《SE800路由器维护.ppt》由会员分享,可在线阅读,更多相关《SE800路由器维护.ppt(128页珍藏版)》请在三一办公上搜索。
1、Ericsson Smart Edge,Ericsson Smart Edge 路由器维护培训,简介,Smart Edge 产品介绍PPPOE 介绍配置Smart Edge Smart Edge 操作Smart Edge 排障爱立信数据产品的技术支持,Smart Edge 产品,Smart Edge 路由器Smart Edge 电源板卡控制和转发软件启动,Smart Edge 系列产品,12 line cards,4 line cards,2 Route Processors,2 Route Processors,SmartEdge 800,SmartEdge 400,SmartEdge 路由
2、器不同的产品平台相同的业务板卡和路由处理器,硬件特性冗余的双路由处理系统所有槽位的冗余电源和冗余冷却系统所有板卡均支持热插拔,Smart Edge 的电源系统,SmartEdge 800 supports DC 48V Dual FeedSmartEdge 400 supports DC 48V and AC(converts to 48V)Dual FeedEach card has separate(2x)power“converter”from 48V DC to applicable voltages(3.3V,5V,etc)Every card provides its own po
3、werSmart Edge 的功率是1920W,Packet Processing ASICs,PPA,Packet Processing ASICProgrammable for IP,MPLS and ATM/FR/Ethernet switchingFuture proof and adaptable to new protocols and servicesComplete software control of packet servicesReprogram rather than deploy new hardwareIP high-touch packet processing
4、 at multi-gigabit speeds,控制和转发平面,严格独立区分的控制和转发平面,Line CardsPacketforwardingfunctions,Route ProcessorsRoute calculationon dedicated processors,622 Mbps control paths,IOProc,RedundantRoute Processor,Proc,IOProc,RedundantRoute Processor,Proc,IOProc,60 Gbps FD,High PerformancePacket Processing ASICs(PPAs
5、),系统架构,XCRP,PowerPC,SCC,PowerPC,System Communication ASIC(SCC).SCL(System Communication Link).Packet Processing ASIC(PPA)two Packet Mesh ASICs(PMA)Line Termination ASIC(LTA),An XCRP is equipped with two PowerPC processors.One processor provides the traffic card drivers,while the other is responsible
6、 for all router operations:CLI,routing updates,and router management,Ingress Packet Flow,Line TerminationASIC,To/FromPacket Mesh,To/FromPacket Mesh,Configuration/Control,SCL,SCC,PMA,Egress PPA,PMA,Ingress PPA,PPA Memory256 Mb,256 byte Memory Data Units(MDUs).,Egress Packet Flow,To/FromPacket Mesh,PM
7、A,To/FromPacket Mesh,Configuration/Control,Line TerminationASIC,SCL,SCC,PMA,PPA Memory256 Mb,Ingress PPA,Egress PPA,Transit Packet Flow,Traffic Card B,LTA,IPPA,PMA,PMA,EPPA,LTA,Ingress Transit Packet,Egress Transit Packet,PacketMesh,Ingress Transit Packet,Egress Transit Packet,Other Packet Handling,
8、LTA,IPPA,SCC,SCC,RP,ICMP Request,ICMP Response,LTA,IPPA,Management/Control PathICMP,the IPPA has special internal queues per management service(IP,OSPF,etc.)to enable XCRP Denial of Service(DOS)protection.Any packets that exceed the service queue depth are discarded,Advanced Packet Handling,PPP LCP
9、EchoTo be extended to more protocols whenever requiredFull benefits of distributed programmable designNot depending on IP,PPP LCP Echo Request,PPP LCP Echo Response,LTA,IPPA,Smart Edge的软件模式,CLI,SNMP,other,ConfigProcess,Database,OSPF,Routing Information Base,IS-IS,BGP,Static,OS Kernel,Process Manager
10、,PIM,软件的模块化使得各个协议可以独立重起这样 大大提高了系统和网络的可用性,每个协议都是独立的一个协议的失败不会影响其它的协议所有的协议都可以对立停止和重起单一的模块化的开发和测试 高度模块化使得系统更加稳定和可用,Advantages of Modularity,One module fails,others continue to operateOSPF crashes?RIB still operates traffic still flowsIndependent stop/restart of each moduleEfficient use of system resourc
11、esOnly allocated to active processesEasier to develop easier to repair!Built on BSD VERY stable multi-process environmentAbility to use existing BSD technologies(with minor adjustments)to provide critical functionalitiesMemory managementProcess Scheduling,Inter process communications,Each process ta
12、lks to each other by using a Redback proprietary version of IPC(standard UNIX Inter Process Communications)Unlike UNIX IPC,Redback IPC is connection-orientated(compare between UDP and TCP)Throttle mechanisms in kernel to adapt to loadSeveral“core”processes exist which function like“information-hub-a
13、nd-spoke”servers,for example RIB,OSPF,RIB,IS-IS,BGP,Static,inter process communications(IPC),系统的启动,系统按照从slot 1 到slot 14的顺序启动根据这一原则安排上联口在低槽位,安排用户接口卡在高槽位系统的启动时间十分迅速,启动顺序,PPPoE,PPPoE拨号工作流程图PPPoE报文的结构PPPoE发现阶段报文PPPoE PPP会话阶段报文,PPPoE拨号工作流程图 1,PPPoE拨号工作流程图 2,PPPOE报文的结构 1,PPPOE报文的结构 2,SE800,互联网,DSLModem,DL
14、Bridge,IP 数据,类型=PPPoE,IP 数据,3层=IP,Ethernet,封装相应电路类型,PPP,IP 数据,类型=PPPoE,Ethernet,PPP,桥接 1483,ATM,IP 数据,类型=PPPoE,Ethernet 带有业务VLAN id,PPP,IP 数据,类型=PPPoE,Ethernet 带有双层VLAN id,PPP,PPPOE发现阶段PC和BRAS之间交互的报文,PC 终端扑获的PPPOE 发现阶段的报文 1,PADI,PADO,PC 终端扑获的PPPOE 发现阶段的报文 2,PADR,PADS,PC 终端扑获的PPPoE终结报文,PADT,PPPoE的PPP
15、会话阶段,DSL Modem,DSLAM,以太网交换机,ISP2,核心网1,核心网2,SE800,MAC=X,MAC=A,这是一个标准的PPP过程 经过LCP AP NCP三个阶段,配置Smart Edge,SmartEdge 的术语和概念SmartEdge设备的基本配置SmartEdge的接口配置SmartEdge的VR(context)的配置SmartEdge的Radius的配置SmartEdge路由协议的配置SmartEdge PPPoE的配置SmartEdge专线用户的配置SmartEdge ACL的配置,SmartEdge 的术语和概念,术语和设定相互关系多context配置法则,术
16、语和设定,Circuit,PVC:应用在ATM ports or Frame Relay-encapsulated ports,an individual data stream identified by a unique number.In the case of ATM,the identifier is a VPI/VCI pair.In Frame Relay,the identifier is a DLCI.Circuit:是 Redback的专用术语。指的是到每一个目标的单独线路。It can be an Ethernet or POS port,a DS-n channel,a
17、n ATM or Frame Relay PVC,or an 802.1q VLAN.Bind:用来连接channel或 port到指定context的相关的interface,Context:SmartEdge的虚拟路由器.context 一个逻辑的独立体:给一个给定的网络提供独立的安全、管理和操作环境。Interface:接口和context一样是一个逻辑的概念。一个接口设定三层的信息并和一个context直联。Port:端口是一个物理连接.端口通过物理链路连接在 SmartEdge的模块上。Channel:在信道化的板卡上,把一个物理端口的总带宽分成几个逻辑的通道,每个通道传输独立的数据
18、流,它们都有自己独立相关的标识号。,相互间的关系,context MyRouter,pos 1/1pos 1/2chan 2/1eth 3/1,interface fooip address 10.1.1.1/24,interface barip address 192.168.4.1/24,10.1.1.0/24,192.168.4.0/24,多context,独立的路由域单独的地址空间单独的转发表单独的管理环境允许多个网路或服务连接到同一个smart edge路由器,ISP1,ISP2,配置法则,System全局参数:hostname,SNMP,loggingContext所有的三层参数:
19、interfaces,routing configurationPort一、二层的参数,channels,bindings,Command Line Interface Map,Exec,Global Config,Port,Context,Interface,Access-lists,Channel,Route-Map,BGP,OSPF,IS-IS,OSPF Sub-modes,BGP Sub-modes,QoS,User,提示,localRedback(config-ctx)#,执行模式,Each command has a privilege level can be defined o
20、n a per-command basisDefault levelsExec commands:3Debug commands:10Config commands:10Privilege level access configured in user definitionDefault is 6 can access commands with privilege level of 6 or belowPrompt indicates current privilege level means privilege of 6 or lower#means privilege of 7 or h
21、igher,The SmartEdge OS supports up to 16 different privilege levels that provide users with different levels of access to the CLI,配置模式,localRedback(config)#localRedback(config-ctx)#localRedback(config-if)#localRedback(config-port)#(and others),Note:Some exec commands are available in configuration m
22、ode.,监控模式,Exec mode command“Repeating show command”automatically updates screen every 2 secondsCannot issue other commands while runningKill w/Ctrl-C or times out after 10 minutes by defaultCan monitor specific process or entire system,通过CLI机动,localRedback#,configlocalRedback(config)#,context locall
23、ocalRedback(config-ctx)#,interface foolocalRedback(config-if)#,exitlocalRedback(config-ctx)#,endlocalRedback#,Show命令,UNIX-like“pipe”functionalitySelectively filters show command outputExample:display all lines in the current configuration file that contain the word(pattern)“port”:,localRedback#|begi
24、n before after|count|exclude|grep options|save,localRedback#show configuration|include portcard ether-12-port 1port ethernet 1/1port ethernet 1/2port ethernet 1/3port ethernet 1/4port ethernet 7/1,Transaction-Based Processing,DebugOnly monitoring station sees itCTRL-S to pause debug output any key t
25、o continueConfigurationChanges not executed until committedCan be backed out line by line with“no”commandEntire set of changes backed out with“abort”commandExplicit commitcommit Implicit commitexit and end,SmartEdge File Storage,Internal storage:Three partitionsPrimary boot partitionAlternate boot p
26、artitionConfiguration fileDevice reference:/flashExternal storage:1 Gig microdrive slotConfiguration filesLog filesDevice reference:/md,SmartEdge设备的基本配置,配置主机名校验时钟配置管理员及密码管理限制列表设置带外管理口配置syslog配置snmpTime out时间的设置,SmartEdge设备的基本配置,设置主机名 localbyq800(config)#system hostname word 机器命名规则:时钟校准和NTP以及中国时区loca
27、lSE-2#clock set yyyy:mm:dd:hh:mm:sslocalSE800(config)#ntp server 209.97.30.158 version 3 context local localSE800(config)#system clock timezone GMT+8 8 0 local 配置管理员及其密码 localse800(config-ctx)#administrator word password word localse800(config-ctx-admin)#privil start 10 设置初始化权限localse800(config-ctx-
28、admin)#privil max 15 设置用户最高权限配置enable secret 密码 localse800(config-ctx)#enable password word,SmartEdge设备的基本配置,对管理员地址范围进行限定定义访问控制列表:ip access-list admin-acldescription This is a sample access control listseq 10 permit ip host 10.10.10.2 seq 20 permit ip host 10.10.10.3seq 25 permit ip host 10.10.10.4
29、seq 60 deny ip any 然后应用访问控制列表 admin-access-group admin-acl in,SmartEdge设备的基本配置,增加管理带外管理的interface localSE800(config-ctx)#intface mngt localSE800(config-if)#ip address 10.0.0.1/24 把管理interface绑定到port 7/1 localSE800(config)#port ethernet 7/1 localSE800(config-port)#bind interface mngt local 打开context的
30、telnet功能 localSE800(config-ctx)#service telnet 配置syslog 在console口上可以显示log信息 logging console 配置syslog服务器 logging syslog 209.101.114.3 facility local7 logging syslog 209.101.114.28 facility local7 配置SNMP 打开SNMP localSE800(config)#snmp server 设置SNMP view localSE800(config)#snmp view Inet_view internet
31、included 设置community名称 localSE800(config)#snmp community SR/SE800 设,SmartEdge设备的基本配置,timeout时间设置 telnet session空闲过时设置 localSE800(config)#timeout session idle 5 当telnet会话在5分钟内没有输入时timeout退出 telnet登录响应过时设置 localSE800(config)#timeout login response 5 当出现login界面5分钟没有进入时timeout退出,SmartEdge POS 的接口配置,Spec
32、ify portSpecify framing Specify encapsulation typeSet media-specific parameters as neededi.e.c2byte,mtu,scrambleActivate portBind port to interface,localRedback(config)#port pos/,localRedback(config-port)#encapsulation cisco-hdlc|frame-relay|ppp,localRedback(config-port)#framing sonet|sdh,localRedba
33、ck(config-port)#no shutdown,localRedback(config-port)#bind interface,Sample Configuration,context local interface purple ip address 172.16.38.1/24 interface green ip address 10.1.1.1/24 interface blue ip address 192.168.4.1/27 interface grey ip address 201.42.51.9/30port pos 1/1 bind interface purpl
34、e local no shutdown,以太口配置,localRedback(config)#port ethernet/,localRedback(config-port)#no shutdown,localRedback(config-port)#bind interface,Specify portActivate portIf not using VLANs,bind port to interface,以太口配置2,If using VLANsSet encapsulation to 802.1qDefine VLAN circuitBind circuit to interface
35、,localRedback(config-port)#encapsulation dot1q,localRedback(config-port)#dot1q-pvc,localRedback(config-port)#bind interface,例子,context local interface purple ip address 172.16.38.1/24 interface green ip address 10.1.1.1/24 interface blue ip address 192.168.4.1/27 interface grey ip address 201.42.51.
36、9/30port pos 1/1 bind interface purple local no shutdownport ethernet 2/1 bind interface green local no shutdown,SmartEdge的接口配置,这里描述的是三层接口(上联)物理端口描述规则配置分以下两步:在特定context下建interface在实际物理接口下绑定interface如!context local 进入VR模式!interface local-to-rml12016 创建interface descript local connect to rml12016 1/2
37、描述性语句 ip address 125.40.250.114/30 指定接口地址!port ethernet 6/1 description to-rml12016-2/1 描述性语句 no shutdown 激活端口 encapsulation dot1q 封装成dot1q dot1q pvc 10 创建互联pvc vlan值为10 bind interface local-to-rml12016 local 将interface绑定到pvc,SmartEdge的VR(context)的配置,打开多context的服务功能 localSE800(config)#service multip
38、le-contexts 打开context之间路由功能 localSE800(config)#service inter-context routing 增加新的context localSE800(config)#context context-name,SmartEdge的Radius的配置,SE800 认证方式可以分为两种:全局认证方式 所有的context 用户认证都通过全局认证方式来获的认证通过。分context 认证每个context的拨号认证用户都将通过各自的context进行认证radius的配置参数:radius服务器地址 认证端口号计费端口号 SE800与radius通讯字
39、符串:,SmartEdge的Radius的配置,以下是配置范例:!context dial!radius server 192.168.1.1 key ericsson port 1641指定radius认证服务器地址,KEY及认证端口号radius attribute nas-ip-address interface dial-loopback指定连接radius时的本地源;aaa authentication subscriber radius local指定用户认证的方式首选radius;aaa accounting subscriber radius指定用户讲费方式为radiusaaa
40、 accounting suppress-acct-on-fail radius accounting server 192.168.1.1 key ericsson port 1642指定radius计费服务器地址,KEY及认证端口号,SmartEdge的Radius的配置,配置全局的认证和计费功能 注:用户认证引用Context Local下的Radius认证和计费服务器。aaa global authentication subscriber radius context local aaa global accounting subscriber radius context loca
41、l 设置动态认证用户的最后匹配的Context 注:如果用户的的域名匹配不到任何的Context,它将套用指定的Context 认证计费属性。aaa last-resort context local,SmartEdge路由协议的配置,OSPFISISBGP其它,OSPF的配置,打开ospf路由 localSE800(config-ctx)#router ospf 1 设置backbone area localSE800(config-ospf)#area 0 把ip interface加入area来 localSE800(config-ospf-area)#interface lp1 loc
42、alSE800(config-ospf-area)#interface toNE5000 localSE800(config-ospf-if)#cost 80/设置链路cost localSE800(config-ospf-area)#interface toT640 localSE800(config-ospf-if)#cost 80/设置链路cost 重发布静态路由和直连地址 localSE800(config-ospf)#redistribute connected metric 6 metric-type 1 localSE800(config-ospf)#redistribute s
43、tatic metric 7 metric-type 1,ISIS 的配置,Current configuration:context local router isis local 设置Net ID,一般使用Loopback IP,避免Net ID冲突 net 86.4662.0510.0611.7710.0160.00 is type level-1 address-family ipv4 unicast 将相关的上连Interface及Loopback Interface加入到ISIS 网络内 interface loopback0 address-family ipv4 unicast
44、!interface ge2/1!bind to ethernet 2/1 address-family ipv4 unicast!interface ge1/1.2!bind to ethernet 1/1 dot1q pvc 2 address-family ipv4 unicast,BGP 配置,router bgp 64662 address-family ipv4 unicast network 61.177.100.177/32 network 61.177.100.178/32 network 61.177.100.179/32 network 117.62.8.0/24 add
45、ress-family ipv4 vpn!neighbor 61.177.100.108 internal password encrypted EDAE35E3C944281B update-source loopback0 next-hop-self address-family ipv4 unicast address-family ipv4 vpn!neighbor 61.177.100.110 internal password encrypted EDAE35E3C944281B update-source loopback0 next-hop-self address-famil
46、y ipv4 unicast address-family ipv4 vpn,其它路由设置,local context到pppoe context的IP pool静态路由设置 localSE800(config-ctx)#ip route 224.176.24.0/24 context pppoe permanent local context到pppoe context的loopback地址静态路由设置 localSE800(config-ctx)#ip route 224.177.208.16/32 context pppoe pppoe context的缺省路由设置 localSE800
47、(config-ctx)#ip route 0.0.0.0/0 context local,PPPoE的配置,在实际业务环境中PPPOE拨号用户分以下两种:以太网拨号用户 通过交换机端口进行拨号,这种用户在接入层交换机上将用户vlan号透传给SE800来建立拨号线路;DSLAM接入用户 用户通过ADSL分流器将数字信号导入DSLAM,DSLAM为用户分配特定的vlan号,由汇聚层交换机将用户vlan透传给SE800;,PPPoE的配置,基本的PPPOE配置任务包括如下:设定拨号用户的属性如IP地址获取方式、DNS服务器;创建拨号用的虚拟路由路(context);创建相送拨号网关并设定地址池等;
48、pppoe 用户地址池interface 命名规则interface adsl-0 x multibind(x表示1,2,3 以此顺延)如interface adsl-01 multibind将线路动态绑定到PVC端口并封装成PPPOE,PPPoE的配置,以下是配置实例:全局模式下:pppoe services all-domains 全局模式下打开pppoe功能!service multiple-contexts 全局模式下打开多vr功能!context dial 进入拨号VR配置模式!interface adsl-01 multibind 创建IP地址池接口 ip address 125.
49、40.255.1/22 创建拨号地址池 ip pool 125.40.255.0/22 创建ip pool!subscriber default 进行指定默认用户模式 ip address pool 用户地址获取方式是通过ip pool来完成 dns primary 202.102.224.68 指定DNS dns secondary 202.102.227.68全局模式下:port ethernet 4/1 进入拨号用户接入的接口 no shutdown encapsulation dot1qdot1q pvc 1000 encapsulation pppoe description per
50、-byte bind authentication pap maximum 100 动态绑定interface到物理线路,专线用户(IPoE)的配置,专线用户专线用户通过静态指定IP地址来,通过SE800的连续地址分配技术可以避免因专线接入用户增加的而导致IP地址浪费,专线用户配置,SE800上为专线用户开通特定的VR:releaseline 来对专线用户进行管理。专线用户interface命名规则 interface zx-0 x multibind(x表示1,2,3 以此顺延)如interface zx-01 multibindcontext leaseline 创建专线用户VR!inte
