配置SRTE上的EVPN服务
简介
本文档介绍如何通过分段路由流量工程(SRTE)配置以太网虚拟专用网(EVPN)服务。
先决条件
要求
思科建议您掌握以下方面的基本知识:
- 中间系统到中间系统(ISIS)
- SRTE
- EVPN
使用的组件
本文档中的信息基于Device:聚合服务路由器9000(ASR9K)。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
网络拓扑
图1.网络拓扑图
注意:要建立域间SRTE策略,您需要使用PCE来查看多个域中的所有节点。
分段路由流量工程概述
SRTE策略
SR策略通过以下参数标识:
- 实例化/实施策略的头端
- 终端(即策略的目标)
- 颜色(任意数值)
SR-TE数据库
SRTE数据库是分段路由(SR)架构中的关键组件,用于存储:
- 节点和网段的SID值。
- 有关网络拓扑的详细信息,包括可用链路、指标和限制(如带宽或延迟)。
- 路由器使用它根据SR策略中指定的预定义限制或优化目标确定转发数据包的最佳路径。
从PE1到PE3的IGP路径不配置SRTE策略:
RP/0/RSP1/CPU0:ASR9906-1-PE1#traceroute mpls ipv4 10.10.33.33/32 source 10.10.11.11
Type escape sequence to abort.
0 10.10.111.11 MRU 1500 [Labels: 16033 Exp: 0]
L 1 10.10.111.1 MRU 1500 [Labels: explicit-null Exp: 0] 7 ms >>>>>>>>>>>>>>>>> P1
! 2 10.10.133.33 4 ms>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PE3
图2从PE1到PE3的IGP路径
用于填充SRTE数据库的配置
router isis core1
is-type level-2-only
net 49.0005.0000.1010.0505.00
distribute link-state
address-family ipv4 unicast
注意:
- 填充SRTE数据库需要分布式链路状态。
- 未配置此命令时,SRTE数据库将为空。
确认
RP/0/RSP0/CPU0:ASR9906-2-ABR #show segment-routing traffic-eng ipv4 topology
SR-TE topology database
-----------------------
Node 2
TE router ID: 10.10.1.1
Host name: ASR9910-4-P1
ISIS system ID: 0000.1010.0101 level-2
Prefix SID:
Prefix 10.10.1.1, label 16001 (regular), flags: X:0, R:0, N:1, P:1, E:1, V:0, L:0, M:0 >>>>> node details
Link[0]: local address 10.10.15.1, remote address 10.10.15.5
Local node:
ISIS system ID: 0000.1010.0101 level-2
Remote node:
TE router ID: 10.10.5.5
Host name: ASR9906-2-ABR
ISIS system ID: 0000.1010.0505 level-2
Metric: IGP 10, TE 10, Latency 10 microseconds >>>>>>>>> metric and latency of this link between P1 and ABR
Bandwidth: Total link 12499999744, Reservable 0 >>>>>>> BW of this link
Admin-groups: 0x00000000
Admin-groups-detail:
Adj SID: 24005 (protected) 24006 (unprotected) >>>>>>>> adj sid of link on P1
静态SRTE策略
配置
在头端路由器PE1上配置SRTE静态策略:
segment-routing
traffic-eng
segment-list STATIC-SID-LIST
index 1 mpls label 16055 >>>>>>> node SID of ABR
index 2 mpls label 16022 >>>>>>> node SID of PE2
index 3 mpls label 16033 >>>>>>> node SID of PE3
!
policy Static-policy-evpnvpws
binding-sid mpls 3000
color 10 end-point ipv4 10.10.33.33
candidate-paths
preference 5
explicit segment-list STATIC-SID-LIST
注意:
- 手动配置的绑定SID 3000
- 颜色为10,终点为PE3
- 此SR TE策略使用显式SID列表控制预定义路径中的流量
RP/0/RSP1/CPU0:ASR9906-1-PE1#traceroute sr-mpls policy binding-sid 3000 lsp-end-point 10.10.33.33 source 10.10.11.11 verbose
Type escape sequence to abort.
0 10.10.115.11 10.10.115.5 MRU 1500 [Labels: 16022/16033 Exp: 0/0]
L 1 10.10.115.5 10.10.225.22 MRU 1500 [Labels: explicit-null/16033 Exp: 0/0] 6 ms, ret code 8
L 2 10.10.225.22 10.10.123.33 MRU 1500 [Labels: explicit-null Exp: 0] 5 ms, ret code 8
! 3 10.10.123.33 5 ms, ret code 3
注意:第一跳是ABR,节点SID为16055;因此,在发送数据包时不会附加该数据包。
图3从PE1到PE3采用的静态SRTE策略路径
确认
RP/0/RSP1/CPU0:ASR9906-1-PE1#show segment-routing traffic-eng policy color 10
SR-TE policy database
---------------------
Color: 10, End-point: 10.10.33.33
Name: srte_c_10_ep_10.10.33.33
Status:
Admin: up Operational: up for 3d02h (since Jan 14 08:39:30.042)
Candidate-paths:
Preference: 5 (configuration) (active)
Name: Static-policy-evpnvpws
Requested BSID: 3000
Protection Type: protected-preferred
Maximum SID Depth: 10
Explicit: segment-list STATIC-SID-LIST (valid)
Weight: 1, Metric Type: TE
16055 [Prefix-SID, 10.10.25.25]
16022
16033
Attributes:
Binding SID: 3000
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
RP/0/RSP1/CPU0:ASR9906-1-PE1#show segment-routing traffic-eng forwarding policy color 10
SR-TE Policy Forwarding database
--------------------------------
Color: 10, End-point: 10.10.33.33
Name: srte_c_10_ep_10.10.33.33
Binding SID: 3000
Active LSP:
Candidate path:
Preference: 5 (configuration)
Name: Static-policy-evpnvpws
Local label: 24012
Segment lists:
SL[0]:
Name: STATIC-SID-LIST
Switched Packets/Bytes: 30/2740
[MPLS -> MPLS]: 30/2740
Paths:
Path[0]:
Outgoing Label: 16022
Outgoing Interfaces: HundredGigE0/1/0/0
Next Hop: 10.10.115.5
Switched Packets/Bytes: 30/2740>>>>>>>>>>> this is the number packet steered using this path
[MPLS -> MPLS]: 30/2740
FRR Pure Backup: No
ECMP/LFA Backup: No
Internal Recursive Label: Unlabelled (recursive)
Label Stack (Top -> Bottom): { 16022, 16033 }
Policy Packets/Bytes Switched: 30/2620>>>>>>>>> this counter shows the packets were transmitted using this policy
RP/0/RSP1/CPU0:ASR9906-1-PE1#show mpls forwarding labels 3000 detail
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
3000 Pop No ID srte_c_10_ep point2point 2620
Version: 69, Priority: 2
Label Stack (Top -> Bottom): { Unlabelled Imp-Null }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 0/0, MTU: 0
Outgoing Interface: srte_c_10_ep_10.10.33.33 (ifhandle 0x020001e0)
Packets Switched: 30
注意:3000 — 绑定sid用于引导数据包进入SRTE。
RP/0/RSP1/CPU0:ASR9906-1-PE1#show mpls forwarding labels 24012 detail
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24012 16022 SR TE: 1 [TE-INT] Hu0/1/0/0 10.10.115.5 2740
Version: 68, Priority: 2
Label Stack (Top -> Bottom): { 16022 16033 }
NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/12, MTU: 1500
Outgoing Interface: HundredGigE0/1/0/0 (ifhandle 0x06000480)
Packets Switched: 30
注意:24012这是分配给此策略的本地标签,与策略的传出标签交换。
将静态SRTE策略静态策略evpnvpws与EVPN VPWS关联
配置
l2vpn
pw-class evpn-srte
encapsulation mpls
preferred-path sr-te policy srte_c_10_ep_10.10.33.33
xconnect group EVPN-vpws
p2p EVPN-vpws-400
interface HundredGigE0/1/0/2.400
neighbor evpn evi 400 target 333 source 111
pw-class evpn-srte
注意:EVPN路由没有着色,因为SRTE策略与l2vpn手动关联,并且通过此xconnect的所有流量都采用SRTE策略路径。
确认
RP/0/RSP1/CPU0:ASR9906-1-PE1#show bgp l2vpn evpn
Route Distinguisher: 10.10.11.11:400 (default for vrf VPWS:400)
*> [1][0000.0000.0000.0000.0000][111]/120
0.0.0.0 0 i
*>i[1][0000.0000.0000.0000.0000][333]/120
10.10.33.33 100 0 i
RP/0/RSP1/CPU0:ASR9906-1-PE1#show l2vpn xconnect
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
EVPN-vpws EVPN-vpws-400
UP Hu0/1/0/2.400 UP EVPN 400,333,10.10.33.33
UP
RP/0/RSP1/CPU0:ASR9906-1-PE1#show l2vpn xconnect group EVPN-vpws xc-name EVPN-vpws-400 detail
Group EVPN-vpws, XC EVPN-vpws-400, state is up; Interworking none
AC: HundredGigE0/1/0/2.400, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [400, 400]
MTU 1500; XC ID 0x1800008; interworking none
Statistics:
packets: received 90, sent 89
bytes: received 7140, sent 7296
drops: illegal VLAN 0, illegal length 0
EVPN: neighbor 10.10.33.33, PW ID: evi 400, ac-id 333, state is up ( established )
XC ID 0xa000000b
Encapsulation MPLS
Encap type Ethernet, control word enabled
Sequencing not set
Preferred path Active : SR TE srte_c_10_ep_10.10.33.33 (BSID:3000, IFH:0x20001e0), Statically configured, fallback enabled
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
Tunnel : Up
EVPN Local Remote
------------ ------------------------------ -----------------------------
Label 24014 24016
MTU 1514 unknown
Control word enabled enabled
AC ID 111 333
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 14/01/2025 08:49:57 (1w1d ago)
Last time status changed: 14/01/2025 11:14:31 (1w0d ago)
Statistics:
packets: received 89, sent 90
bytes: received 7296, sent 7140
RP/0/RSP1/CPU0:ASR9906-1-PE1#show im database ifhandle 0x20001e0
Node 0/RSP1/CPU0 (0x120)
Interface srte_c_10_ep_10.10.33.33, ifh 0x020001e0 (up, 1500)
Interface flags: 0x000000000042c457 (PHYS_ON_RP|REPLICATED
|DYN_REP|TUNNEL|IFINDEX|VIRTUAL|CONFIG|VIS|DATA
|CONTROL)
Encapsulation: mpls_te
Interface type: IFT_TUNNEL_TE
Control parent: None
Data parent: None
Views: UL|GDP|LDP|G3P|L3P|OWN
Protocol Caps (state, mtu)
-------- -----------------
None mpls_te (up, 1500)
ipv4 ipv4 (up, 1500)
mpls mpls (up, 1500)
ipv6 ipv6_preswitch (up, 1500)
ipv6 ipv6 (up, 1500)
按需下一跳(ODN)SRTE
ODN SRTE策略根据实时网络需求和指定的限制条件自动创建分段路由流量工程路径,从而确保动态且高效的流量引导。
这些策略由与ODN策略共享相同颜色的已接收路由触发。LSP(标签交换路径)端点动态地与这些路由的协议下一跳关联。
配置
segment-routing
traffic-eng
on-demand color 500
dynamic
metric
type te
注意:此策略仅具有有效的LSP端点,即所接收路由的具有匹配颜色扩展社区的下一跳。
为EVPN ELAN服务使用ODN SRTE策略
由于ODN SRTE是动态策略,因此接收的路由需要着色500,因此对发往该路由的流量着色。如果路由没有着色,下一跳采用ODN SRTE策略路径,则采用IGP路径。
配置
extcommunity-set opaque color_500
500
end-set
该颜色在扩展团体中定义:
route-policy RPL_color_500
if evpn-route-type is 1 or evpn-route-type is 3 then
set extcommunity color color_500
endif
end-policy
注意:
- 当BUM流量必须从PE1发送到远程PE3以通过SRTE策略颜色500发送时,evpn-route-type 3需要着色,因为它提供用于传输BUM流量的标签。
- 对于单播流量,RT-2会通告MAC的单播标签,但是当RT-2使用RPL着色时,会观察到错误消息:
RP/0/RP0/CPU0:PE2#RP/0/RP0/CPU0: UTC: l2vpn_mgr[1291]: %L2-EVPN-4-ODN_ON_UNSUPPORTED_ROUTE : EVPN: ODN/AS Nexthop received on unsupported Route-Type 2 (MAC/IP Advertisement), SR-TE BSID tunnel, bridge domain EVPN_ELAN, ESI 0000.0000.0000.0000.0000.
- 将接入接口(即使对于SH)与ESI相关联,并根据EAD/EVI路由设置颜色,以通过SRTE策略控制流量:
evi 500
bgp
route-policy export RPL_color_500
!
advertise-mac
l2vpn
bridge group EVPN-ELAN-500
bridge-domain EVPN-ELAN-500
interface HundredGigE0/1/0/2.500
!
evi 500
确认
RP/0/RSP0/CPU0:ASR9910-3-PE3#show bgp l2vpn evpn rd 10.10.33.33:500
Route Distinguisher: 10.10.33.33:500 (default for vrf EVPN-ELAN-500)
*>i[1][0000.1111.1111.1111.1111][0]/120
10.10.11.11 C:500
100 0 i
*>i[1][0000.1111.1111.1111.1111][4294967295]/120
10.10.11.11 100 0 i
*> [1][0000.2222.2222.2222.2222][0]/120
0.0.0.0 0 i
*>i[3][0][32][10.10.11.11]/80
10.10.11.11 C:500
100 0 i
*> [3][0][32][10.10.33.33]/80
0.0.0.0 0
注意:当PE3收到具有扩展社区颜色500的Route-type 1或3时,PE3启动发往PE1的ODN SRTE策略500
每条EVI路由都连接到颜色扩展社区,并连接到SRTE策略:
RP/0/RSP0/CPU0:ASR9910-3-PE3#show bgp l2vpn evpn rd 10.10.33.33:500 [1][0000.1111.1111.1111.1111][0]/120
Not advertised to any peer
Local
10.10.11.11 C:500 (bsid:24020) (metric 20) from 10.10.11.11 (10.10.11.11)
Received Label 24015
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 1, version 534
Extended community: Color:500 RT:100:500
SR policy color 500, up, registered, bsid 24020, if-handle 0x00000360
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 10.10.11.11:500
每个ESI路由没有颜色:
RP/0/RSP0/CPU0:ASR9910-3-PE3# show bgp l2vpn evpn rd 10.10.33.33:500 [1][0000.1111.1111.1111.1111][4294967295]/120
Local
10.10.11.11 (metric 20) from 10.10.11.11 (10.10.11.11)
Received Label 0
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 1, version 539
Extended community: EVPN ESI Label:0x01:24017 RT:100:100 RT:100:400 RT:100:500 RT:300:300
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 10.10.11.11:1
注意:每个ESI路由没有着色,因为它与多个EVI关联,并且所有EVI都不采用SRTE路径。
路由类型–3已着色:
RP/0/RSP0/CPU0:ASR9910-3-PE3#show bgp l2vpn evpn rd 10.10.33.33:500 [3][0][32][10.10.11.11]/80
Local
10.10.11.11 C:500 (bsid:24020) (metric 20) from 10.10.11.11 (10.10.11.11)
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported
Received Path ID 0, Local Path ID 1, version 524
Extended community: Color:500 RT:100:500
PMSI: flags 0x00, type 6, label 24016, ID 0x0a0a0b0b
SR policy color 500, up, registered, bsid 24020, if-handle 0x00000360
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 10.10.11.11:500
路由类型2未着色:
RP/0/RSP1/CPU0:ASR9906-1-PE1# show bgp l2vpn evpn rd 10.10.11.11:500 [2][0][48][bce7.12a3.b716][0]/104
Local
10.10.33.33 (metric 10) from 10.10.33.33 (10.10.33.33)
Received Label 24010
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 1, version 302
Extended community: SoO:10.10.33.33:500 0x060e:0000.0000.01f4 RT:100:500
EVPN ESI: 0000.2222.2222.2222.2222
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 10.10.33.33:500
RP/0/RSP0/CPU0:ASR9910-3-PE3#show segment-routing traffic-eng policy color 500
SR-TE policy database
---------------------
Color: 500, End-point: 10.10.11.11
Name: srte_c_500_ep_10.10.11.11
Status:
Admin: up Operational: up for 6d22h
Candidate-paths:
Preference: 200 (BGP ODN) (active)
Requested BSID: dynamic
Constraints:
Protection Type: protected-preferred
Maximum SID Depth: 10
Dynamic (valid)
Metric Type: TE, Path Accumulated Metric: 20
16001 [Prefix-SID, 10.10.1.1]
16005 [Prefix-SID, 10.10.5.5]
16011 [Prefix-SID, 10.10.11.11]
Preference: 100 (BGP ODN) (inactive)
Requested BSID: dynamic
PCC info:
Symbolic name: bgp_c_500_ep_10.10.11.11_discr_100
PLSP-ID: 1
Constraints:
Protection Type: protected-preferred
Maximum SID Depth: 10
Dynamic (pce) (inactive)
Metric Type: NONE, Path Accumulated Metric: 0
Attributes:
Binding SID: 24020
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
Max Install Standby Candidate Paths: 0
EVI 500的单播流量通过SRTE发送,输出可确认这一点:
RP/0/RSP0/CPU0:ASR9910-3-PE3#show evpn internal-label vpn-id 500 private
VPN-ID Encap Ethernet Segment Id EtherTag Label
---------- ------ --------------------------- ---------- --------
500 MPLS 0000.1111.1111.1111.1111 0 None
Multi-paths resolved: FALSE (Remote single-active)
Multi-paths Internal label: None
EAD/ES 10.10.11.11 0
Path Version:2, Originating PE:::
EAD/EVI SR-TE BSID 24020
10.10.11.11 24015
Path Version:4, Originating PE:::
Num EAD objects linked: 2
Source: MPLS
Local CW: Unknown
Local MTU: 0
Local ignore MTU mismatch: Enabled
Next path version: 5
Object: EVPN LABEL
Base info: version=0xdbdb000a, flags=0x4000, type=10, reserved=0
EVPN Internal-Label event history [Num events: 16]
----------------------------------------------------------------------------
Time Event Flags Flags
==== ===== ===== =====
Jan 28 19:53:08.224 LSD Label Req (Add/Del) 00000de1 00005dd8 - -
Jan 28 21:29:09.888 Modify Redundant 00000000 00000000 - -
Jan 28 21:29:09.888 Int-Lbl Multi-Path Resolution 01010100 0100020e - -
Jan 28 21:29:09.888 LSD Label Req (Add/Del) 00000add 00100001 - -
Jan 28 21:29:09.888 LSD Label Got 01f40000 01005dd8 - -
Jan 28 23:27:01.632 LSD Label Req (Add/Del) 00000de1 00005dd8 - -
Jan 29 01:06:15.808 Modify Redundant 00000000 00000000 - -
Jan 29 01:06:15.808 Int-Lbl Multi-Path Resolution 01010100 0100020e - -
Jan 29 01:06:15.808 LSD Label Req (Add/Del) 00000add 00100001 - -
Jan 29 01:06:15.808 LSD Label Got 01f40000 01005dd8 - -
Jan 29 03:00:44.416 LSD Label Req (Add/Del) 00000de1 00005dd8 - -
Jan 29 04:45:32.032 Modify Redundant 00000000 00000000 - -
Jan 29 04:45:32.032 Int-Lbl Multi-Path Resolution 01010100 0100020e - -
Jan 29 04:45:32.032 LSD Label Req (Add/Del) 00000add 00100001 - -
Jan 29 04:45:32.032 LSD Label Got 01f40000 01005dd8 - -
Jan 29 06:34:24.000 LSD Label Req (Add/Del) 00000de1 00005dd8 - -
----------------------------------------------------------------------------
注意:24015 — 是PE1通告的每EVI标签。
RP/0/RSP0/CPU0:ASR9910-3-PE3#show mpls forwarding labels 24020
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24020 Pop No ID srte_c_500_e point2point 4182
RP/0/RSP0/CPU0:ASR9910-3-PE3#show l2vpn forwarding bridge-domain EVPN-ELAN-500:EVPN-ELAN-500 evpn inclusive-multicast detail location 0/1/CPU0
Bridge-Domain Name BD-ID XCID TEP-id Next Hop Label/VNI Encap Status E-Tree
-------------------------------- ------ ---------- ---------- -------------------- ---------- -------- ------- ------
EVPN-ELAN-500:EVPN-ELAN-500 2 0x8000000b
Status: bound
Flags: default multicast replication
0x02000001 SRTE BSID 24020 24016 10 bound Root
注意:24016 - PE1在路由类型–3中通告的BUM标签。
结论
基于SR-TE的EVPN将EVPN强大的服务交付的优势与SR-TE的流量工程和操作简便性结合在一起,从而形成灵活、可扩展且高效的网络架构。
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
14-Feb-2025
|
初始版本 |
反馈