配置电缆上的 GRE 通道
简介
本文包含电缆环境中的通用路由封装 (GRE) 的说明、配置和验证。GRE是Cisco开发的一种隧道协议,能够将广泛的协议信息包类型封装在IP隧道内。
开始使用前
规则
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
先决条件
本文档没有任何特定的前提条件。
使用的组件
本文档中的信息基于以下软件和硬件版本。
-
运行 Cisco IOS® 软件版本 12.1(5)T4 的电缆调制解调器 uBR924
注意: 虽然使用不同的思科IOS版本,可以在其他Cisco 有线调制解调器平台(如uBR904平台)上配置GRE通道,但是该功能正式支持的版本是Cisco IOS 12.1(5)T4 for uBR920 和Cisco IOS 12.1(3) for uBR910。
| 电缆调制解调器平台 | Cisco IOS 软件版本 |
|---|---|
| uBR920 | 12.1(5)T4 |
| uBR910 | 从 12.1(3) 及更高版本 |
要运行此配置,两个电缆调制解调器之间需要有 IP 连接。
本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。
背景理论
隧道建立提供将外国协议的信息包封装在传输协议内部的一种方式。通道实施作为一个虚拟接口,为配置提供简单接口。隧道接口不依赖于特定的乘客或传输协议,但是它是提供实施任何标准的点到点封装机制所需业务的体系结构。隧道是点对点链路,并且您必须为每条链路配置一个单独隧道。
GRE 创建经由 IP 互联网络连接远程点上 Cisco 路由器的虚拟点对点链接。通过在单协议骨干网环境连接多协议子网络,使用GRE的IP隧道允许网络扩展穿越整个单协议骨干网环境。有线调制解调器终端系统(CMTS)是兼容任意电缆传输数据服务接口规格(DOCSIS)的头端有线路由器,如Cisco UBR7246、uBR7223或uBR7246VXR。
配置
本部分提供有关如何配置本文档所述功能的信息。
网络图
本文档使用下图所示的网络设置。
此设置在两个电缆调制解调器 uBR924-ddd5 和 uBR924-b5db 之间创建一个隧道。以下示例使用两个 uBR924 和一个 uBR7246VXR。在此设置中,有线调制解调器的名称是ubr924-ddd5和ubr924-b5db,它们使用的是Cisco IOS版本12.1(5)T4。此隧道接口通过发出 interface tunnel 0 命令在全局配置模式中动态创建。
注意: 只要二个有线调制解调器之间有IP连接,那么uBR900 有线调制解调器就无需连接到同一个uBR7200 CMTS或同一个服务提供商网络上。
配置
本文档使用如下所示的配置。
注意: 粗体文本指 GRE 相关命令。注释为蓝色,指上一行。
| ubr924-ddd5 |
|---|
version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ubr924-ddd5 ! logging rate-limit console 10 except errors ! clock timezone - -80 ip subnet-zero no ip finger ! call rsvp-sync ! ! ! ! ! ! ! ! ! ! interface Tunnel0 !--- Tunnel interface 0. ip address 192.168.20.1 255.255.255.0 !--- IP address of the GRE tunnel interface 0. tunnel source Ethernet0 !--- IP source of the tunnel. It is best to make this an !--- interface with a public, routable IP address so that !--- it is reachable from the other endpoint of the tunnel. tunnel destination 11.11.11.11 !--- IP destination of the tunnel. Make sure this is !--- reachable via the ping command !--- Otherwise, the tunnel will not be created properly. ! interface Ethernet0 ip address 9.9.9.9 255.255.255.0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. ! interface cable-modem0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. cable-modem downstream saved channel 525000000 40 1 cable-modem mac-timer t2 40000 no cable-modem compliant bridge ! router rip version 2 passive-interface Tunnel0 !--- This command is used to avoid recursive routing. network 10.0.0.0 network 9.0.0.0 no auto-summary ! ip default-gateway 10.1.4.1 ip classless no ip http server no ip http cable-monitor ! snmp-server packetsize 4096 snmp-server manager ! voice-port 0 input gain -2 ! voice-port 1 input gain -2 ! ! line con 0 transport input none line vty 0 4 login ! end ubr924-ddd5# |
| ubr924-b5db |
|---|
version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ubr924-b5db ! logging rate-limit console 10 except errors enable password ww ! clock timezone - -80 ip subnet-zero no ip finger ! mgcp call rsvp-sync ! ! ! ! ! ! ! ! ! ! interface Tunnel0 !--- Tunnel interface 0 ip address 192.168.20.2 255.255.255.0 !--- IP address of the gre tunnel interface 0 tunnel source Ethernet0 !--- IP source of the tunnel. It is best to make this an !--- interface with a public, routable IP address so that !--- it is reachable from the other endpoint of the tunnel. tunnel destination 9.9.9.9 !--- IP destination of the tunnel. Make sure this is !--- reachable via the ping command !--- Otherwise, the tunnel will not be created properly. ! interface Ethernet0 ip address 11.11.11.11 255.255.255.0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. ! no ip route-cache no ip mroute-cache ! interface cable-modem0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. no ip route-cache no ip mroute-cache no cable-modem compliant bridge ! router rip version 2 passive-interface Tunnel0 !--- This command is used to avoid recursive routing. network 10.0.0.0 network 11.0.0.0 no auto-summary ! ip default-gateway 10.1.4.1 ip classless no ip http server no ip http cable-monitor ! snmp-server packetsize 4096 snmp-server manager ! voice-port 0 input gain -2 ! voice-port 1 input gain -2 ! ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 password ww login ! end ubr924-b5db# |
验证
本部分所提供的信息可用于确认您的配置是否正常工作。
输出解释器工具支持某些 show 命令(只限于注册用户),通过它可以查看 show 命令输出的分析。
验证CMTS (7246VXR)配置正确,并且调制解调器处于联机状态。CMTS 的配置如下所示。
7246VXR#show run
Building configuration...
Current configuration : 4579 bytes
!
! Last configuration change at 13:22:17 PDT Mon Feb 26 2001
! NVRAM config last updated at 13:22:46 PDT Mon Feb 26 2001
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
service linenumber
service udp-small-servers max-servers no-limit
!
hostname 7246VXR
!
logging buffered 1000000 debugging
logging rate-limit console 10 except errors
enable password cable
!
cable qos profile 8
cable qos profile 10
cable qos profile 10 grant-size 1500
cable qos profile 12 guaranteed-upstream 100000
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
clock timezone PDT -8
clock summer-time PDT recurring
clock calendar-valid
ip subnet-zero
no ip finger
!
interface Ethernet2/0
ip address 172.16.30.4 255.255.255.192
no ip mroute-cache
half-duplex
!
interface Cable4/0
ip address 172.16.29.1 255.255.255.224 secondary
ip address 10.1.4.1 255.255.255.0
no keepalive
cable downstream rate-limit token-bucket shaping
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 555000000
cable upstream 0 frequency 40000000
cable upstream 0 power-level 0
no cable upstream 0 shutdown
cable upstream 1 shutdown
cable upstream 2 shutdown
cable upstream 3 shutdown
cable upstream 4 shutdown
cable upstream 5 shutdown
cable dhcp-giaddr policy
cable helper-address 172.16.30.2
!
interface Cable5/0
ip address 172.16.29.225 255.255.255.224 secondary
ip address 10.1.5.1 255.255.255.0
load-interval 30
no keepalive
cable downstream rate-limit token-bucket shaping
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 620000000
cable upstream 0 frequency 25008000
cable upstream 0 power-level 0
no cable upstream 0 shutdown
no cable upstream 1 shutdown
cable dhcp-giaddr policy
!
router eigrp 202
redistribute connected
redistribute static
network 10.0.0.0
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
router rip
version 2
redistribute connected
redistribute static
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip default-gateway 172.16.30.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.30.1
ip route 172.16.30.0 255.255.255.0 Ethernet2/0
ip http server
ip http authentication local
!
access-list 188 permit tcp any any eq www log
access-list 188 permit ip any any
route-map docsis permit 10
!
snmp-server engineID local 00000009020000E01ED77E40
snmp-server community public RO
snmp-server community private RW
line con 0
exec-timeout 0 0
transport input none
line aux 0
speed 19200
line vty 0 4
session-timeout 60
exec-timeout 0 0
!
ntp clock-period 17179973
end
7246VXR#show cable modem
Interface Prim Online Timing Rec QoS CPE IP address MAC address
Sid State Offset Power
Cable4/0/U0 69 online 2812 0.25 5 0 10.1.4.3 0002.1685.b5db
Cable4/0/U0 70 online 2288 0.00 5 0 10.1.4.6 0010.7bed.9b23
Cable4/0/U0 71 online 2289 0.50 5 0 10.1.4.2 0010.7bed.9b45
Cable4/0/U0 72 online 2812 0.00 5 0 10.1.4.4 0002.fdfa.0a63
Cable4/0/U0 73 online 2812 -0.75 5 0 10.1.4.5 0004.2752.ddd5
Cable4/0/U0 74 online 2813 0.25 5 0 10.1.4.7 0001.64ff.e47d
如果电缆调制解调器在线状态不显示 online,请参阅针对 uBR 电缆调制解调器不在线进行故障排除文档。
7246VXR#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.7.253 YES NVRAM up down
Ethernet2/0 172.16.30.4 YES manual up up
Ethernet2/1 unassigned YES NVRAM administratively down down
Ethernet2/2 unassigned YES NVRAM administratively down down
Ethernet2/3 unassigned YES NVRAM administratively down down
Cable3/0 10.1.3.1 YES manual up up
Cable4/0 10.1.4.1 YES manual up up
Cable5/0 10.1.5.1 YES manual up up
7246VXR#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.16.30.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.16.29.224/27 is directly connected, Cable5/0
C 172.16.29.0/27 is directly connected, Cable4/0
S 172.16.30.0/24 is directly connected, Ethernet2/0
C 172.16.30.0/26 is directly connected, Ethernet2/0
9.0.0.0/24 is subnetted, 1 subnets
R 9.9.9.0 [120/1] via 10.1.4.5, 00:00:09, Cable4/0
R 192.168.20.0/24 [120/1] via 10.1.4.5, 00:00:09, Cable4/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.3.0/24 is directly connected, Cable3/0
R 10.5.5.0/24 [120/1] via 10.1.4.4, 00:00:01, Cable4/0
R 10.0.0.0/8 [120/1] via 172.16.30.10, 00:00:24, Ethernet2/0
C 10.1.5.0/24 is directly connected, Cable5/0
C 10.1.4.0/24 is directly connected, Cable4/0
11.0.0.0/24 is subnetted, 1 subnets
R 11.11.11.0 [120/1] via 10.1.4.3, 00:00:15, Cable4/0
S* 0.0.0.0/0 is directly connected
从电缆调制解调器侧,验证两个设备的 sh version,如下所示。
ubr924-ddd5#sh ver Cisco Internetwork Operating System Software IOS (tm) 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/pcgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 02-Feb-01 10:55 by ccai Image text-base: 0x800100A0, data-base: 0x806DB770 ROM: System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE (fc1) ROM: 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) ubr924-ddd5 uptime is 2 hours, 1 minute System returned to ROM by reload at 12:45:25 - Fri Feb 23 2001 System restarted at 12:46:07 - Fri Feb 23 2001 System image file is "flash:ubr920-k1v4y556i-mz.121-5.T4" cisco uBR920 CM (MPC850) processor (revision 4.d) with 15872K/1024K bytes of memory. Processor board ID FAA0444Q14Z Bridging software. 1 Ethernet/IEEE 802.3 interface(s) 1 Cable Modem network interface(s) 3968K bytes of processor board System flash (Read/Write) 1536K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 ubr924-b5db#show ver Cisco Internetwork Operating System Software IOS (tm) 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/pcgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 02-Feb-01 10:55 by ccai Image text-base: 0x800100A0, data-base: 0x806DB770 ROM: System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE (fc1) ROM: 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) ubr924-b5db uptime is 1 hour, 53 minutes System returned to ROM by reload at 12:55:34 - Fri Feb 23 2001 System restarted at 12:56:15 - Fri Feb 23 2001 System image file is "flash:ubr920-k1v4y556i-mz.121-5.T4" cisco uBR920 CM (MPC850) processor (revision 3.e) with 15872K/1024K bytes of memory. Processor board ID FAA0422Q04F Bridging software. 1 Ethernet/IEEE 802.3 interface(s) 1 Cable Modem network interface(s) 3968K bytes of processor board System flash (Read/Write) 1536K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102
只要以下条件存在,此隧道就会显示 up/up:
-
它使用有效 IP 地址配置。
-
路由表中具有到达隧道目的地的IP地址的路由,没有分配到隧道远端的IP地址的路由。
不论您是否可以 ping 目的地地址,都应如此。不正确的静态路由或指向错误方向的默认路由将调动隧道,但隧道不会工作。
验证隧道运行的第一步是验证隧道是否开通。在两个电缆调制解调器上发出 show ip interface brief 和 show interface tunnel 0 命令。示例命令输出如下所示。
ubr924-ddd5#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 9.9.9.9 YES manual up up
Tunnel0 192.168.20.1 YES manual up up
cable-modem0 10.1.4.5 YES unset up up
ubr924-ddd5#show interface tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.20.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 9.9.9.9 (Ethernet0), destination 11.11.11.11
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled
Last input 00:15:25, output 00:14:27, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0, 2 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
146 packets input, 21024 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
172 packets output, 57392 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
ubr924-b5db#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 11.11.11.11 YES manual up up
Tunnel0 192.168.20.2 YES manual up up
cable-modem0 10.1.4.3 YES NVRAM up up
ubr924-b5db#show interface tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.20.2/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 11.11.11.11 (Ethernet0), destination 9.9.9.9
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled
Last input 00:16:42, output 00:17:40, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0, 5 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
118 packets input, 19144 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
164 packets output, 49624 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
验证此隧道的工作是 ping 隧道目标 IP 地址。这只会验证 IP 连接,而不会验证通道的实际运行情况。
From ubr924-ddd5 we ping 11.11.11.11 ubr924-ddd5#ping 11.11.11.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/17 ms ubr924-ddd5#
从 ubr924-b5db 目标地址 9.9.9.9 Ping。
ubr924-b5db#ping 9.9.9.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms ubr924-b5db#
要验证此隧道是否能工作,请发出 show ip route x.x.x.x 命令,其中 x.x.x.x 是分配给此隧道远端的 IP 地址。在这种情况下,它是远端路由器的环回地址。如果显示的唯一路由是对隧道接口,那么到该地址的ping将证明此隧道会工作。
如果有IP编制机制,反向穿过网络通告路由回通道分段,则应该是有一个以上的路由到达通道接口的远端如果那是实际情形,则很难检验隧道是够正在运行。通常,在这种情况下,您不会想将路由复制到隧道网络。应当由网络的路由协议采取措施,防止路由通告。如果隧道被用来传输来自IP的不同协议的数据流,则应使用同一个基本验证方法。
From ubr924-ddd5 we get
ubr924-ddd5#show ip route 192.168.20.2
Routing entry for 192.168.20.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Tunnel0
Route metric is 0, traffic share count is 1
From ubr924-b5db we get
ubr924-b5db#show ip route 192.168.20.1
Routing entry for 192.168.20.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Tunnel0
Route metric is 0, traffic share count is 1
验证PC1能访问PC2并且反之亦然,请在有线调制解调器上执行扩展的ping,同时也从PC执行ping。
将ping从ubr924-b5db以太网接口(11.11.11.11)扩展到ubr924-ddd5以太网接口(9.9.9.9)。
ubr924-b5db#ping ip Target IP address: 9.9.9.9 !--- ubr924-ddd5 Ethernet's IP address. Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 11.11.11.11 !--- ubr924-b5db Ethernet's IP address. Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/28 ms ubr924-b5db#
执行相反步骤测试另一侧的连接。
ubr924-ddd5#ping ip Target IP address: 11.11.11.11 !--- ubr924-b5db Ethernet's IP address. Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 9.9.9.9 !--- ubr924-ddd5 Ethernet's IP address. Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms ubr924-ddd5#
最终测试是从 PC1 ping 到 PC2,以及从 PC2 ping 到 PC1。
PC1 的 IP 地址为 9.9.9.1。
PC2 的 IP 地址是 11.11.11.1。
从 PC1 ping PC2。
从 PC2 ping PC1。
故障排除
目前没有针对此配置的故障排除信息。
反馈