5.5.1
组播VPN配置举例
相关术语:
MVRF
(Multicast VPN Routing and Forwarding,组播VPN路由转发):
VPN实例独立维护的单播路由转发表称为VRF,使能了三层组播的VPN实例同时也维护组播路由转发表,我们把单播和组播路由转发表统称为MVRF。
MD
(Multicast Domain,组播域):
由一组相互连通的MVRF所组成的集合称为MD。每个MD都唯一对应着一个具备组播能力的VPN,连接该VPN的所有PE都属于这个MD。
MT
(Multicast Tunnel,组播隧道):
在MD内将各MVRF连接到一起的通道称为MT,用来传递MD内部的私网数据。
MTI
(Multicast Tunnel
Interface,组播隧道接口):
MTI是MT的入/出口,相当于MD的入/出口,它只收发组播报文,而不收发单播报文。MTI在VPN实例配置了Share-Group并绑定MTI后自动创建。MVRF通过MTI访问MD,在MVRF看来,MTI就像一个LAN接口,而MD就像一个LAN网络,所有PE都连接在这个LAN网络里。
Share-Group
(共享组):
每个MD在公网上分配一个独立的组播地址,称为Share-Group。它是MD在公网上的唯一标志,用来在公网上建立MD所对应的Share-MDT。
Switch-Group
(切换组):
当某私网组播数据流满足切换条件时,源PE会为其分配一个独立的组播地址,称为Switch-Group,并通知其它PE使用该地址在公网内转发该组播数据流量,从而实现Switch-MDT切换。
Switch-Group-Pool
(切换组地址池):
在进行Switch-MDT切换时,从Switch-Group-Pool中选取一个地址(即Switch-Group),从PE进入公网的私网组播报文使用该地址进行封装。
MDT
(Multicast Distribution Tree,组播分发树):
是建立在属于同一VPN所有PE之间的组播分发树,包括Share-MDT和Switch-MDT。
Share-MDT
(Share-Multicast Distribution Tree,共享组播分发树):
以Share-Group为组地址的MDT,称为Share-MDT。VPN使用Share-Group唯一标识一棵Share-MDT。Share-MDT是在配置完成后自动生成的,在公网中将会一直存在,而不论公网或私网中有没有实际的组播业务。
Switch-MDT
(Switch-Multicast Distribution Tree,切换组播分发树):
以Switch-Group为组地址的MDT,称为Switch-MDT。下游存在接收者的PE加入Switch-Group,形成一棵Switch-MDT,入口PE使用Switch-MDT在公网中转发私网的组播数据。
组播VPN应用于基本的MPLS BGP VPN网络中,为VPN内的客户提供组播业务。只需要在PE设备上支持组播VPN技术,P设备及CE设备仅需要支持组播。公网及VPN内的PIM模式相互独立,可根据用户需要进行选择。
由于MD方案本身的限制,不建议在特殊MPLS BGP VPN组网类型如分层PE、B类跨域、hub&spoke、多角色主机中部署组播VPN。
在配置过程中,请注意以下几点:
l 当使用命令peer connect-interface配置了BGP对等体之后,MTI接口将自动获得connect-interface的地址为其IP地址,请确保该地址未在VPN内被其他接口使用,否则MTI接口也无法获取IP地址;
l
在一台设备上配置多个BGP对等体时应指定相同的connect-interface,否则MTI接口无法获取IP地址;
l 公网转发路径的MTU不要设置小于1500,否则可能导致某些私网报文在公网上分片,分片后的报文在目的PE上无法识别;
l 不能把属于公网SSM组范围内的组播组指定为Share-Group,否则将无法建立Share-MDT;
l 公网及VPN内的PIM模式相互独立,VPN内可使用PIM DM/SM/SSM,公网上可使用PIM DM/SM,当Switch-group-pool配置为SSM范围内的组时则使用PIM SSM建立Switch-MDT。具体配置时,请根据用户需要选择PIM协议。
组网需求
PE1、PE2和PE3上VPN red中需要开展组播业务,P作为公网的BSR和RP,组播源S1与CE1直连,CE1作为VPN内的BSR和RP,PE1、PE2、PE3上VPN red中均可能有接收者。对于组225.1.1.1仅PE1与PE3的VPN内有接收者,PE2上无接收者,在PE1上对于该组的组播流能切换到Switch-MDT进行转发。
首先以PE1、PE2和PE3为PE设备,P为P设备,CE1和CE2为CE设备,完成MPLS BGP VPN的基本配置,创建VPN red;
配置公网上使用PIM SM协议,P设备作为公网的BSR和RP;
PE1、PE2和PE3上VPN red中配置Share-group,并在PE1上配置Switch-group-pool指定切换条件,切换条件为满足源为S1的地址,组为225.1.1.1;
配置VPN 内使用PIM SM协议,CE1作为VPN内的BSR和RP。
1、配置步骤
#
配置Router ID,使能公网实例的IP组播路由,配置MPLS LSR ID,并使能LDP能力。
<PE1>
system-view
[PE1]
router id 1.1.1.1
[PE1]
multicast routing-enable
[PE1]
mpls lsr-id 1.1.1.1
[PE1]
mpls
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
#
创建VPN实例red,为其配置RD和RT。
[PE1]
ip vpn-instance red
[PE1-vpn-instance-red]
route-distinguisher 100:1
[PE1-vpn-instance-red]
vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-red]
vpn-target 100:1 import-extcommunity
#
使能VPN实例a中的IP组播路由,配置Share-Group地址,绑定MTI接口并指定Switch-Group-Pool的范围及切换条件。
[PE1-vpn-instance-red]
multicast routing-enable
[PE1-vpn-instance-red]
multicast-domain share-group 239.1.1.1 binding mtunnel 0
[PE1-vpn-instance-red]
multicast-domain switch-group-pool 225.2.2.0 28 acl 3000
[PE1-vpn-instance-red]
quit
[PE1]acl
number 3000
[PE1-acl-adv-3000]rule
permit ip source 192.168.13.2 0 destination 225.1.1.1 0
注意:在配置切换条件ACL时,只允许使用rule命令中类型为ip的source和destination参数来分别指定S和G;如果配置Switch-group-pool时没有指定ACL,则作用于所有的(S,G)项即所有组播流均会进行Swtich-MDT切换。在一台PE上,一个VPN内配置的Switch-Group地址范围不能包含任何VPN内的Share-Group,不同VPN实例所对应的Switch-Group地址范围不能互相重叠。
#
在公网接口GE4/1/7上配置IP地址,使能PIM-SM和LDP能力。
[PE1]
interface GigabitEthernet
[PE1-GigabitEthernet4/1/7]
ip address 10.0.1.2 24
[PE1-GigabitEthernet4/1/7]
pim sm
[PE1-GigabitEthernet4/1/7]
mpls
[PE1-GigabitEthernet4/1/7]
mpls ldp
[PE1-GigabitEthernet4/1/7]
quit
#
把接口GE4/1/3绑定到VPN实例red,配置IP地址,并使能IGMP和PIM-SM。
[PE1]
interface GigabitEthernet
[PE1-GigabitEthernet4/1/3]
ip binding vpn-instance red
[PE1-GigabitEthernet4/1/3]
ip address 192.168.11.1 24
[PE1-GigabitEthernet4/1/3]
igmp enable
[PE1-GigabitEthernet4/1/3]
pim sm
[PE1-GigabitEthernet4/1/3]
quit
#
把接口GE4/1/5绑定到VPN实例a,配置IP地址,并使能PIM-SM。
[PE1]
interface GigabitEthernet
[PE1-GigabitEthernet4/1/5]
ip binding vpn-instance red
[PE1-GigabitEthernet4/1/5]
ip address 192.168.12.1 24
[PE1-GigabitEthernet4/1/5]
pim sm
[PE1-GigabitEthernet4/1/5]
quit
#
配置Loopback1接口的IP地址。
[PE1]
interface loopback 1
[PE1-LoopBack1]
ip address 1.1.1.1 32
[PE1-LoopBack1]
quit
#
配置公网OSPF协议。
[PE1]
ospf 1
[PE1-ospf-1]
area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]
network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]
network 10.0.0.0 0.0.255.255
[PE1-ospf-1-area-0.0.0.0]
quit
[PE1-ospf-1]
quit
#
配置VPN内OSPF协议。
[PE1]
ospf 10 vpn-instance red
[PE1-ospf-10]
area 0.0.0.0
[PE1-ospf-10-area-0.0.0.0]
network 192.168.0.0 0.0.255.255
[PE1-ospf-10-area-0.0.0.0]
quit
[PE1-ospf-10]
import-route bgp
[PE1-ospf-10]
quit
#
配置BGP协议。
[PE1]
bgp 100
[PE1-bgp]
peer 2.2.2.2 as-number 100
[PE1-bgp]
peer 3.3.3.3 as-number 100
[PE1-bgp]
peer 2.2.2.2 connect-interface LoopBack 1
[PE1-bgp]
peer 3.3.3.3 connect-interface LoopBack 1
[PE1–bgp]
ipv4-family vpnv4
[PE1–bgp-af-vpnv4]
peer 2.2.2.2 enable
[PE1-bgp-af-vpnv4]
peer 3.3.3.3 enable
[PE1–bgp-af-vpnv4]
quit
[PE1–bgp]
ipv4-family vpn-instance red
[PE1-bgp-red]
import-route ospf 10
[PE1-bgp-red]
import-route direct
[PE1-bgp-red]
quit
[PE1–bgp]
quit
当PE1上配置了BGP对等体之后,MTI0接口将自动获得IP地址,该地址与配置BGP对等体时所指定的Loopback接口的IP地址相同;MTI0接口上运行的PIM协议类型也与其所属的VPN实例red中运行的PIM协议类型相同
2、配置文件
#
router id 1.1.1.1
#
multicast
routing-enable
#
ip
vpn-instance red
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.1.1.1
binding mtunnel 0
multicast-domain switch-group-pool
225.2.2.0 255.255.255.240 acl 3000
#
mpls
lsr-id 1.1.1.1
#
mpls
#
mpls
ldp
#
acl
number 3000
rule 0 permit ip source 192.168.13.2 0
destination 225.1.1.1 0
#
interface
LoopBack1
ip address 1.1.1.1 255.255.255.255
#
interface
GigabitEthernet4/1/3
port link-mode route
ip binding vpn-instance red
ip address 192.168.11.1
255.255.255.0
igmp enable
pim sm
#
interface
GigabitEthernet4/1/5
port link-mode route
ip binding vpn-instance red
ip address 192.168.12.1
255.255.255.0
pim sm
#
interface
GigabitEthernet4/1/7
port link-mode route
ip address 10.0.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
bgp
100
undo synchronization
peer 2.2.2.2 as-number 100
peer 3.3.3.3 as-number 100
peer 2.2.2.2 connect-interface
LoopBack1
peer 3.3.3.3 connect-interface
LoopBack1
#
ipv4-family vpnv4
peer 3.3.3.3 enable
peer 2.2.2.2 enable
#
ipv4-family vpn-instance red
import-route direct
import-route ospf 10
#
ospf
1
area 0.0.0.0
network 10.0.0.0 0.0.255.255
network 1.1.1.1 0.0.0.0
#
ospf
10 vpn-instance red
import-route bgp
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
1、配置步骤
#
配置Router ID,使能公网实例的IP组播路由,配置MPLS LSR ID,并使能LDP能力。
<PE2>
system-view
[PE2]
router id 2.2.2.2
[PE2]
multicast routing-enable
[PE2]
mpls lsr-id 2.2.2.2
[PE2]
mpls
[PE2-mpls]
quit
[PE2]
mpls ldp
[PE2-mpls-ldp]
quit
#
创建VPN实例red,为其配置RD和RT。
[PE2]
ip vpn-instance red
[PE2-vpn-instance-red]
route-distinguisher 100:1
[PE2-vpn-instance-red]
vpn-target 100:1 export-extcommunity
[PE2-vpn-instance-red]
vpn-target 100:1 import-extcommunity
#
使能VPN实例a中的IP组播路由,配置Share-Group地址,绑定MTI接口。
[PE2-vpn-instance-red]
multicast routing-enable
[PE2-vpn-instance-red]
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
在公网接口GE9/1/2上配置IP地址,使能PIM-SM和LDP能力。
[PE2]
interface GigabitEthernet
[PE2-GigabitEthernet9/1/2]
ip address 10.0.2.2 24
[PE2-GigabitEthernet9/1/2]
pim sm
[PE2-GigabitEthernet9/1/2]
mpls
[PE2-GigabitEthernet9/1/2]
mpls ldp
[PE2-GigabitEthernet9/1/2]
quit
#
把接口GE9/1/3绑定到VPN实例red,配置IP地址,并使能IGMP和PIM-SM。
[PE2]
interface GigabitEthernet
[PE2-GigabitEthernet9/1/3]
ip binding vpn-instance red
[PE2-GigabitEthernet9/1/3]
ip address 192.168.21.1 24
[PE2-GigabitEthernet9/1/3]
igmp enable
[PE2-GigabitEthernet9/1/3]
pim sm
[PE2-GigabitEthernet9/1/3]
quit
#
配置Loopback1接口的IP地址。
[PE2]
interface loopback 1
[PE2-LoopBack1]
ip address 2.2.2.2 32
[PE2-LoopBack1]
quit
#
配置公网OSPF协议。
[PE2]
ospf 1
[PE2-ospf-1]
area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]
network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]
network 10.0.0.0 0.0.255.255
[PE2-ospf-1-area-0.0.0.0]
quit
[PE2-ospf-1]
quit
#
配置VPN内OSPF协议。
[PE2]
ospf 10 vpn-instance red
[PE2-ospf-10]
area 0.0.0.0
[PE2-ospf-10-area-0.0.0.0]
network 192.168.0.0 0.0.255.255
[PE2-ospf-10-area-0.0.0.0]
quit
[PE2-ospf-10]
import-route bgp
[PE2-ospf-10]
quit
#
配置BGP协议。
[PE2]
bgp 100
[PE2-bgp]
peer 1.1.1.1 as-number 100
[PE2-bgp]
peer 3.3.3.3 as-number 100
[PE2-bgp]
peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp]
peer 3.3.3.3 connect-interface LoopBack 1
[PE2–bgp]
ipv4-family vpnv4
[PE2–bgp-af-vpnv4]
peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4]
peer 3.3.3.3 enable
[PE2–bgp-af-vpnv4]
quit
[PE2–bgp]
ipv4-family vpn-instance red
[PE2-bgp-red]
import-route ospf 10
[PE2-bgp-red]
import-route direct
[PE2-bgp-red]
quit
[PE2–bgp]
quit
当PE2上配置了BGP对等体之后,MTI0接口将自动获得IP地址,该地址与配置BGP对等体时所指定的Loopback接口的IP地址相同;MTI0接口上运行的PIM协议类型也与其所属的VPN实例red中运行的PIM协议类型相同。
2、配置文件
#
router id 2.2.2.2
#
multicast
routing-enable
#
ip
vpn-instance red
route-distinguisher
100:1
vpn-target 100:1
export-extcommunity
vpn-target 100:1
import-extcommunity
multicast
routing-enable
multicast-domain share-group 239.1.1.1
binding mtunnel 0
#
mpls
lsr-id 2.2.2.2
#
mpls
#
mpls
ldp
#
interface
LoopBack1
ip address 2.2.2.2
255.255.255.255
#
interface
GigabitEthernet9/1/2
port link-mode
route
ip address 10.0.2.2
255.255.255.0
pim sm
mpls
mpls ldp
#
interface
GigabitEthernet9/1/3
port link-mode
route
ip binding vpn-instance
red
ip address 192.168.21.1
255.255.255.0
igmp enable
pim sm
#
bgp
100
undo
synchronization
peer 1.1.1.1 as-number
100
peer 3.3.3.3 as-number
100
peer 1.1.1.1 connect-interface
LoopBack1
peer 3.3.3.3 connect-interface
LoopBack1
#
ipv4-family vpnv4
peer 1.1.1.1
enable
peer 3.3.3.3
enable
#
ipv4-family vpn-instance
red
import-route
direct
import-route ospf
10
#
ospf
1
area 0.0.0.0
network 2.2.2.2
0.0.0.0
network 10.0.0.0
0.0.255.255
#
ospf
10 vpn-instance red
import-route bgp
area 0.0.0.0
network 192.168.0.0
0.0.255.255
#
1、配置步骤
#
配置Router ID,使能公网实例的IP组播路由,配置MPLS LSR ID,并使能LDP能力
<PE3>
system-view
[PE3]
router id 3.3.3.3
[PE3]
multicast routing-enable
[PE3]
mpls lsr-id 3.3.3.3
[PE3]
mpls
[PE3-mpls]
quit
[PE3]
mpls ldp
[PE3-mpls-ldp]
quit
#
创建VPN实例red,为其配置RD和RT
[PE3]
ip vpn-instance red
[PE3-vpn-instance-red]
route-distinguisher 100:1
[PE3-vpn-instance-red]
vpn-target 100:1 export-extcommunity
[PE3-vpn-instance-red]
vpn-target 100:1 import-extcommunity
#
使能VPN实例a中的IP组播路由,配置Share-Group地址,绑定MTI接口。
[PE3-vpn-instance-red]
multicast routing-enable
[PE3-vpn-instance-red]
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
在公网接口GE4/1/7上配置IP地址,使能PIM-SM和LDP能力
[PE3]
interface GigabitEthernet
[PE3-GigabitEthernet3/1/2]
ip address 10.0.3.2 24
[PE3-GigabitEthernet3/1/2]
pim sm
[PE3-GigabitEthernet3/1/2]
mpls
[PE3-GigabitEthernet3/1/2]
mpls ldp
[PE3-GigabitEthernet3/1/2]
quit
#
把接口GE4/1/6绑定到VPN实例red,配置IP地址,并使能PIM-SM
[PE3]
interface GigabitEthernet
[PE3-GigabitEthernet4/1/6]
ip binding vpn-instance red
[PE3-GigabitEthernet4/1/6]
ip address 192.168.31.1 24
[PE3-GigabitEthernet4/1/6]
pim sm
[PE3-GigabitEthernet4/1/6]
quit
#
配置Loopback1接口的IP地址
[PE3]
interface loopback 1
[PE3-LoopBack1]
ip address 3.3.3.3 32
[PE3-LoopBack1]
quit
#
配置公网OSPF协议
[PE3]
ospf 1
[PE3-ospf-1]
area 0.0.0.0
[PE3-ospf-1-area-0.0.0.0]
network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0]
network 10.0.0.0 0.0.255.255
[PE3-ospf-1-area-0.0.0.0]
quit
[PE3-ospf-1]
quit
#
配置VPN内OSPF协议
[PE3]
ospf 10 vpn-instance red
[PE3-ospf-10]
area 0.0.0.0
[PE3-ospf-10-area-0.0.0.0]
network 192.168.0.0 0.0.255.255
[PE3-ospf-10-area-0.0.0.0]
quit
[PE3-ospf-10]
import-route bgp
[PE3-ospf-10]
quit
#
配置BGP协议
[PE3]
bgp 100
[PE3-bgp]
peer 1.1.1.1 as-number 100
[PE3-bgp]
peer 2.2.2.2 as-number 100
[PE3-bgp]
peer 1.1.1.1 connect-interface LoopBack 1
[PE3-bgp]
peer 2.2.2.2 connect-interface LoopBack 1
[PE3–bgp]
ipv4-family vpnv4
[PE3–bgp-af-vpnv4]
peer 1.1.1.1 enable
[PE3-bgp-af-vpnv4]
peer 2.2.2.2 enable
[PE3–bgp-af-vpnv4]
quit
[PE3–bgp]
ipv4-family vpn-instance red
[PE3-bgp-red]
import-route ospf 10
[PE3-bgp-red]
import-route direct
[PE3-bgp-red]
quit
[PE3–bgp]
quit
当PE2上配置了BGP对等体之后,MTI0接口将自动获得IP地址,该地址与配置BGP对等体时所指定的Loopback接口的IP地址相同;MTI0接口上运行的PIM协议类型也与其所属的VPN实例red中运行的PIM协议类型相同。
2、配置文件
#
router id 3.3.3.3
#
multicast routing-enable
#
ip
vpn-instance red
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.1.1.1
binding mtunnel 0
#
mpls
lsr-id 3.3.3.3
#
mpls
#
mpls
ldp
#
interface
LoopBack1
ip address 3.3.3.3 255.255.255.255
#
interface
GigabitEthernet4/1/6
port link-mode route
ip binding vpn-instance red
ip address 192.168.31.1
255.255.255.0
pim sm
#
interface
GigabitEthernet4/1/7
port link-mode route
ip address 10.0.3.2 255.255.255.0
pim sm
mpls
mpls ldp
#
bgp
100
undo synchronization
peer 1.1.1.1 as-number 100
peer 2.2.2.2 as-number 100
peer 1.1.1.1 connect-interface
LoopBack1
peer 2.2.2.2 connect-interface
LoopBack1
#
ipv4-family vpnv4
peer 1.1.1.1 enable
peer 2.2.2.2 enable
#
ipv4-family vpn-instance red
import-route direct
import-route ospf 10
#
ospf
1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.0.0 0.0.255.255
#
ospf
10 vpn-instance red
import-route bgp
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
1、配置步骤
#
使能公网实例的IP组播路由,配置MPLS LSR ID,并使能LDP能力
<P>
system-view
[P]
multicast routing-enable
[P]
mpls lsr-id 4.4.4.4
[P]
mpls
[P-mpls]
quit
[P]
mpls ldp
[P-mpls-ldp]
quit
#
在公网接口GE3/2/4上配置IP地址,使能PIM-SM和LDP能力
[P]
interface GigabitEthernet
[P-GigabitEthernet3/2/4]
ip address 10.0.1.1 24
[P-GigabitEthernet3/2/4]
pim sm
[P-GigabitEthernet3/2/4]
mpls
[P-GigabitEthernet3/2/4]
mpls ldp
[P-GigabitEthernet3/2/4]
quit
#
在公网接口GE3/2/2上配置IP地址,使能PIM-SM和LDP能力
[P]
interface GigabitEthernet
[P-GigabitEthernet3/2/2]
ip address 10.0.2.1 24
[P-GigabitEthernet3/2/2]
pim sm
[P-GigabitEthernet3/2/2]
mpls
[P-GigabitEthernet3/2/2]
mpls ldp
[P-GigabitEthernet3/2/2]
quit
#
在公网接口GE3/2/3上配置IP地址,使能PIM-SM和LDP能力
[P]
interface GigabitEthernet
[P-GigabitEthernet3/2/3]
ip address 10.0.3.1 24
[P-GigabitEthernet3/2/3]
pim sm
[P-GigabitEthernet3/2/3]
mpls
[P-GigabitEthernet3/2/3]
mpls ldp
[P-GigabitEthernet3/2/3]
quit
#
配置Loopback1接口的IP地址,并使能PIM-SM
[P]
interface loopback 1
[P-LoopBack1]
ip address 4.4.4.4 32
[P-LoopBack1]
pim sm
[P-LoopBack1]
quit
#
配置Loopback1接口为公网实例的C-BSR和C-RP
[P]
pim
[P-pim]
c-bsr loopback 1
[P-pim]
c-rp loopback 1
[P-pim]
quit
#
配置OSPF协议
[P]
ospf 1
[P-ospf-1]
area 0.0.0.0
[P-ospf-1-area-0.0.0.0]
network 4.4.4.4 0.0.0.0
[P-ospf-1-area-0.0.0.0]
network 10.0.0.0 0.0.255.255
2、配置文件
#
router id 4.4.4.4
#
multicast routing-enable
#
mpls
lsr-id 4.4.4.4
#
mpls
#
mpls
ldp
#
interface
LoopBack1
ip address 4.4.4.4 255.255.255.255
pim sm
#
interface
GigabitEthernet3/2/2
port link-mode route
ip address 10.0.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface
GigabitEthernet3/2/3
port link-mode route
ip address 10.0.3.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface
GigabitEthernet3/2/4
port link-mode route
ip address 10.0.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
ospf
1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.0.0 0.0.255.255
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
1、配置步骤
#
使能IP组播路由
<CE1>
system-view
[CE1]
multicast routing-enable
#
在接口GE4/1/5上配置IP地址,并使能PIM-SM
[CE1]
interface GigabitEthernet
[CE1-GigabitEthernet4/1/5]
ip address 192.168.12.2 24
[CE1-GigabitEthernet4/1/5]
pim sm
[CE1-GigabitEthernet4/1/5]
quit
#
在接口GE4/1/6上配置IP地址,并使能PIM-SM
[CE1]
interface GigabitEthernet
[CE1-GigabitEthernet4/1/6]
ip address 192.168.13.1 24
[CE1-GigabitEthernet4/1/6]
pim sm
[CE1-GigabitEthernet4/1/6]
quit
#
配置Loopback1接口的IP地址,并使能PIM-SM
[CE1]
interface loopback 1
[CE1-LoopBack1]
ip address 11.11.11.11 32
[CE1-LoopBack1]
pim sm
[CE1-LoopBack1]
quit
#
配置Loopback1接口为公网实例的C-BSR和C-RP
[CE1]
pim
[CE1-pim]
c-bsr loopback 1
[CE1-pim]
c-rp loopback 1
[CE1-pim]
quit
#
配置OSPF协议
[CE1]
ospf 10
[CE1-ospf-10]
area 0.0.0.0
[CE1-ospf-10-area-0.0.0.0]
network 11.11.11.11 0.0.0.0
[CE1-ospf-10-area-0.0.0.0]
network 192.168.0.0 0.0.255.255
[CE1-ospf-10-area-0.0.0.0]
quit
[CE1-ospf-10]
quit
2、配置文件
#
multicast
routing-enable
#
interface
LoopBack1
ip address 11.11.11.11
255.255.255.255
pim sm
#
interface
GigabitEthernet4/1/5
port link-mode
route
ip address 192.168.12.2
255.255.255.0
pim sm
#
interface
GigabitEthernet4/1/6
port link-mode
route
ip address 192.168.13.1
255.255.255.0
pim sm
#
ospf
10
area 0.0.0.0
network 11.11.11.11
0.0.0.0
network 192.168.0.0
0.0.255.255
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
设备CE2的配置
1、配置步骤
#
使能IP组播路由
<CE2>
system-view
[CE2]
multicast routing-enable
#
在接口GE3/2/1上配置IP地址,并使能PIM-SM
[CE2]
interface GigabitEthernet
[CE2-GigabitEthernet3/2/1]
ip address 192.168.31.2 24
[CE2-GigabitEthernet3/2/1]
pim sm
[CE2-GigabitEthernet3/2/1]
quit
#
在接口GE3/2/2上配置IP地址,并使能IGMP和PIM-SM
[CE2]
interface GigabitEthernet
[CE2-GigabitEthernet3/2/2]
ip address 192.168.32.1 24
[CE2-GigabitEthernet3/2/2]
pim sm
[CE2-GigabitEthernet3/2/2]
igmp enable
[CE2-GigabitEthernet3/2/2]
quit
#
配置OSPF协议
[CE2]
ospf 10
[CE2-ospf-10]
area 0.0.0.0
[CE2-ospf-10-area-0.0.0.0]
network 192.168.0.0 0.0.255.255
[CE2-ospf-10-area-0.0.0.0]
quit
[CE2-ospf-10]
quit
2、配置文件
#
multicast routing-enable
#
ip
vpn-instance red
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
interface
GigabitEthernet3/2/1
port link-mode route
ip address 192.168.31.2
255.255.255.0
pim sm
#
interface
GigabitEthernet3/2/2
port link-mode route
ip address 192.168.32.1
255.255.255.0
igmp enable
pim sm
#
ospf
10
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
可通过以下方式验证上述配置:
#查看PE1、PE2、PE3上VPN red 中学习到的路由
[PE1]display
ip routing-table vpn-instance red
Routing
Tables: red
Destinations : 13 Routes :
13
Destination/Mask Proto Pre Cost
NextHop
Interface
1.1.1.1/32
Direct 0 0
127.0.0.1
InLoop0
11.11.11.11/32 OSPF 10 1
192.168.12.2
GE4/1/5
127.0.0.0/8
Direct 0 0
127.0.0.1
InLoop0
127.0.0.1/32
Direct 0 0
127.0.0.1
InLoop0
192.168.1.0/24 BGP 255 3
3.3.3.3
NULL0
192.168.11.0/24 Direct 0 0
192.168.11.1
GE4/1/3
192.168.11.1/32 Direct 0 0
127.0.0.1
InLoop0
192.168.12.0/24 Direct 0 0
192.168.12.1
GE4/1/5
192.168.12.1/32 Direct 0 0
127.0.0.1
InLoop0
192.168.13.0/24 OSPF 10 2
192.168.12.2
GE4/1/5
192.168.21.0/24 BGP 255 0
2.2.2.2
NULL0
192.168.31.0/24 BGP 255 0
3.3.3.3
NULL0
192.168.32.0/24 BGP 255 3
3.3.3.3
NULL0
[PE2]display
ip routing-table vpn-instance red
Routing
Tables: red
Destinations : 12 Routes :
12
Destination/Mask Proto Pre Cost NextHop
Interface
2.2.2.2/32
Direct 0 0
127.0.0.1
InLoop0
11.11.11.11/32 BGP 255 2
1.1.1.1
NULL0
127.0.0.0/8
Direct 0 0
127.0.0.1
InLoop0
127.0.0.1/32 Direct 0 0
127.0.0.1
InLoop0
192.168.1.0/24 BGP 255 3
3.3.3.3
NULL0
192.168.11.0/24 BGP 255 0
1.1.1.1
NULL0
192.168.12.0/24 BGP 255 0
1.1.1.1
NULL0
192.168.13.0/24 BGP 255 3
1.1.1.1
NULL0
192.168.21.0/24 Direct 0 0
192.168.21.1
GE9/1/3
192.168.21.1/32 Direct 0 0
127.0.0.1
InLoop0
192.168.31.0/24 BGP 255 0
3.3.3.3 NULL0
192.168.32.0/24 BGP 255 3
3.3.3.3
NULL0
[PE3]display
ip routing-table vpn-instance red
Routing
Tables: red
Destinations : 12 Routes :
12
Destination/Mask Proto Pre Cost
NextHop Interface
3.3.3.3/32
Direct 0 0
127.0.0.1
InLoop0
11.11.11.11/32 BGP 255 2
1.1.1.1
NULL0
127.0.0.0/8
Direct 0 0
127.0.0.1
InLoop0
127.0.0.1/32
Direct 0 0 127.0.0.1
InLoop0
192.168.1.0/24 OSPF 10 2
192.168.31.2
GE4/1/6
192.168.11.0/24 BGP 255 0
1.1.1.1
NULL0
192.168.12.0/24 BGP 255 0
1.1.1.1
NULL0
192.168.13.0/24 BGP 255 3
1.1.1.1
NULL0
192.168.21.0/24 BGP 255 0
2.2.2.2
NULL0
192.168.31.0/24 Direct 0 0
192.168.31.1
GE4/1/6
192.168.31.1/32 Direct 0 0
127.0.0.1
InLoop0
192.168.32.0/24 OSPF 10 2
192.168.31.2
GE4/1/6
#查看PE1、PE2、PE3学习到公网的RP为P上的Loopback1接口
[PE1]display
pim rp-info
VPN-Instance: public
net
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
4.4.4.4
Priority:
0
HoldTime:
150
Uptime:
01:12:06
Expires:
00:02:24
[PE2]display
pim rp-info
VPN-Instance: public
net
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
4.4.4.4
Priority:
0
HoldTime:
150
Uptime:
00:40:28
Expires: 00:02:02
[PE3]display
pim rp-info
VPN-Instance: public
net
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
4.4.4.4
Priority:
0
HoldTime:
150
Uptime:
04:06:56
Expires: 00:02:15
#查看PE1、PE2、PE3上VPN red的Share-Group组信息
[PE1]
display multicast-domain vpn-instance red share-group
MD
local share-group information for VPN-Instance: red
Share-group:
239.1.1.1
MTunnel address: 1.1.1.1
[PE2]
display multicast-domain vpn-instance red share-group
MD
local share-group information for VPN-Instance: red
Share-group:
239.1.1.1
MTunnel address: 2.2.2.2
[PE3]
display multicast-domain vpn-instance red share-group
MD
local share-group information for VPN-Instance: red
Share-group:
239.1.1.1
MTunnel address:
3.3.3.3
#查看PE1、PE2、PE3上Share-MDT的表项
[PE1]display
multicast routing-table 239.1.1.1
Multicast
routing table of VPN-Instance: public net
Total 5 entries ,3
matched
00001. (1.1.1.1,
239.1.1.1)
Uptime:
05:17:46
Upstream
Interface: Mcast_In_IF
List of 1
downstream interface
1:
GigabitEthernet4/1/7
00002. (2.2.2.2,
239.1.1.1)
Uptime:
01:09:44
Upstream
Interface: GigabitEthernet4/1/7
List of 1
downstream interface
1: VPN-Instance:
red
00003. (3.3.3.3,
239.1.1.1)
Uptime:
01:17:13
Upstream
Interface: GigabitEthernet4/1/7
List of 1
downstream interface
1: VPN-Instance: red
[PE2]display
multicast routing-table 239.1.1.1
Multicast
routing table of VPN-Instance: public net
Total 3 entries ,3
matched
00001. (1.1.1.1,
239.1.1.1)
Uptime:
01:10:58
Upstream
Interface: GigabitEthernet9/1/2
List of 1
downstream interface
1: VPN-Instance:
red
00002. (2.2.2.2,
239.1.1.1)
Uptime:
01:16:34
Upstream
Interface: Mcast_In_IF
List of 1
downstream interface
1:
GigabitEthernet9/1/2
00003. (3.3.3.3,
239.1.1.1)
Uptime:
01:10:58
Upstream
Interface: GigabitEthernet9/1/2
List of 1 downstream
interface
1: VPN-Instance: red
[PE3]display
multicast routing-table 239.1.1.1
Multicast
routing table of VPN-Instance: public net
Total 5 entries ,3
matched
00001. (1.1.1.1,
239.1.1.1)
Uptime:
01:16:55
Upstream
Interface: GigabitEthernet4/1/7
List of 1
downstream interface
1: VPN-Instance:
red
00002. (2.2.2.2,
239.1.1.1)
Uptime:
01:09:22
Upstream
Interface: GigabitEthernet4/1/7
List of 1
downstream interface
1: VPN-Instance:
red
00003. (3.3.3.3,
239.1.1.1)
Uptime:
04:10:25
Upstream
Interface: Mcast_In_IF
List of 1
downstream interface
1: GigabitEthernet4/1/7
#查看PE1、PE2、PE3、CE2上学习到私网内的RP为CE1上Loopback1接口
[PE1]display
pim vpn-instance red rp-info
VPN-Instance: red
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
11.11.11.11
Priority:
0
HoldTime:
150
Uptime:
01:39:54
Expires:
00:01:36
[PE2]display
pim vpn-instance red rp-info
VPN-Instance: red
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
11.11.11.11
Priority:
0
HoldTime:
150
Uptime:
00:43:27
Expires:
00:02:03
[PE3]display
pim vpn-instance red rp-info
VPN-Instance: red
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
11.11.11.11
Priority:
0
HoldTime:
150
Uptime:
01:19:29
Expires: 00:02:16
[CE2]display
pim rp-info
PIM-SM BSR RP
information:
Group/MaskLen:
224.0.0.0/4
RP:
11.11.11.11
Priority:
0
HoldTime:
150
Uptime:
01:18:51
Expires: 00:01:39
S1发源为192.168.13.2组为255.1.1.1的组播流,R1和R3加入组225.1.1.1,R2不加入组225.1.1.1,#检查PE1、PE2、PE3上VPN red中的组播路由表项,PE2 VPN red内无接收者
[CE1]display
multicast routing-table
Multicast
routing table of VPN-Instance: public net
Total 1 entry
00001. (192.168.13.2,
225.1.1.1)
Uptime:
00:05:05
Upstream
Interface: GigabitEthernet4/1/6
List of 1
downstream interface
1: GigabitEthernet4/1/5
[PE1]display
multicast vpn-instance red routing-table
Multicast
routing table of VPN-Instance: red
Total 1 entry
00001. (192.168.13.2,
225.1.1.1)
Uptime:
00:10:25
Upstream
Interface: GigabitEthernet4/1/5
List of 2
downstream interfaces
1:
MTunnel0
2: GigabitEthernet4/1/3
[PE2]display
multicast vpn-instance red routing-table
Multicast
routing table of VPN-Instance: red
Total 1 entry
00001. (192.168.13.2,
225.1.1.1)
Uptime:
00:00:02
Upstream Interface:
MTunnel0
[PE3]display
multicast vpn-instance red routing-table
Multicast
routing table of VPN-Instance: red
Total 1 entry
00001. (192.168.13.2,
225.1.1.1)
Uptime:
00:00:31
Upstream
Interface: MTunnel0
List of 1
downstream interface
1:
GigabitEthernet4/1/6
[CE2]display
multicast routing-table
Multicast
routing table
Total 1 entry
00001. (192.168.13.2,
225.1.1.1)
Uptime:
00:04:37
Upstream
Interface: GigabitEthernet3/2/1
List of 1
downstream interface
1: GigabitEthernet3/2/2
#检查PE1上发送的Switch-Group,PE2、PE3上接收到的Switch-Group信息
[PE1]display
multicast-domain vpn-instance red switch-group send
MD
switch-group information sent by VPN-Instance: red
Total
1 switch-group for 1 entry
Total
1 switch-group for 1 entry matched
225.2.2.0 reference_count:
1
(192.168.13.2,
225.1.1.1)
switch time: 00:01:40
[PE2]display
multicast-domain vpn-instance red switch-group receive
MD
switch-group information received by VPN-Instance: red
Total
1 switch-group for 1 entry
Total
1 switch-group for 1 entry matched
switch
group: 225.2.2.0 ref count: 1,
active count: 1
sender: 1.1.1.1 active count:
1
(192.168.13.2,
225.1.1.1)
expire time: 00:02:15
active
[PE3]display
multicast-domain vpn-instance red switch-group receive
MD
switch-group information received by VPN-Instance: red
Total
1 switch-group for 1 entry
Total
1 switch-group for 1 entry matched
switch
group: 225.2.2.0 ref count: 1,
active count: 1
sender: 1.1.1.1 active count:
1
(192.168.13.2,
225.1.1.1)
expire time: 00:03:15
active
#检查PE1、
PE2、P上的Switch-MDT表项,PE3上无Switch-MDT表项
[PE1]display
multicast routing-table 225.2.2.0
Multicast
routing table of VPN-Instance: public net
Total 6 entries ,1
matched
00001. (1.1.1.1,
225.2.2.0)
Uptime:
00:00:24
Upstream
Interface: Mcast_In_IF
List of 1
downstream interface
1: GigabitEthernet4/1/7
[PE3]di mu ro
225.2.2.0
Multicast
routing table of VPN-Instance: public net
Total 5 entries ,1
matched
00001. (1.1.1.1,
225.2.2.0)
Uptime:
00:00:09
Upstream
Interface: GigabitEthernet4/1/7
List of 1
downstream interface
1: VPN-Instance: red
[P]display
multicast routing-table 225.2.2.0
Multicast
routing table of VPN-Instance: public net
Total 7 entries ,1
matched
00001. (1.1.1.1,
225.2.2.0)
Uptime:
00:00:50
Upstream
Interface: GigabitEthernet3/2/4
List of 1 downstream
interface
1: GigabitEthernet3/2/3
[PE3]display multicast routing-table
225.2.2.0
Multicast
routing table of VPN-Instance: public net
Total 3 entries ,0 matched