不同的VPN路由走不同的LSP

CE-B-1(10.0.255.8)至CE-B-2(10.0.255.9)走FAST PATH (即P-1),反向也如此

CE-A-1(10.0.255.1)至CE-A-2(10.0.255.4)走LOW  PATH(即P-2和P-3),反向也如此

root@PE-1# run show configuration | display set

set version 14.1R4.8

set system host-name PE-1

set system root-authentication encrypted-password "$1$iwX8Oear$UbqXYDjJQikoqARR/KrI91"

set system services ssh root-login allow

set system services ssh protocol-version v2

set chassis fpc 0 pic 0 tunnel-services bandwidth 1g

set chassis network-services enhanced-ip

set interfaces ge-0/0/0 description "link to PE-2"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.2/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 description "link to CE-1"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.2/24

set interfaces ge-0/0/2 description "LINK TO P-2"

set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.2/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces ge-0/0/3 description "LINK TO CE-B-1"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.2/24

set interfaces lo0 unit 0 family inet address 10.0.255.2/32

set routing-options router-id 10.0.255.2

set routing-options autonomous-system 65000

set routing-options forwarding-table export MAP-VPN-TO-LSP

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/2.0

set protocols mpls no-cspf

set protocols mpls label-switched-path PE1-PE2 from 10.0.255.2

set protocols mpls label-switched-path PE1-PE2 to 10.0.255.3

set protocols mpls label-switched-path PE1-PE2 ultimate-hop-popping

set protocols mpls label-switched-path PE1-fast-PE2 from 10.0.255.2

set protocols mpls label-switched-path PE1-fast-PE2 to 10.0.255.3

set protocols mpls label-switched-path PE1-fast-PE2 ultimate-hop-popping

set protocols mpls label-switched-path PE1-fast-PE2 primary path-p2-p3

set protocols mpls path path-p2-p3 10.0.255.6 strict

set protocols mpls path path-p2-p3 10.0.255.7 strict

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/2.0

set protocols bgp group IBGP type internal

set protocols bgp group IBGP local-address 10.0.255.2

set protocols bgp group IBGP family inet-vpn unicast

set protocols bgp group IBGP neighbor 10.0.255.3 description peer-to-PE2

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p

set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE1-PE2

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept

set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE1-fast-PE2

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept

set policy-options community CUST-A members target:65000:1

set policy-options community CUST-B members target:65000:2

set routing-instances cust-A instance-type vrf

set routing-instances cust-A interface ge-0/0/1.0

set routing-instances cust-A route-distinguisher 65000:1

set routing-instances cust-A vrf-target target:65000:1

set routing-instances cust-A vrf-table-label

set routing-instances cust-A protocols bgp group EBGP-A type external

set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.12.1 peer-as 65001

set routing-instances cust-B instance-type vrf

set routing-instances cust-B interface ge-0/0/3.0

set routing-instances cust-B route-distinguisher 65000:2

set routing-instances cust-B vrf-target target:65000:2

set routing-instances cust-B vrf-table-label

set routing-instances cust-B protocols bgp group EBGP-B type external

set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.28.8 peer-as 65008

root@PE-2# run show configuration | display set

set version 14.1R4.8

set system host-name PE-2

set system root-authentication encrypted-password "$1$o5wG8uFd$SZB3YeoWMcLoQWQwzhBXf1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set chassis fpc 0 pic 0 tunnel-services bandwidth 1g

set chassis network-services enhanced-ip

set interfaces ge-0/0/0 description "link to PE-1"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.35.3/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 description "link to CE-2"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.3/24

set interfaces ge-0/0/2 description "LINK TO CE-B-2"

set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.3/24

set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.3/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.3/32

set routing-options router-id 10.0.255.3

set routing-options autonomous-system 65000

set routing-options forwarding-table export MAP-VPN-TO-LSP

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/3.0

set protocols mpls no-cspf

set protocols mpls label-switched-path PE2-PE1 from 10.0.255.3

set protocols mpls label-switched-path PE2-PE1 to 10.0.255.2

set protocols mpls label-switched-path PE2-PE1 ultimate-hop-popping

set protocols mpls label-switched-path PE2-fast-PE1 from 10.0.255.3

set protocols mpls label-switched-path PE2-fast-PE1 to 10.0.255.2

set protocols mpls label-switched-path PE2-fast-PE1 ultimate-hop-popping

set protocols mpls label-switched-path PE2-fast-PE1 primary path-p3-p2

set protocols mpls path path-p3-p2 10.0.255.7 strict

set protocols mpls path path-p3-p2 10.0.255.6 strict

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/3.0

set protocols bgp group IBGP type internal

set protocols bgp group IBGP local-address 10.0.255.3

set protocols bgp group IBGP family inet-vpn unicast

set protocols bgp group IBGP neighbor 10.0.255.2 description peer-to-PE1

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p

set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE2-PE1

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept

set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE2-fast-PE1

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept

set policy-options community CUST-A members target:65000:1

set policy-options community CUST-B members target:65000:2

set routing-instances cust-A instance-type vrf

set routing-instances cust-A interface ge-0/0/1.0

set routing-instances cust-A route-distinguisher 65000:1

set routing-instances cust-A vrf-target target:65000:1

set routing-instances cust-A vrf-table-label

set routing-instances cust-A protocols bgp group EBGP-A type external

set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.34.4 peer-as 65002

set routing-instances cust-B instance-type vrf

set routing-instances cust-B interface ge-0/0/2.0

set routing-instances cust-B route-distinguisher 65000:2

set routing-instances cust-B vrf-target target:65000:2

set routing-instances cust-B vrf-table-label

set routing-instances cust-B protocols bgp group EBGP-B type external

set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.39.9 peer-as 65009

root@P-1# run show configuration | display set

set version 14.1R4.8

set system host-name P-1

set system root-authentication encrypted-password "$1$TE3BdGbx$zBpONGKtzW8f8rGZT45uf1"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.5/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 unit 0 family inet address 10.0.35.5/24

set interfaces ge-0/0/1 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.5/32

set routing-options router-id 10.0.255.5

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/1.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/1.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p

root@P-2# run show configuration | display set

set version 14.1R4.8

set system host-name P-2

set system root-authentication encrypted-password "$1$DVY55Nb3$1Go7qPH1MA3OmJK3GBUTG1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set interfaces ge-0/0/0 description "LINK TO P-3"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.6/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/2 description TO-PE-1

set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.6/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.6/32

set routing-options router-id 10.0.255.6

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/2.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/2.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p

root@P-3# run show configuration | display set

set version 14.1R4.8

set system host-name P-3

set system root-authentication encrypted-password "$1$9pP21lyC$TXXVoOrkvDbxVzyzqY76k."

set interfaces ge-0/0/0 description "LINK TO P-2"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.7/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/3 description "LINK TO PE-2"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.7/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.7/32

set routing-options router-id 10.0.255.7

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/3.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/3.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p

root@CE-A-1# run show configuration | display set

set version 14.1R4.8

set system host-name CE-A-1

set system root-authentication encrypted-password "$1$tpZplKaf$blPObwswtRewyjOwcWuI2/"

set system services ssh root-login allow

set system services ssh protocol-version v2

set system syslog user * any emergency

set system syslog file messages any notice

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands any

set interfaces ge-0/0/1 unit 0 description "link to PE-1"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.1/24

set interfaces em0 mac 50:00:00:01:00:11

set interfaces em0 unit 0 family inet address 10.5.245.11/24

set interfaces lo0 unit 0 family inet address 10.0.255.1/32

set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254

set routing-options router-id 10.0.255.1

set routing-options autonomous-system 65001

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.12.2 peer-as 65000

set policy-options policy-statement send_direct term 1 from protocol direct

set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.1/32 exact

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term last then reject

root@CE-A-2# run show configuration | display set

set version 14.1R4.8

set system host-name CE-A-2

set system root-authentication encrypted-password "$1$AOxzqe9V$JM27aMK/m6OoUAn9Kky/C1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set system syslog user * any emergency

set system syslog file messages any notice

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands any

set interfaces ge-0/0/1 description "link to PE-2"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.4/24

set interfaces em0 mac 50:00:00:01:00:16

set interfaces em0 unit 0 family inet address 10.5.245.14/24

set interfaces lo0 unit 0 family inet address 10.0.255.4/32

set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254

set routing-options router-id 10.0.255.4

set routing-options autonomous-system 65002

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.34.3 peer-as 65000

set policy-options policy-statement send_direct term 1 from protocol direct

set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.4/32 exact

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term last then reject

root@CE-B-1# run show configuration | display set

set version 14.1R4.8

set system host-name CE-B-1

set system root-authentication encrypted-password "$1$0xhgi7lA$Sf50cDbwCXfygBypVGZl1."

set interfaces ge-0/0/3 description "LINK TO PE-1"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.8/24

set interfaces lo0 unit 0 family inet address 10.0.255.8/32

set routing-options router-id 10.0.255.8

set routing-options autonomous-system 65008

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.28.2 peer-as 65000

set policy-options policy-statement send_direct term 1 from interface lo0.0

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term 2 then reject

root@CE-B-2# run show configuration | display set

set version 14.1R4.8

set system host-name CE-B-2

set system root-authentication encrypted-password "$1$nyp9EEd.$TdJvhrjbMEYEMGJegpGFg."

set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.9/24

set interfaces lo0 unit 0 family inet address 10.0.255.9/32

set routing-options router-id 10.0.255.9

set routing-options autonomous-system 65009

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.39.3 peer-as 65000

set policy-options policy-statement send_direct term 1 from interface lo0.0

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term 2 then reject

验证:

root@PE-1> show route table cust-A

cust-A.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.12.0/24      *[Direct/0] 01:21:28

                    > via ge-0/0/1.0

10.0.12.2/32      *[Local/0] 01:21:28

                      Local via ge-0/0/1.0

10.0.34.0/24      *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3

                      AS path: I, validation-state: unverified

                      to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2

10.0.255.1/32      *[BGP/170] 01:21:24, localpref 100

                      AS path: 65001 I, validation-state: unverified

                    > to 10.0.12.1 via ge-0/0/1.0

10.0.255.4/32      *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3

                      AS path: 65002 I, validation-state: unverified

to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2

root@PE-1> show route table cust-B

cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.28.0/24      *[Direct/0] 01:21:33

                    > via ge-0/0/3.0

10.0.28.2/32      *[Local/0] 01:21:33

                      Local via ge-0/0/3.0

10.0.255.8/32      *[BGP/170] 01:21:25, localpref 100

                      AS path: 65008 I, validation-state: unverified

                    > to 10.0.28.8 via ge-0/0/3.0

10.0.255.9/32      *[BGP/170] 00:17:48, localpref 100, from 10.0.255.3

                      AS path: 65009 I, validation-state: unverified

  to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2

root@PE-1> show route 10.0.255.9/32 table cust-B

cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.255.9/32      *[BGP/170] 19:10:01, localpref 100, from 10.0.255.3

                      AS path: 65009 I, validation-state: unverified

                      to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up            428            35424 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up    491  40716 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

root@CE-B-1> ping source 10.0.255.8 10.0.255.9 rapid count 4

PING 10.0.255.9 (10.0.255.9): 56 data bytes

!!!!

--- 10.0.255.9 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max/stddev = 8.157/9.331/10.959/1.121 ms

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up    495 41052 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

REF:
https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/map-vpn-to-lsp-route-policy.pdf

©著作权归作者所有,转载或内容合作请联系作者
  • 人面猴
    序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 218,204评论 6 506
  • 死咒
    序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 93,091评论 3 395
  • 救了他两次的神仙让他今天三更去死
    文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 164,548评论 0 354
  • 道士缉凶录:失踪的卖姜人
    文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 58,657评论 1 293
  • 港岛之恋(遗憾婚礼)
    正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 67,689评论 6 392
  • 恶毒庶女顶嫁案:这布局不是一般人想出来的
    文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 51,554评论 1 305
  • 城市分裂传说
    那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 40,302评论 3 418
  • 双鸳鸯连环套:你想象不到人心有多黑
    文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 39,216评论 0 276
  • 万荣杀人案实录
    序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 45,661评论 1 314
  • 护林员之死
    正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,851评论 3 336
  • 白月光启示录
    正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,977评论 1 348
  • 活死人
    序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 35,697评论 5 347
  • 日本核电站爆炸内幕
    正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 41,306评论 3 330
  • 男人毒药:我在死后第九天来索命
    文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,898评论 0 22
  • 一桩弑父案,背后竟有这般阴谋
    文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 33,019评论 1 270
  • 情欲美人皮
    我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 48,138评论 3 370
  • 代替公主和亲
    正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,927评论 2 355

推荐阅读更多精彩内容