MPLS TE总结V1.0

1.TE 基本概念

1.1 TE基础

TE隧道的主备路径实质是两条独立的lsp，隧道lsp是根据配置的显式路径规则在igp协议中进行cspf计算出来的最短的可达路径。

TE隧道的建立由以下四个部件组成：

• 信息发布部件：负责搜集网络信息，通过 IS-IS/OSPF TE来实现。
• 路径选择部件：负责路径的计算，通过 CSPF来实现。
• 信令协议部件：通过 RSVP TE或 CR-LDP协议建立 LSP。
• 数据转发部件：实现 MPLS转发。

以上四大部件对日常维护可见的只有前面两个，即IGP可达+TE配置完整隧道才能cspf计算成功，对应以下四个配置模块

• IGP完整路由可达；
• IGP协议使能TE；
• TE全局使能；
• 三层接口使能TE。

显式路径（Explicit Path）功能在于隧道进行CSPF计算时，约束路径必须经过的链路或路由器，不经过的链路或路由器，使隧道按照期望的路径建立。即Explicit Path仅仅是CSPF计算中的约束条件。

• 严格Strict显式路径指定接口ip地址，下一跳路由器必须和上一跳路由器直连；
• 松散loose显式路径指定环回ip地址，到下一跳路由器中间可以经过多个路由器。
• 排除exclude显式路径指定环回ip地址，指定不经过的路由器。

1.2 Tunnel配置

Tunnel基本配置

Y31_Burgos_9KE#show running-config mpls-te 
!
mpls traffic-eng
  router-id 10.0.31.195
  reoptimize timers delay installation-delay-time 600
  reoptimize timers frequency 7200  //自动重优化时间为2小时
  signalling graceful-restart   //使能GR
  signalling graceful-restart extend recovery-path
  signalling retransmit
  signalling refresh reduction
  explicit-path name Y31_527_W  //配置显示路径
    index 1 next-address loose 10.0.46.117
    index 2 next-address loose 10.0.46.113
    index 3 next-address loose 10.0.46.109
    index 4 next-address loose 10.0.46.106
    index 5 next-address loose 10.0.18.101
    index 6 next-address loose 10.0.19.93
    index 7 next-address loose 10.0.9.7
  $
  tunnel te_tunnel2843
    tunnel destination ipv4 10.0.9.7
    tunnel mpls traffic-eng auto-reoptimize main-lsp
    tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
    tunnel mpls traffic-eng record-route
    tunnel mpls traffic-eng path-option 1 explicit-path name Y31_527_W
    tunnel mpls traffic-eng hot-standby protect 1 dynamic prefer
    tunnel mpls traffic-eng reference hot-standby   //HSB独立UP
  $
  interface loopback1   //接口使能TE
  $
  interface xgei-0/2/0/1.1455   //接口使能TE
  $
$
!
Y31_Burgos_9KE# 

使能ISIS/OSPF TE

Y31_Burgos_9KE#show running-config isis 
!
router isis 0
  area 00.000a
  system-id 0000.0031.0195
  metric-style wide
  disable-snp-authentication
  lsp-size receive 1497
  lsp-size originate 1497
  spf-interval 3 level-1
  mpls traffic-eng level-1  //ISIS使能TE
  mpls traffic-eng level-2  //ISIS使能TE
  restart enable
  restart t2-timer 60 level-1
  restart t3-timer adjacency
  interface loopback1
    ip router isis
  $
  interface xgei-0/2/0/1.1455
    ip router isis
    circuit-type level-1
    authentication-type hmac-md5
    authentication encrypted 1zoaSVXijwEym/2jCaUqpA==
  $
$
!
Y31_Burgos_9KE#

Tunnel接口化

Y31_Burgos_9KE#show running-config-interface te_tunnel2843
!
interface te_tunnel2843
$
interface te_tunnel2843
  ip unnumbered loopback1   //借用loopback1地址
$
!
Y31_Burgos_9KE

用静态路由引流到隧道

Y31_Burgos_9KE#show running-config static
!
ip route 10.0.9.7 255.255.255.255 te_tunnel2843 //BFD报文引流到Tunnel
ip route 10.0.10.7 255.255.255.255 te_tunnel2843    //BGP报文引流到Tunnel
ip route 10.0.31.191 255.255.255.255 te_tunnel4000  //PW流量引流到Tunnel
!
Y31_Burgos_9KE#

1.3 Tunnel状态

9004#show mpls traffic-eng tunnels tunnel-id 2
9000E#sh mpls traffic-eng tunnels te_tunnel 2

Name: tunnel_2                 (Tunnel2) Destination: 100.1.1.2
  Status:
    Admin: up  Oper: up  Path:  valid  Signaling: connected //[显式当前隧道状态]
    Path option: 1, type explicit name: lsp12b (Basis for Setup)    //[Basis for setup表明当前隧道是使用哪条pathoption创建的]
    Path option: 2, type explicit name: lsp1
    Hot-standby protection:
      protect option: 1, type explicit name: lsp123b    //[表明当前的hsb配置，可以查看当前是否形成hsb保护]
  Config Parameters:
    Bandwidth: 0 kbps (Global) Priority: 7  7  Affinity: 0x0/0x0
    Resv-Style: SE
    Metric Type: IGP (default)   Upper Limit: 4294967295
    Fast-reroute: disabled  //[隧道是否使能FRR]
    BFD: disabled
    Auto-bw: disabled
    CAC: disabled
    Auto-reoptimize: disable    //[隧道是否使能自动重优化]
    Bidirect: disabled

  InLabel: -
  OutLabel: vlan2, 3
  RSVP Signaling Info :
    Src 100.1.1.1, Dst 100.1.1.2, Tun_Id 2, Tun_Instance 2
    RSVP Path Info:
      Explicit Route: 20.1.1.1 20.1.1.2 100.1.1.2   //[隧道实际经过的路径]
      Exclude Route: NULL
      Record Route: 100.1.1.1 20.1.1.1
      Tspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
    RSVP Resv Info:
      Record Route: 100.1.1.2(3) 20.1.1.2(3)
      Fspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits

  History:
    Tunnel:
    Time since created: 0 days, 0 hours, 4 minutes  //[当前隧道创建的时间]
    Prior LSP: path option 1
    Current LSP: Uptime:0 days, 0 hours, 0 minutes  //[当前inuse lsp UP的时间]
    Last tnnl down information:
    None log record.

1.4 HSB状态

9004#show mpls traffic-eng tunnels tunnel-id 3 hot-standby
9000E#sh mpls traffic-eng tunnels te_tunnel 3 hot-standby

Name: tunnel_3                 (Tunnel3) Destination: 100.1.1.2
  Status:
    Admin: up  Oper: up  Path:  valid  Signaling: connected
  Fast Reroute Protection: None
  Hot-standby Protection: Ready //[当前hsb的状态，状态可能是ready（处于保护状态）；也可能是backup in use（保护处于切换状态）；也可能是none（没有形成保护）]

  InLabel: -
  OutLabel: vlan2, 3
  RSVP Signaling Info :
    Src 100.1.1.1, Dst 100.1.1.2, Tun_Id 3, Tun_Instance 4
    RSVP Path Info:
      Explicit Route: 20.1.1.1 20.1.1.2 100.1.1.2   //[当前hsb备份lsp经过的路径]
      Exclude Route: NULL
      Record Route: 100.1.1.1 20.1.1.1
      Tspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits
    RSVP Resv Info:
      Record Route: 100.1.1.2(3) 20.1.1.2(3)
      Fspec: ave rate= 0 kbits, burst= 1000 bytes, peak rate= 0 kbits


9K_1(config-if-vlan1)#show mpls traffic-eng tunnels tunnel-id 3 hot-standby

Name: tunnel_3                 (Tunnel3) Destination: 100.1.1.2
  Status:
    Admin: up  Oper: up  Path:  valid  Signaling: connected
  Fast Reroute Protection: None
  Hot-standby Protection: Backup lsp in use

1.5 MBB的概念

MBB（make before break）的含义是在维持原来LSP UP的情况下，建立新的LSP。以这种形式进行的包括：切换之后的回切，重优化（寻找更好的路径），配置改变后引起的MBB等多种情况。只要是MBB，肯定就会走WTR流程(mpls traffic-eng switch-delay)

Y31_Burgos_9KE#show mpls traffic-eng tunnels te_tunnel 4001

Name: tunnel_4001
      (Tunnel4001) Destination: 10.0.9.237
  Status:
    Admin: up  Oper: up  Path:  valid  Signalling: MBB(WTR)
    Path option: 1, type explicit name: TEST1
    Actual Bandwidth:                N/A      Tunnel Utilize:              N/A
    Actual Bandwidth In:             N/A      Tunnel Utilize In:           N/A
    Hot-standby protection:
      protect option: 1, type explicit name: TEST3 (Basis for Protect)
    PCE-authorized: NO
  Config Parameters:
    Resv-Style: SE
    Metric Type: IGP (default)   Upper Limit: 4294967295
    Hop Prior: disabled         Upper Limit: -
    Record-Route: enabled
    Facility Fast-reroute: disabled
    Detour Fast-reroute: disabled
    Bandwidth Protection: disabled
    Hot-standby-lsp Fast-reroute: disabled
    E2E: disabled
    BFD: disabled
    Policy Class: Default
    ……
Y31_Burgos_9KE#

1.6 HSB独立up

原来TE隧道如果主备都down掉，而主由于某种原因【比如：严格或者松散指定路径等】未能够建立起来，这个时候即使备能够计算出来，隧道也无法up起来；后来开发了备独立up功能，配置如下：

tunnel mpls traffic-eng reference hot-standby

关于什么时候开始计算option 1的HSB

如果隧道配置了备独立up功能，当隧道down掉后，先进行option1的重算，如果算不出来30秒会算option1的HSB；
如果隧道目前在option2上，只有定时重优化时间到，隧道重优化到option1以后，才会算option 1的HSB；

Y31_Burgos_9KE#show mpls traffic-eng tunnels te_tunnel 4001

Name: tunnel_4001
      (Tunnel4001) Destination: 10.0.9.237
  Status:
    Admin: up  Oper: up  Path:  valid  Signalling: connected
    Path option: 1, type explicit name: TEST1
    Actual Bandwidth:                N/A      Tunnel Utilize:              N/A
    Actual Bandwidth In:             N/A      Tunnel Utilize In:           N/A
    Hot-standby protection:
      protect option: 1, type explicit name: TEST3 (Basis for Protect)
    PCE-authorized: NO
  Config Parameters:
    Resv-Style: SE
    Metric Type: IGP (default)   Upper Limit: 4294967295
    Hop Prior: disabled         Upper Limit: -
    Record-Route: enabled
    Facility Fast-reroute: disabled
    Detour Fast-reroute: disabled
    Bandwidth Protection: disabled
    Hot-standby-lsp Fast-reroute: disabled
    E2E: disabled
    BFD: disabled
    Policy Class: Default
    ……
Y31_Burgos_9KE#

1.7 隧道重建

• 隧道down掉后，立即进行第一次重建(500ms)
• 第一次重建失败，根据第二次重建delay时间，进行第二次重建

ROSNG：cspf delay reactive 10    //默认10s
ROS：mpls traffic-eng reactive-delay 10

• 第二次重建失败，根据一个稳定周期尝试重建，直到重建成功

ROSNG：unactive timer 30 //默认30s
ROS：mpls traffic-eng unactive timer 30  //默认30s

• 在之后的周期性重建期间，如果IGP链路up触发重建，不用等待30s,根据link up delay的时间进行再次重建

ROSNG：cspf delay link-up 0
ROS: mpls traffic-eng link-up-delay

1.8 隧道切换

前置条件：隧道配置了option1，option1的HSB，option2；

隧道正常运行在option1上，当option1上的BFD检测到隧道出现问题后，隧道立即切换到HSB上，此时隧道会尝试立即重算option1，如果算不出来，会尝试算option2，如果option2能够算成功，隧道等WTR(一般5分钟)时间后会从HSB切换到option2，业务一直运行在隧道的option2上，直到定时重优化时间到或者有其它link-up事件触发隧道的重优化，隧道才会被重优化到option1上；

1.9 隧道重优化

自动重优化：从隧道UP时刻开始每间隔1小时进行1次自动重优化，重优化过程从op1开始遍历检测是否有更优的LSP路径，对主用和HSB lsp均会计算。自动重优化间隔设置

ROS：reoptimize timers frequency 3600
ROSNG：mpls traffic-eng auto-reoptimize interval 3600 //reoptimize tunnel all立即进行重优化

IGP linkup触发隧道的重优化：对于隧道的主以及HSB都会触发重优化，link-up触发的重优化优先级要高，会立即响应；这个功能是先会触发主，如果主没有更优的话，再触发备，如果主有更优的话，那么备就会走reactive流程（相当于在重新建个备）。

mpls traffic-eng link-up-delay 30 
mpls traffic-eng link-up-reoptimize   

该命令全局配置，一般与link-up延迟配合使用，延迟时间的长短根据路由和隧道的数量做适当调整，工程统部署为延迟30秒；

1.10 BFD检测

主路径BFD检测

tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3 //隧道使能

只检测主路径，隧道HSB切换状态中，BFD一直处于down；直到再次切换到option1主路径，HSB切换告警消失，之后在新的主lsp上尝试重建BFD；

HSB路径检测

bfd-on-hotstandby-lsp enable //全局使能

主隧道和HSB都会检测来回路径，必须保证BFD检测报文来回所走隧道的状态对称;

主隧道的BFD与HSB的BFD共用一个BFD资源，所以同时只有一个BFD能够up起来；

注意事项：如果隧道配置了两个option，又开启了HSB上启用BFD功能和备独立up功能，当隧道主备都down，备先起来的情况下，隧道从HSB往option 2切换的过程中MBB(WTR)，HSB上是没有BFD的，此时如果备down掉是没有办法快速切换到主路径上去的，所以备上启BFD时建议不要和两个option一起使用

2 基于TE的VPLS网络

2.1 VPLS网络架构

image

如图所示，VPLS网络主要包括以下几个重要的组成部分：

• AC：接入电路，用户与服务提供商之间的连接，即连接CE与PE的链路。对应的接口只能是以太网接口。
• PW：虚链路，两个PE设备上的VSI之间的一条双向虚拟连接。它由一对方向相反的单向的MPLS VC（Virtual Circuit，虚电路）组成，也称为仿真电路。
• Tunnel：隧道，用于承载PW，一条隧道上可以承载多条PW。隧道是一条本地PE与对端PE之间的直连通道，完成PE之间的数据透明传输，可以是MPLS或GRE隧道等。
• PW Signaling：PW信令协议，VPLS实现的基础，用于创建和维护PW。PW信令协议还可用于自动发现VSI的对端PE设备。目前，PW信令协议主要有LDP和BGP。
• VSI：虚拟交换实例，VPLS实例在一台PE设备上的一个以太网桥功能实体，根据MAC地址和VLAN TAG进行二层报文转发

2.2 PW的创建

PW是VPLS在公网上的通信隧道，它建立在MPLS（包括普通LSP和CR-LSP）或GRE等隧道之上。创建PW需要：

• 首先在本端和对端PE之间建立MPLS或GRE等隧道。
• 确定对端PE的地址。对于同一个VSI内的PE设备，可以通过手工配置来指定对端PE地址，也可以通过信令协议自动发现对端PE。
• 利用LDP或BGP信令协议为PW分配多路复用分离标记（VC标签），并将分配的VC标签通告给对端PE，建立单向的VC，从而创建PW。如果PW建立在MPLS隧道之上，则PW上传输的报文将包括两层
  标签：内层标签为VC标签，用来判断报文属于的VC，从而将报文转发给正确的CE；外层标签为公网MPLS隧道标签，用来保证报文在MPLS隧道上的正确传输。

2.3 LDP信令协议

采用扩展LDP（远端LDP会话）作为PW信令协议的VPLS，称为Martini方式的VPLS。

image

如图所示，利用LDP信令协议建立PW的过程为：

• PE和特定的VSI关联后，采用LDP的DU（Downstream unsolicited，下游自主）方式主动向对端PE发送标签映射消息，该消息中包含PWID FEC和与该PWID FEC绑定的VC标签，以及接口参数（如最大传输单元等）。
• 如果对端PE和这个特定的PWID关联，它将接受标签映射消息，并回应自己的标签映射消息。
• 一对单向的VC建立成功后，它们组合起来形成双向的PW，这个双向的PW可以看作是VSI上的一个虚拟以太网接口。

Martini方式实现简单。但是LDP不能提供VPLS成员的自动发现机制，需要手工指定PE的各个对等体。新的PE加入时，每个PE上都要修改配置。

2.4 BGP信令协议

采用扩展BGP作为PW信令协议的VPLS，称为Kompella方式的VPLS。

image

如图所示，利用BGP信令协议建立PW的过程为：

• PE利用BGP的Update消息向所有对端PE设备发送VE ID和标签块信息。其中，VE ID为与PE相连的每个Site在VPN内的唯一编号，由服务供应商统一规划；标签块包含一组连续的标签。
• 接收到Update消息的PE设备，根据自己的VE ID和报文中的标签块，计算出唯一的一个标签值，作为VC标签。同时，接收Update消息的PE设备，根据报文中的VE ID和本地的标签块，也可以得知对端PE的VC标签值等信息。
• 两个PE设备互相发送Update消息，并计算出VC标签后，两台设备间的PW创建成功。

Kompella方式中，通过配置VPN Target实现了VPLS成员的自动发现，增加或删除PE时，无需手工配置，具有较好的可扩展性，但BGP协议本身比较复杂。

2.5 AC报文封装方式

AC上的报文封装方式分为两种：VLAN接入和Ethernet接入。其含义如下：

• VLAN接入：CE发送给PE或PE发送给CE的以太网帧头带有一个VLAN TAG，该TAG是一个服务提供商网络为了区分用户而压入的“服务界定符”。服务界定符一般是服务提供商设备添加的，我们把这个作为服务界定符的TAG称为P-TAG。
• Ethernet接入：CE发送给PE或PE发送给CE的以太网帧头中没有服务界定符，如果此时帧头中有VLAN TAG，则说明它只是用户报文的内部VLAN TAG，对于PE设备没有意义。这种用户内部VLAN的TAG称为U-TAG。

2.6 PW报文封装方式

PW由PWID和PW封装类型唯一标识。两端PE设备通告的PWID和PW封装类型必须相同。

PW上的报文封装方式分为两种：Raw模式和Tagged模式。

• Raw模式下，PW上传输的帧不能带P-TAG：对于CE侧的报文，如果收到带有服务界定符的报文，则将其去除后再压入PW标签和隧道标签后转发；如果收到不带服务界定符的报文，则直接压入PW标签和隧道标签后转发。对于PE侧的下行报文，根据实际配置选择添加或不添加服务界定符后转发给CE，但是它不允许重写或去除已经存在的任何TAG。
• Tagged模式下，PW上传输的帧必须带P-TAG：对于CE侧的报文，如果收到带有服务界定符的报文，保留P-TAG，或者将P-TAG改写为对端PE期望的VLAN TAG或者空TAG（TAG值为0），再压入PW标签和隧道标签后转发；如果收到不带服务界定符的报文，则添加一个对端PE期望的VLAN TAG或空TAG后，再压入PW标签和隧道标签后转发。对于PE侧的下行报文，根据实际配置选择重写、去除或保留服务界定符后转发给CE。

2.7 报文转发过程

3 业务配置举例

3.1 VPWS（VLL）

3.1.1 本端配置（ROSNG）

Step 1：ISIS使能TE

V90_PLDT_SFP#show running-config isis
!
router isis 0
  area 00.000a
  system-id 0000.0009.0012
  metric-style wide
  disable-snp-authentication
  fast-flood 6
  i-spf
  lsp-size receive 1497
  lsp-size originate 1497
  lsp-gen-interval 1 50 50
  spf-interval 1 50 50
  mpls traffic-eng level-1
  mpls traffic-eng level-2
  redistribute static route-map redistrbute_loopback1
  restart enable
  restart t2-timer 60 level-2
  restart t3-timer adjacency
……
  $
$
!
V90_PLDT_SFP#

Step 2：互联接口使能TE

V90_PLDT_SFP#show running-config mpls-te 
!
mpls traffic-eng
  interface xgei-0/7/1/2.1330
  $
$
!
V90_PLDT_SFP#

Step 3：Tunnel基本配置

!
mpls traffic-eng
  router-id 10.0.9.12
  reoptimize timers delay installation-delay-time 600
  reoptimize timers frequency 7200
  signalling graceful-restart
  signalling graceful-restart extend recovery-path
  signalling retransmit
  signalling refresh reduction
  tunnel te_tunnel606
    tunnel destination ipv4 10.0.9.186
    tunnel mpls traffic-eng auto-reoptimize main-lsp
    tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
    tunnel mpls traffic-eng record-route
    tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
    tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
    tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
    tunnel mpls traffic-eng reference hot-standby
  $
$
!

Step 4：配置TE接口化

V90_PLDT_SFP#show running-config-interface te_tunnel606
!
interface te_tunnel606
$
interface te_tunnel606
  ip unnumbered loopback1
$
!
V90_PLDT_SFP#

Step 5：配置静态路由引流到Tunnel，确保BFD走Tunnel

V90_PLDT_SFP#show running-config static
!
ip route 10.0.9.186 255.255.255.255 te_tunnel606
!
V90_PLDT_SFP#

Step 6：配置CIP

V90_PLDT_SFP(config)#show running-config cip 
!
interface cip600
  bind interface ce1-0/0/1/22:1
$
!
V90_PLDT_SFP(config)# 

Step 7：配置L2VPN VPWS

!
mpls l2vpn enable
pw pw600
vpws 600
  access-point cip600
    access-params tdm
      distribute-period 8
      jitter-buffer 80
      traffic-statistics enable
    $
  $
  pseudo-wire pw600
    neighbour 10.0.9.186 vcid 1861201 cw-preferred
      control-word sequence-enable
      vccv bfd capability status encapsulation ip compatible cc cw
    $
  $
  default-cw-preferred
$
!

Step 7：查看VPLS状态

V90_PLDT_SFP#show l2vpn forwardinfo 
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
         Llabel - Local label, Rlabel - Remote label
         VPNowner - Owner type and instance name
Codes  : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
         MO - MONITOR, AL - Admin-VPLS, $pw - auto_pw, R - RING-TREE

PWName   PeerIP          FEC    PWType      State Llabel  Rlabel  VPNowner
pw600    10.0.9.186      128    SAToP_E1    UP    163940  524400  W:600
V90_PLDT_SFP#

3.1.2 远端配置（ROS）

Step 1：ISIS使能TE

PRC00O66ZTCN001#show running-config  module isis
Building configuration...
!
router isis process_tag default 
  area 00.000a
  system-id 0000.0009.0186 
  is-type level-1-2
  distance 115
  metric-style wide 
  disable-snp-authentication
  maximum-paths 1
  lsp-mtu 1497
  max-lsp-lifetime 1200
  lsp-refresh-time 900
  spf-interval 3 level-2
  mpls traffic-eng router-id loopback1
  mpls traffic-eng level-1
  mpls traffic-eng level-2
  restart enable
  restart t2-timer 60 level-2
  restart t3-timer adjacency
!
!
end
PRC00O66ZTCN001#

Step 2：互联接口使能TE

PRC00O66ZTCN001#show running-config interface vlan1359
Building configuration...
interface vlan 1359
  ip address 10.0.45.2 255.255.255.252
  description link to N2962 SUN-PORAC-MOUNTAINS - 10.0.45.1
  out_index 187
  ip router isis process_tag default
  isis circuit-type level-1
  isis authentication-type MD5 
  isis authentication PH3CEN 
  mpls traffic-eng tunnels
!
end
PRC00O66ZTCN001#

Step 3:配置Tunnel

PRC00O66ZTCN001#show running-config section | include tunnel 606
tunnel 606
  tunnel mode traffic-engineer dynamic
  tunnel enable
  tunnel destination 10.0.9.12
  oam-propagate auto immediately
  flowstat enable
  tunnel mpls traffic-eng record-route
  tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P 
  tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W 
  tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
  tunnel mpls traffic-eng bfd interval 50 min_rx 50 multiplier 3
  tunnel mpls traffic-eng auto-reoptimize
  tunnel mpls traffic-eng reference hot-standby
!
PRC00O66ZTCN001# 

Step 4：配置Tunnel接口化

PRC00O66ZTCN001#show running-config interface tunnel606 
Building configuration...
interface tunnel606
  ip unnumbered loopback1 
  out_index 91
  tunnel mode mpls traffic-eng
!
end
PRC00O66ZTCN001#

Step 5：配置静态路由引流到Tunnel,确保BFD报文走Tunnel

PRC00O66ZTCN001#show running-config | include ip route 10.0.9.12               
ip route 10.0.9.12 255.255.255.255 tunnel606
PRC00O66ZTCN001#

Step 6：配置VLL

PRC00O66ZTCN001#show running-config  section | include pw 609|cip 609
Building configuration...
pw 609
  mode dynamic pwe3
  pwtype e1
  peer 10.0.9.12 vcid 1861201
  tunnel 606
  apply pw-class 1:0:0
  status-notification
  sequence enable
!
vll 609
  service-type tdm
  mpls xconnect pw 609 
!
cip 609
  service-type tdm ce1_7/2/22 agnostic
  description O66_Porac<>V90PLDTSFP_GSM-01-STARITAPMP2-SFP_BSC_CAO_14-1485
  xconnect 609
  flowstat enable
!
PRC00O66ZTCN001#

Step 7：查看VLL状态

PRC00O66ZTCN001#show mpls l2transport vc vll vcid 1861201
LocalIntf           LocalCircuit       DestAddress     VCID       Status M/S
cip:609             TDM                10.0.9.12       1861201    up     null
PRC00O66ZTCN001#

3.2 VPLS（VFI）

3.2.1 本端配置（ROSNG）

Step 1：ISIS使能TE

V90_PLDT_SFP#show running-config isis
!
router isis 0
  area 00.000a
  system-id 0000.0009.0012
  metric-style wide
  disable-snp-authentication
  fast-flood 6
  i-spf
  lsp-size receive 1497
  lsp-size originate 1497
  lsp-gen-interval 1 50 50
  spf-interval 1 50 50
  mpls traffic-eng level-1
  mpls traffic-eng level-2
  redistribute static route-map redistrbute_loopback1
  restart enable
  restart t2-timer 60 level-2
  restart t3-timer adjacency
……
  $
$
!
V90_PLDT_SFP#

Step 2：互联接口使能TE

V90_PLDT_SFP#show running-config mpls-te 
!
mpls traffic-eng
  interface xgei-0/7/1/2.1330
  $
$
!
V90_PLDT_SFP#

Step 3：Tunnel基本配置

!
mpls traffic-eng
  router-id 10.0.9.12
  reoptimize timers delay installation-delay-time 600
  reoptimize timers frequency 7200
  signalling graceful-restart
  signalling graceful-restart extend recovery-path
  signalling retransmit
  signalling refresh reduction
  tunnel te_tunnel606
    tunnel destination ipv4 10.0.9.186
    tunnel mpls traffic-eng auto-reoptimize main-lsp
    tunnel mpls traffic-eng bfd interval 50 min-rx 50 multiplier 3
    tunnel mpls traffic-eng record-route
    tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P
    tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W
    tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
    tunnel mpls traffic-eng reference hot-standby
  $
$
!

Step 4：配置TE接口化

V90_PLDT_SFP#show running-config-interface te_tunnel606
!
interface te_tunnel606
$
interface te_tunnel606
  ip unnumbered loopback1
$
!
V90_PLDT_SFP#

Step 5：配置扩展LDP（PW信令协议）

V90_PLDT_SFP#show running-config ldp
!
mpls ldp instance 1
graceful-restart
label-advertise for 1
label-advertise disable
router-id loopback1
target-session 10.0.9.186
$
!
V90_PLDT_SFP#

Step 6：配置静态路由引流到Tunnel，确保BFD走Tunnel

V90_PLDT_SFP#show running-config static
!
ip route 10.0.9.186 255.255.255.255 te_tunnel606
!
V90_PLDT_SFP#

Step 7：AC接口配置

V90_PLDT_SFP#show running-config-interface gei-0/7/0/4
!
interface gei-0/7/0/4
  description Supreme Court Reqt_WO_17-08745
  mtu 9216
  mpls mtu 9216
  no shutdown
$
!
V90_PLDT_SFP#

Step 8：配置L2VPN VPLS

!
pw pw100
vpls 100
  access-point gei-0/7/0/4
    description Supreme Court Reqt_WO_17-08745
    access-params ethernet
      traffic-statistics enable
    $
  $
  pseudo-wire pw100 split-horizon
    neighbour 10.0.9.186 vcid 1861212 cw-preferred
      encapsulation tagged
      vccv bfd capability status encapsulation ip compatible cc cw
    $
  $
$
!

Step 9：查看VPLS状态

V90_PLDT_SFP#show l2vpn forwardinfo 
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
         Llabel - Local label, Rlabel - Remote label
         VPNowner - Owner type and instance name
Codes  : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
         MO - MONITOR, AL - Admin-VPLS, $pw - auto_pw, R - RING-TREE

PWName   PeerIP          FEC    PWType      State Llabel  Rlabel  VPNowner
pw100    10.0.9.186      128    VLAN      H UP    163970  524552  L:100
V90_PLDT_SFP#

3.2.2 远端配置（ROS）

Step 1：ISIS使能TE

PRC00O66ZTCN001#show running-config  module isis
Building configuration...
!
router isis process_tag default 
  area 00.000a
  system-id 0000.0009.0186 
  is-type level-1-2
  distance 115
  metric-style wide 
  disable-snp-authentication
  maximum-paths 1
  lsp-mtu 1497
  max-lsp-lifetime 1200
  lsp-refresh-time 900
  spf-interval 3 level-2
  mpls traffic-eng router-id loopback1
  mpls traffic-eng level-1
  mpls traffic-eng level-2
  restart enable
  restart t2-timer 60 level-2
  restart t3-timer adjacency
!
!
end
PRC00O66ZTCN001#

Step 2：互联接口使能TE

PRC00O66ZTCN001#show running-config interface vlan1359
Building configuration...
interface vlan 1359
  ip address 10.0.45.2 255.255.255.252
  description link to N2962 SUN-PORAC-MOUNTAINS - 10.0.45.1
  out_index 187
  ip router isis process_tag default
  isis circuit-type level-1
  isis authentication-type MD5 
  isis authentication PH3CEN 
  mpls traffic-eng tunnels
!
end
PRC00O66ZTCN001#

Step 3:配置Tunnel

PRC00O66ZTCN001#show running-config section | include tunnel 606
tunnel 606
  tunnel mode traffic-engineer dynamic
  tunnel enable
  tunnel destination 10.0.9.12
  oam-propagate auto immediately
  flowstat enable
  tunnel mpls traffic-eng record-route
  tunnel mpls traffic-eng path-option 1 explicit-path name O66_V90_P 
  tunnel mpls traffic-eng path-option 2 explicit-path name O66_V90_W 
  tunnel mpls traffic-eng hot-standby protect 1 explicit-path name O66_V90_P1
  tunnel mpls traffic-eng bfd interval 50 min_rx 50 multiplier 3
  tunnel mpls traffic-eng auto-reoptimize
  tunnel mpls traffic-eng reference hot-standby
!
PRC00O66ZTCN001# 

Step 4：配置Tunnel接口化

PRC00O66ZTCN001#show running-config interface tunnel606 
Building configuration...
interface tunnel606
  ip unnumbered loopback1 
  out_index 91
  tunnel mode mpls traffic-eng
!
end
PRC00O66ZTCN001#

Step 5：配置扩展LDP（PW信令协议）

PRC00O66ZTCN001#show running-config  module ldp 
Building configuration...
mpls label range-dynamic config 0 16 131071
mpls ip
mpls ldp router-id loopback1
mpls ldp access-fec for 1
mpls ldp graceful-restart
mpls l2vpn graceful-restart
mpls ldp target-session 10.0.9.10
!
!        
end
PRC00O66ZTCN001#    

Step 6：配置静态路由引流到Tunnel,确保BFD报文走Tunnel

PRC00O66ZTCN001#show running-config | include ip route 10.0.9.12               
ip route 10.0.9.12 255.255.255.255 tunnel606
PRC00O66ZTCN001#

Step 7：配置VFI

pw 100
  mode dynamic pwe3
  pwtype ethernet-vlan
  peer 10.0.9.12 vcid 1861212
  tunnel 606
  apply pw-class 1:0:0
  status-notification
!
vfi 100
  service-type ethernet
  mode vlan-all
  mpls xconnect pw 100 
!
cip 100
  service-type ethernet gei_5/4
  description Supreme Court Reqt_WO_17-08745
  xconnect 100
  flowstat enable
  broadcast-limit cir 512 cbs 1000 pir 512 pbs 1000
!
PRC00O66ZTCN001# 

Step 8：查看VFI状态

PRC00O66ZTCN001#show mpls l2transport vc vfi vcid 1861212                      
VFI Name                 LocalCircuit DestAddress     VCID       Status M/S
100                      VFI          10.0.9.12       1861212    up     null
PRC00O66ZTCN001#

3.3 MSPW配置

3.4 L2/L3层桥接

4 故障分析方法

4.1 LSP创建失败原因

4.1.1 基本拓扑

graph LR

A[Y31]-->B[Y17]
B[Y17]-->C[Y37]
C[Y17]-->D[536]
B[Y17]-->E[Y46]
E[Y46]-->C[Y37]

Y31站点为ISIS Level-1,其它站点为ISIS Level-1-2

4.1.2 基本配置

Y31_Burgos_9KE#show running-config mpls-te
!
mpls traffic-eng
  router-id 10.0.31.195
  reoptimize timers delay installation-delay-time 600
  signalling graceful-restart
  signalling graceful-restart extend recovery-path
  signalling retransmit
  signalling refresh reduction
  explicit-path name TEST1
    index 1 next-address loose 10.0.46.134
    index 2 next-address strict 10.0.20.157
    index 3 next-address strict 10.0.20.154
    index 4 next-address strict 10.0.19.93
  $
  explicit-path name TEST2
    index 1 next-address loose 10.0.46.134      //Y17
    index 2 next-address strict 10.0.18.101     //Y37
    index 3 next-address strict 10.0.19.193     //536,正确的接口地址为93
  $
  explicit-path name TEST3
    index 1 next-address loose 10.0.9.245
  $
  tunnel te_tunnel4001
    tunnel destination ipv4 10.0.9.237
    tunnel mpls traffic-eng auto-reoptimize main-lsp
    tunnel mpls traffic-eng record-route
    tunnel mpls traffic-eng path-option 1 explicit-path name TEST2
  $
  interface loopback1
  $
  interface xgei-0/2/0/1.1455
  $
  interface xgei-0/2/0/2.1459
  $
  interface xgei-0/5/0/1.1458
  $
  interface xgei-0/5/0/2.1466
  $
$
!
Y31_Burgos_9KE#

4.1.3 故障现象

Y31_Burgos_9KE#terminal monitor    
A notification 250317 ID 3320 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% LSP reactive.  Tunnel4001 reactive,reason:reactive timer
A notification 250336 ID 3321 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% Tunnel state changed.  Local tunnel 4001, LSP 173 is in signal.
A notification 250309 ID 3322 level 5 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% LSP deleted.  Delete LSP 173 (Main) in local tunnel 4001 on out_interface:  by path_option 1.
A notification 250316 ID 3323 level 6 occurred at 22:47:59 11-03-2017 sent by Y31_Burgos_9KE MPU-0/10/0
%RSVP% Tunnel create fail.  Tunnel4001 LSP173 create fail, reason:Cspf fail
Y31_Burgos_9KE#no terminal monitor

Tunnel4001 LSP创建失败, 原因是Cspf fail

4.1.4 故障分析

头结点诊断模式下查看LSP创建失败的节点和原因

Y31_Burgos_9KE#diag
Test commands Password:ZXR10
Y31_Burgos_9KE(diag)#diag all
Y31_Burgos_9KE(diag-all)#execute 203402 204 ,4001
=============================tecp MPU-0/10/0 begin==============================
****************************not up lsp log info show:***************************
time2(s)                :0              time1(s)                :563064479      
lsp_id                  :173            role                    :1 (inuse)
path_option             :1              
mbb_source              :0x0 
happen_time(s)          :563064479 (2017-11-03 22:47:59)
err_node                :10.0.46.134    //失败的节点
err_flag                :3 (lsp path-err del)
err_code                :24 (Routing Problem)
err_value               :5 (No route available toward destination)  //失败的原因
LSP DOWN RESEAON        :Path error:routing error,no route to destination 
----------------------------------------------

由于LSP需要经过L1-2的IS，头结点为L1的IS,只能诊断到L1-2节点，需要在L1-2节点继续debug

############## 10.0.46.134 #######################
STC00Y17ZTCN001#debug isis mpls traffic-eng events
…………
Nov 3 23:16:20: ISIS-Cspf: (default)Start Compute L1 CSPF
Nov 3 23:16:20: ISIS-Cspf: (default)Add head node 0000.0009.0245-00 to L1 Path,router-id is 10.0.9.245
Nov 3 23:16:20: ISIS-Cspf:(default) Isis cspf begin strict next-hop calculate
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-00, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Not find neighbor match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Cannot find node match strict next-hop 10.0.18.101, isis cspf calculate failed!
Nov 3 23:16:20: ISIS-Cspf: (default)Start Compute L2 CSPF
Nov 3 23:16:20: ISIS-Cspf: (default)Add head node 0000.0009.0245-00 to L2 Path,router-id is 10.0.9.245
Nov 3 23:16:20: ISIS-Cspf:(default) Isis cspf begin strict next-hop calculate
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-00, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Find neighbor 0000.0009.0245-02 match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Add node 0000.0009.0245-02 to L2 Path
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0245-02, search strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf: (default)Can't find bidirection, don't consider 0000.0009.0245-00
Nov 3 23:16:20: ISIS-Cspf:(default) Find neighbor 0000.0009.0246-00 match strict address 10.0.18.101
Nov 3 23:16:20: ISIS-Cspf:(default) Add node 0000.0009.0246-00 to L2 Path
Nov 3 23:16:20: ISIS-Cspf: (default)Consider father node 0000.0009.0246-00, search strict address 10.0.19.193
Nov 3 23:16:20: ISIS-Cspf: (default)Not find neighbor match strict address 10.0.19.193
Nov 3 23:16:20: ISIS-Cspf: (default)Cannot find node match strict next-hop 10.0.19.193, isis cspf calculate failed!
//显示路径错误
…………

4.2 基本命令

diag命令
ROS:
diag mode mp ma rsvpshowlspdowninfo te_id
prjexec drv mp master cmdname rsvpshowlspdowninfo te_id
ROSNG:
execute 203402 204 ,tunnel id

Debug命令
debug isis mpls traffic-eng events---------debug cspf calculation
debug ip rsvp temg-------------------------debug mpls-te tunnel-management
debug ip rsvp path-compute-----------------debug mpls-te path-compute
debug ip rsvp hot-standby------------------debug mpls-te hot-standby
debug ip rsvp path-err---------------------debug mpls-te path-err
debug ip rsvp path-tear--------------------debug mpls-te path-tear
debug ip rsvp resv-err---------------------debug mpls-te resv-err
debug ip rsvp resv-tear -------------------debug mpls-te resv-tear
debug ip rsvp toplogy-chang----------------debug mpls-te topology-change