某某电信城域网asbr对接cn2asbr割接方案.doc

南京电信城域网南京电信城域网 ASBRASBR 对接对接 CN2CN2 ASBRASBR 割接方案割接方案 2006 年年 9 月月 Confidential 目目 录录 实施方案概述实施方案概述 3 网络现状描述网络现状描述 4 YNL NE40 割接步骤割接步骤 4 一 城域网鼓楼 GSR12416 初始化配置 5 基本配置 5 VPN IPV4配置 6 Vpn instance配置 13 二 CN2 鼓楼 PE 初始化配置 19 基本配置 19 VPN IPV4配置 19 Vpn instance配置 26 三 城域网 ASBR 建立至 VRR 的 IBGP 邻居 31 四 开通城域网鼓楼 GSR12416 至 CN2 鼓楼 PE 链路 32 五 应急措施及回退方案 32 HZM NE40 割接步骤割接步骤 33 一 城域网鼓楼大行宫 GSR12416 初始化配置 33 基本配置 33 VPN IPV4配置 34 Vpn instance配置 41 二 CN2 游府西街 PE 初始化配置 45 基本配置 45 VPN IPV4配置 46 Vpn instance配置 51 三 城域网 ASBR 建立至 VRR 的 IBGP 邻居 56 四 开通城域网大行宫 GSR12416 至 CN2 游府西街 PE 链路 56 五 应急措施及回退方案 57 实施方案概述实施方案概述 本方案遵循集团公司关于 CN2 业务延伸网络连接实施的要求 是为实现 CN2 与江苏 IP 城域 VPN 网互联而准备的实施方案 本方案是基于对现行的江苏 电信 163 CN2 及 IP 城域网运行状态的理解 以及将来业务的规划而做出的 在整个实施方案中 我们一直遵循如下原则 充分保证实施方案整体的可靠性 全面考虑网络过渡过程的各方面因素 尽可能地减少对现网业务的影响 在实施过程中进行必要的测试 保证整个实施过程的正确性 本期 CN2 业务延伸网络连接目标包括物理连接层面 路由层面 安全与管 理层面三个主要层面 总体目标如下 物理连接层面 实现 CN2 与 IP 城域网 VPN 互连 路由层面 建立 CN2 与南京 IP 城域 VPN 网的路由连接并保障路由安全 Comment a1 Comment a2 网络现状描述网络现状描述 目前中国电信 CN2 网络江苏南京节点有 T640 两台作为 C 设备 有 GSR12416 两台作为 S 设备 其中 C 设备已与 IP 城域网核心 Cisco12416 设备采用 OC192 端口互联 S 设备已与 IP 城域网 VPN 设备的 VRR 采用 GE 端口互联 目前采用 两台华为 NE40 作为 ASBR 这两台 NE40 兼做南京城域网 VPN 的 VRR 南京城域 网和 CN2 使用 Option A 方式实现跨域 VPN 南京城域网 VPN 使用 AS 号 64512 城域网 AS 为 64660 南京城域网和 CN2 使用 Option A 方式实现跨域 VPN 在这种方式下作为 ASBR 的 PE 需要管理所有 VPN 这将导致 PE 上的 VPN IPv4 路由数量非常庞 大 对 PE 设备的要求非常高 本次割接实现 ASBR 从华为 NE40 割接至南京城域网利旧的两台 GSR12416 原城域网核心设备 上 采用性能更优的 GSR12416 作为跨域 VPN 的专用 ASBR 以满足网络扩展的要求 完成 CN2 MPLS VPN 与南京电 信 MPLS VPN 城域网之间跨域对接工作 与 CN2 PE 设备采用 POS 链路互联 所以在 CN2 PE 侧还需要各增加一块 POS 板卡 互联路由 实为 PE CE 路由 采用 eBGP 每客户一个会话 跨域互联采用 Option A 方式 本次割接需要在保证传输资源已经到位的情况下进行 本次实施对城域网的业务无影响 YNL NE40 割接割接步骤步骤 本次割接工作要求传输及尾纤布放工作 鼓楼 GSR12416 CN2 鼓楼 PE 提前 Comment a3 Comment a4 准备 并调通相应互联链路 一 城域网鼓楼一 城域网鼓楼 GSR12416GSR12416 初始化配置初始化配置 基本配置基本配置 Int loopback0 Ip add Router isis vpn Net 00 Passive loopback0 mpls label protocol ldp Int pos 上联鼓楼 ip address no ip redirects no ip unreachables no ip directed broadcast no ip proxy arp crc 32 no cdp enable tag switching ip ip router isis vpn Int pos 上联大行宫 ip address no ip redirects no ip unreachables no ip directed broadcast no ip proxy arp crc 32 Comment a5 Comment a6 Comment a7 no cdp enable tag switching ip ip router isis vpn int POS description to JS NJ GL S 1 CN2 POS mtu 9178 no shutdown VPN IPV4 配置配置 ip vrf CT SoftSwitch Media rd 4809 1038 route target export 4809 1038 route target import 4809 1038 ip vrf LDJhujiaopingtai rd 64512 156 route target export 64512 156 route target import 64512 156 ip vrf bianfangzongdui rd 64512 155 route target export 64512 155 route target import 64512 155 ip vrf caizhenju rd 64512 144 route target export 64512 144 route target import 64512 144 ip vrf gulouquzhenfu rd 64512 138 route target export 64512 138 route target import 64512 138 ip vrf huiminyiyuanbanqiao rd 64512 164 route target export 64512 164 route target import 64512 164 ip vrf jiaotongguanlichu rd 64512 153 route target export 64512 151 route target export 64512 153 route target import 64512 151 route target import 64512 153 ip vrf langchi rd 64512 502 route target export 64512 502 route target import 64512 502 ip vrf nanjingdianxin rd 64512 151 route target export 64512 151 route target import 64512 151 ip vrf nanjingshilaodongju rd 64512 106 route target export 64512 106 route target import 64512 106 ip vrf panchengyiyuan rd 64512 165 route target export 64512 165 route target import 64512 165 ip vrf pukoulaobao rd 64512 128 route target export 64512 128 route target import 64512 128 ip vrf shengcaizhenting rd 64512 145 route target export 64512 145 route target import 64512 145 ip vrf shenglaodongju rd 64512 115 route target export 64512 115 route target import 64512 115 ip vrf shiyunhui rd 64512 133 route target export 64512 133 route target import 64512 133 ip vrf test rd 100 1 route target export 100 1 route target import 100 1 route target import 100 2 route target import 100 3 route target import 100 4 ip vrf test1 rd 100 100 route target export 100 100 route target export 100 1001 route target export 4134 100 route target import 100 100 route target import 100 1001 route target import 4134 100 ip vrf vpn baixiaquzhengfu rd 64512 139 route target export 64512 139 route target import 64512 139 ip vrf vpn xiaguanquzhenfu rd 64512 163 route target export 64512 163 route target import 64512 163 ip vrf zhongshihua rd 64512 142 route target export 64512 142 route target import 64512 142 router bgp 64512 bgp log neighbor changes nei 221 231 205 247 remote as 64512 nei 221 231 205 247 update source Loopback0 nei 221 231 205 247 description TO YNL NE40 VRR nei 221 231 205 247 shutdown nei 221 231 205 249 remote as 64512 nei 221 231 205 249 update source Loopback0 nei 221 231 205 249 description TO HZM NE40 VRR nei 221 231 205 249 shutdown address family vpnv4 nei 221 231 205 247 activate nei 221 231 205 247 send community both nei 221 231 205 247 next hop self nei 221 231 205 247 remote as 64512 nei 221 231 205 249 activate nei 221 231 205 249 send community both nei 221 231 205 249 next hop self nei 221 231 205 249 remote as 64512 exit address family int pos 101 encapsulation dot1Q 101 ip vrf forwarding CT SoftSwitch Media ip add int pos 102 encapsulation dot1Q 102 ip vrf forwarding LDJhujiaopingtai ip add int pos 103 encapsulation dot1Q 103 ip vrf forwarding bianfangzongdui ip add int pos 104 encapsulation dot1Q 104 ip vrf forwarding caizhenju ip add int pos 105 encapsulation dot1Q 105 ip vrf forwarding gulouquzhenfu ip add int pos 106 encapsulation dot1Q 106 ip vrf forwarding huiminyiyuanbanqiao ip add int pos 107 encapsulation dot1Q 107 ip vrf forwarding jiaotongguanlichu ip add int pos 108 encapsulation dot1Q 108 ip vrf forwarding langchi ip add int pos 109 encapsulation dot1Q 109 ip vrf forwarding nanjingdianxin ip add int pos 110 encapsulation dot1Q 110 ip vrf forwarding nanjingshilaodongju ip add int pos 111 encapsulation dot1Q 111 ip vrf forwarding panchengyiyuan ip add int pos 112 encapsulation dot1Q 112 ip vrf forwarding pukoulaobao ip add int pos 113 encapsulation dot1Q 113 ip vrf forwarding shengcaizhenting ip add int pos 114 encapsulation dot1Q 114 ip vrf forwarding shenglaodongju ip add int pos 115 encapsulation dot1Q 115 ip vrf forwarding shiyunhui ip add int pos 116 encapsulation dot1Q 116 ip vrf forwarding test ip add int pos 117 encapsulation dot1Q 117 ip vrf forwarding test1 ip add int pos 118 encapsulation dot1Q 118 ip vrf forwarding vpn baixiaquzhengfu ip add int pos 119 encapsulation dot1Q 119 ip vrf forwarding vpn xiaguanquzhenfu ip add int pos 120 encapsulation dot1Q 120 ip vrf forwarding zhongshihua ip add Vpn instance 配置配置 Router bgp 64512 address family ipv4 vrf test redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf test1 redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf nanjingshilaodongju redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf gulouquzhenfu redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf shiyunhui redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf zhongshihua redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf shenglaodongju redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf caizhenju redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf shengcaizhenting redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf nanjingdianxin redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf bianfangzongdui redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf langchi redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf jiaotongguanlichu redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf LDJhujiaopingtai redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf vpn baixiaquzhengfu redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf pukoulaobao redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf vpn xiaguanquzhenfu redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf panchengyiyuan redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf CT SoftSwitch Media redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family address family ipv4 vrf huiminyiyuanbanqiao redistribute connected no synchronization neighbor remote as 4809 neighbor activate neighbor send community exit address family 二 二 CN2CN2 鼓楼鼓楼 PEPE 初始化配置初始化配置 基本配置基本配置 int pos description to JS NJ GL R 4 MAN POS mtu 9178 no shutdown VPN IPV4 配置配置 ip vrf CT SoftSwitch Media rd 4809 1038 route target export 4809 1038 route target import 4809 1038 ip vrf LDJhujiaopingtai rd 64512 156 route target export 64512 156 route target import 64512 156 ip vrf bianfangzongdui rd 64512 155 route target export 64512 155 route target import 64512 155 ip vrf caizhenju rd 64512 144 route target export 64512 144 route target import 64512 144 ip vrf gulouquzhenfu rd 64512 138 route target export 64512 138 route target import 64512 138 ip vrf huiminyiyuanbanqiao rd 64512 164 route target export 64512 164 route target import 64512 164 ip vrf jiaotongguanlichu rd 64512 153 route target export 64512 151 route target export 64512 153 route target import 64512 151 route target import 64512 153 ip vrf langchi rd 64512 502 route target export 64512 502 route target import 64512 502 ip vrf nanjingdianxin rd 64512 151 route target export 64512 151 route target import 64512 151 ip vrf nanjingshilaodongju rd 64512 106 route target export 64512 106 route target import 64512 106 ip vrf panchengyiyuan rd 64512 165 route target export 64512 165 route target import 64512 165 ip vrf pukoulaobao rd 64512 128 route target export 64512 128 route target import 64512 128 ip vrf shengcaizhenting rd 64512 145 route target export 64512 145 route target import 64512 145 ip vrf shenglaodongju rd 64512 115 route target export 64512 115 route target import 64512 115 ip vrf shiyunhui rd 64512 133 route target export 64512 133 route target import 64512 133 ip vrf test rd 100 1 route target export 100 1 route target import 100 1 route target import 100 2 route target import 100 3 route target import 100 4 ip vrf test1 rd 100 100 route target export 100 100 route target export 100 1001 route target export 4134 100 route target import 100 100 route target import 100 1001 route target import 4134 100 ip vrf vpn baixiaquzhengfu rd 64512 139 route target export 64512 139 route target import 64512 139 ip vrf vpn xiaguanquzhenfu rd 64512 163 route target export 64512 163 route target import 64512 163 ip vrf zhongshihua rd 64512 142 route target export 64512 142 route target import 64512 142 int pos 101 encapsulation dot1Q 101 ip vrf forwarding CT SoftSwitch Media ip add int pos 102 encapsulation dot1Q 102 ip vrf forwarding LDJhujiaopingtai ip add int pos 103 encapsulation dot1Q 103 ip vrf forwarding bianfangzongdui ip add int pos 104 encapsulation dot1Q 104 ip vrf forwarding caizhenju ip add int pos 105 encapsulation dot1Q 105 ip vrf forwarding gulouquzhenfu ip add int pos 106 encapsulation dot1Q 106 ip vrf forwarding huiminyiyuanbanqiao ip add int pos 107 encapsulation dot1Q 107 ip vrf forwarding jiaotongguanlichu ip add int pos 108 encapsulation dot1Q 108 ip vrf forwarding langchi ip add int pos 109 encapsulation dot1Q 109 ip vrf forwarding nanjingdianxin ip add int pos 110 encapsulation dot1Q 110 ip vrf forwarding nanjingshilaodongju ip add int pos 111 encapsulation dot1Q 111 ip vrf forwarding panchengyiyuan ip add int pos 112 encapsulation dot1Q 112 ip vrf forwarding pukoulaobao ip add int pos 113 encapsulation dot1Q 113 ip vrf forwarding shengcaizhenting ip add int pos 114 encapsulation dot1Q 114 ip vrf forwarding shenglaodongju ip add int pos 115 encapsulation dot1Q 115 ip vrf forwarding shiyunhui ip add int pos 116 encapsulation dot1Q 116 ip vrf forwarding test ip add int pos 117 encapsulation dot1Q 117 ip vrf forwarding test1 ip add int pos 118 encapsulation dot1Q 118 ip vrf forwarding vpn baixiaquzhengfu ip add int pos 119 encapsulation dot1Q 119 ip vrf forwarding vpn xiaguanquzhenfu ip add int pos 120 encapsulation dot1Q 120 ip vrf forwarding zhongshihua ip add Vpn instance 配置配置 Router bgp 4809 address family ipv4 vrf test redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf test1 redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf nanjingshilaodongju redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf gulouquzhenfu redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf shiyunhui redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf zhongshihua redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf shenglaodongju redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf caizhenju redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf shengcaizhenting redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf nanjingdianxin redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf bianfangzongdui redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf langchi redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf jiaotongguanlichu redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf LDJhujiaopingtai redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf vpn baixiaquzhengfu redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf pukoulaobao redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf vpn xiaguanquzhenfu redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf panchengyiyuan redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf CT SoftSwitch Media redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family address family ipv4 vrf huiminyiyuanbanqiao redistribute connected no synchronization neighbor remote as 64512 neighbor activate neighbor send community exit address family 三 城域网三 城域网 ASBRASBR 建立至建立至 VRRVRR 的的 IBGPIBGP 邻居邻居 在 YNL NE40 VRR 和 HZM NE40 VRR 上分别进行如下配置 bgp 64512 peer 鼓楼 GSR12416loopback0 as number 64512 peer 鼓楼 GSR12416loopback0 reflect client peer 鼓楼 GSR12416loopback0 connect interface LoopBack0 ipv4 family vpnv4 peer 鼓楼 GSR12416loopback0 enable peer 鼓楼 GSR12416loopback0 reflect client 在城域网鼓楼 GSR12416 上进行如下配置 router bgp 64512 no nei 221 231 205 247 shutdown no nei 221 231 205 249 shutdown 通过命令 sh ip bgp vpnv4 all summary 检查和 vrr 邻居是否建立 四 开通城域网鼓楼四 开通城域网鼓楼 GSR12416GSR12416 至至 CN2CN2 鼓楼鼓楼 PEPE 链路链路 在 YNL NE40 VRR 上进行如下配置 interface GigabitEthernet2 0 1 shutdown 将城域网鼓楼 GSR12416 至 CN2 鼓楼 PE 的光路开通 CN2 鼓楼 PE 侧在 ODF 架跳纤至城域网鼓楼 GSR12416 通过 ping vrf 对端子接口地址检查链路是否正常 通过 sh ip b vpnv4 vrf summary 检查 EBGP 邻居是否正常建立 在 CN2 鼓楼 PE 侧通过 sh ip b vpnv4 all 查看是否能学习到城域网内的 vpn 路由 并检查路由的正确性 五 应急措施及回退方案五 应急措施及回退方案 本次割接理论上不会影响业务 在割接中如出现短时间内无法解决的不可 预见的异常 应立即回退 保证在规定时间内恢复业