配置并且显示命令。

4.1本地交换

这是非常基本示例:

116453-technote-ios-xr-l2vpn-20.jpg


Router2、router3和router4通过ASR 9000连接,模拟在那些三路由器之间的LAN。

这些是在那些三路由器的接口配置:

RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/39.2
interface GigabitEthernet0/1/0/39.2
ipv4 address 192.168.2.2 255.255.255.0
encapsulation dot1q 2
!

router3#sh run int gig 0/1
Building configuration...

Current configuration : 203 bytes
!
interface GigabitEthernet0/1
port-type nni
switchport access vlan 2
switchport trunk allowed vlan 1,2
switchport mode trunk
end

router3#sh run int vlan 2
Building configuration...

Current configuration : 61 bytes
!
interface Vlan2
ip address 192.168.2.3 255.255.255.0
end

router3#

RP/0/RSP0/CPU0:router4#sh run int ten 0/0/1/0.2
interface TenGigE0/0/1/0.2
ipv4 address 192.168.2.4 255.255.255.0
encapsulation dot1q 2
!

数据包由与dot1q标记2的router1接收和转发到有dot1q标记的2.其他路由器。

在此基本情形中,有在ACs的两个选项:

  1. 因为所有ACs使用dot1q标记2,您在帧在入口接口能保持它和传送在出口接口的帧与dot1q标记和接收一样。rewrite ingress tag pop 1对称命令没有要求。

  2. 您能弹出在入口方向的流入dot1q标记2和对称地推送在输出方向的dot1q标记2。当这在此基本情形时没有要求,它是一个好想法用这种方式配置网桥域起初,因为为将来提供更加灵活性。这是也许在初始配置以后发生更改的两示例:
    • 如果一个已路由BVI接口是介绍的以后在网桥域,在BVI必须处理数据包,不用标记。请参阅部分关于详细信息。
    • 新的AC,使用一不同的dot1q标记,被添加的以后。dot1q标记2在入口方向将弹出,并且另一dot1q标记在输出方向反之亦然.BVI的新接口将推送

弹出在每个AC的dot1q标记在router1 :

RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP0/CPU0:router1#sh run int GigabitEthernet0/1/0/38.2
interface GigabitEthernet0/1/0/38.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP0/CPU0:router1#sh run int TenGigE0/2/0/4.2
interface TenGigE0/2/0/4.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

查看网桥域的配置与这三ACs的:

RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain engineering
interface TenGigE0/2/0/4.2
!
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/38.2
!
!
!
!

必须配置网桥域在网桥组下。如果从此客户的其他网桥域是需要的,他们可以配置在同一个网桥组下, customer1。如果新的网桥域属于一不同的客户,您能创建新建网桥组。这些示例使用客户为了分组网桥域,但是网桥域可以由所有标准分组。

请使用show run l2vpn网桥组customer1网桥域工程命令为了显示网桥域的配置。

请使用show run l2vpn网桥组customer1命令为了查看所有网桥域的配置。

请使用设计命令或显示l2vpn域组customer1命令的显示l2vpn网桥域bd NAME为了显示关于网桥域的信息。

RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name 
engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
Gi0/1/0/38.2, state: up, Static MAC addresses: 0
Te0/2/0/4.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
RP/0/RSP0/CPU0:router1#show l2vpn bridge-domain group customer1 bd-name
engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (00:18:06 ago)
No status change since creation
ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 185066, sent 465
bytes: received 13422918, sent 34974
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: GigabitEthernet0/1/0/38.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40005; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 8, sent 12287
bytes: received 770, sent 892418
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
AC: TenGigE0/2/0/4.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0x1040001; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 463, sent 11839
bytes: received 35110, sent 859028
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:

请使用设计det命令的显示l2vpn域组customer1 bd NAME是否要检查数据包接收并且被发送每个AC。

添加MAC地址关键字到显示l2vpn转发bridge domain命令是否要检查mac-address-table :

RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
------------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A

每次帧在网桥域,接收MAC学习在硬件方面被执行由线路卡。也有软件缓存mac-address-table,但是此软件表不可能不断地更新为了匹配硬件条目。当show命令被输入用最近代码时,设法与硬件表再同步软件表。在最多15秒以后,它打印软件的当前状态mac-address-table,即使再同步不完成(例如,如果表大)。请使用l2vpn再同步转发mac-address-table命令为了手工再同步软件和硬件表。

RP/0/RSP0/CPU0:router1#term mon
RP/0/RSP0/CPU0:router1#l2vpn resynchronize forwarding mac-address-table
location 0/1/CPU0
RP/0/RSP0/CPU0:router1#LC/0/1/CPU0:May 28 18:25:35.734 : vkg_l2fib_mac_cache[357]
%PLATFORM-
PLAT_L2FIB_MAC_CACHE-6-RESYNC_COMPLETE : The resynchronization of the MAC
address table is complete
0/1/CPU0

RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A

系统消息指示,当重新同步的进程完成,因此是有用的安排终端监视器启用为了发现消息。

再同时年龄列显示上次MAC地址从硬件表再同步。

位置关键字是一个流入或一个流出的线路卡的位置。MAC地址在硬件方面交换在线路卡之间,因此在有AC或PW的每个线路卡应该知道MAC地址。详细信息关键字也许提供软件表的一个更加最新的版本:

RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address detail location 0/1/CPU0

Bridge-domain name: customer1:engineering, id: 5, state: up
MAC learning: enabled
MAC port down flush: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC Secure: disabled, Logging: disabled
DHCPv4 snooping: profile not known on this node
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
IGMP snooping: disabled, flooding: enabled
Bridge MTU: 1500 bytes
Number of bridge ports: 3
Number of MAC addresses: 4
Multi-spanning tree instance: 0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location


GigabitEthernet0/1/0/3.2, state: oper up
Number of MAC: 2
Statistics:
packets: received 187106, sent 757
bytes: received 13571342, sent 57446
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0

Mac Address: 0019.552b.b581, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local


Mac Address: 0019.552b.b5c3, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local


GigabitEthernet0/1/0/38.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 18, sent 14607
bytes: received 1950, sent 1061882
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0

Mac Address: 0024.986c.6417, LC learned: 0/1/CPU0
Resync Age: 0d 0h 0m 0s, Flag: local


TenGigE0/2/0/4.2, state: oper up
Number of MAC: 1
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0

Mac Address: 6c9c.ed3e.e484, LC learned: 0/2/CPU0
Resync Age: 0d 0h 0m 0s, Flag: remote

命令的详细版本提供在网桥域了解的MAC地址的总数,以及MAC地址数量了解在每个AC下。

硬件关键字轮询硬件mac-address-table直接地从入口或出口转发引擎:

RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware ingress location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 0s N/A
RP/0/RSP0/CPU0:router1#show l2vpn forwarding bridge-domain customer1:
engineering mac-address hardware egress location 0/2/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b581 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 14s N/A
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 1s N/A
0024.986c.6417 dynamic Gi0/1/0/38.2 0/1/CPU0 0d 0h 0m 10s N/A
6c9c.ed3e.e484 dynamic Te0/2/0/4.2 0/2/CPU0 0d 0h 0m 13s N/A
RP/0/RSP0/CPU0:router1#

4.2全双工MST

因为只有路由器连接对网桥域,本地交换前面的示例基本。然而,一旦开始连接L2交换机您也许引入环路和需要STP为了中断环路:

116453-technote-ios-xr-l2vpn-21.jpg

在此拓扑方面, router1、router2和router3中的每一个配置与与所有他们的接口的一个网桥域在图表中。如果router4发送一广播,例如ARP请求,对router1, router1充斥它对router2和router3, router2充斥它对router3,并且router3充斥它对router2。这导致环路和广播风暴。

要中断环路,请使用STP。有STP多种类型,但是Cisco IOS XR软件提供仅一个完整实施, MST。

也有支持Cisco IOS XR软件协议的接入网关版本,例如PVSTAG和MSTAG。这些是协议的静态,有限的版本在特定拓扑方面使用,典型地与VPLS和描述在MSTAGPVSTAG部分。在Cisco IOS XR软件, MST是唯一选择,如果有一拓扑用多个交换机,并且,如果一个全双工生成树实施要求。

两子接口在每个路由器配置并且被添加到网桥域。对于router1,配置是:

interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface TenGigE0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
!
!
!

MST在主接口配置。在本例中, VLAN 2分配到实例1,并且其他VLAN保持默认实例0。(A更加可实现的配置将均匀地拆分VLAN在实例之间。)

根网桥的选择在STP网络内的取决于配置的优先级和每个设备嵌入式网桥ID。设备有最低优先级的,或者有相等最低优先级,但是最低的网桥ID的,选择作为根网桥。例如在本例中, router3配置以较低优先级然后router1 0,因此router3是根例如例如例如0个。Router1有较低优先级然后router3 1,因此router1是根1。

这是router1的配置:

spanning-tree mst customer1
name customer1
revision 1
instance 0
priority 28672
!
instance 1
vlan-ids 2
priority 24576
!
interface TenGigE0/0/0/1
!
interface GigabitEthernet0/0/0/1
!
!

这是在router3的配置:

spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
spanning-tree mst 0 priority 24576
spanning-tree mst 1 priority 28672

名称、版本和VLAN对实例映射必须是相同的在所有交换机。

现在,请检查在router1的生成树状态:

RP/0/RSP1/CPU0:router1#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed

Operating in dot1q mode


MSTI 0 (CIST):

VLANS Mapped: 1,3-4094

CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0

Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec


Bridge ID Priority 28672 (priority 28672 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6


Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.1
Te0/0/0/1 128.1 2000 DSGN FWD 28672 4055.3912.f1e6 128.1


MSTI 1:

VLANS Mapped: 2

Root ID Priority 24576
Address 4055.3912.f1e6
This bridge is the root
Int Cost 0
Max Age 20 sec, Forward Delay 15 sec


Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)
Address 4055.3912.f1e6
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6


Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 24576 4055.3912.f1e6 128.2
Te0/0/0/1 128.1 2000 DSGN FWD 24576 4055.3912.f1e6 128.1

例如Router3是根0,因此router1有其Gi0/0/0/1的根端口往router3。例如Router1是根1,因此router1是在所有接口的指定的网桥该实例的。

例如Router2阻塞0在Te0/1/0/0 :

RP/0/RSP1/CPU0:router2#sh spanning-tree mst customer1
Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed

Operating in dot1q mode


MSTI 0 (CIST):

VLANS Mapped: 1,3-4094

CIST Root Priority 24576
Address 001d.4603.1f00
Ext Cost 0

Root ID Priority 24576
Address 001d.4603.1f00
Int Cost 20000
Max Age 20 sec, Forward Delay 15 sec


Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6


Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 ROOT FWD 24576 001d.4603.1f00 128.2
Te0/1/0/0 128.1 2000 ALT BLK 28672 4055.3912.f1e6 128.1


MSTI 1:

VLANS Mapped: 2

Root ID Priority 24576
Address 4055.3912.f1e6
Int Cost 2000
Max Age 20 sec, Forward Delay 15 sec


Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address f025.72a7.b13e
Max Age 20 sec, Forward Delay 15 sec
Max Hops 20, Transmit Hold count 6


Interface Port ID Role State Designated Port ID
Pri.Nbr Cost Bridge ID Pri.Nbr
------------ ------- --------- ---- ----- -------------------- -------
Gi0/0/0/1 128.2 20000 DSGN FWD 32768 f025.72a7.b13e 128.2
Te0/1/0/0 128.1 2000 ROOT FWD 24576 4055.3912.f1e6 128.1
RP/0/RSP1/CPU0:router2#

当Te0/1/0/0.3阻塞时, Te0/1/0/0.2转发。 当STP阻塞的值是0x0时,情况是错误,因此接口转发;当STP阻塞的值是0x1时,情况是真的,因此接口阻塞。

请使用显示uidb数据命令为了确认此和显示是存在网络处理器的接口数据:

RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.2 
ingress | i Blocked
STP Blocked 0x0
RP/0/RSP1/CPU0:router2#sh uidb data location 0/1/CPU0 TenGigE0/1/0/0.3
ingress | i Blocked
STP Blocked 0x1

4.3 BVI

网桥域的配置创建L2域。为了退出该L2域,请联络L3发送在主机在网桥域里面和外界之间的路由器。在上一个图表中, host1能使用router4或router5为了退出本地子网和到达互联网。

网桥域配置的Router1和router2是ASR 9000路由器,能route ipv4和IPv6流量。因此这两路由器可能采取IP数据流在网桥域外面和路由它到互联网,而不是取决于在L3路由器。要执行此,您需要配置BVI,是L3接口该插件到网桥域为了路由数据包进出网桥域。

这是如何看起来象逻辑上:


下面是配置:

RP/0/RSP1/CPU0:router1#sh run int bvi 2
interface BVI2
ipv4 address 192.168.2.1 255.255.255.0
!

RP/0/RSP1/CPU0:router1#sh run int bvi 3
interface BVI3
ipv4 address 192.168.3.1 255.255.255.0
!


RP/0/RSP1/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface TenGigE0/0/0/1.3
!
interface GigabitEthernet0/0/0/1.3
!
routed interface BVI3
!
bridge-domain engineering
interface TenGigE0/0/0/1.2
!
interface GigabitEthernet0/0/0/1.2
!
routed interface BVI2
!
!
!
RP/0/RSP1/CPU0:router1#sh run int gig 0/0/0/1.2
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

BVI是一个无标记L3接口,因此,如果要有BVI进程在网桥域的ACs接收的数据包,必须配置ACs弹出所有流入标记。否则, BVI不能了解标记并且丢弃数据包。没有办法配置在BVI的一dot1q子接口,因此标记必须是在ACs的弹出的入口和在前一个示例的Gi0/0/0/1.2执行。

因为BVI接口是虚拟接口,有在可以启用的功能的一些限制。这些限制在配置描述在Cisco ASR 9000系列路由器的同意的路由和桥接:配置的IRB限制。在ASR 9000的BVI接口不支持这些功能:

  • 访问控制列表(ACL)。然而, L2 ACL在网桥域的每个L2端口可以配置。
  • IP快速重新路由(FRR)
  • Netflow
  • MoFRR (仅快速的组播重路由)
  • MPLS标签交换
  • mVPNv4
  • 服务质量 (QoS)
  • 数据流镜像
  • BVI的未编号的接口
  • 视频监听(Vidmon)

BVI可以在虚拟路由和转发(VRF)配置里,因此在BVI接收的流量在MPLS转发,但是必须使用每VRF标签分配模式

如果这些限制功能之一要求,您不能使用BVI。另一解决方案将使用在两个端口之间的一个外部回环电缆路由器的,一个端口在网桥域,并且一个端口配置作为所有功能可以配置的一个正常路由接口。

4.4 VPLS

4.4.1概述

VPLS提供能力在多个站点结合网桥域到一个大网桥域通过MPLS PWs。因为他们的流量透明地在MPLS被封装PWs全网状在L2VPN观点扫描器之间的在不同的站点的主机看上去直接地连接到同一L2分段:

116453-technote-ios-xr-l2vpn-23.jpg

PWs全网状要求为了保证每台主机能收到从其他主机的流量。结果是L2VPN PE不传送在其其他VPLS PWs的一VPLS接收的帧PW。应该有PWs全网状,因此每个PE直接地收到流量和不需要转发PWs之间的流量,因为转发将引起一条环路。这呼叫水平分割规则。

路由器运行MAC学习。一旦MAC地址是存在mac-address-table,您传送该目标MAC地址的仅帧在PW对此MAC地址了解从的L2VPN PE。这避免流量的多余副本在核心的。广播和组播在所有PWs被充斥为了保证所有主机能接收他们。一个功能例如IGMP探听是有用的,因为允许将发送的组播帧对只有有接收方或组播路由器的观点扫描器。这减少在核心的流量总量,虽然仍有必须发送到每个PE同样数据包的多个副本,当有该组的时兴趣。

必须配置PWs全网状在一个虚拟转发实例(VFI)下:

RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

PWs配置在VFI下是在核心充分地网状连接的那些。他们是同一分开的展望期组(SHG)的一部分为了确保,在一PW接收的帧没有转发对另一PW。

配置访问PWs是可能的,认为AC的类型和没有配置在VFI下。请参阅部分关于详细信息。

在router2的配置, router3,并且router4是非常类似的和所有有其他三路由器作为邻居在VFI下。

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (23:06:02 ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is upH-VPLS
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40003; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 234039, sent 7824
bytes: received 16979396, sent 584608
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16049 16042
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 15:57:36 (00:25:29 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 555, sent 285
bytes: received 36308, sent 23064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16050 16040
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:00:56 (00:22:09 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 184, sent 158
bytes: received 12198, sent 14144
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000b
Encapsulation MPLS, protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ----------------------
Label 16051 289974
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ----------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225483
Create time: 29/05/2013 15:36:17 (00:46:49 ago)
Last time status changed: 29/05/2013 16:02:38 (00:20:27 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 137
bytes: received 0, sent 12064
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0

PW的本地标签对10.0.0.12是16049,因此意味着以太网帧用标签16049接收。因为倒数第二的MPLS跳应该弹出IGP标签,交换决定根据此MPLS标签。也许仍然有明确NULL标签,但是交换决定根据PW标签:

RP/0/RSP0/CPU0:router1#sh mpls forwarding labels 16049
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ----------
16049 Pop PW(10.0.0.12:2) BD=5 point2point 58226

show mpls forwarding标签为标签发出命令给域编号,您能使用为了查找目标MAC地址和PW (邻居和PW id)数据包接收的地方。您能然后创建在mac-address-table该点的条目在该邻居:

RP/0/RSP0/CPU0:router1#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/1/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
0019.552b.b5c3 dynamic Gi0/1/0/3.2 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a01 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/1/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/1/CPU0 0d 0h 0m 0s N/A

4.4.2 PW类型和传输的标记

VPLS PWs协商作为类型5 (以太网)默认情况下PWs。什么进入在所有VLAN标记处理以后的AC (当重写命令配置)时在PW发送。

LDP信令的Cisco IOS XR软件有BGP的版本4.1.0和版本4.3.1让您配置PW中集集团在邻居下和配置传输模式VLAN转接在PW中集集团下。这协商虚拟连接(VC)型的4 (以太网VLAN) PW,传输什么在VLAN标记处理以后从AC出来,当重写命令配置时。

在EFP的VLAN标记处理保证有在帧留下的至少一VLAN标记,因为您需要在帧的一dot1q标记,如果有VC类型4 PWs。当您使用传输模式VLAN直通模式时,假的标记0没有被添加到帧。

不支持类型4和类型5在同样VFI下的PWs的混合。所有PWs必须是同一个类型。

RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1 bridge-domain 
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.13 pw-id 2
pw-class VC4-PT
!
neighbor 10.0.0.14 pw-id 2
pw-class VC4-PT
!
!
!
!
!

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain bd-name engineering detail |
i "PW:|PW type"
MAC withdraw for Access PW: enabled
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW type Ethernet VLAN, control word disabled, interworking none
PW type Ethernet VLAN Ethernet VLAN

4.4.3自动发现和信令

根据所有邻居手动配置在VFI下的。MPLS LDP使用了PW的信令与neighbor.previous示例

当您添加新的VPLS PE到网络时,请配置PE为了有PW到在其本地网桥域中的每一个的所有现有观点扫描器。因为必须充分地网状连接,必须然后重新配置所有现有观点扫描器为了有PW到新的PE所有观点扫描器。当观点扫描器编号和网桥域增加,这也许变为一可操作的挑战。

一解决方案将安排观点扫描器通过BGP自动地发现其他观点扫描器。当也有IBGP的时一个全网状的需求,可以增强使用路由反射器。因此,新的PE典型地配置为了用很小数量的路由反射器并列,其他观点扫描器接收其更新,并且新的PE接收从另一个观点扫描器的更新。

为了通过BGP发现其他观点扫描器,每个PE为VPLsvpws address-family在BGP配置并且通告他们要参加的网桥域。一旦是同一个网桥域的一部分的另一个观点扫描器是已发现, PW设立对每一个。BGP是用于此自动发现的协议。

有PW的信令的两个选项对autodiscovered观点扫描器:BGP和LDP。在这些示例中,您转换上一个拓扑对与BGP发信号和LDP信令的BGP自动发现。

4.4.3.1 BGP自动发现和BGP发信号

配置address-family l2vpn VPLsvpws在router bgp和邻居下,是其他观点扫描器或路由反射器:

router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!

新的address-family变得激活与邻居,但是PE未通告其参与网桥域:

RP/0/RSP0/CPU0:router1#sh bgp neighbor 10.0.0.3 | i Address family L2VPN
Address family L2VPN VPLS: advertised and received

P/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 77
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.


Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 77 77 77 77 77 77

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 252950 53252 77 0 0 1w0d 0
10.0.0.10 0 65000 941101 47439 77 0 0 00:10:18 0

配置自动发现bgp信令协议bgp在L2VPN网桥域配置模式下。在router1的配置是:

RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 11
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 11
!
!
!
!
!
!

在router2的配置是:

RP/0/RSP1/CPU0:router2#sh run l2vpn bridge group customer1
Thu May 30 15:25:55.638 CEST
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol bgp
ve-id 13
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol bgp
ve-id 13
!
!
!
!
!
!

vpn id和route-target是相同的在每个网桥域的另外观点扫描器,但是每个PE有一个唯一虚拟边缘标识符(VE-ID)。每个PE通过BGP发现在VPN的另一个观点扫描器并且使用BGP为了发信号PWs。结果是PWs全网状:

RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls summary
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.


Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 103 103 103 103 103 103

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.3 0 65000 254944 53346 103 0 0 1w0d 6
10.0.0.10 0 65000 944859 47532 103 0 0 01:40:22 6

RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls
BGP router identifier 10.0.0.11, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3890838096
BGP main routing table version 103
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 10.0.0.11:32769 (default for vrf customer1:finance)
*> 11:10/32 0.0.0.0 nolabel 16060
*>i12:10/32 10.0.0.12 16060 nolabel
*>i13:10/32 10.0.0.13 16060 nolabel
*>i14:10/32 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.11:32770 (default for vrf customer1:engineering)
*> 11:10/32 0.0.0.0 nolabel 16075
*>i12:10/32 10.0.0.12 16075 nolabel
*>i13:10/32 10.0.0.13 16075 nolabel
*>i14:10/32 10.0.0.14 289944 nolabel
Route Distinguisher: 10.0.0.12:32768
*>i12:10/32 10.0.0.12 16060 nolabel
* i 10.0.0.12 16060 nolabel
Route Distinguisher: 10.0.0.12:32769
*>i12:10/32 10.0.0.12 16075 nolabel
* i 10.0.0.12 16075 nolabel
Route Distinguisher: 10.0.0.13:32769
*>i13:10/32 10.0.0.13 16060 nolabel
* i 10.0.0.13 16060 nolabel
Route Distinguisher: 10.0.0.13:32770
*>i13:10/32 10.0.0.13 16075 nolabel
* i 10.0.0.13 16075 nolabel
Route Distinguisher: 10.0.0.14:32768
*>i14:10/32 10.0.0.14 289959 nolabel
* i 10.0.0.14 289959 nolabel
Route Distinguisher: 10.0.0.14:32769
*>i14:10/32 10.0.0.14 289944 nolabel
* i 10.0.0.14 289944 nolabel

Processed 14 prefixes, 20 paths

这些是router3通告的前缀(10.0.0.13)如被看到在router1;前缀通过两台路由反射器、10.0.0.3和10.0.0.10接收:

RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32770 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32770
Versions:
Process bRIB/RIB SendTblVer
Speaker 92 92
Last Modified: May 30 15:10:44.100 for 01:23:38
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 92
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16075
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:2 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10
RP/0/RSP0/CPU0:router1#sh bgp l2vpn vpls rd 10.0.0.13:32769 13:10/32
BGP routing table entry for 13:10/32, Route Distinguisher: 10.0.0.13:32769
Versions:
Process bRIB/RIB SendTblVer
Speaker 93 93
Last Modified: May 30 15:10:44.100 for 01:25:02
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.3 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 1, version 93
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.3
Block Size:10
Path #2: Received by speaker 0
Not advertised to any peer
Local
10.0.0.13 (metric 5) from 10.0.0.10 (10.0.0.13)
Received Label 16060
Origin IGP, localpref 100, valid, internal, not-in-vrf, import suspect
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:0.0.0.1:3 L2VPN:19:0:1500
Originator: 10.0.0.13, Cluster list: 10.0.0.10
Block Size:10

Router1设立了某PWs :

RP/0/RSP0/CPU0:router1#sh l2vpn discovery bridge-domain

Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16060 10 10 05/30/2013 15:07:39
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16060 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289959 10 10 10.0.0.14 05/30/2013 15:11:22

Bridge group: customer1, bridge-domain: engineering, id: 5, signaling
protocol: BGP
List of Local Edges (1 Edges):
Local Edge ID: 11, Label Blocks (1 Blocks)
Label base Offset Size Time Created
---------- ------ ---- -------------------
16075 10 10 05/30/2013 15:08:54
List of Remote Edges (3 Edges):
Remote Edge ID: 12, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.12 05/30/2013 15:09:53
Remote Edge ID: 13, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
16075 10 10 10.0.0.13 05/30/2013 15:10:43
Remote Edge ID: 14, NLRIs (1 NLRIs)
Label base Offset Size Peer ID Time Created
---------- ------ ---- ------------ -------------------
289944 10 10 10.0.0.14 05/30/2013 15:11:22

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain autodiscovery bgp
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 detail
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10120, sent 43948
bytes: received 933682, sent 2989896
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000c
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16062 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225484
Create time: 30/05/2013 15:09:52 (01:29:44 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:44 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2679, sent 575
bytes: received 171698, sent 51784
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc000000e
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16063 16061
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225486
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 11, sent 574
bytes: received 1200, sent 51840
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
PW class not set, XC ID 0xc0000010
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16064 289960
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225488
Create time: 30/05/2013 15:11:22 (01:28:15 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:15 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 561
bytes: received 0, sent 50454
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243532, sent 51089
bytes: received 17865888, sent 3528732
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: BGP
Local VE-ID: 11 , Advertised Local VE-ID : 11
VE-Range: 10
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000d
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16077 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 12
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225485
Create time: 30/05/2013 15:09:52 (01:29:45 ago)
Last time status changed: 30/05/2013 15:09:52 (01:29:45 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 2677, sent 574
bytes: received 171524, sent 51670
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc000000f
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16078 16076
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 13
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225487
Create time: 30/05/2013 15:10:43 (01:28:54 ago)
Last time status changed: 30/05/2013 15:10:43 (01:28:54 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 17, sent 572
bytes: received 1560, sent 51636
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
PW class not set, XC ID 0xc0000011
Encapsulation MPLS, Auto-discovered (BGP), protocol BGP
Source address 10.0.0.11
PW type VPLS, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

MPLS Local Remote
------------ ------------------------------ ------------------
Label 16079 289945
MTU 1500 1500
Control word disabled disabled
PW type VPLS VPLS
VE-ID 11 14
------------ ------------------------------ ------------------
MIB cpwVcIndex: 3221225489
Create time: 30/05/2013 15:11:22 (01:28:16 ago)
Last time status changed: 30/05/2013 15:11:22 (01:28:16 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 559
bytes: received 0, sent 50250
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0

4.4.3.2 BGP自动发现和LDP信令

BGP配置用address-family l2vpn VPLsvpws命令正确地是相同的象与BGP发信号。修改L2VPN配置为了以信令协议LDP命令使用LDP信令。

相同的配置在所有四观点扫描器使用:

router bgp 65000
address-family l2vpn vpls-vpws
!
neighbor-group IOX-LAB-RR
address-family l2vpn vpls-vpws
!
neighbor 10.0.0.3
use neighbor-group IOX-LAB-RR
!
neighbor 10.0.0.10
use neighbor-group IOX-LAB-RR
!
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
vpn-id 3
autodiscovery bgp
rd auto
route-target 0.0.0.1:3
signaling-protocol ldp
vpls-id 65000:3
!
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
vpn-id 2
autodiscovery bgp
rd auto
route-target 0.0.0.1:2
signaling-protocol ldp
vpls-id 65000:2
!
!
!
!
!
!

vpls-id做BGP自治系统(AS)编号和vpn id。

三显示从router1的命令说明PWs设立了与已发现观点扫描器:

RP/0/RSP0/CPU0:router1#sh l2vpn discovery

Service Type: VPLS, Connected
List of VPNs (2 VPNs):
Bridge group: customer1, bridge-domain: finance, id: 3,
signaling protocol: LDP
VPLS-ID: 65000:3
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46

Bridge group: customer1, bridge-domain: engineering, id: 5,
signaling protocol: LDP
VPLS-ID: 65000:2
Local L2 router id: 10.0.0.11
List of Remote NLRI (3 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.0.0.11 10.0.0.12 10.0.0.12 05/30/2013 17:10:18
10.0.0.11 10.0.0.13 10.0.0.13 05/30/2013 17:10:18
10.0.0.11 10.0.0.14 10.0.0.14 05/30/2013 17:11:46

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.12 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 65000:2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 65000:2, state: up, Static MAC addresses: 0

RP/0/RSP0/CPU0:router1#sh l2vpn bridge-domain group customer1 det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 4
Filter MAC addresses:
Create time: 29/05/2013 15:36:17 (1d01h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.3, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [3, 3]
MTU 1500; XC ID 0xc40006; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 10362, sent 45038
bytes: received 956240, sent 3064016
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
VPN-ID: 3, Auto Discovery: BGP, state is Provisioned
(Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32769
Import Route Targets:
0.0.0.1:3
Export Route Targets:
0.0.0.1:3
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:3
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000003
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16006 16033
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:3 65000:3
Group ID 0x3 0x0
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225475
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:25 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 40
bytes: received 12160, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000004
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16016 16020
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225476
Create time: 30/05/2013 17:10:18 (00:06:32 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:22 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:3, state is up ( established )
PW class not set, XC ID 0xc0000009
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16049 289970
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:3 65000:3
Group ID 0x3 0x4
Interface customer1-finance customer1-finance
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225481
Create time: 30/05/2013 17:11:46 (00:05:04 ago)
Last time status changed: 30/05/2013 17:11:51 (00:04:59 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1d23h ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 243774, sent 52179
bytes: received 17888446, sent 3602852
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
VPN-ID: 2, Auto Discovery: BGP, state is Provisioned (Service Connected)
Route Distinguisher: (auto) 10.0.0.11:32770
Import Route Targets:
0.0.0.1:2
Export Route Targets:
0.0.0.1:2
Signaling protocol: LDP
AS Number: 65000
VPLS-ID: 65000:2
L2VPN Router ID: 10.0.0.11
PW: neighbor 10.0.0.12, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000005
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16027 16042
BGP Peer ID 10.0.0.11 10.0.0.12
LDP ID 10.0.0.11 10.0.0.12
AII 10.0.0.11 10.0.0.12
AGI 65000:2 65000:2
Group ID 0x5 0x1
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:24 (00:06:26 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 190, sent 41
bytes: received 12160, sent 3690
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.13, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc0000006
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16043 16021
BGP Peer ID 10.0.0.11 10.0.0.13
LDP ID 10.0.0.11 10.0.0.13
AII 10.0.0.11 10.0.0.13
AGI 65000:2 65000:2
Group ID 0x5 0x3
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 0
Create time: 30/05/2013 17:10:18 (00:06:33 ago)
Last time status changed: 30/05/2013 17:10:27 (00:06:23 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 40
bytes: received 0, sent 3600
DHCPv4 snooping: disabled
IGMP Snooping profile: none
PW: neighbor 10.0.0.14, PW ID 65000:2, state is up ( established )
PW class not set, XC ID 0xc000000a
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
Source address 10.0.0.11
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 16050 289974
BGP Peer ID 10.0.0.11 10.0.0.14
LDP ID 10.0.0.11 10.0.0.14
AII 10.0.0.11 10.0.0.14
AGI 65000:2 65000:2
Group ID 0x5 0x6
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225482
Create time: 30/05/2013 17:11:46 (00:05:05 ago)
Last time status changed: 30/05/2013 17:11:51 (00:05:00 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 31
bytes: received 0, sent 2790
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0

4.4.4 MAC冲洗和撤退

转发在VPLS根据mac-address-table,通过学习帧源MAC地址动态建立接收。如果有在网桥域的一次拓扑更改,主机也许变得可及的通过一个不同的AC或VPLS邻居。如果帧继续根据存在转发mac-address-table,该主机的流量也许不到达其目的地。

对于L2VPN PE,有多种方式检测拓扑更改:

  • 在网桥域的端口增长或下降。
  • 生成树拓扑变化通知(TCN) BPDU处理,当L2VPN PE运行全双工MST实施或生成树接入网关协议时。失败链路也许不是本地在PE,但是也许是离开在拓扑里。PE拦截TCN。

当L2VPN PE检测拓扑更改时,采取两行动:

  1. PE冲洗拓扑更改影响的mac-address-table网桥域。当PE为PVSTAG或每VLAN快速生成树接入网关(PVRSTAG)配置,在一个VLAN子接口BPDU检测的TCN影响所有VLAN和网桥域在该物理接口。
  2. PE表明给VPLS邻居通过MPLS LDP MAC撤退消息他们应该冲洗他们mac-address-table。接收MAC撤退LDP消息的所有远程L2VPN观点扫描器冲洗他们的MAC地址表,并且流量再被充斥。MAC地址表重建根据新的拓扑。

MAC撤退消息的默认行为在端口振荡的情况下随着时间的推移更改:

  • 传统上,当AC断开,在Cisco IOS XR软件, L2VPN PE传送了MAC撤退信息。目的是安排远程观点扫描器冲洗他们的被影响的网桥域的MAC地址表,以便指向在向下的端口后的MAC地址从另一个端口将了解。
  • 然而,这创建与跟随RFC 4762的某个远程观点扫描器的一个互操作性问题并且清除指向除了那个的所有观点扫描器发送MAC撤退消息的MAC地址。RFC 4762假设, PE将传送MAC撤退信息,当AC出现时,但是没有,当AC断开时。在Cisco IOS XR软件版本,只有当网桥域端口出现为了改善符合RFC时, 4.2.1以后,默认行为是传送LDP MAC撤退信息。配置命令被添加为了恢复到旧有行为。

这是一show命令与默认行为在Cisco IOS XR软件版本4.2.1以后:

RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain bd-name engineering det | 
i "PW:|VFI|neighbor|MAC w"
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 4
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 2
VFI Statistics:

重要线路是‘MAC提取被传送的网桥端口下来’,默认情况下在Cisco IOS XR软件版本4.2.1以后当前禁用。命令也给MAC撤退发送的消息编号和接收在网桥域。撤退消息大量指示在网桥域的不稳定性。

这是恢复对旧有行为的配置:

l2vpn
bridge group customer1
bridge-domain finance
mac
withdraw state-down
!
!
!
!

4.4.5 H-VPLS

VPLS要求PWs全网状在L2VPN观点扫描器之间的为了保证所有PE在一跳能到达,主机在任何其他PE后,不用需要对于一个PE反射从一PW的帧到另一PW。这是为水平分割规则的基本类型,防止PE从一PW的转发帧到另一PW。在特殊情况下,其中在的目标MAC地址mac-address-table指向另一PW,帧丢弃。

PWs全网状意味着PWs编号也许变得非常高,当观点扫描器编号增长,因此这也许引入可扩展性问题。

您能减小PWs编号在有观点扫描器层级的此拓扑方面:

116453-technote-ios-xr-l2vpn-24.jpg

在此拓扑方面,请注释那:

  • 用户运营商边缘(U-PE)设备有ACs对CES。
  • U-PE设备传输在一MPLS点对点PW的CE流量对网络提供商边缘(N-PE)设备。
  • 用其他N观点扫描器充分地网状连接的N-PE是核心VPLS PE。
  • 在N-PE,来自U-PE的PW认为访问PW很象AC。U-PE不作为mesh的部分与另一个N观点扫描器的,因此是VPLS全网状的一部分的N-PE能考虑访问PW作为AC和从该访问PW的向前流量对核心PWs。
  • 在N观点扫描器之间的核心PWs配置在VFI下为了保证水平分割规则应用对所有核心PWs配置在VFI下。
  • 从U观点扫描器的访问PWs没有配置在VFI下,因此他们不属于SHG和VFI PWs一样。流量可以从对VFI PW的一访问PW转发反之亦然。
  • U观点扫描器能使用PW冗余功能为了有主要的PW到主要的N-PE和有待机PW到待机N-PE。当主要的PW断开,待机接管。

这是U-PE1的示例(10.0.0.15)配置与对N-PE1 (10.0.0.11)和N-PE2 (10.0.0.12)的PW冗余:

RP/0/RP0/CPU0:U-PE1#sh run int ten 0/1/0/5.2
interface TenGigE0/1/0/5.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

RP/0/RP0/CPU0:U-PE1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p engineering-0-1-0-5
interface TenGigE0/1/0/5.2
neighbor 10.0.0.11 pw-id 15
backup neighbor 10.0.0.12 pw-id 15
!
!
!
!
!

RP/0/RP0/CPU0:U-PE1#sh l2vpn xconnect group customer1
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ---------------------- -----------------------------
customer1 engineering-0-1-0-5
UP Te0/1/0/5.2 UP 10.0.0.11 15 UP
Backup
10.0.0.12 15 SB
---------------------------------------------------------------------------------

对10.0.0.12的PW在备用状态。在N-PE1,有不在VFI下对10.0.0.15的一访问PW和AC。

N-PE1学习在访问PW和VFI PWs的一些MAC地址:

RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain 
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: up, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:N-PE1#sh l2vpn forwarding bridge-domain customer1:engineering
mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0024.985e.6a42 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A

在N-PE2 (10.0.0.12),访问PW在备用状态:

RP/0/RSP0/CPU0:N-PE2#sh run l2vpn bridge group customer1 bridge-domain 
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
neighbor 10.0.0.15 pw-id 15
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!
RP/0/RSP0/CPU0:N-PE2#sh l2vpn bridge-domain bd-name engineering
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 1, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/1/0/3.2, state: up, Static MAC addresses: 0
List of Access PWs:
Neighbor 10.0.0.15 pw-id 15, state: standby, Static MAC addresses: 0
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0

4.4.6分开的展望期组(SHGs)

水平分割规则指明在一个VFI接收的帧PW不可能在另一个VFI PW转发。应该充分地网状连接VFI N观点扫描器。

此分开的展望期通过SHG被强制执行:

  • 从一个SHG的成员不彼此传送帧,然而能传送帧到其他SHGs的成员。
  • 默认情况下所有VFI PWs分配到SHG 1。这保证没有在VFI PWs之间的转发,以便水平分割规则被强制执行。因为他们不作为同样SHG的部分,在VFI接收的数据包PW可以转发到ACs和访问PWs。
  • 默认情况下所有ACs和访问PWs不作为SHG组的部分,因此意味着在AC接收的数据包或访问PW可以转发到另一AC或访问在同一个网桥域的PW。
  • ACs和访问PWs可以分配到与group命令的水平分割的SHG 2目标是否是防止转发在他们之间。
RP/0/RSP0/CPU0:N-PE1#sh run l2vpn bridge group customer1 bridge-domain 
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
split-horizon group
!
interface GigabitEthernet0/1/0/3.2
split-horizon group
!
neighbor 10.0.0.15 pw-id 15
split-horizon group
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

在此配置中,没有在美国兵0/0/0/1.2之间的转发和美国兵0/1/0/3.2,美国兵0/0/0/1.2和10.0.0.15或者美国兵0/1/0/3.2和10.0.0.15。但是可以仍然有在ACs和VFI PWs之间的流量转发,因为他们是另外SHGs的一部分(1和2)。

RP/0/RSP0/CPU0:N-PE1#sh l2vpn bridge-domain bd-name engineering detail  | 
i "state is|List of|VFI|Split"
Split Horizon Group: none
ACs: 2 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/0/0/1.2, state is unresolved
Split Horizon Group: enabled
AC: GigabitEthernet0/1/0/3.2, state is up
Split Horizon Group: enabled
List of Access PWs:
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
Split Horizon Group: enabled
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
VFI Statistics:

4.4.7冗余

为引入冗余,您也许有双重附加对VPLS域的站点:

116453-technote-ios-xr-l2vpn-25.jpg


如果主机连接对switch1发送广播, switch1寄它给router1和对switch2。Router1有PWs全网状,那么有PW对router2,并且router1转送在该PW的广播。Router2转送广播对switch2,寄它给switch1。这导致一条物理环路。

4.4.7.1生成树

因为该实施发送在主接口的MST BPDU为了控制所有VLAN的转发状态在该接口的全双工MST实施不与VPLS一起使用。使用VPLS,有每个网桥域的VFIs,因此您不能发送在一主接口的BPDU所有的那些VFIs。

默认情况下生成树BPDU在VPLS和点到点PWs传输。

如果switch1和switch2发送每VLAN BPDU或无标记MST BPDU,并且,如果BPDU匹配在router1和router2的l2transport子接口, BPDU通过VPLS传输。交换机看到在Gi0/1接口的彼此的BPDU和生成树中断环路并且阻塞一个端口。

Switch2是VLAN 2的根:

switch2#sh spanning-tree vlan 2

MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0024.985e.6a00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Desg FWD 20000 128.1 P2p Bound(PVST)
Gi0/2 Desg FWD 20000 128.2 P2p Bound(PVST)

Switch1有其Gi0/1的根端口并且是阻塞美国兵0/2 :

switch1#sh spanning-tree vlan 2

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0024.985e.6a00
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p

问题是BPDU也传输到远程站点,并且生成树不稳定性在一个站点传播到整个场地连接对VPLS域。隔离每个站点和不传输在VPLS的BPDU是更加安全的。

一解决方案是使用STP的接入网关版本。这是协议的一个有限的实施, L2VPN观点扫描器配置发送一些静态BPDU为了看上去已连接对生成树根。L2VPN PE不传输从CES接收的BPDU到远程站点,因此每个站点有其自己的生成树域。

4.4.7.2 MSTAG

按照生成树部分说明, MST发送无标记BPDU,但是这些BPDU控制所有VLAN的转发状态在接口的。

VLAN可以分组到多个实例,并且每个实例有其自己的转发状态。

VLAN通常分组,以便流量可以均匀地被传播在多条路径之间。当有两个路径时,流量的半属于在第二个路径转发在第一个路径和阻塞的实例。流量的另外一半属于在第一路径和转发阻塞在第二个路径的实例。这允许在两个路径之间的负载均衡在稳定情况下。否则,您有通常地完全阻塞并且变得激活的一个路径,只有当主路径发生故障时。

这是典型MSTAG拓扑:

116453-technote-ios-xr-l2vpn-26.jpg


在此实验室示例中,实例1有VLAN 2,并且实例0有其他VLAN。(在一个更加可实现的方案, VLAN被传播在多个实例之间为了完成在实例之间的良好的交通负载均衡。)由于一些VLAN比其他有更多流量,总是没有VLAN同一数量在每个实例的。

这是MST实例的0配置:

  • Router1和router2发送根据MSTAG配置的一些静态BPDU。他们不处理从网络的流入BPDU也不尝试运行完整实施。使用MSTAG,根据他们的MSTAG配置的两个L2VPN观点扫描器发送静态BPDU。
  • Router1通过是出现配置为了吸引流量实例0该实例的根。
  • 例如Router2配置以第二个最佳根优先级0,因此在router1失败或AC失败的情况下变为新的根在switch1和router1之间。
  • Switch2配置以在端口Gi0/1的一高spanning-tree cost对router2为了保证其根的主路径在Gig 0/2通过switch1和router1。
  • 万一根丢失, Switch2选择美国兵0/2作为instance0的根端口并且选择Gi0/1作为备选端口。
  • 因此,从该站点的流量属于实例0的VLAN的通过router1到达在VPLS的其他站点。

MST实例1 (VLAN 2),配置被倒转:

  • Router2通过是出现配置为了吸引流量实例1该实例的根。
  • 例如Router1配置以第二个最佳根优先级1,因此在router2失败或AC失败的情况下变为新的根在switch2和router2之间。
  • Switch1配置以在端口Gi0/1的一高spanning-tree cost对router1为了保证其根的主路径在Gig 0/2通过switch2和router2。
  • 万一根丢失,例如Switch1选择美国兵0/2作为根端口1并且选择Gi0/1作为备选端口。
  • 因此,从该站点的流量属于实例1 (在本例中的VLAN 2的) VLAN的通过router2到达在VPLS的其他站点。
  • 必须有在router1和router2的一子接口为了捉住无标记TCN和通过对另一个路由器的一点对点PW转发他们。由于switch1和switch2可能丢失他们的直接链接和变得隔离从彼此, router1和router2必须通过该点对点PW转发在他们之间的TCN。
  • 观点扫描器拦截TCN,也冲洗他们的MAC地址表,并且发送LDP MAC撤退对远程观点扫描器。

这是在router1的配置:

RP/0/RSP0/CPU0:router1#sh run int gigabitEthernet 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!

RP/0/RSP0/CPU0:router1#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

RP/0/RSP0/CPU0:router1#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!

RP/0/RSP0/CPU0:router1#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0001
instance 0
root-id 0000.0000.0001
priority 4096
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 8192
root-priority 4096
!
!
!

RP/0/RSP0/CPU0:router1#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0001
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3048
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 369
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 322

在此配置中,请注释那:

  • 在MST实例0,根网桥是0000.0000.0001,是router1网桥ID。
  • 在MST实例1,根网桥是0000.0000.0002,是router2网桥ID。
  • router1网桥优先级是4096在实例1的实例0 (变为根)和8192 (变为第二个最佳根)。
  • router1网桥优先级是8192在实例1的实例0 (变为第二个最佳根)和4096 (变为根)。
  • 在GigabitEthernet0/1/0/3.1的点到点交叉连接运载无标记MST TCN到另一个路由器。

出口ACL在dot1q子接口配置为了下降也许由另一个站点发送未被移植到MST的每VLAN BPDU。当接收在为MST时,配置的接口的每VLAN BPDU此配置防止CE交换机宣称接口作为不一致。

在router2的配置是非常类似的:

RP/0/RSP0/CPU0:router2#sh run int gig 0/1/0/3.*
interface GigabitEthernet0/1/0/3.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
ethernet-services access-group filter-stp egress
!

RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/1/0/3.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

RP/0/RSP0/CPU0:router2#sh run l2vpn xconnect group customer1
l2vpn
xconnect group customer1
p2p mstag-gi-0-1-0-3
interface GigabitEthernet0/1/0/3.1
neighbor 10.0.0.13 pw-id 103
!
!
!
!

RP/0/RSP0/CPU0:router2#sh run spanning-tree mstag customer1-0-1-0-3
spanning-tree mstag customer1-0-1-0-3
interface GigabitEthernet0/1/0/3.1
name customer1
revision 1
bridge-id 0000.0000.0002
instance 0
root-id 0000.0000.0001
priority 8192
root-priority 4096
!
instance 1
vlan-ids 2
root-id 0000.0000.0002
priority 4096
root-priority 4096
!
!
!

RP/0/RSP0/CPU0:router2#sh spanning-tree mstag customer1-0-1-0-3
GigabitEthernet0/1/0/3.1
Pre-empt delay is disabled
Name: customer1
Revision: 1
Max Age: 20
Provider Bridge: no
Bridge ID: 0000.0000.0002
Port ID: 1
External Cost: 0
Hello Time: 2
Active: yes
BPDUs sent: 3186
MSTI 0 (CIST):
VLAN IDs: 1,3-4094
Role: Designated
Bridge Priority: 8192
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0001
Root Priority: 4096
Topology Changes: 365
MSTI 1
VLAN IDs: 2
Role: Designated
Bridge Priority: 4096
Port Priority: 128
Cost: 0
Root Bridge: 0000.0000.0002
Root Priority: 4096
Topology Changes: 177

这是在交换机1的基本配置:

switch1#sh run | b spanning-tree
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch1#sh run int gig 0/1 | i spanning
spanning-tree mst 1 cost 100000

switch1#sh spanning-tree

MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p



MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p

因此,在实例0的流量通过router1转发,并且在实例1的流量通过switch2和router2转发。

在switch2的配置使用命令和switch1一样:

switch2#sh run | b spanning
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name customer1
revision 1
instance 1 vlan 2
!
switch2#sh run int gig 0/1 | i spanning
spanning-tree mst 0 cost 100000

switch2#sh spanning-tree

MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 100000 128.1 P2p
Gi0/2 Root FWD 20000 128.2 P2p



MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p

Switch2通过通过switch1和router1 instance0的和router2 instance1的。

流量loadbalanced,因为一个实例通过router1退出站点,并且另一个实例通过router2退出站点。

如果router1和switch1之间的链路发生故障,两个实例通过router2。

switch1#sh spanning-tree

MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p



MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 40000
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.552b.b580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/2 Root FWD 20000 128.2 P2p


switch2#sh spanning-tree

MST0
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0000.0000.0001
Cost 0
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 100000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p



MST1
Spanning tree enabled protocol mstp
Root ID Priority 4097
Address 0000.0000.0002
Cost 20000
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.985e.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 20000 128.1 P2p
Gi0/2 Desg FWD 20000 128.2 P2p

因为路径到第二个最佳根已经选择作为备选路径,快速收敛在此种失败方面可以完成。使用MSTAG, MST BPDU没有在VPLS传输,因此站点从不稳定性隔离在其他站点。

4.4.7.3 PVSTAG或PVRSTAG

MSTAG是VPLS的首选的接入网关协议,因为使用快速生成树,并且,因为是可扩展与其使用实例而不是在每个VLAN的BPDU。

如果站点不可能被移植到MST,并且唯一的解决方案将继续运行PVST+或PVRST,您能使用PVSTAG或PVRSTAG,但是实施对一特定拓扑被限制:

116453-technote-ios-xr-l2vpn-27.jpg


在此拓扑方面,最重要的限制是只可以有一CE交换机。您不能有两交换机正如在MSTAG拓扑。在MSTAG中,您能配置点对点PW为了传输未标签的数据流(包括BPDU TCN)从一个PE到其他,当站点拆分到两部分时。使用PVST和PVRST, TCN发送标记了,因此他们匹配子接口和在VPLS将传输的数据流一样。路由器将必须识别根据MAC地址和协议类型的BPDU为了转发TCN到另一侧。由于当前不支持这,只有需求有一个CE设备。

在版本的另一个需求早于Cisco IOS XR软件版本4.3.0是捆绑接口不可能使用作为ACs。此限制在Cisco IOS XR软件版本4.3.0放松了。

原理是相同的如同MSTAG。PVSTAG路由器发送静态BPDU,以便CE看上去连接到直接地连接到有开销0。为了负载均衡的交换机(虚拟)根流量,一些VLAN可以配置与在router3的根和其他用在router4的根。

这是在router3的配置示例:

RP/0/RSP1/CPU0:router3#sh run int gigabitEthernet 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

RP/0/RSP1/CPU0:router3#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0001
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0001
!
!
!

RP/0/RSP1/CPU0:router3#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0001
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202821
Topology Changes: 0

这是在router4的配置示例:

RP/0/RSP1/CPU0:router4#sh run int gig 0/0/0/1.*
interface GigabitEthernet0/0/0/1.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP1/CPU0:router4#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface GigabitEthernet0/0/0/1.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface GigabitEthernet0/0/0/1.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!

RP/0/RSP1/CPU0:router4#sh run spanning-tree pvstag customer1-0-0-0-1
spanning-tree pvstag customer1-0-0-0-1
interface GigabitEthernet0/0/0/1
vlan 2
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 1
bridge-id 0000.0000.0002
!
vlan 3
root-priority 0
root-id 0000.0000.0000
root-cost 0
priority 0
bridge-id 0000.0000.0002
!
!
!

RP/0/RSP1/CPU0:router4#sh spanning-tree pvstag customer1-0-0-0-1
GigabitEthernet0/0/0/1
VLAN 2
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.2 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 1
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0
VLAN 3
Pre-empt delay is disabled
Sub-interface: GigabitEthernet0/0/0/1.3 (Up)
Max Age: 20
Root Priority: 0
Root Bridge: 0000.0000.0000
Cost: 0
Bridge Priority: 0
Bridge ID: 0000.0000.0002
Port Priority: 128
Port ID 1
Hello Time: 2
Active: Yes
BPDUs sent: 202799
Topology Changes: 0

这是在CE switch3的配置示例:

switch3#sh spanning-tree vlan 2

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p

switch3#sh spanning-tree vlan 3

VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 0
Address 0000.0000.0000
Cost 4
Port 2 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 001d.4603.1f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/1 Altn BLK 4 128.1 P2p
Gi0/2 Root FWD 4 128.2 P2p

PVSTAG的配置非常类似于MSTAG,除了根优先级和主网关的优先级配置,当4096和备份网关的优先级配置作为8192在MSTAG示例。

在域的其他交换机高于在PVSTAG或PVRSTAG配置的那个应该有优先级。

您能调整在CE交换机的接口开销为了影响哪个端口变为根端口,并且哪个端口阻塞。

4.4.7.4 MC-LAG

与VPLS的MC-LAG配置比与双向PW冗余的点到点PWs简单。而不是一主要的PW和三待机PWs,仅观点扫描器需要VPLS PWs全网状,是标准与VPLS :

116453-technote-ios-xr-l2vpn-28.jpg


在此拓扑方面,请注释那:

  • MC-LAG运行在左边的两VPLS观点扫描器之间:router2和router4。
  • 通常情况下,捆绑成员是活跃的在router1和router2之间和在router1和router4之间的备用状态。
  • Router2有套件子接口配置在VPLS网桥域下,因此router2寄流量给远程VPLS观点扫描器。有在拓扑图中说明的两个站点,但是可能有许多。
  • 远程观点扫描器通过router2学习从router1和设备的MAC地址后边,因此这些目标MAC地址的观点扫描器转发流量通过router2。
  • 当router1和router2之间的链路断开时或,当router2断开时,在router1和router4之间的捆绑成员去激活。
  • 类似路由器2, router4有其套件子接口配置在VPLS网桥域下。
  • 当套件子接口在router4出来, router4发送LDP MAC对远程VPLS观点扫描器的撤退消息为了告诉他们有拓扑更改。

这是在router3的配置:

RP/0/RSP1/CPU0:router3#sh run redundancy
redundancy
iccp
group 2
mlacp node 1
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.14
!
backbone
interface TenGigE0/0/0/0
interface TenGigE0/0/0/1
!
isolation recovery-delay 300
!
!
!

RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mlacp port-priority 1
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!

RP/0/RSP1/CPU0:router3#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP1/CPU0:router3#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

一旦MC-LAG套件配置,请添加它在VPLS配置下类似所有其他AC。

这是在router5的对应的配置:

RP/0/RSP1/CPU0:router5#sh run redundancy
redundancy
iccp
group 2
mlacp node 2
mlacp system mac 0200.0000.0002
mlacp system priority 1
mlacp connect timeout 0
member
neighbor 10.0.0.13
!
backbone
interface TenGigE0/1/0/0
interface TenGigE0/1/0/1
!
isolation recovery-delay 300
!
!
!

RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222
interface Bundle-Ether222
lacp switchover suppress-flaps 100
mlacp iccp-group 2
mlacp switchover type revertive
mlacp switchover recovery-delay 40
mac-address 0.0.2
bundle wait-while 0
bundle maximum-active links 1
load-interval 30
!

RP/0/RSP1/CPU0:router5#sh run int bundle-ether 222.*
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!

RP/0/RSP1/CPU0:router5#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
!
!
!
!

在正常情况下,在router3之间的捆绑成员和router6是活跃的,并且在router5和router6之间的成员在备用状态:

RP/0/RSP1/CPU0:router3#sh bundle bundle-ether 222

Bundle-Ether222
Status: Up
Local links : 1 / 0 / 1
Local bandwidth : 1000000 (1000000) kbps
MAC address (source): 0000.0000.0002 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 1
Wait while timer: Off
Load balancing: Default
LACP: Operational
Flap suppression timer: 100 ms
Cisco extensions: Disabled
mLACP: Operational
ICCP Group: 2
Role: Active
Foreign links : 0 / 1
Switchover type: Revertive
Recovery delay: 40 s
Maximize threshold: 1 link
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps
-------------------- ------------ ----------- -------------- ----------
Gi0/0/0/1 Local Active 0x0001, 0x9001 1000000
Link is Active
Gi0/0/0/1 10.0.0.14 Standby 0x8000, 0xa002 1000000
Link is marked as Standby by mLACP peer
RP/0/RSP1/CPU0:router3#

router6#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+---------------------------------------------
2 Po2(SU) LACP Gi0/1(P) Gi0/2(w)

router6#

从CE的流量在router3接收并且转发对远程观点扫描器:

RP/0/RSP1/CPU0:router3#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0

RP/0/RSP1/CPU0:router3#sh l2vpn forwarding bridge-domain customer1:
engineering mac location 0/0/CPU0

To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
001d.4603.1f01 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic BE222.2 0/0/CPU0 0d 0h 0m 0s N/A
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A

最后命令说明router3学习在其套件的一些MAC地址,并且激活成员是在router3。在router5,因为本地成员在备用状态,没有在套件了解的MAC地址:

RP/0/RSP1/CPU0:router5#sh l2vpn forwarding bridge-domain customer1:engineering 
mac location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.11, 2) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f01 dynamic (10.0.0.13, 2) 0/0/CPU0 0d 0h 0m 0s N/A

当在router3和router6之间的捆绑成员断开时,捆绑成员变得激活在router5。MC-LAG VPLS观点扫描器发送LDP MAC撤退消息,以便远程观点扫描器清除他们的MAC地址表和通过新的激活MC-LAG PE router5了解MAC地址。

当激活MC-LAG捆绑成员从router3移动到router5时, Router2收到从router3和router5的MAC撤退消息:

RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1 detail | 
i "state is|withd|bridge-domain"
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/1/0/3.3, state is up
PW: neighbor 10.0.0.12, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 3, state is up ( established )
MAC withdraw message: send 0 receive 1
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
AC: GigabitEthernet0/0/0/1.2, state is unresolved
AC: GigabitEthernet0/1/0/3.2, state is up
PW: neighbor 10.0.0.15, PW ID 15, state is up ( established )
MAC withdraw message: send 2 receive 0
PW: neighbor 10.0.0.12, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 0
PW: neighbor 10.0.0.13, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1
PW: neighbor 10.0.0.14, PW ID 2, state is up ( established )
MAC withdraw message: send 0 receive 1

在router2的MAC地址从router3 (10.0.0.13)移动向router5 (10.0.0.14) :

RP/0/RSP0/CPU0:router2#sh l2vpn forwarding bridge-domain customer1:
engineering mac-address location 0/0/CPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location

Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
-----------------------------------------------------------------------------
6c9c.ed3e.e46d dynamic (10.0.0.15, 15) 0/0/CPU0 0d 0h 0m 0s N/A
0019.552b.b5c3 dynamic (10.0.0.12, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f02 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A
001d.4603.1f42 dynamic (10.0.0.14, 2) 0/0/CPU0 0d 0h 0m 0s N/A

使用MC-LAG,站点能使用一个套件附加到其他站点通过VPLS。MC-LAG提供链路和PE冗余,但是逻辑上它仍然是到达其他站点的一捆绑接口。生成树在该套件没有要求,并且BPDU过滤器在CE可能配置为了保证BPDU没有交换在VPLS的站点之间。

另一个选项是配置以太网服务access-list在套件的ACs为了丢弃BPDU的目标MAC地址,因此BPDU没有传输在站点之间。然而,如果一条背后链路介绍在站点之间,生成树不能中断环路,因为在MC-LAG套件不运行。因此,是否请仔细评估禁用在MC-LAG的生成树捆绑。如果在站点之间的拓扑仔细维护,通过MC-LAG有冗余没有对生成树的需要好的。

4.4.7.5 ASR 9000 nV边缘团星

MC-LAG解决方案提供了冗余,不用需要使用生成树。一个缺点是一个MC-LAG PE的捆绑成员在备用状态,因此它是不最大化链路使用情况的激活待机解决方案。

另一个设计选项是使用ASR 9000 nV边缘集群,以便CES能有同时是所有活跃的捆绑成员到每集群货架:

116453-technote-ios-xr-l2vpn-29.jpg

此解决方案的另一个好处是减少PWs编号,因为只有每集群一PW其中每一的集群在每个站点。当有两观点扫描器每个站点时,每个PE必须有PW到两观点扫描器中的每一个在每个站点。

配置的简单是另一个好处。配置看似类似与一个网桥域的一非常基本VPLS配置与套件ACs和VFI PWs :

RP/1/RSP0/CPU0:router2#sh bundle bundle-ether 222

Bundle-Ether222
Status: Up
Local links : 2 / 0 / 2
Local bandwidth : 20000000 (20000000) kbps
MAC address (source): 0024.f71e.d309 (Configured)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64
Wait while timer: 2000 ms
Load balancing: Default
LACP: Not operational
Flap suppression timer: Off
Cisco extensions: Disabled
mLACP: Not configured
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps
-------------------- ------------- ----------- -------------- ----------
Te0/0/0/8 Local Active 0x8000, 0x0005 10000000
Link is Active
Te1/0/0/8 Local Active 0x8000, 0x0001 10000000
Link is Active

RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.2
interface Bundle-Ether222.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!

RP/1/RSP0/CPU0:router2#sh run int bundle-ether 222.3
interface Bundle-Ether222.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!

RP/1/RSP0/CPU0:router2#sh run l2vpn bridge group customer1
l2vpn
bridge group customer1
bridge-domain finance
interface Bundle-Ether222.3
!
vfi customer1-finance
neighbor 10.0.0.11 pw-id 3
!
neighbor 10.0.0.12 pw-id 3
!
neighbor 10.0.0.13 pw-id 3
!
neighbor 10.0.0.14 pw-id 3
!
!
!
bridge-domain engineering
interface Bundle-Ether222.2
!
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

RP/1/RSP0/CPU0:router2#sh l2vpn bridge-domain group customer1
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: finance, id: 3, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-finance (up)
Neighbor 10.0.0.11 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 3, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 3, state: up, Static MAC addresses: 0
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 4 (4 up), PBBs: 0 (0 up)
List of ACs:
BE222.2, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI customer1-engineering (up)
Neighbor 10.0.0.11 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.12 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.13 pw-id 2, state: up, Static MAC addresses: 0
Neighbor 10.0.0.14 pw-id 2, state: up, Static MAC addresses: 0

双重归属套件的AC提供冗余给两货架,以便套件在捆绑成员失败或货架失败的情况下保持。

当站点附加对VPLS仅域通过集群时,拓扑类似于MC-LAG关于生成树。生成树在该套件不所以要求,并且BPDU过滤器在CE可能配置为了保证BPDU没有交换在VPLS的站点之间。

另一个选项是配置以太网服务access-list在套件的ACs为了丢弃BPDU的目标MAC地址,因此BPDU没有传输在站点之间。然而,如果一条背后链路介绍在站点之间,生成树不能中断环路,因为在CE-PE套件不运行。因此,是否请仔细评估禁用在该CE-PE的生成树捆绑。如果在站点之间的拓扑仔细维护,通过集群有冗余没有对生成树的需要好的。

4.4.7.6 ICCP根据服务多链路(ICCP-SM) (PMCLAG (假MCLAG)和主动/主动)

有在版本4.3.1介绍的新特性为了解决限制关于MC-LAG,一些捆绑链路未使用,虽然他们在备用模式依然是。在新特性,呼叫Pseudo MCLAG,所有从DHD的链路到Point.of.attachment (POA)是在使用中,但是VLAN拆分区别套件之间:

116453-technote-ios-xr-l2vpn-29a.jpg

4.5流量风暴控制

在L2广播域,有风险主机也许行为不端和发送在网桥域必须充斥到处广播或组播帧的高速率。另一种风险是由生成树不是残破的)的创建L2环路(导致广播和组播信息包循环。广播和组播信息包高速率影响主机的性能在广播域的。

在网络的交换性能设备也许受一被输入的帧的也影响(广播,组播或未知单播帧)的复制对网桥域的多个输出端口。同一数据包的多个副本的创建可以是资源加强,根据数据包必须复制的地方在设备里面。例如,复制对多不同的slot的一广播不是问题由于结构的组播复制功能。网络处理器的性能也许被影响,当必须创建在一些端口时将发送的同一数据包的多个副本网络处理器处理。

为了在风暴的情况下保护设备,流量风暴控制功能让您配置在网桥域AC和未知单播将接受的最大速率广播、组播。请参阅Cisco ASR 9000系列聚合服务路由器系统安全配置指南,版本4.3.x :实现流量风暴请控制在一VPLS网桥下关于详细信息。

套件AC接口或VFI PWs不支持,然而非捆绑ACs和访问PWs支持流量风暴控制。默认情况下功能禁用;除非设置风暴控制,您接受任何速率广播,组播和未知单播。

这是配置示例:

RP/0/RSP0/CPU0:router2#sh run l2vpn bridge group customer1 bridge-domain 
engineering
l2vpn
bridge group customer1
bridge-domain engineering
interface GigabitEthernet0/1/0/3.2
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
neighbor 10.0.0.15 pw-id 15
storm-control unknown-unicast pps 10000
storm-control multicast pps 10000
storm-control broadcast pps 1000
!
vfi customer1-engineering
neighbor 10.0.0.10 pw-id 2
!
neighbor 10.0.0.12 pw-id 2
!
neighbor 10.0.0.13 pw-id 2
!
neighbor 10.0.0.14 pw-id 2
!
!
!
!
!

RP/0/RSP0/CPU0:router2#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 5, state: up,
ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 6
Filter MAC addresses:
Create time: 28/05/2013 17:17:03 (1w1d ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 5 (5 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.2, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1500; XC ID 0xc40007; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control:
Broadcast: enabled(1000)
Multicast: enabled(10000)
Unknown unicast: enabled(10000)
Static MAC addresses:
Statistics:
packets: received 251295, sent 3555258
bytes: received 18590814, sent 317984884
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
<snip>

风暴控制丢弃计数器总是存在detail命令显示l2vpn的网桥域的输出中。默认情况下由于功能禁用,报告丢包的计数器开始,只有当功能配置。

配置速率也许变化在从一网络的流量模式到另一网络。在正常情况下在配置速率前,思科推荐您了解速率广播,组播或未知单播帧。然后请添加在配置速率的毛利在正常速率上。

4.6 MAC移动

在网络不稳定性的情况下类似接口摆动, MAC地址也许从新接口了解。这是正常的网络收敛,并且mac-address-table动态地更新。

然而,在L2环路期间,常数MAC移动经常指示网络不稳定性,例如严重不稳定性。MAC地址安全功能让您报告MAC移动和采取纠正措施例如关闭一个触犯的端口。

即使纠正措施没有配置,您能配置logging命令,因此您警告网络不稳定性通过MAC移动消息:

l2vpn
bridge group customer1
bridge-domain engineering
mac
secure
action none
logging
!
!

在本例中,操作配置对无,因此什么都没有完成,当MAC移动检测时,除了系统消息被记录。这是示例消息:

LC/0/0/CPU0:Dec 13 13:38:23.396 : l2fib[239]: 
%L2-L2FIB-5-SECURITY_MAC_SECURE_VIOLATION_AC : MAC secure in AC
GigabitEthernet0_0_0_4.1310 detected violated packet - source MAC:
0000.0000.0001, destination MAC: 0000.0001.0001; action: none

4.7监听的IGMP和的MLD

默认情况下,组播帧被充斥到网桥域的所有端口。当您使用时高速率放出类似IP电视(IPTV)服务,也许有在多个PWs转发在所有端口和复制的巨大数量的流量。如果所有TV数据流转发一个接口,这也许拥塞端口。唯一选择是一个功能的配置例如监听的IGMP或的MLD,截断组播控制数据包为了跟踪接收方和组播路由器和转发数据流在端口,只有若适合。

欲知关于这些功能的详情,请参阅Cisco ASR 9000系列聚合服务路由器组播配置指南,版本4.3.x

5. 另外的L2VPN主题

注意

使用命令查找工具仅限注册用户)可获取有关本部分所使用命令的详细信息。

命令输出解释程序工具仅限注册用户)支持某些 show 命令。请使用Output Interpreter Tool为了查看show命令输出分析。

5.1负载均衡

当L2VPN PE需要发送在MPLS PW时的一帧,以太网帧被封装到一MPLS帧用一个或更多MPLS标签;或许有至少一个PW标签和IGP标签为了到达远程PE。

MPLS帧通过对远程L2VPN PE的MPLS网络传输。典型地有到达目的地PE的多条路径:

116453-technote-ios-xr-l2vpn-30.jpg

注意:不是所有的链路在此图表中代表。

PE1能选择在P1和P2之间作为往PE2的第一个MPLS P路由器。如果P1选择,然后PE1选择在P3和P4之间,等等。可用路径根据IGP拓扑和MPLS TE隧道路径。

MPLS服务提供商喜欢有所有链路均等地使用而不是与其他利用不足的链路的一阻塞链路。此目标总是不是容易达到,因为某PWs比其他运载更多流量,并且,因为由PW流量的路径取决于用于核心的哈希算法。多个高带宽PWs也许被切细到同样链路,创建拥塞。

一个非常重要需求是从一个流的所有信息包应该跟随同一个路径。否则,这导致故障中帧,也许影响质量或应用程序的性能。

在MPLS网络的负载均衡在Cisco路由器典型地根据跟随底部MPLS标签的数据。

  • 如果在底部标签之后的数据从0x4或0x6开始, MPLS P路由器假设,有一IPv4或IPv6数据包在MPLS数据包里面并且试对根据从帧解压缩的源和目的IPv4或IPv6地址的哈希的负载均衡。在理论上,这不应该适用于在PW被封装并且传输的以太网帧,因为目标MAC地址跟随底部标签。但是从0x4和0x6开始的一些MAC地址范围最近分配。MPLS P路由器也许不正确地考虑以太网报头实际上是IPv4报头,并且切细帧根据什么假设是IPv4源地址和目的地址。从PW的以太网帧也许在MPLS核心的不同的路径被切细,导致out-of-sequence在PW和应用程序质量问题的帧。解决方案是控制字的配置在可以附加到点对点或VPLS PW的PW中集集团下。控制字在MPLS标签之后插入。控制字不从0x4或0x6开始,因此问题避免。

    RP/1/RSP0/CPU0:router#sh run l2vpn bridge group customer1 bridge-domain 
    engineering
    l2vpn
    pw-class control-word
    encapsulation mpls
    control-word
    !
    !
    bridge group customer1
    bridge-domain engineering
    vfi customer1-engineering
    neighbor 10.0.0.11 pw-id 2
    pw-class control-word
    !
    <snip>
    RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
    Legend: pp = Partially Programmed.
    Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
    ShgId: 0, MSTi: 0
    <snip>
    List of VFIs:
    VFI customer1-engineering (up)
    PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
    PW class control-word, XC ID 0xc000000a
    Encapsulation MPLS, protocol LDP
    Source address 10.0.0.10
    PW type Ethernet, control word enabled, interworking none
    Sequencing not set

    PW Status TLV in use
    MPLS Local Remote
    ------------ ------------------------------ ------------------
    Label 281708 16043
    Group ID 0x4 0x5
    Interface customer1-engineering customer1-engineering
    MTU 1500 1500
    Control word enabled enabled
    PW type Ethernet Ethernet
    VCCV CV type 0x2 0x2
    (LSP ping verification) (LSP ping verification)
    VCCV CC type 0x7 0x7
    (control word) (control word)
    (router alert label) (router alert label)
    (TTL expiry) (TTL expiry)
    ------------ ------------------------------ ------------------
  • 如果在MPLS标签栈的底部的之后数据不从0x4或0x6开始, P路由器负载均衡根据底部标签。从一PW的所有流量跟随同一个路径,因此无序信息包不发生,但是这也许导致在一些链路的拥塞在高带宽PWs的情况下。使用Cisco IOS XR软件版本4.2.1, ASR 9000支持流意识传输(FAT) PW功能。此功能在L2VPN观点扫描器运行,协商在点对点或VPLS之间PW的二末端。入口L2VPN PE检测在AC和L2VPN配置的流并且在PW MPLS标签之下插入一个新的MPLS流标签在MPLS标签栈的底部。入口PE检测流根据源及目的地MAC地址(默认)或源和目的IPv4地址(可配置)。使用MAC地址是默认;推荐使用IPv4地址,但是必须手工配置。

    使用FAT PW功能,入口L2VPN PE插入一个底下MPLS标签每src-dst-mac或每src-dst-ip。MPLS P路由器(在观点扫描器之间)切细在可用路径的帧,然后到达根据该FAT PW流标签的目的地PE在MPLS堆叠的底部。除非PW只运载很小数量src-dst-mac或src-dst-ip会话,这通常提供在核心的好带宽利用率。思科建议您使用一个控制字,因此您能避免有开始与0x4和0x6,在流标签之后的MAC地址。这保证哈希正确地根据假IP地址和没有根据流标签。

    使用此功能,从一PW的流量在核心的多条路径loadbalanced,当联机。应用流量不遭受无序信息包,因为从同样的所有流量来源(MAC或IP)对同一个目的地(MAC或IP)跟随同一个路径。

以下是一个配置示例:

l2vpn
pw-class fat-pw
encapsulation mpls
control-word
load-balancing
flow-label both
!
!
!
bridge group customer1
bridge-domain engineering
vfi customer1-engineering
neighbor 10.0.0.11 pw-id 2
pw-class fat-pw


RP/1/RSP0/CPU0:router#sh l2vpn bridge-domain bd-name engineering det
Legend: pp = Partially Programmed.
Bridge group: customer1, bridge-domain: engineering, id: 4, state: up,
ShgId: 0, MSTi: 0
<snip>
List of VFIs:
VFI customer1-engineering (up)
PW: neighbor 10.0.0.11, PW ID 2, state is up ( established )
PW class fat-pw, XC ID 0xc000000a
Encapsulation MPLS, protocol LDP
Source address 10.0.0.10
PW type Ethernet, control word enabled, interworking none
Sequencing not set
Load Balance Hashing: src-dst-ip
Flow Label flags configured (Tx=1,Rx=1), negotiated (Tx=1,Rx=1)

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ ------------------
Label 281708 16043
Group ID 0x4 0x5
Interface customer1-engineering customer1-engineering
MTU 1500 1500
Control word enabled enabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x7 0x7
(control word) (control word)
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ ------------------

5.2记录

不同种类的日志消息在L2VPN配置模式可以配置。请配置登陆命令的l2vpn收到L2VPN事件的Syslog警报,并且配置记录日志pseudowire为了确定,当PW状态变化:

l2vpn
logging
bridge-domain
pseudowire
nsr
!

如果许多PWs配置,消息也许充斥日志。

访问列表5.3以太网服务

如果路由器从在l2transport接口的一台主机得到数据包您能使用以太网服务access-list为了从特定主机降低流量或验证:

RP/0/RSP0/CPU0:router#sh run ethernet-services access-list count-packets
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3
20 permit any any
!

RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ethernet-services access-group count-packets egress
!

RP/0/RSP0/CPU0:router#sh access-lists ethernet-services count-packets
hardware egress location 0/1/CPU0
ethernet-services access-list count-packets
10 permit host 001d.4603.1f42 host 0019.552b.b5c3 (5 hw matches)
20 permit any any (30 hw matches)

硬件匹配能在硬件关键字仅看到。根据访问组的方向请使用入口出口关键字。access-list应用接口的线路卡位置也指定。

您能也应用一ipv4 access-list在l2transport接口作为安全或故障排除特性:

RP/0/RSP0/CPU0:router#sh run ipv4 access-list count-pings
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2
20 permit ipv4 any any
!

RP/0/RSP0/CPU0:router#sh run int gig 0/1/0/3.2
interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
ipv4 access-group count-pings ingress
!

RP/0/RSP0/CPU0:router#sh access-lists ipv4 count-pings hardware ingress
location 0/1/CPU0
ipv4 access-list count-pings
10 permit icmp host 192.168.2.1 host 192.168.2.2 (5 hw matches)
20 permit ipv4 any any (6 hw matches)

5.4以太网出口过滤器

在AC的输出方向,请假设没有确定出口VLAN标记的rewrite ingress tag pop <>对称命令。在那种情况下,没有检查为了保证流出的帧有正确VLAN标记根据encapsulation命令

以下是一个配置示例:

interface GigabitEthernet0/1/0/3.2 l2transport
encapsulation dot1q 2
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation dot1q 3
!
interface GigabitEthernet0/1/0/39.2 l2transport
encapsulation dot1q 2
!
l2vpn
bridge group customer2
bridge-domain test
interface GigabitEthernet0/1/0/3.2
!
interface GigabitEthernet0/1/0/3.3
!
interface GigabitEthernet0/1/0/39.2
!
!
!
!

在此配置中,请注释那:

  • 因为没有重写入口命令,广播接收与在GigabitEthernet0/1/0/39.2的一dot1q标记2保持其流入标记。
  • 该广播被充斥在GigabitEthernet0/1/0/3.2外面与其dot1q标记2,但是那不引起一问题,因为GigabitEthernet0/1/0/3.2也配置与dot1q标记2。
  • 该广播也被充斥在GigabitEthernet0/1/0/3.3外面,保持其原始标记2,因为没有重写on命令GigabitEthernet0/1/0/3.3。encapsulation dot1q 3 on命令GigabitEthernet0/1/0/3.3没有被登记输出方向。
  • 结果是,对于一广播的已接收与在GigabitEthernet0/1/0/39的标记2,有与标记2出去的两广播GigabitEthernet0/1/0/3。被复制的流量也许导致一些应用程序问题。
  • 解决方案是严格以太网出口过滤器的配置为了保证数据包离开与正确VLAN标记的子接口。否则,数据包没有转发和丢弃。
interface GigabitEthernet0/1/0/3.2 l2transport
ethernet egress-filter strict
!
interface GigabitEthernet0/1/0/3.3 l2transport
ethernet egress-filter strict
!


Document ID: 116453