Rapid self-healing protection technology for rail transit carrying network


With the development of economy and society , Subway has gradually become the main means to solve the problem of urban traffic congestion . With it comes the ever-increasing richness of IP Class business applications and growing data traffic , At the same time, because the subway belongs to the public transportation system , The requirements for safety and reliability are very high . Therefore, the traditional subway bearing network is increasingly unable to meet the requirements , The information-based subway system needs a more robust 、 Reliable network carrying . The modern rail transit carrying network needs to solve the following aspects of demand :

  • Ensure adequate reliability and safety : Because the subway belongs to the public transportation system , Therefore, the subway bearing network is required to have good reliability and security .

  • Provide enough data capacity : Due to the large passenger flow of the subway system , There are more and more data terminals , Therefore, the Metro bearing network is required to have sufficient data capacity and data exchange capacity .

  • Support diversified business types : Because the subway system involves control system 、 Advertising media 、 Daily office and other business types , Therefore, the subway carrying network is required to support a variety of business types .

because IP Data communication network is the main way of data communication , And it has rich access methods , Huge network scale and other characteristics , So the subway network IP Transformation is a trend in the future .


In order to ensure the safe operation of subway system more reliably , At the same time, it provides more abundant business types for the subway system , Huawei has launched the Ho*** technology HSR Solution .HSR The solution mainly uses Huawei Agile Series switches , The scheme is based on MPLS L3*** technology 、 Adopt hierarchical network structure , It has strong carrying capacity and simple and flexible networking form , It is suitable for large-scale rail transit carrying network .HSR The scheme uses hardware BFD testing 、TE HSB、*** FRR、VRRP Double harvest and other protection technologies , With millisecond protection switching capability , It can complete the end-to-end link switching of the whole network without the user's perception .

General introduction of the scheme



From the understanding of the business needs of rail transit carrying network , Focus on network reliability 、 Extensibility 、 Maintainability and multi service carrying capacity , Considering the need of network topology hierarchy and reducing network cost , Designed based on Ho*** Rapid self-healing protection of Technology (HSR) Solution , Pictured 1 Shown .( This case is from the official website of Huawei )

Pictured 1 Shown ,HSR The overall deployment of the solution is described below :


  • The core layer adopts three sets S9700 Series switches form the core ring in the form of full connection , Each site and data center interact with each other through the core ring .

  • Deploy two at each subway station S5720HI Do convergence equipment , With the core ring of the two S9700 To form a zigzag network , You can also have multiple sites S5720HI After series connection with the two sets of the core ring S9700 To form a zigzag network .S5720HI To configure VRRP As the user gateway of each site . The data center site uses two S9700 Do convergence , Business deployment is the same as S5720HI.

  • The access layer of each station selects layer 2 switch to form access ring , Double uplink to the convergence layer S5720HI or S9700.


The whole network carries all the traffic of subway system , For example, daily office business 、 Subway advertising media 、 Train control management and other services .


Business deployment description



Network topology



According to the figure 1 The topology shown here builds the network , Configure the corresponding network element name 、 equipment IP Address 、 Business interface and user interface of the equipment .

Device interface 、 Data planning



Operation steps



01





Basic configuration

a、 Configure the physical interface to add Eth-Trunk

With Core_SPE1 For example, configure the physical interface to add Eth-Trunk, Other equipment configuration steps and Core_SPE1 similar .





































#interface XGigabitEthernet1/0/0 eth-trunk 5#interface XGigabitEthernet1/0/1 eth-trunk 5#interface XGigabitEthernet1/0/2 eth-trunk 5#interface XGigabitEthernet1/0/3 eth-trunk 5#interface XGigabitEthernet5/0/4 eth-trunk 4#interface XGigabitEthernet5/0/5 eth-trunk 4#interface XGigabitEthernet5/0/6 eth-trunk 4#interface XGigabitEthernet5/0/7 eth-trunk 4#interface XGigabitEthernet6/0/0 eth-trunk 17#interface XGigabitEthernet6/0/1 eth-trunk 17#interface XGigabitEthernet6/0/2 eth-trunk 17#interface XGigabitEthernet6/0/3 eth-trunk 17

b、 Configure the interface description and IP Address

With Core_SPE1 For example, configure the interface description and IP Address , Other equipment configuration steps and Core_SPE1 similar .





































#interface XGigabitEthernet1/0/0 eth-trunk 5#interface XGigabitEthernet1/0/1 eth-trunk 5#interface XGigabitEthernet1/0/2 eth-trunk 5#interface XGigabitEthernet1/0/3 eth-trunk 5#interface XGigabitEthernet5/0/4 eth-trunk 4#interface XGigabitEthernet5/0/5 eth-trunk 4#interface XGigabitEthernet5/0/6 eth-trunk 4#interface XGigabitEthernet5/0/7 eth-trunk 4#interface XGigabitEthernet6/0/0 eth-trunk 17#interface XGigabitEthernet6/0/1 eth-trunk 17#interface XGigabitEthernet6/0/2 eth-trunk 17#interface XGigabitEthernet6/0/3 eth-trunk 17

c、 To configure Eth-Trunk Interface simulation 40G link

In all S9700 The equipment Eth-trunk Configuration on the interface least active-linknumber 4, Simulate this Eth-Trunk Interface for 40G port , If there is a member port down, Whole Eth-Trunk The interface will down. With Core_SPE1 For example, configure , Other equipment configuration steps and Core_SPE1 similar .











#interface Eth-Trunk4 least active-linknumber 4#interface Eth-Trunk5 least active-linknumber 4#interface Eth-Trunk17 least active-linknumber 4#

d、 establish Eth-Trunk Load sharing template and apply to Eth-trunk On

Load sharing is configured according to the source port number and destination port number . With Core_SPE1 For example, configure , Other equipment configuration steps and Core_SPE1 similar .















#load-balance-profile CUSTOM ipv6 field l4-sport l4-dport ipv4 field l4-sport l4-dport#interface Eth-Trunk4 load-balance enhanced profile CUSTOM#interface Eth-Trunk5 load-balance enhanced profile CUSTOM#interface Eth-Trunk17 load-balance enhanced profile CUSTOM#


e、 Make it possible STP function

Because the whole network uses three-layer interface for interconnection , There is no need to run the layer 2 broken protocol , Configure the global to enable STP function . With Core_SPE1 For example, configure , Other equipment configuration steps and Core_SPE1 similar .




#stp disable#

f、 To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .




#bfd#

g、 To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .




#bfd#


02





Deploy OSPF

choose OSPF As IGP agreement , Ensure that the routing between the devices in the whole network can reach , meanwhile OSPF Routing as MPLS LDP、MPLS TE Bearing capacity , Configuration ideas are as follows :

  • All devices are divided into Area0 Area , The direct link segment and LoopBack1 Address .

  • Not running OSPF All the interfaces of are configured as OSPF Silent interface , Prohibit this interface from receiving and sending OSPF message , Implementation enhancements OSPF Network adaptability of , The purpose of reducing the consumption of system resources .

  • suffer 31 The effect of bit address mask , Configure on the interconnection main interface ospf The network type is point-to-point .

  • To configure OSPF And LDP linkage , Solve the problem of master-slave LSP Traffic loss caused by handover .

a、 To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .


































router id 172.16.0.5    // To configure Router ID.#interface Eth-Trunk4 ospf network-type p2p    // suffer 31 The effect of bit address mask , Configure on the interconnection main interface ospf The network type is point-to-point .#interface Eth-Trunk5 ospf network-type p2p#interface Eth-Trunk17 ospf network-type p2p#interface XGigabitEthernet6/0/4 ospf network-type p2p#ospf 1 silent-interface all    // Prohibit all interfaces from sending and receiving OSPF message . undo silent-interface Eth-Trunk4    // Resume interface transceiver OSPF Message function . undo silent-interface Eth-Trunk5 undo silent-interface Eth-Trunk17 undo silent-interface XGigabitEthernet6/0/4 spf-schedule-interval millisecond 10    // The routing calculation interval is configured as 10ms, The purpose is to speed up the routing convergence performance . lsa-originate-interval 0    // Set up LSA The update interval is 0. lsa-arrival-interval 0    // Set up LSA The receiving time interval is 0. So that changes in topology or routing can be immediately perceived , So as to speed up the convergence of routing . graceful-restart period 600    // Can make OSPF GR. flooding-control    // Can make flooding-control Flood control , Maintain the stability of neighborhood relations . area 0.0.0.0  authentication-mode md5 1 cipher %^%#NInJJ<oF9VXb:BS~~9+JT'suROXkVHNG@8+*3FyB%^%#    // Appoint OSPF The authentication mode and password used by the zone .  network 172.16.0.5 0.0.0.0  network 172.17.4.2 0.0.0.0  network 172.17.4.8 0.0.0.0  network 172.17.4.10 0.0.0.0  network 172.17.10.2 0.0.0.0#

b、 To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .






















router id 172.16.2.51#interface Eth-Trunk7 ospf network-type p2p#interface Eth-Trunk17 ospf network-type p2p#ospf 1 silent-interface all undo silent-interface Eth-Trunk7 undo silent-interface Eth-Trunk17 graceful-restart period 600 bandwidth-reference 100000    // Set the bandwidth reference value by which the interface overhead is calculated by formula . flooding-control area 0.0.0.0  authentication-mode md5 1 cipher %^%#nU!dUe#c'J!;/%*WtZxQ<gP:'zx_E2OQnML]q;s#%^%#  network 172.16.2.51 0.0.0.0  network 172.17.4.11 0.0.0.0  network 172.17.4.14 0.0.0.0#

c、 perform display ospf peer Command view OSPF The neighbor information of , With Core_SPE1 For example , Status as Full Express OSPF Neighbors are established normally .















































[Core_SPE1]display  ospf peer  
        OSPF Process 1 with Router ID 172.16.0.5                 Neighbors
Area 0.0.0.0 interface 172.17.4.8(Eth-Trunk4)'s neighbors Router ID: 172.16.0.3         Address: 172.17.4.9      GR State: Normal       State: Full  Mode:Nbr is  Slave  Priority: 1   DR: None   BDR: None   MTU: 0       Dead timer due in 40  sec   Retrans timer interval: 4   Neighbor is up for 00:53:42       Authentication Sequence: [ 0 ]
                Neighbors
Area 0.0.0.0 interface 172.17.4.2(Eth-Trunk5)'s neighbors Router ID: 172.16.0.4      Address: 172.17.4.3     GR State: Normal       State: Full  Mode:Nbr is  Master  Priority: 1   DR: None   BDR: None   MTU: 0       Dead timer due in 37  sec   Retrans timer interval: 4   Neighbor is up for 00:53:22       Authentication Sequence: [ 0 ]
                Neighbors
Area 0.0.0.0 interface 172.17.4.10(Eth-Trunk17)'s neighbors Router ID: 172.16.2.51       Address: 172.17.4.11       GR State: Normal       State: Full  Mode:Nbr is  Slave  Priority: 1   DR: None   BDR: None   MTU: 0       Dead timer due in 31  sec   Retrans timer interval: 4   Neighbor is up for 00:53:34       Authentication Sequence: [ 0 ]
                Neighbors
Area 0.0.0.0 interface 172.17.10.2(XGigabitEthernet6/0/4)'s neighbors Router ID: 172.16.2.86      Address: 172.17.10.3      GR State: Normal       State: Full  Mode:Nbr is  Master  Priority: 1   DR: None   BDR: None   MTU: 0       Dead timer due in 32  sec   Retrans timer interval: 5   Neighbor is up for 00:53:42       Authentication Sequence: [ 0 ]
4de5a7955b0938e054541e8b65d33b52.gif 90df7593e2c95bc5289dc03d97a33765.jpeg edc8cb48bf81e67a5a11f094fdc99326.gif

Long press to identify the two-dimensional code : Network migrant workers


03





Deploy MPLS LDP

f6339c9efe3766a79db468b8a0180f11.png
  • To configure LSR-ID, And enable the global and each interface of MPLS LDP function .

  • To configure LDP And OSPF linkage , Solve the problem of master-slave LSP Traffic loss caused by handover .

  • To configure LDP GR, The device traffic forwarding of the primary / standby switching or protocol restart is not interrupted .

  • To configure BFD for LSP, Fast detection of the core ring LDP LSP Link failure problem .

a、 Can make MPLS LDP

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .























mpls lsr-id 172.16.0.5    // To configure MPLS LSR ID. Recommend Loopback The address of the interface .mpls    // Enable the overall situation MPLS. label advertise non-null    // Ban PHP characteristic , The outgoing node normally assigns labels to the second to last hop .#mpls ldp    // Global enabling MPLS LDP.#interface Eth-Trunk4 mpls mpls ldp    // Interface enable MPLS LDP.#interface Eth-Trunk5 mpls mpls ldp    // Interface enable MPLS LDP.#interface Eth-Trunk17 mpls mpls ldp    // Interface enable MPLS LDP.#interface XGigabitEthernet6/0/4 mpls mpls ldp    // Interface enable MPLS LDP.#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .















mpls lsr-id 172.16.2.51    // To configure MPLS LSR ID. Recommend Loopback The address of the interface .mpls    // Enable the overall situation MPLS. label advertise non-null     // Ban PHP characteristic , The outgoing node normally assigns labels to the second to last hop .#mpls ldp    // Global enabling MPLS LDP.#interface Eth-Trunk7 mpls mpls ldp    // Interface enable MPLS LDP.#interface Eth-Trunk17 mpls mpls ldp    // Interface enable MPLS LDP.#

# perform display mpls ldp session all Command view MPLS LDP Conversation state , With Core_SPE1 For example , The conversation state is Operational Express MPLS LDP The conversation is established normally .















[Core_SPE1]display mpls ldp session all
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv ------------------------------------------------------------------------------ 172.16.0.3:0       Operational DU   Passive  0000:00:56  226/226 172.16.0.4:0       Operational DU   Active   0000:00:56  226/226 172.16.2.51:0      Operational DU   Passive  0000:00:55  223/223 172.16.2.86:0      Operational DU   Passive  0000:00:55  223/223 ------------------------------------------------------------------------------ TOTAL: 4 session(s) Found.

b、 To configure LDP And OSPF linkage

LDP LSR To depend on OSPF establish LSP, When the main chain LDP Session failure ( Non link failure causes ) when , Or when the main link fails and then recovers , To configure LDP And OSPF Linkage can solve the problem of master-slave LSP Traffic loss caused by handover .

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .

















interface Eth-Trunk4 ospf ldp-sync    // Enable the protected interface LDP and OSPF Linkage function . ospf timer ldp-sync hold-down 20    // Set the interface not to be established OSPF Neighbors and wait LDP The time interval between sessions .#interface Eth-Trunk5 ospf ldp-sync ospf timer ldp-sync hold-down 20#interface Eth-Trunk17 ospf ldp-sync ospf timer ldp-sync hold-down 20#interface XGigabitEthernet6/0/4 ospf ldp-sync ospf timer ldp-sync hold-down 20#


# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .









interface Eth-Trunk7 ospf ldp-sync ospf timer ldp-sync hold-down 20#interface Eth-Trunk17 ospf ldp-sync ospf timer ldp-sync hold-down 20#

c、 To configure LDP GR

By configuring LDP GR, It can realize the device traffic forwarding without interruption .

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .




mpls ldp graceful-restart    // Can make LDP GR function .#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .




mpls ldp graceful-restart#

d、 To configure BFD for LSP

In order to improve the core ring SPE Between LDP LSP Link reliability , You can configure static BFD testing LDP LSP, Fast detection LDP LSP link .

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .



















bfd SPE1toSPE2 bind ldp-lsp peer-ip 172.16.0.3 nexthop 172.17.4.9 interface Eth-Trunk4    // Using static BFD Yes SPE1 and SPE2 Between LDP LSP To test . discriminator local 317    // Specify the local identifier . The local identifier of the local end must be the same as the remote identifier of the opposite end . discriminator remote 137    // Specify the remote identifier . detect-multiplier 8    // Specify the local BFD Detection multiple . min-tx-interval 3    // Set up local sending BFD The minimum time interval of a message is 3.3ms. min-rx-interval 3    // Set up local reception BFD The minimum time interval of a message is 3.3ms. process-pst    // To speed up the switching , Permission is required BFD Session modification port state table PST. commit    // Submit BFD Session configuration .#bfd SPE1toSPE3 bind ldp-lsp peer-ip 172.16.0.4 nexthop 172.17.4.3 interface Eth-Trunk5    // Using static BFD Yes SPE1 and SPE3 Between LDP LSP To test . discriminator local 32 discriminator remote 23 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#

# perform display bfd session all for-lsp Command view BFD for LSP Conversation state , With Core_SPE1 For example ,BFD The conversation state is Up, The type is S_LDP_LSP, Express BFD for LSP The conversation is established normally .









[Core_SPE1]display bfd session all for-lsp--------------------------------------------------------------------------------Local Remote     PeerIpAddr      State     Type         InterfaceName           --------------------------------------------------------------------------------32    23         172.16.0.4      Up        S_LDP_LSP    Eth-Trunk4               317   137        172.16.0.3      Up        S_LDP_LSP    Eth-Trunk5              --------------------------------------------------------------------------------     Total UP/DOWN Session Number : 2/0


04





Deploy MPLS TE

Use the following ideas to configure MPLS TE:


1、 Can make MPLS TE.


2、 Global enable the nodes along the tunnel MPLS、MPLS TE and MPLS TE CSPF etc. , stay TE Interface deployment along the tunnel MPLS and MPLS TE.


3、 Configure tunnel paths , Initiated by each node TE Tunnels are in the form of main and standby , The affinity attribute method is used to plan the specific master-slave CR-LSP route .


4、 establish L3*** The tunnel of business .


  • Create the main tunnel .


    establish Site2_UPE3 And Core_SPE2 Between the main tunnel TE1. Designated master CR-LSP Use path 1, Hot backup CR-LSP Use path 2.


    establish Site2_UPE4 And Core_SPE3 Between the main tunnel TE3. Designated master CR-LSP Use path 5, Hot backup CR-LSP Use path 6.


  • Create a backup tunnel .


    As the main tunnel TE1 The backup tunnel of , stay Site2_UPE3 And Core_SPE3 Between the establishment of a backup tunnel TE2. Designated master CR-LSP Use path 3, Hot backup CR-LSP Use path 4.


    As the main tunnel TE3 The backup tunnel of , stay Site2_UPE4 And Core_SPE2 Between the establishment of a backup tunnel TE4. Designated master CR-LSP Use path 7, Hot backup CR-LSP Use path 8.


  • To configure RSVP GR.


    Enable on all devices RSVP GR function , Can be prevented in RSVP When the node switches between the master and the standby, the network is interrupted , And get back to dynamic CR-LSP The normal state of .


  • To configure BFD for CR-LSP.


    Configure static on all devices BFD for CR-LSP, Speed up the Lord CR-LSP And hot backup CR-LSP Switch between .


5、 Create a tunnel strategy .


Configuration optimization TE Tunnel .


6、MPLS TE Tunnel list

d9ae70a56203e495653f49163a9b689b.png

a、 To configure MPLS TE Tunnel and hot backup protection

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .





















































































mpls mpls te    // Enable the overall situation MPLS TE. mpls rsvp-te    // Can make RSVP-TE. mpls te cspf    // Can make CSPF Algorithm .#interface Eth-Trunk4 mpls te    // Enable interface MPLS TE. mpls te link administrative group c    // Configure the management group properties of the link , In order to TE The tunnel selects the primary and secondary paths . mpls rsvp-te    // Enable interface RSVP-TE.#interface Eth-Trunk5 mpls te mpls te link administrative group 30 mpls rsvp-te#interface Eth-Trunk17 mpls te mpls te link administrative group 4 mpls rsvp-te#interface XGigabitEthernet6/0/4 mpls te mpls te link administrative group 20 mpls rsvp-te#ospf 1 opaque-capability enable    // Can make OSPF Of Opaque Ability . area 0.0.0.0  mpls-te enable    // At present OSPF Area enable MPLS TE.#interface Tunnel611    // Appoint Core_SPE1 to Site1_UPE1 Of Tunnel. description Core_SPE1 to Site1_UPE1    // Interface description . ip address unnumbered interface LoopBack1    //Tunnel Of IP Address direct borrowing Loopback Interface IP Address . tunnel-protocol mpls te    // Configure the tunnel protocol to MPLS TE. destination 172.16.2.51    // The destination address of the configuration tunnel is Site1_UPE1. mpls te tunnel-id 71    // To configure Tunnel ID, this ID Valid locally and must be unique on this device . mpls te record-route    // Configure tunnel to support routing logging , Record the detailed path information of the tunnel , It is convenient for future operation and maintenance . mpls te affinity property 4 mask 4    // Configuration master CR-LSP Affinity properties of , In order to choose the best forwarding path . mpls te affinity property 8 mask 8 secondary    // Configure the backup CR-LSP Affinity properties of . mpls te backup hot-standby    // Configure tunnel to hot backup mode . mpls te commit    // Submit all... Under this tunnel MPLS TE Configuration of . Only after executing this command can the configuration take effect .#interface Tunnel622 description Core_SPE1 to Site1_UPE2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 172.16.2.50 mpls te tunnel-id 82 mpls te record-route mpls te affinity property 8 mask 8 mpls te affinity property 4 mask 4 secondary mpls te backup hot-standby  mpls te commit#interface Tunnel711 description Core_SPE1 to Site3_UPE6 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 172.16.2.86 mpls te tunnel-id 311 mpls te record-route mpls te affinity property 20 mask 20 mpls te affinity property 10 mask 10 secondary mpls te backup hot-standby  mpls te commit#interface Tunnel721 description Core_SPE1 to Site3_UPE5 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 172.16.2.87 mpls te tunnel-id 312 mpls te record-route mpls te affinity property 10 mask 10 mpls te affinity property 20 mask 20 secondary mpls te backup hot-standby  mpls te commit#tunnel-policy TSel    // Configure tunnel strategy  tunnel select-seq cr-lsp lsp load-balance-number 1    // Configuration optimization CR-LSP Tunnel .#tunnel-policy TE tunnel select-seq cr-lsp load-balance-number 1#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .
















































mpls mpls te    // Enable the overall situation MPLS TE. mpls rsvp-te    // Can make RSVP-TE. mpls te cspf    // Can make CSPF Algorithm .#interface Eth-Trunk7 mpls te    // Enable interface MPLS TE. mpls te link administrative group c    // Configure the management group properties of the link , In order to TE The tunnel selects the primary and secondary paths . mpls rsvp-te    // Enable interface RSVP-TE.#interface Eth-Trunk17 mpls te mpls te link administrative group 4 mpls rsvp-te#ospf 1 opaque-capability enable    // Can make OSPF Of Opaque Ability . area 0.0.0.0  mpls-te enable    // At present OSPF Area enable MPLS TE.#interface Tunnel611    // Appoint Site1_UPE1 to Core_SPE1 Of Tunnel. description Site1_UPE1 to Core_SPE1    // Interface description . ip address unnumbered interface LoopBack1    //Tunnel Of IP Address direct borrowing Loopback Interface IP Address . tunnel-protocol mpls te    // Configure the tunnel protocol to MPLS TE. destination 172.16.0.5    // The destination address of the configuration tunnel is Core_SPE1. mpls te tunnel-id 71    // To configure Tunnel ID, this ID Valid locally and must be unique on this device . mpls te record-route    // Configure tunnel to support routing logging , Record the detailed path information of the tunnel , It is convenient for future operation and maintenance . mpls te affinity property 4 mask 4    // Configuration master CR-LSP Affinity properties of , In order to choose the best forwarding path . mpls te affinity property 8 mask 8 secondary    // Configure the backup CR-LSP Affinity properties of . mpls te backup hot-standby    // Configure tunnel to hot backup mode . mpls te commit    // Submit all... Under this tunnel MPLS TE Configuration of . Only after executing this command can the configuration take effect .#interface Tunnel612 description Site1_UPE1 to Core_SPE2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 172.16.0.3 mpls te tunnel-id 72 mpls te record-route mpls te affinity property 4 mask 4 mpls te affinity property 8 mask 8 secondary mpls te backup hot-standby  mpls te commit#tunnel-policy TSel    // Configure tunnel strategy  tunnel select-seq cr-lsp lsp load-balance-number 1    // Configuration optimization CR-LSP Tunnel .#

# perform display mpls te tunnel-interface Tunnel Command to view the tunnel interface information of the local node .

With Core_SPE1 To Site1_UPE1 The tunnel Tunnel611 For example , View tunnel interface information , Show tunnel master LSP、 Hot backup LSP The states are UP, Indicates the primary and secondary of the tunnel LSP Establish normality .














[Core_SPE1]display mpls te tunnel-interface Tunnel611     ----------------------------------------------------------------                               Tunnel611    ----------------------------------------------------------------    Tunnel State Desc   :  UP    Active LSP          :  Primary LSP    Session ID          :  71    Ingress LSR ID      :  172.16.0.5       Egress LSR ID:  172.16.2.51    Admin State         :  UP               Oper State   :  UP    Primary LSP State      : UP      Main LSP State       : READY               LSP ID  : 1    Hot-Standby LSP State  : UP      Main LSP State       : READY               LSP ID  : 32772

# perform display mpls te hot-standby state all command , Check the status of all hot backup tunnels .

With Core_SPE1 All hot backup tunnels, for example , The status of all hot standby tunnels is Primary LSP Indicates that the current traffic is switched to the main CR-LSP route .









[Core_SPE1]display mpls te hot-standby state all---------------------------------------------------------------------No.        tunnel name          session id      switch result       ---------------------------------------------------------------------1          Tunnel611            71              Primary LSP         2          Tunnel622            82              Primary LSP         3          Tunnel711            311             Primary LSP         4          Tunnel721            312             Primary LSP

# perform ping lsp te tunnel Command detection LSP And the connectivity of LSP Whether it can be forwarded normally , You need to test the equipment TE tunnel # The bidirectional connectivity of the Tao .

With Core_SPE1 To Site1_UPE1 The tunnel Tunnel611 For example , Need to be in TE Use the following command to test the tunnel start and end devices .














[Core_SPE1] ping lsp  te  Tunnel611   LSP PING FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 : 100  data bytes, press CTRL_C to break    Reply from 172.16.2.51: bytes=100 Sequence=1 time=5 ms    Reply from 172.16.2.51: bytes=100 Sequence=2 time=3 ms    Reply from 172.16.2.51: bytes=100 Sequence=3 time=3 ms    Reply from 172.16.2.51: bytes=100 Sequence=4 time=2 ms    Reply from 172.16.2.51: bytes=100 Sequence=5 time=3 ms
 --- FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 2/3/5 ms













[Core_SPE1] ping lsp  te  Tunnel611  hot-standby    LSP PING FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 : 100  data bytes, press CTRL_C to break    Reply from 172.16.2.51: bytes=100 Sequence=1 time=2 ms    Reply from 172.16.2.51: bytes=100 Sequence=2 time=2 ms    Reply from 172.16.2.51: bytes=100 Sequence=3 time=3 ms    Reply from 172.16.2.51: bytes=100 Sequence=4 time=2 ms    Reply from 172.16.2.51: bytes=100 Sequence=5 time=3 ms
 --- FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 2/2/3 ms

# perform tracert lsp te Tunnel Command detection LSP Forward path of .

With Core_SPE1 To Site1_UPE1 The tunnel Tunnel611 For example , It is necessary to ensure that the tunnel path and tunnel hot standby path are not repeated .






[Core_SPE1]tracert  lsp te  Tunnel611    LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 , press CTRL_C to break.  TTL   Replier            Time    Type      Downstream   0                                Ingress   172.17.4.11/[1078 ]  1     172.16.2.51        3 ms    Egress







[Core_SPE1]tracert  lsp te  Tunnel611  hot-standby    LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel611 , press CTRL_C to break.  TTL   Replier            Time    Type      Downstream   0                                Ingress   172.17.4.9/[1391 ]  1     172.17.4.9         3 ms    Transit   172.17.4.13/[1169 ]  2     172.17.4.13        7 ms    Transit   172.17.4.14/[1109 ]  3     172.16.2.51        4 ms    Egress

b、 To configure RSVP GR

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .

















mpls mpls rsvp-te hello    // Enable the overall situation RSVP Hello Extend the functionality . mpls rsvp-te hello full-gr    // Can make RSVP GR Ability and RSVP GR Helper Ability .#interface Eth-Trunk4 mpls rsvp-te hello    // Enabling interface RSVP Hello Extend the functionality .#interface Eth-Trunk5 mpls rsvp-te hello#interface Eth-Trunk17 mpls rsvp-te hello#interface XGigabitEthernet6/0/4 mpls rsvp-te hello#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .

Long press to identify the two-dimensional code : Network migrant workers











mpls mpls rsvp-te hello    // Enable the overall situation RSVP Hello Extend the functionality . mpls rsvp-te hello full-gr    // Can make RSVP GR Ability and RSVP GR Helper Ability .#interface Eth-Trunk7 mpls rsvp-te hello    // Enabling interface RSVP Hello Extend the functionality .#interface Eth-Trunk17 mpls rsvp-te hello#

c、 To configure BFD for CR-LSP

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .









































































bfd SPE1toUPE1_b bind mpls-te interface Tunnel611 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel611 Preparation of CR-LSP To test . discriminator local 6116    // Specify the local identifier . The local identifier of the local end must be the same as the remote identifier of the opposite end . discriminator remote 6115    // Specify the remote identifier . detect-multiplier 8    // Specify the local BFD Detection multiple . min-tx-interval 3    // Set up local sending BFD The minimum time interval of a message is 3.3ms. min-rx-interval 3    // Set up local reception BFD The minimum time interval of a message is 3.3ms. process-pst    // To speed up the switching , Permission is required BFD Session modification port state table PST. commit    // Submit BFD Session configuration .#bfd SPE1toUPE1_m bind mpls-te interface Tunnel611 te-lsp    // Using static BFD Yes TE Tunnel Tunnel611 The Lord of CR-LSP To test . discriminator local 6112 discriminator remote 6111 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE2_b bind mpls-te interface Tunnel622 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel622 Preparation of CR-LSP To test . discriminator local 6226 discriminator remote 6225 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE2_m bind mpls-te interface Tunnel622 te-lsp    // Using static BFD Yes TE Tunnel Tunnel622 The Lord of CR-LSP To test . discriminator local 6222 discriminator remote 6221 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE5_b bind mpls-te interface Tunnel721 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel721 Preparation of CR-LSP To test . discriminator local 7216 discriminator remote 7215 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE5_m bind mpls-te interface Tunnel721 te-lsp    // Using static BFD Yes TE Tunnel Tunnel721 The Lord of CR-LSP To test . discriminator local 7212 discriminator remote 7211 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE6_b bind mpls-te interface Tunnel711 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel711 Preparation of CR-LSP To test . discriminator local 7116 discriminator remote 7115 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd SPE1toUPE6_m bind mpls-te interface Tunnel711 te-lsp    // Using static BFD Yes TE Tunnel Tunnel711 The Lord of CR-LSP To test . discriminator local 7112 discriminator remote 7111 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .





































bfd UPE1toSPE1_m_b bind mpls-te interface Tunnel611 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel611 Preparation of CR-LSP To test . discriminator local 6115    // Specify the local identifier . The local identifier of the local end must be the same as the remote identifier of the opposite end . discriminator remote 6116    // Specify the remote identifier . detect-multiplier 8    // Specify the local BFD Detection multiple . min-tx-interval 3    // Set up local sending BFD The minimum time interval of a message is 3.3ms. min-rx-interval 3    // Set up local reception BFD The minimum time interval of a message is 3.3ms. process-pst    // To speed up the switching , Permission is required BFD Session modification port state table PST. commit    // Submit BFD Session configuration .#bfd UPE1toSPE1_m bind mpls-te interface Tunnel611 te-lsp    // Using static BFD Yes TE Tunnel Tunnel611 The Lord of CR-LSP To test . discriminator local 6111 discriminator remote 6112 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd UPE1toSPE2_b bind mpls-te interface Tunnel612 te-lsp backup    // Using static BFD Yes TE Tunnel Tunnel612 Preparation of CR-LSP To test . discriminator local 6125 discriminator remote 6126 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#bfd UPE1toSPE2_m bind mpls-te interface Tunnel612 te-lsp    // Using static BFD Yes TE Tunnel Tunnel612 The Lord of CR-LSP To test . discriminator local 6121 discriminator remote 6122 detect-multiplier 8 min-tx-interval 3 min-rx-interval 3 process-pst commit#

# Carry out orders display bfd session all for-te Command view BFD state .

With Core_SPE1 For example , If BFD Normal state , You can see the corresponding Tunnel The type of S_TE_LSP Of BFD The conversation is in Up state .















[Core_SPE1]display bfd session all for-te--------------------------------------------------------------------------------Local Remote     PeerIpAddr      State     Type         InterfaceName           --------------------------------------------------------------------------------7112  7111       172.16.2.86     Up        S_TE_LSP     Tunnel711               7212  7211       172.16.2.87     Up        S_TE_LSP     Tunnel721               7216  7215       172.16.2.87     Up        S_TE_LSP     Tunnel721               7116  7115       172.16.2.86     Up        S_TE_LSP     Tunnel711               6226  6225       172.16.2.50     Up        S_TE_LSP     Tunnel622               6116  6115       172.16.2.51     Up        S_TE_LSP     Tunnel611               6112  6111       172.16.2.51     Up        S_TE_LSP     Tunnel611               6222  6221       172.16.2.50     Up        S_TE_LSP     Tunnel622               --------------------------------------------------------------------------------     Total UP/DOWN Session Number : 8/0


05





Deploy L3*** Business and its protection (Ho***)

For rail transit network ,L3*** Business bearer is to get through the site and the site between IP passageway . Pictured 1 Shown , For example, from Site1_UPE1 To Site2_UPE3 Between the establishment of hierarchical L3*** passageway , For carrying Site1 and Site2 Between two sites IP Data business .

use Ho*** Mode deployment L3*** Business and its protection , Ideas as follows :

1、 Deploy MP-BGP.


  • stay UPE And SPE、SPE And SPE Establish between MP-IBGP Peer relationship .

  • Through routing planning , bring UPE To SPE The default route is used ,SPE To UPE Detailed routing is used for traffic flow .

  • Configure routing priority policy , Guarantee UPE Traffic sent to other sites has priority to go with its directly connected SPE Forward .

  • Configure routing priority policy , Guarantee SPE Traffic sent to other sites has priority to go with its directly connected UPE Forward .

  • Configure routing filtering policy , Guarantee SPE You can't put ARP Vlink Direct link routes are published to other sites UPE equipment .

  • Configure routing filtering policy , Guarantee SPE Not from other SPE Receive any routing information from a site directly connected to itself , Otherwise, it may cause routing loops . such as Core_SPE2 We can't accept Core_SPE1 It's from Site1 Any route for , Can't accept Core_SPE3 It's from Site2 Any route for .

2、 Deploy *** Business .

  • stay UPE and SPE Deploy *** example ,UPE You need to bind the interface on *** example ,SPE There is no need to bind the interface on *** example .

  • UPE Upper *** Business priority use TE The tunnel carries the load , Mixing FRR You can choose LSP The tunnel carries the load .

  • stay SPE Configure tunnel selector on ,***v4 Route the next hop address prefix with other SPE Tunnel strategy is optional , The next hop for the rest of the address can only be selected TE Tunnel forwarding .

  • Two on the same site UPE Device deployment VRRP, At the same time to the connected SPE Device send ARP Vlink Direct link routing , In order to SPE Choose the best route to CE Send message .

3、 Deploy reliability protection


  • Two on the same site UPE Device deployment VRRP, As a gateway backup , Guarantee CE Reliability of uplink traffic ; To configure Backup Device forwarding traffic function , Reduce due to VRRP Business damage caused by switching .

  • UPE Device deployment *** FRR, When it comes to SPE Of TE When the tunnel breaks down , The traffic automatically switches to another station at the same station SPE The equipment TE On the tunnel , Reduce *** The impact on the business .

  • SPE Device deployment *** FRR, When SPE When the equipment fails, it will *** Business switches to another station SPE On , Realization *** Fast end-to-end business switching .

  • SPE Device deployment *** FRR, When it comes to UPE Of TE When the tunnel breaks down , The traffic automatically switches to another station at the same station UPE The equipment TE On the tunnel , Reduce *** The impact on the business .

  • UPE Device deployment IP and *** blend FRR, When going down CE Access side link failure , Port sense failure , Traffic quickly switches to the opposite end of UPE On , And then forwarded to CE.

  • all UPE and SPE Device deployment *** GR, Guaranteed to carry *** When the service equipment switches between the master and the standby *** The traffic doesn't stop .

4、 Data planning

8009b9fb536567e91dbb3ba73626062d.png

a、 To configure MP-BGP

6ef7357063cf66c8932f4ec18da471f2.png

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .


































































































tunnel-selector TSel permit node 9 if-match ip next-hop ip-prefix core_nhp    // Configure tunnel selector ,***v4 Route the next hop address prefix with other SPE When you choose a tunnel to iterate .#tunnel-selector TSel permit node 10    // When from IBGP The route received by the neighbor needs to be forwarded to another IBGP neighbor , And when forwarding, change the next hop to yourself , The tunnel selector needs to be configured to iterate the route to TE Tunnel . apply tunnel-policy TE#bgp 65000 group devCore internal    // establish IBGP Peer groups  peer devCore connect-interface LoopBack1     // Appoint BGP The source interface and address of the message are loopback1. peer 172.16.0.3 as-number 65000    // establish SPE The equivalent relationship between . peer 172.16.0.3 group devCore    // take SPE Join the peer group . peer 172.16.0.4 as-number 65000 peer 172.16.0.4 group devCore group devHost internal peer devHost connect-interface LoopBack1 peer 172.16.2.50 as-number 65000 peer 172.16.2.50 group devHost peer 172.16.2.51 as-number 65000 peer 172.16.2.51 group devHost peer 172.16.2.86 as-number 65000 peer 172.16.2.86 group devHost peer 172.16.2.87 as-number 65000 peer 172.16.2.87 group devHost # ipv4-family unicast  undo synchronization  undo peer devCore enable  undo peer devHost enable  undo peer 172.16.2.50 enable  undo peer 172.16.2.51 enable  undo peer 172.16.0.3 enable  undo peer 172.16.0.4 enable  undo peer 172.16.2.86 enable  undo peer 172.16.2.87 enable # ipv4-family ***v4  policy ***-target  tunnel-selector TSel    //SPE Publish to UPE Default route ,SPE take UPE Forward the route to other SPE, And change the next jump to itself . Therefore, it is necessary to configure the tunnel selector to send to UPE Of bgp ***v4 The route iterates to TE Tunnel , To others SPE Of bgp ***v4 The route iterates to LSP Tunnel .  peer devCore enable  peer devCore route-policy core-import import    // Received other SPE When the route is sent, all the routing information of the site connected to itself will be filtered .  peer devCore advertise-community  peer 172.16.0.3 enable  peer 172.16.0.3 group devCore  peer 172.16.0.4 enable  peer 172.16.0.4 group devCore  peer devHost enable  peer devHost route-policy p_iBGP_RR_in import    // received UPE When sending the route, filter the host route , At the same time, you receive UPE The routing preference of the site is 300, Routing preferences for other sites are 200.  peer devHost advertise-community    // Publish community properties to peer groups .  peer devHost upe    // Configure peers devHost by UPE role .  peer devHost default-originate ***-instance ***a    // towards UPE send out ***a The default route for .  peer 172.16.2.50 enable  peer 172.16.2.50 group devHost  peer 172.16.2.51 enable  peer 172.16.2.51 group devHost  peer 172.16.2.86 enable  peer 172.16.2.86 group devHost  peer 172.16.2.87 enable  peer 172.16.2.87 group devHost ##route-policy p_iBGP_RR_in deny node 5    // Filter host routing for all sites . if-match ip-prefix deny_host if-match community-filter all_site#route-policy p_iBGP_RR_in permit node 11    // Set up close to yourself UPE The priority of device release is 300. if-match community-filter site1 apply preferred-value 300#route-policy p_iBGP_RR_in permit node 12    // Set up another station UPE The priority of device release is 200. if-match community-filter site2 apply preferred-value 200#route-policy p_iBGP_RR_in permit node 13    // Set up another station UPE The priority of device release is 200. if-match community-filter site3 apply preferred-value 200#route-policy p_iBGP_RR_in permit node 20    // Allow all remaining routes .#route-policy core-import deny node 5    // Discard all routes directly connected to your site . if-match community-filter site12#route-policy core-import deny node 6    // Discard all routes directly connected to your site . if-match community-filter site13#route-policy core-import permit node 10    // Allow all remaining routes .#ip ip-prefix deny_host index 10 permit 0.0.0.0 0 greater-equal 32 less-equal 32    // all 32 Bit host routing is Permit, Everything else is Deny.ip ip-prefix core_nhp index 10 permit 172.16.0.3 32ip ip-prefix core_nhp index 20 permit 172.16.0.4 32    // route 172.16.0.3/32 and 172.16.0.4/32 By Permit, Everything else is Deny.#ip community-filter basic site1 permit 100:100    // Create community attribute filters site1, The group attribute is 100:100ip community-filter basic site2 permit 200:200ip community-filter basic site3 permit 300:300ip community-filter basic all_site permit 5720:5720ip community-filter basic site12 permit 12:12ip community-filter basic site13 permit 13:13#

To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .









































bgp 65000 group devCore internal peer devCore connect-interface LoopBack1 peer 172.16.0.3 as-number 65000 peer 172.16.0.3 group devCore peer 172.16.0.5 as-number 65000 peer 172.16.0.5 group devCore group devHost internal peer devHost connect-interface LoopBack1 peer 172.16.2.50 as-number 65000 peer 172.16.2.50 group devHost # ipv4-family unicast  undo synchronization  undo peer devCore enable  undo peer devHost enable  undo peer 172.16.2.50 enable  undo peer 172.16.0.3 enable  undo peer 172.16.0.5 enable # ipv4-family ***v4  policy ***-target  peer devCore enable  peer devCore route-policy p_iBGP_host_ex export    // To configure UPE Publish to SPE The group attribute carried by the route of .  peer devCore advertise-community  peer 172.16.0.3 enable  peer 172.16.0.3 group devCore  peer 172.16.0.3 preferred-value 200    // To configure Core_SPE2 The priority of 200.  peer 172.16.0.5 enable  peer 172.16.0.5 group devCore  peer 172.16.0.5 preferred-value 300    // To configure Core_SPE1 The priority of 300, So that Site1_UPE1 Always choose Core_SPE1 The route sent .  peer devHost enable  peer devHost advertise-community  peer 172.16.2.50 enable  peer 172.16.2.50 group devHost ##route-policy p_iBGP_host_ex permit node 0    // Add community attribute values to the route . apply community 100:100 5720:5720 12:12#

# perform display bgp ***v4 all peer Command view BGP ***v4 Neighbor status .

With Core_SPE1 For example , You can see BGP A peer relationship has been established , And reach Established state .













[Core_SPE1]display bgp ***v4 all peer
BGP local router ID : 172.16.0.5 Local AS number : 65000 Total number of peers : 4                Peers in established state : 4
 Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
 172.16.2.51     4       65000     2102     1859     0 20:55:17 Established     550  172.16.2.86     4       65000     3673     2989     0 0026h03m Established     550  172.16.0.3      4       65000     1659     1462     0 20:57:05 Established     200  172.16.0.4      4       65000     3421     2494     0 0026h03m Established     200

b、 To configure L3***

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .























ip ***-instance ***a    // establish *** example . ipv4-family  route-distinguisher 5:1    // To configure ID.  tnl-policy TSel    // choice TE As *** Example Tunnel .  ***-target 0:1 export-extcommunity    // To configure ***-Target Expand group properties .  ***-target 0:1 import-extcommunity#bgp 65000 # ipv4-family ***v4  nexthop recursive-lookup delay 10    // Set the next hop iteration delay 10 second .  route-select delay 120    // Configure routing delay 120s, To prevent the fast backoff of the route leading to the disconnection . #  ipv4-family ***-instance ***a  default-route imported    // towards ***a Introduce default routing .  nexthop recursive-lookup route-policy delay_policy    // To configure BGP According to the routing strategy delay_policy Go to the next hop iteration .  nexthop recursive-lookup delay 10  route-select delay 120#route-policy delay_policy permit node 0    // Allow all sites to route . if-match community-filter all_site#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .







































arp vlink-direct-route advertise    // Configuration release IPv4 ARP Vlink Direct link routing .#ip ***-instance ***a ipv4-family  route-distinguisher 1:1  tnl-policy TSel  arp vlink-direct-route advertise  ***-target 0:1 export-extcommunity  ***-target 0:1 import-extcommunity#interface XGigabitEthernet1/0/4 port link-type trunk undo port trunk allow-pass vlan 1#interface XGigabitEthernet1/0/4.200 dot1q termination vid 200 ip binding ***-instance ***a    // take *** The instance is bound to the corresponding business interface . arp direct-route enable    // To configure ARP towards RM Report ARP Vlink Direct link routing . ip address 172.18.200.66 255.255.255.192 arp broadcast enable    // Enables the termination of a subinterface ARP Broadcast function .#bgp 65000 # ipv4-family ***v4  route-select delay 120 # ipv4-family ***-instance ***a  default-route imported  import-route direct route-policy p_iBGP_RR_ex    // towards ***a Introducing direct routing , And add community properties .  route-select delay 120 ##route-policy p_iBGP_RR_ex permit node 0    // Add community attribute values to the route . apply community 100:100 5720:5720 12:12#arp expire-time 62640    // Configuration dynamics ARP Aging timeout for table entries .arp static 172.18.200.68 0001-0002-0003 vid 200 interface XGigabitEthernet1/0/4.200    // Set static ARP Table item .#

c、 Configure reliability protection

1、 Use the following idea to configure reliability protection :

  • Two on the same site UPE Deployment between VRRP, Guarantee CE Reliability of uplink traffic . With Site1 Take an example to illustrate , Pictured 1 Shown .

  • To configure Site1_UPE1 by VRRP Of Master,Site1_UPE2 by VRRP Of Backup, When Site1_UPE1 When it breaks down CE1 Can quickly switch to Site1_UPE2.

  • To configure BFD for VRRP, Through hardware BFD It can detect faults quickly , notice VRRP Backup The device quickly switches to VRRP Master equipment , At the same time, the hardware sends directly VRRP free ARP message , Enable access layer devices to forward traffic to the new Master equipment .

  • To configure Backup Device forwarding traffic function , When VRRP The device status of is Backup when , As long as you receive traffic , Can also forward , It can effectively prevent the loss of traffic caused by the failure of convergence equipment , Reduce business interruption time .

13cc612f45c0d6254838c9268d5717c1.png

Two sets of UPE Between VRRP Sketch Map

2、UPE Device deployment *** FRR, When it comes to SPE Of TE When the tunnel breaks down , The traffic automatically switches to another station at the same station SPE The equipment TE On the tunnel . With Site1_UPE1 Take an example to illustrate , As shown in the figure .

Converging to the core *** FRR Sketch Map

Site1_UPE1 There are two on it TE The tunnels arrive separately Core_SPE1 and Core_SPE2. stay Site1_UPE1 Deploy *** FRR Can guarantee when Core_SPE1 When it breaks down , Traffic can be quickly switched to Core_SPE2.


3、SPE Device deployment *** FRR, When SPE When the equipment fails, it will *** Business switches to another station SPE On , Realization *** Fast end-to-end business switching . With Core_SPE1 Take an example to illustrate , As shown in the figure .

Core to core *** FRR Sketch Map

Core_SPE1 There are two LSP The tunnels arrive separately Core_SPE2 and Core_SPE3. stay Core_SPE1 To configure *** FRR Can guarantee when Core_SPE2 When it breaks down , Traffic quickly switches to Core_SPE3.


4、SPE Device deployment *** FRR, When it comes to UPE Of TE When the tunnel breaks down , The traffic automatically switches to another station at the same station UPE The equipment TE On the tunnel . With Core_SPE2 Take an example to illustrate , As shown in the figure .

9afadbc1b07d0ab34147d18f232d9ba7.png

Core to converging *** FRR Sketch Map

Core_SPE2 There are two on it TE The tunnels arrive separately Site2_UPE3 and Site2_UPE4. stay Core_SPE2 Deploy *** FRR Can guarantee when Site2_UPE3 When it breaks down , Traffic can be quickly switched to Site2_UPE4.


5、UPE Device deployment IP and *** blend FRR, When going down CE Access side link failure , Port sense failure , Traffic quickly switches to the opposite end of UPE On , And then forwarded to CE. With Site2 Take an example to illustrate , As shown in the figure .

d6e684716102305df6dffeea88a78ca2.png

UPE Device deployment IP and *** blend FRR Sketch Map

When Site2_UPE3 Go to CE2 When the link fails , Traffic can be passed through LSP Tunnel forward to Site2_UPE4, And then through the private network IP Arrive in the form of forwarding CE2, So as to improve the reliability of the network .


6、 all UPE and SPE Device deployment *** GR, Guaranteed to carry *** When the service equipment switches between the master and the standby *** The traffic doesn't stop .

# To configure SPE

With Core_SPE1 For example , The core ring SPE The equipment configuration is as follows .Core_SPE2 and Core_SPE3 Configuration and Core_SPE1 similar , I won't repeat .












bgp 65000 graceful-restart    // Can make BGP GR. # ipv4-family ***v4  auto-frr    // Can make ***v4 FRR function .  bestroute nexthop-resolved tunnel    // To configure ***v4 Routing can only participate in routing when the next hop iterates to the tunnel , Ensure that the traffic does not lose packets in the backoff . #  ipv4-family ***-instance ***a  auto-frr    // Can make *** Auto FRR function .  ***-route cross multipath    // Make it possible to combine multiple items with *** Example of RD It's worth different ***v4 The route crosses to *** In the example , prevent *** FRR Don't take effect .#

# To configure UPE

With Site1_UPE1 For example , Converge UPE The equipment configuration is as follows .Site1_UPE2、Site2_UPE3、Site2_UPE4、Site3_UPE5 and Site3_UPE6 Configuration and Site1_UPE1 similar , I won't repeat .






























ip ***-instance ***a ipv4-family  ip frr route-policy mixfrr    // Can make IP FRR function .#interface XGigabitEthernet1/0/4.200 vrrp vrid 1 virtual-ip 172.18.200.65    // To configure VRRP. vrrp vrid 1 preempt-mode timer delay 250    // To configure VRRP Preemption delay time of switch in backup group . vrrp vrid 1 track bfd-session 2200 peer    // Can make VRRP Through linkage BFD Session state is used to realize the function of switching between active and standby . vrrp vrid 1 backup-forward    // Can make Backup The function of device forwarding traffic . vrrp track bfd gratuitous-arp send enable    // Can make VRRP And Peer BFD When linkage switch, fast send free ARP function .#bfd vrrp-1 bind peer-ip 172.18.200.67 ***-instance ***a interface XGigabitEthernet1/0/4.200 source-ip 172.18.200.66    // Configure static BFD Yes VRRP To test . discriminator local 2200    // Specify the local identifier . The local identifier of the local end must be the same as the remote identifier of the opposite end . discriminator remote 1200    // Specify the remote identifier . detect-multiplier 8    // Specify the local BFD Detection multiple . min-tx-interval 3    // Set up local sending BFD The minimum time interval of a message is 3.3ms. min-rx-interval 3    // Set up local reception BFD The minimum time interval of a message is 3.3ms. commit    // Submit BFD Session configuration .#bgp 65000 graceful-restart  # ipv4-family ***-instance ***a  auto-frr ##route-policy mixfrr permit node 0    // Set backup next hop , For the same site another UPE Of Loopback1 Address . apply backup-nexthop 172.16.2.50#

# stay SPE On the device display ip routing-table ***-instance Command view SPE To UPE The direction of the *** FRR The state of .

With Core_SPE2 For example , Bold font is backup next hop 、 Backup label and backup Tunnel ID Information , indicate SPE To UPE The direction of the *** FRR Table item generation .





















[Core_SPE2]display ip routing-table ***-instance ***a 172.18.150.4 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : 1Summary Count : 1
Destination: 172.18.150.0/26     Protocol: IBGP             Process ID: 0   Preference: 255                    Cost: 0      NextHop: 172.16.2.75       Neighbour: 172.16.2.75        State: Active Adv Relied       Age: 21h55m50s          Tag: 0                  Priority: low        Label: 1025                QoSInfo: 0x0   IndirectID: 0x185             RelayNextHop: 0.0.0.0           Interface: Tunnel111     TunnelID: 0x2                   Flags: RD    BkNextHop: 172.16.2.76     BkInterface: Tunnel121      BkLabel: 1024            SecTunnelID: 0x0               BkPETunnelID: 0x3         BkPESecTunnelID: 0x0               BkIndirectID: 0xd

# stay UPE On the device display ip routing-table ***-instance Command view mix FRR The state of .

With Site2_UPE3 For example , Bold font is backup next hop 、 Backup label and backup Tunnel ID Information , It shows mixing FRR Table item generation . blend FRR The primary route points to the local sub interface , The backup route points to another one in the same site UPE equipment 172.16.2.76
































[Site2_UPE3]display ip routing-table ***-instance ***a 172.18.150.4 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : 1Summary Count : 2
Destination: 172.18.150.4/32     Protocol: Direct           Process ID: 0   Preference: 0                      Cost: 0      NextHop: 172.18.150.4      Neighbour: 0.0.0.0        State: Active Adv              Age: 1d02h36m21s          Tag: 0                  Priority: high        Label: NULL                QoSInfo: 0x0   IndirectID: 0x0               RelayNextHop: 0.0.0.0           Interface: XGigabitEthernet0/0/2.150     TunnelID: 0x0                   Flags:  D    BkNextHop: 172.16.2.76     BkInterface: XGigabitEthernet0/0/4      BkLabel: 1024            SecTunnelID: 0x0               BkPETunnelID: 0x4800001b  BkPESecTunnelID: 0x0               BkIndirectID: 0x0      
Destination: 172.18.150.4/32     Protocol: IBGP             Process ID: 0   Preference: 255                    Cost: 0      NextHop: 172.16.2.76       Neighbour: 172.16.2.76        State: Inactive Adv Relied     Age: 1d02h36m21s          Tag: 0                  Priority: low        Label: 1024                QoSInfo: 0x0   IndirectID: 0xcd             RelayNextHop: 172.16.8.181      Interface: XGigabitEthernet0/0/4     TunnelID: 0x4800001b            Flags: R

# perform display vrrp interface Command view VRRP state .

With Site2_UPE3 For example , Bold font indicates the current VRRP Master state , To configure Backup Device forwarding traffic function , Configured with VRRP And BFD Linkage function .





















[Site2_UPE3]display vrrp interface XGigabitEthernet0/0/2.150  XGigabitEthernet0/0/2.150 | Virtual Router 1    State : Master    Virtual IP : 172.18.150.1    Master IP : 172.18.150.2    PriorityRun : 100    PriorityConfig : 100    MasterPriority : 100    Preempt : YES   Delay Time : 250 s    TimerRun : 1 s    TimerConfig : 1 s    Auth type : NONE    Virtual MAC : 0000-5e00-0101    Check TTL : YES    Config type : normal-vrrp    Backup-forward : enabled    Track BFD : 1150  type: peer     BFD-session state : UP    Create time : 2020-08-21 11:02:27    Last change time : 2020-08-21 11:02:55