MPLS AToM CISCO 配置模板与基本故障排查思路

Technorati 标签: MPLS AToM, VPWS

 

该文档测试,排错思路基于 ×××故障针断与排除第7章.AToM.

拓扑图:

在这里,R1到R3做AToM.
关键配置:

R1和R4就是两台电脑:

R1 interface f0/0=1.1.1.1/24

R4 interface f0/0=1.1.1.2/24

R1做为PE-1-R1:

hostname PE-1-R2

ip cef

mpls label protocol ldp

interface Loopback0

ip address 10.1.1.1 255.255.255.255

!

interface FastEthernet0/0

no ip address

duplex full

speed auto

xconnect 10.1.1.3 100 encapsulation mpls

!

interface FastEthernet1/0

ip address 2.1.1.1 255.255.255.0

duplex full

speed auto

mpls label protocol ldp

mpls ip

!

router ospf 1

router-id 10.1.1.1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

R2做为P-router:

hostname P-R3

ip cef

mpls label protocol ldp

!

interface Loopback0

ip address 10.1.1.2 255.255.255.255

!

interface FastEthernet0/0

ip address 2.1.1.2 255.255.255.0

duplex full

speed auto

mpls label protocol ldp

mpls ip

!

interface FastEthernet1/0

ip address 3.1.1.1 255.255.255.0

duplex full

speed auto

mpls label protocol ldp

mpls ip

!

router ospf 1

router-id 10.1.1.2

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

R3作为PE-2-R3:

hostname PE-2-R4

ip cef

mpls label protocol ldp

interface Loopback0

ip address 10.1.1.3 255.255.255.255

!

interface FastEthernet0/0

ip address 3.1.1.2 255.255.255.0

duplex full

speed auto

mpls label protocol ldp

mpls ip

!

interface FastEthernet1/0

no ip address

duplex full

speed auto

xconnect 10.1.1.1 100 encapsulation mpls

!

router ospf 1

router-id 10.1.1.3

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

好了,下面来说说troubleshooting的部分.如何才能快速定位一个AToM的问题所在.

关于MTU的问题.这个老身长谈的问题,今天又要拿来说一下了.从PC 1.1.1.1 ping 1.1.1.2 size 1500的话,肯定是ping 不通的.因为mpls接口的默认mtu是1500.这样还需要把标签8+4控制字+4字节的hdlc报文头减去,这样实际踩能通1500-16=1484.

我们可以看看默认的mpls 接口:

PE-1-R2#show mpls interfaces fastEthernet 1/0 detail

Interface FastEthernet1/0:

IP labeling enabled (ldp):

Interface config

LSP Tunnel labeling not enabled

BGP labeling not enabled

MPLS operational

MTU = 1540

PE-1-R2#

看到了吧,这里实际的mpls mtu=1500...等我们把mpls接口下面的mtu都改了就可以ping通了.

interface FastEthernet1/0

ip address 2.1.1.1 255.255.255.0

duplex full

speed auto

mpls mtu 1540

mpls label protocol ldp

mpls ip

end

PE-1-R2#show ip cef

Prefix Next Hop Interface

0.0.0.0/0 no route

0.0.0.0/8 drop

0.0.0.0/32 receive

2.1.1.0/24 attached FastEthernet1/0

2.1.1.0/32 receive FastEthernet1/0

2.1.1.1/32 receive FastEthernet1/0

2.1.1.2/32 attached FastEthernet1/0

2.1.1.255/32 receive FastEthernet1/0

3.1.1.0/24 2.1.1.2 FastEthernet1/0

10.1.1.1/32 receive Loopback0

10.1.1.2/32 2.1.1.2 FastEthernet1/0

10.1.1.3/32 2.1.1.2 FastEthernet1/0

127.0.0.0/8 drop

224.0.0.0/4 drop

224.0.0.0/24 receive

240.0.0.0/4 drop

255.255.255.255/32 receive

各台中心骨干网router的cef总要起起来吧,这个可是必要的..呵呵.

PE-1-R2#show mpls interfaces

Interface IP Tunnel BGP Static Operational

FastEthernet1/0 Yes (ldp) No No No Yes

PE-1-R2#

P-R3#show mpls interfaces

Interface IP Tunnel BGP Static Operational

FastEthernet0/0 Yes (ldp) No No No Yes

FastEthernet1/0 Yes (ldp) No No No Yes

P-R3#

看看每台骨干网router的mpls 是否开启在接口下面.

PE-1-R2#show mpls ldp discovery

Local LDP Identifier:

10.1.1.1:0

Discovery Sources:

Interfaces:

FastEthernet1/0 (ldp): xmit/recv

LDP Id: 10.1.1.2:0

Targeted Hellos:

10.1.1.1 -> 10.1.1.3 (ldp): active/passive, xmit/recv

LDP Id: 10.1.1.3:0

PE-1-R2#

这里可以看看ldp是否完成了收发.

还有一个是要确保,中间骨干网上面要允许UDP/TCP port=646 , multicast 224.0.0.2的报文通过,因为这个是ldp建立邻居的hello报文需要的端口号.

否则的话会被ip access list 最后一句隐藏的deny any any而建立不起邻居.

PE-1-R2#show mpls ldp neighbor

Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0

TCP connection: 10.1.1.3.62425 - 10.1.1.1.646

State: Oper; Msgs sent/rcvd: 82/80; Downstream

Up time: 00:59:08

LDP discovery sources:

Targeted Hello 10.1.1.1 -> 10.1.1.3, active, passive

Addresses bound to peer LDP Ident:

3.1.1.2 10.1.1.3

Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.1:0

TCP connection: 10.1.1.2.51161 - 10.1.1.1.646

State: Oper; Msgs sent/rcvd: 17/18; Downstream

Up time: 00:08:50

LDP discovery sources:

FastEthernet1/0, Src IP addr: 2.1.1.2

Addresses bound to peer LDP Ident:

2.1.1.2 3.1.1.1 10.1.1.2

PE-1-R2#

所以,ldp邻居有直连的.还有对端PE的,这就是两种LDP邻居.

最后就是比较重量级的了:

PE-1-R2#show mpls l2transport vc vcid 100 detail

Local interface: Fa0/0 up, line protocol up, Ethernet up

Destination address: 10.1.1.3, VC ID: 100, VC status: up

Output interface: Fa1/0, imposed label stack {18 20}

Preferred path: not configured

Default path: active

Next hop: 2.1.1.2

Create time: 01:03:32, last status change time: 00:23:40

Signaling protocol: LDP, peer 10.1.1.3:0 up

MPLS VC labels: local 20, remote 20

Group ID: local 0, remote 0

MTU: local 1500, remote 1500 //看mtu是多少

Remote interface description:

Sequencing: receive disabled, send disabled

VC statistics:

packet totals: receive 1536, send 1549

byte totals: receive 542617, send 585294

packet drops: receive 0, seq error 0, send 28

PE-1-R2#

你想比较一下两边是否vcid一样,附属接口状态如何,

PE-1-R2#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Fa0/0 Ethernet 10.1.1.3 100 UP

PE-1-R2#

PE-2-R4#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Fa1/0 Ethernet 10.1.1.1 100 UP

PE-2-R4#

这个表也就是当前L2 AToM的状态表了.

总结:

注意,在使用的时候,类型一定要一致的.还有就是vcID需要一致.而且附属端口的状态是要up的.路由就不说了.这个是基础,CEF快速转发表要打开.全局下面要起mpls ip,然后标签分发协议要用ldp的,因为cisco默认的是tdp的,在xconnect附属接口上,vcid两边要相同,两边的接口类型也需要一致。不能本端是ppp,对端是HDLC的. 还有就是,中间骨干网上面,一定要保证UDP/TCP port=646的端口,224.0.0.2的组播过,因为那是ldp建立邻居时候需要的端口号.只要注意了这些,AToM应该也不是什么难事了.

上面所有ciscoIOS版本为:

Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Thu 26-Feb-09 00:31 by prod_rel_team

转载于:https://blog.51cto.com/361531/626839