收藏
下载资源 加入VIP免费专享

南京电信城域网ASBR对接CN2ASBR割接方案.doc

上传人:文库蛋蛋多 文档编号:2400733 上传时间:2023-02-17 格式:DOC 页数:58 大小:209KB
返回 下载 相关 举报
南京电信城域网ASBR对接CN2ASBR割接方案.doc_第1页
第1页 / 共58页
南京电信城域网ASBR对接CN2ASBR割接方案.doc_第2页
第2页 / 共58页
南京电信城域网ASBR对接CN2ASBR割接方案.doc_第3页
第3页 / 共58页
南京电信城域网ASBR对接CN2ASBR割接方案.doc_第4页
第4页 / 共58页
南京电信城域网ASBR对接CN2ASBR割接方案.doc_第5页
第5页 / 共58页
点击查看更多>>
资源描述

《南京电信城域网ASBR对接CN2ASBR割接方案.doc》由会员分享,可在线阅读,更多相关《南京电信城域网ASBR对接CN2ASBR割接方案.doc(58页珍藏版)》请在三一办公上搜索。

1、 南京电信城域网ASBR对接CN2 ASBR割接方案2006年9月Confidential目 录实施方案概述3网络现状描述4YNL NE40割接步骤4一城域网鼓楼GSR12416初始化配置5基本配置5VPN-IPV4配置6Vpn instance配置13二CN2鼓楼PE初始化配置19基本配置19VPN-IPV4配置19Vpn instance配置26三城域网ASBR建立至VRR的IBGP邻居31四开通城域网鼓楼GSR12416至CN2鼓楼PE链路32五应急措施及回退方案32HZM NE40割接步骤33一城域网鼓楼大行宫GSR12416初始化配置33基本配置33VPN-IPV4配置34Vpn i

2、nstance配置41二CN2游府西街PE初始化配置45基本配置45VPN-IPV4配置46Vpn instance配置51三城域网ASBR建立至VRR的IBGP邻居56四开通城域网大行宫GSR12416至CN2游府西街PE链路56五应急措施及回退方案57实施方案概述本方案遵循集团公司关于CN2业务延伸网络连接实施的要求,是为实现CN2与江苏IP城域VPN网互联而准备的实施方案。本方案是基于对现行的江苏电信163、CN2及IP城域网运行状态的理解,以及将来业务的规划而做出的。在整个实施方案中,我们一直遵循如下原则: 充分保证实施方案整体的可靠性; 全面考虑网络过渡过程的各方面因素,尽可能地减少

3、对现网业务的影响; 在实施过程中进行必要的测试,保证整个实施过程的正确性。本期CN2业务延伸网络连接目标包括物理连接层面、路由层面、安全与管理层面三个主要层面,总体目标如下:物理连接层面: 实现CN2与IP城域网VPN互连。路由层面: 建立CN2与南京IP城域VPN网的路由连接并保障路由安全。网络现状描述目前中国电信CN2网络江苏南京节点有T640两台作为C设备,有GSR12416两台作为S设备。其中C设备已与IP城域网核心Cisco12416设备采用OC192端口互联;S设备已与IP城域网VPN设备的VRR采用GE端口互联,目前采用两台华为NE40作为ASBR。这两台NE40兼做南京城域网V

4、PN的VRR,南京城域网和CN2使用Option A方式实现跨域VPN。南京城域网VPN使用AS号64512,城域网AS为64660。南京城域网和CN2使用Option A方式实现跨域VPN,在这种方式下作为ASBR的PE需要管理所有VPN,这将导致PE上的VPN-IPv4路由数量非常庞大,对PE设备的要求非常高。本次割接实现ASBR从华为NE40割接至南京城域网利旧的两台GSR12416(原城域网核心设备)上,采用性能更优的GSR12416作为跨域VPN的专用ASBR,以满足网络扩展的要求,完成CN2 MPLS VPN与南京电信MPLS VPN城域网之间跨域对接工作,与CN2 PE设备采用P

5、OS链路互联,所以在CN2 PE侧还需要各增加一块POS板卡,互联路由(实为PECE路由)采用eBGP(每客户一个会话),跨域互联采用Option A方式。本次割接需要在保证传输资源已经到位的情况下进行。本次实施对城域网的业务无影响。YNL NE40割接步骤本次割接工作要求传输及尾纤布放工作(鼓楼GSR12416CN2鼓楼PE)提前准备,并调通相应互联链路。一城域网鼓楼GSR12416初始化配置基本配置Int loopback0 Ip add *.*.*.*. Router isis vpn Net *.*.*.*.*.00 Passive loopback0mpls label protoc

6、ol ldpInt pos*/*(上联鼓楼) ip address *.*.*.*. no ip redirects no ip unreachables no ip directed-broadcast no ip proxy-arpcrc 32no cdp enabletag-switching ipip router isis vpnInt pos*/*(上联大行宫)ip address *.*.*.*. no ip redirects no ip unreachables no ip directed-broadcast no ip proxy-arpcrc 32no cdp enab

7、letag-switching ipip router isis vpn int POS*/* description to JS-NJ-GL-S-1.CN2 POS */* mtu 9178 no shutdownVPN-IPV4配置ip vrf CT_SoftSwitch_Media rd 4809:1038 route-target export 4809:1038 route-target import 4809:1038 !ip vrf LDJhujiaopingtai rd 64512:156 route-target export 64512:156 route-target i

8、mport 64512:156 !ip vrf bianfangzongdui rd 64512:155 route-target export 64512:155 route-target import 64512:155 ! ip vrf caizhenju rd 64512:144 route-target export 64512:144 route-target import 64512:144 !ip vrf gulouquzhenfu rd 64512:138 route-target export 64512:138 route-target import 64512:138

9、!ip vrf huiminyiyuanbanqiao rd 64512:164 route-target export 64512:164 route-target import 64512:164 !ip vrf jiaotongguanlichu rd 64512:153 route-target export 64512:151 route-target export 64512:153 route-target import 64512:151 route-target import 64512:153 !ip vrf langchi rd 64512:502 route-targe

10、t export 64512:502 route-target import 64512:502 !ip vrf nanjingdianxin rd 64512:151 route-target export 64512:151 route-target import 64512:151 !ip vrf nanjingshilaodongju rd 64512:106 route-target export 64512:106 route-target import 64512:106 !ip vrf panchengyiyuan rd 64512:165 route-target expor

11、t 64512:165 route-target import 64512:165 !ip vrf pukoulaobao rd 64512:128 route-target export 64512:128 route-target import 64512:128 !ip vrf shengcaizhenting rd 64512:145 route-target export 64512:145 route-target import 64512:145 !ip vrf shenglaodongju rd 64512:115 route-target export 64512:115 r

12、oute-target import 64512:115 !ip vrf shiyunhui rd 64512:133 route-target export 64512:133 route-target import 64512:133 !ip vrf test rd 100:1 route-target export 100:1 route-target import 100:1 route-target import 100:2 route-target import 100:3 route-target import 100:4 !ip vrf test1 rd 100:100 rou

13、te-target export 100:100 route-target export 100:1001 route-target export 4134:100 route-target import 100:100 route-target import 100:1001 route-target import 4134:100 !ip vrf vpn-baixiaquzhengfu rd 64512:139 route-target export 64512:139 route-target import 64512:139 !ip vrf vpn-xiaguanquzhenfu rd

14、 64512:163 route-target export 64512:163 route-target import 64512:163 !ip vrf zhongshihua rd 64512:142 route-target export 64512:142 route-target import 64512:142 router bgp 64512 bgp log-neighbor-changes nei 221.231.205.247 remote-as 64512nei 221.231.205.247 update-source Loopback0nei 221.231.205.

15、247 description TO YNL-NE40-VRRnei 221.231.205.247 shutdownnei 221.231.205.249 remote-as 64512nei 221.231.205.249 update-source Loopback0nei 221.231.205.249 description TO HZM-NE40-VRRnei 221.231.205.249 shutdown ! address-family vpnv4 nei 221.231.205.247 activate nei 221.231.205.247 send-community

16、bothnei 221.231.205.247 next-hop-self nei 221.231.205.247 remote-as 64512 nei 221.231.205.249 activate nei 221.231.205.249 send-community both nei 221.231.205.249 next-hop-self nei 221.231.205.249 remote-as 64512 exit-address-family!int pos*/*.101encapsulation dot1Q 101ip vrf forwarding CT_SoftSwitc

17、h_Mediaip add *.*.*.* int pos*/*.102encapsulation dot1Q 102ip vrf forwarding LDJhujiaopingtaiip add *.*.*.*int pos*/*.103encapsulation dot1Q 103ip vrf forwarding bianfangzongduiip add *.*.*.*int pos*/*.104encapsulation dot1Q 104ip vrf forwarding caizhenjuip add *.*.*.* int pos*/*.105encapsulation do

18、t1Q 105ip vrf forwarding gulouquzhenfuip add *.*.*.* int pos*/*.106encapsulation dot1Q 106ip vrf forwarding huiminyiyuanbanqiaoip add *.*.*.* int pos*/*.107encapsulation dot1Q 107ip vrf forwarding jiaotongguanlichuip add *.*.*.* int pos*/*.108encapsulation dot1Q 108ip vrf forwarding langchiip add *.

19、*.*.* int pos*/*.109encapsulation dot1Q 109ip vrf forwarding nanjingdianxinip add *.*.*.* int pos*/*.110encapsulation dot1Q 110ip vrf forwarding nanjingshilaodongjuip add *.*.*.* int pos*/*.111encapsulation dot1Q 111ip vrf forwarding panchengyiyuanip add *.*.*.*int pos*/*.112encapsulation dot1Q 112i

20、p vrf forwarding pukoulaobaoip add *.*.*.* int pos*/*.113encapsulation dot1Q 113ip vrf forwarding shengcaizhentingip add *.*.*.* int pos*/*.114encapsulation dot1Q 114ip vrf forwarding shenglaodongjuip add *.*.*.* int pos*/*.115encapsulation dot1Q 115ip vrf forwarding shiyunhuiip add *.*.*.* int pos*

21、/*.116encapsulation dot1Q 116ip vrf forwarding testip add *.*.*.* int pos*/*.117encapsulation dot1Q 117ip vrf forwarding test1ip add *.*.*.* int pos*/*.118encapsulation dot1Q 118ip vrf forwarding vpn-baixiaquzhengfuip add *.*.*.* int pos*/*.119encapsulation dot1Q 119ip vrf forwarding vpn-xiaguanquzh

22、enfuip add *.*.*.*int pos*/*.120encapsulation dot1Q 120ip vrf forwarding zhongshihuaip add *.*.*.*Vpn instance配置Router bgp 64512 address-family ipv4 vrf test redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-addre

23、ss-family ! address-family ipv4 vrf test1 redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf nanjingshilaodongju redistribute connected no synchronization neighbor *.*.*.* r

24、emote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf gulouquzhenfu redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family

25、 ipv4 vrf shiyunhui redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf zhongshihua redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.*

26、 activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf shenglaodongju redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf caizhenju redistrib

27、ute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf shengcaizhenting redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*

28、.* send-community exit-address-family ! address-family ipv4 vrf nanjingdianxin redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf bianfangzongdui redistribute connected no s

29、ynchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf langchi redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-addr

30、ess-family ! address-family ipv4 vrf jiaotongguanlichu redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-communityexit-address-family ! address-family ipv4 vrf LDJhujiaopingtai redistribute connected no synchronization neighbor

31、*.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf vpn-baixiaquzhengfu redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family !

32、 address-family ipv4 vrf pukoulaobao redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf vpn-xiaguanquzhenfu redistribute connected no synchronization neighbor *.*.*.* remote

33、-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf panchengyiyuan redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv

34、4 vrf CT_SoftSwitch_Media redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 neighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family ! address-family ipv4 vrf huiminyiyuanbanqiao redistribute connected no synchronization neighbor *.*.*.* remote-as 4809 ne

35、ighbor *.*.*.* activate neighbor *.*.*.* send-community exit-address-family !二CN2鼓楼PE初始化配置基本配置 int pos*/* description to JS-NJ-GL-R-4.MAN POS */* mtu 9178 no shutdownVPN-IPV4配置ip vrf CT_SoftSwitch_Media rd 4809:1038 route-target export 4809:1038 route-target import 4809:1038 !ip vrf LDJhujiaopingtai

36、 rd 64512:156 route-target export 64512:156 route-target import 64512:156 !ip vrf bianfangzongdui rd 64512:155 route-target export 64512:155 route-target import 64512:155 ! ip vrf caizhenju rd 64512:144 route-target export 64512:144 route-target import 64512:144 !ip vrf gulouquzhenfu rd 64512:138 ro

37、ute-target export 64512:138 route-target import 64512:138 !ip vrf huiminyiyuanbanqiao rd 64512:164 route-target export 64512:164 route-target import 64512:164 !ip vrf jiaotongguanlichu rd 64512:153 route-target export 64512:151 route-target export 64512:153 route-target import 64512:151 route-target

38、 import 64512:153 !ip vrf langchi rd 64512:502 route-target export 64512:502 route-target import 64512:502 !ip vrf nanjingdianxin rd 64512:151 route-target export 64512:151 route-target import 64512:151 !ip vrf nanjingshilaodongju rd 64512:106 route-target export 64512:106 route-target import 64512:

39、106 !ip vrf panchengyiyuan rd 64512:165 route-target export 64512:165 route-target import 64512:165 !ip vrf pukoulaobao rd 64512:128 route-target export 64512:128 route-target import 64512:128 !ip vrf shengcaizhenting rd 64512:145 route-target export 64512:145 route-target import 64512:145 !ip vrf s

40、henglaodongju rd 64512:115 route-target export 64512:115 route-target import 64512:115 !ip vrf shiyunhui rd 64512:133 route-target export 64512:133 route-target import 64512:133 !ip vrf test rd 100:1 route-target export 100:1 route-target import 100:1 route-target import 100:2 route-target import 10

41、0:3 route-target import 100:4 !ip vrf test1 rd 100:100 route-target export 100:100 route-target export 100:1001 route-target export 4134:100 route-target import 100:100 route-target import 100:1001 route-target import 4134:100 !ip vrf vpn-baixiaquzhengfu rd 64512:139 route-target export 64512:139 ro

42、ute-target import 64512:139 !ip vrf vpn-xiaguanquzhenfu rd 64512:163 route-target export 64512:163 route-target import 64512:163 !ip vrf zhongshihua rd 64512:142 route-target export 64512:142 route-target import 64512:142 !int pos*/*.101encapsulation dot1Q 101ip vrf forwarding CT_SoftSwitch_Mediaip

43、add *.*.*.* int pos*/*.102encapsulation dot1Q 102ip vrf forwarding LDJhujiaopingtaiip add *.*.*.*int pos*/*.103encapsulation dot1Q 103ip vrf forwarding bianfangzongduiip add *.*.*.*int pos*/*.104encapsulation dot1Q 104ip vrf forwarding caizhenjuip add *.*.*.* int pos*/*.105encapsulation dot1Q 105ip vrf forwarding gulouquzhenfuip add *.*.*.* int pos*/*.106encapsulation dot1Q 106ip vrf forwarding huiminyiyuanbanqiaoip add *.*.*.* int pos*/*.107encapsulation dot1Q 107ip vrf forwarding jiaotongguanlichuip add *.*.*.* int pos*/*.108encapsulation dot

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 建筑/施工/环境 > 项目建议


备案号:宁ICP备20000045号-2

经营许可证:宁B2-20210002

宁公网安备 64010402000987号