不同的VPN路由走不同的LSP

CE-B-1（10.0.255.8）至CE-B-2(10.0.255.9）走FAST PATH (即P-1),反向也如此

CE-A-1(10.0.255.1)至CE-A-2(10.0.255.4)走LOW  PATH(即P-2和P-3),反向也如此

root@PE-1# run show configuration | display set

set version 14.1R4.8

set system host-name PE-1

set system root-authentication encrypted-password "$1$iwX8Oear$UbqXYDjJQikoqARR/KrI91"

set system services ssh root-login allow

set system services ssh protocol-version v2

set chassis fpc 0 pic 0 tunnel-services bandwidth 1g

set chassis network-services enhanced-ip

set interfaces ge-0/0/0 description "link to PE-2"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.2/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 description "link to CE-1"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.2/24

set interfaces ge-0/0/2 description "LINK TO P-2"

set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.2/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces ge-0/0/3 description "LINK TO CE-B-1"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.2/24

set interfaces lo0 unit 0 family inet address 10.0.255.2/32

set routing-options router-id 10.0.255.2

set routing-options autonomous-system 65000

set routing-options forwarding-table export MAP-VPN-TO-LSP

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/2.0

set protocols mpls no-cspf

set protocols mpls label-switched-path PE1-PE2 from 10.0.255.2

set protocols mpls label-switched-path PE1-PE2 to 10.0.255.3

set protocols mpls label-switched-path PE1-PE2 ultimate-hop-popping

set protocols mpls label-switched-path PE1-fast-PE2 from 10.0.255.2

set protocols mpls label-switched-path PE1-fast-PE2 to 10.0.255.3

set protocols mpls label-switched-path PE1-fast-PE2 ultimate-hop-popping

set protocols mpls label-switched-path PE1-fast-PE2 primary path-p2-p3

set protocols mpls path path-p2-p3 10.0.255.6 strict

set protocols mpls path path-p2-p3 10.0.255.7 strict

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/2.0

set protocols bgp group IBGP type internal

set protocols bgp group IBGP local-address 10.0.255.2

set protocols bgp group IBGP family inet-vpn unicast

set protocols bgp group IBGP neighbor 10.0.255.3 description peer-to-PE2

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p

set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE1-PE2

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept

set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE1-fast-PE2

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept

set policy-options community CUST-A members target:65000:1

set policy-options community CUST-B members target:65000:2

set routing-instances cust-A instance-type vrf

set routing-instances cust-A interface ge-0/0/1.0

set routing-instances cust-A route-distinguisher 65000:1

set routing-instances cust-A vrf-target target:65000:1

set routing-instances cust-A vrf-table-label

set routing-instances cust-A protocols bgp group EBGP-A type external

set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.12.1 peer-as 65001

set routing-instances cust-B instance-type vrf

set routing-instances cust-B interface ge-0/0/3.0

set routing-instances cust-B route-distinguisher 65000:2

set routing-instances cust-B vrf-target target:65000:2

set routing-instances cust-B vrf-table-label

set routing-instances cust-B protocols bgp group EBGP-B type external

set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.28.8 peer-as 65008

root@PE-2# run show configuration | display set

set version 14.1R4.8

set system host-name PE-2

set system root-authentication encrypted-password "$1$o5wG8uFd$SZB3YeoWMcLoQWQwzhBXf1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set chassis fpc 0 pic 0 tunnel-services bandwidth 1g

set chassis network-services enhanced-ip

set interfaces ge-0/0/0 description "link to PE-1"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.35.3/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 description "link to CE-2"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.3/24

set interfaces ge-0/0/2 description "LINK TO CE-B-2"

set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.3/24

set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.3/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.3/32

set routing-options router-id 10.0.255.3

set routing-options autonomous-system 65000

set routing-options forwarding-table export MAP-VPN-TO-LSP

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/3.0

set protocols mpls no-cspf

set protocols mpls label-switched-path PE2-PE1 from 10.0.255.3

set protocols mpls label-switched-path PE2-PE1 to 10.0.255.2

set protocols mpls label-switched-path PE2-PE1 ultimate-hop-popping

set protocols mpls label-switched-path PE2-fast-PE1 from 10.0.255.3

set protocols mpls label-switched-path PE2-fast-PE1 to 10.0.255.2

set protocols mpls label-switched-path PE2-fast-PE1 ultimate-hop-popping

set protocols mpls label-switched-path PE2-fast-PE1 primary path-p3-p2

set protocols mpls path path-p3-p2 10.0.255.7 strict

set protocols mpls path path-p3-p2 10.0.255.6 strict

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/3.0

set protocols bgp group IBGP type internal

set protocols bgp group IBGP local-address 10.0.255.3

set protocols bgp group IBGP family inet-vpn unicast

set protocols bgp group IBGP neighbor 10.0.255.2 description peer-to-PE1

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p

set policy-options policy-statement MAP-VPN-TO-LSP term 1 from community CUST-A

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then install-nexthop lsp PE2-PE1

set policy-options policy-statement MAP-VPN-TO-LSP term 1 then accept

set policy-options policy-statement MAP-VPN-TO-LSP term 2 from community CUST-B

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then install-nexthop lsp PE2-fast-PE1

set policy-options policy-statement MAP-VPN-TO-LSP term 2 then accept

set policy-options community CUST-A members target:65000:1

set policy-options community CUST-B members target:65000:2

set routing-instances cust-A instance-type vrf

set routing-instances cust-A interface ge-0/0/1.0

set routing-instances cust-A route-distinguisher 65000:1

set routing-instances cust-A vrf-target target:65000:1

set routing-instances cust-A vrf-table-label

set routing-instances cust-A protocols bgp group EBGP-A type external

set routing-instances cust-A protocols bgp group EBGP-A neighbor 10.0.34.4 peer-as 65002

set routing-instances cust-B instance-type vrf

set routing-instances cust-B interface ge-0/0/2.0

set routing-instances cust-B route-distinguisher 65000:2

set routing-instances cust-B vrf-target target:65000:2

set routing-instances cust-B vrf-table-label

set routing-instances cust-B protocols bgp group EBGP-B type external

set routing-instances cust-B protocols bgp group EBGP-B neighbor 10.0.39.9 peer-as 65009

root@P-1# run show configuration | display set

set version 14.1R4.8

set system host-name P-1

set system root-authentication encrypted-password "$1$TE3BdGbx$zBpONGKtzW8f8rGZT45uf1"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.25.5/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 unit 0 family inet address 10.0.35.5/24

set interfaces ge-0/0/1 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.5/32

set routing-options router-id 10.0.255.5

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/1.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/1.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p

root@P-2# run show configuration | display set

set version 14.1R4.8

set system host-name P-2

set system root-authentication encrypted-password "$1$DVY55Nb3$1Go7qPH1MA3OmJK3GBUTG1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set interfaces ge-0/0/0 description "LINK TO P-3"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.6/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/2 description TO-PE-1

set interfaces ge-0/0/2 unit 0 family inet address 10.0.26.6/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.6/32

set routing-options router-id 10.0.255.6

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/2.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/2.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p

root@P-3# run show configuration | display set

set version 14.1R4.8

set system host-name P-3

set system root-authentication encrypted-password "$1$9pP21lyC$TXXVoOrkvDbxVzyzqY76k."

set interfaces ge-0/0/0 description "LINK TO P-2"

set interfaces ge-0/0/0 unit 0 family inet address 10.0.67.7/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/3 description "LINK TO PE-2"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.37.7/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 10.0.255.7/32

set routing-options router-id 10.0.255.7

set protocols rsvp interface ge-0/0/0.0

set protocols rsvp interface ge-0/0/3.0

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/3.0

set protocols ospf traffic-engineering

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p

root@CE-A-1# run show configuration | display set

set version 14.1R4.8

set system host-name CE-A-1

set system root-authentication encrypted-password "$1$tpZplKaf$blPObwswtRewyjOwcWuI2/"

set system services ssh root-login allow

set system services ssh protocol-version v2

set system syslog user * any emergency

set system syslog file messages any notice

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands any

set interfaces ge-0/0/1 unit 0 description "link to PE-1"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.12.1/24

set interfaces em0 mac 50:00:00:01:00:11

set interfaces em0 unit 0 family inet address 10.5.245.11/24

set interfaces lo0 unit 0 family inet address 10.0.255.1/32

set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254

set routing-options router-id 10.0.255.1

set routing-options autonomous-system 65001

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.12.2 peer-as 65000

set policy-options policy-statement send_direct term 1 from protocol direct

set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.1/32 exact

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term last then reject

root@CE-A-2# run show configuration | display set

set version 14.1R4.8

set system host-name CE-A-2

set system root-authentication encrypted-password "$1$AOxzqe9V$JM27aMK/m6OoUAn9Kky/C1"

set system services ssh root-login allow

set system services ssh protocol-version v2

set system syslog user * any emergency

set system syslog file messages any notice

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands any

set interfaces ge-0/0/1 description "link to PE-2"

set interfaces ge-0/0/1 unit 0 family inet address 10.0.34.4/24

set interfaces em0 mac 50:00:00:01:00:16

set interfaces em0 unit 0 family inet address 10.5.245.14/24

set interfaces lo0 unit 0 family inet address 10.0.255.4/32

set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254

set routing-options router-id 10.0.255.4

set routing-options autonomous-system 65002

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.34.3 peer-as 65000

set policy-options policy-statement send_direct term 1 from protocol direct

set policy-options policy-statement send_direct term 1 from route-filter 10.0.255.4/32 exact

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term last then reject

root@CE-B-1# run show configuration | display set

set version 14.1R4.8

set system host-name CE-B-1

set system root-authentication encrypted-password "$1$0xhgi7lA$Sf50cDbwCXfygBypVGZl1."

set interfaces ge-0/0/3 description "LINK TO PE-1"

set interfaces ge-0/0/3 unit 0 family inet address 10.0.28.8/24

set interfaces lo0 unit 0 family inet address 10.0.255.8/32

set routing-options router-id 10.0.255.8

set routing-options autonomous-system 65008

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.28.2 peer-as 65000

set policy-options policy-statement send_direct term 1 from interface lo0.0

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term 2 then reject

root@CE-B-2# run show configuration | display set

set version 14.1R4.8

set system host-name CE-B-2

set system root-authentication encrypted-password "$1$nyp9EEd.$TdJvhrjbMEYEMGJegpGFg."

set interfaces ge-0/0/2 unit 0 family inet address 10.0.39.9/24

set interfaces lo0 unit 0 family inet address 10.0.255.9/32

set routing-options router-id 10.0.255.9

set routing-options autonomous-system 65009

set protocols bgp group EBGP type external

set protocols bgp group EBGP export send_direct

set protocols bgp group EBGP neighbor 10.0.39.3 peer-as 65000

set policy-options policy-statement send_direct term 1 from interface lo0.0

set policy-options policy-statement send_direct term 1 then accept

set policy-options policy-statement send_direct term 2 then reject

验证:

root@PE-1> show route table cust-A

cust-A.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.12.0/24      *[Direct/0] 01:21:28

                    > via ge-0/0/1.0

10.0.12.2/32      *[Local/0] 01:21:28

                      Local via ge-0/0/1.0

10.0.34.0/24      *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3

                      AS path: I, validation-state: unverified

                      to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2

10.0.255.1/32      *[BGP/170] 01:21:24, localpref 100

                      AS path: 65001 I, validation-state: unverified

                    > to 10.0.12.1 via ge-0/0/1.0

10.0.255.4/32      *[BGP/170] 00:26:45, localpref 100, from 10.0.255.3

                      AS path: 65002 I, validation-state: unverified

to 10.0.25.5 via ge-0/0/0.0, label-switched-path PE1-PE2

root@PE-1> show route table cust-B

cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.28.0/24      *[Direct/0] 01:21:33

                    > via ge-0/0/3.0

10.0.28.2/32      *[Local/0] 01:21:33

                      Local via ge-0/0/3.0

10.0.255.8/32      *[BGP/170] 01:21:25, localpref 100

                      AS path: 65008 I, validation-state: unverified

                    > to 10.0.28.8 via ge-0/0/3.0

10.0.255.9/32      *[BGP/170] 00:17:48, localpref 100, from 10.0.255.3

                      AS path: 65009 I, validation-state: unverified

  to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2

root@PE-1> show route 10.0.255.9/32 table cust-B

cust-B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.255.9/32      *[BGP/170] 19:10:01, localpref 100, from 10.0.255.3

                      AS path: 65009 I, validation-state: unverified

                      to 10.0.26.6 via ge-0/0/2.0, label-switched-path PE1-fast-PE2

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up            428            35424 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up    491  40716 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

root@CE-B-1> ping source 10.0.255.8 10.0.255.9 rapid count 4

PING 10.0.255.9 (10.0.255.9): 56 data bytes

!!!!

--- 10.0.255.9 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max/stddev = 8.157/9.331/10.959/1.121 ms

root@PE-1> show mpls lsp statistics ingress name PE1-fast-PE2

Ingress LSP: 2 sessions

To              From            State    Packets            Bytes LSPname

10.0.255.3      10.0.255.2      Up    495 41052 PE1-fast-PE2

Total 1 displayed, Up 1, Down 0

REF:
https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/map-vpn-to-lsp-route-policy.pdf