【高级交换技术】配置QinQ终结子接口接入VLL示例

简介

VLL是建立在MPLS技术上的点到点二层隧道技术，可以在MPLS骨干网上透明传输二层数据，从而使得位于不同物理位置的属于同一个VLAN的站点之间可以相互通信。

QinQ终结子接口接入VLL是指在报文通过VLL网络传输前，先由设备上的路由子接口对设备的双层VLAN Tag进行终结，然后才进入VLL网络进行传输。

QinQ终结子接口接入VLL适用于某一站点的所有VLAN（例如：VLAN100-VLAN200）都需要与异地站点进行通信，或是需要节省公网VLAN数量的场景。此时，您需要通过CE与PE间部署的交换机设备，对不同CE发送过来的不同的VLAN Tag报文打上相同的外层VLAN TAG，然后再通过PE上的子接口将QinQ报文终结后由VLL隧道进行转发。

通过该技术，由QinQ作为核心VLL网络在城域以太网VPN的延伸，形成了端到端的VPN技术，解决了位于不同地理位置的用户的二层通信的问题。

配置注意事项

本举例适用的产品和版本包括：
- S5700-HI、S5710-EI：V200R002C00及后续版本
- S5720-EI：V200R009C00及后续版本
- S5720-HI：V200R007C10及后续版本
- S5710-HI、S5730-HI、S5731-H、S5731-H-K、S5731S-H、S5732-H、S5732-H-K：适用版本请参见“案例适用的产品和版本说明”中的表1
- S6700-EI：V200R005（C00&C01）
- S6720-EI、S6720S-EI、S6720-HI、S6730-H、S6730-H-K、S6730S-H、S6730-S、S6730S-S：适用版本请参见“案例适用的产品和版本说明”中的表1
- S7703、S7706、S7712、S7703 PoE、S7706 PoE、S7710、S7905、S7908、S9703、S9706、S9712：适用版本请参见“案例适用的产品和版本说明”中的表1

E3L系列单板和S系列中的SA单板不支持VLL功能，X1E系列单板在V200R007以及后续版本支持VLL功能。

如需了解交换机软件配套详细信息，请点击硬件查询工具。

组网需求

如图1所示，CE1、CE2分别通过VLAN方式接入PE1和PE2。

CE1和CE2之间建立Martini方式的VLL。

Switch1分别与CE1、PE1相连。

Switch2分别与CE2、PE2相连。

Switch与CE侧接口配置灵活QinQ，对CE发送过来的报文打上运营商指定允许通过的外层VLAN Tag。

当Switch连接多个CE时，对不同CE发送过来的不同的VLAN Tag报文打上相同的外层VLAN Tag，还可以达到节省公网VLAN数量的目的。

图1 配置QinQ终结子接口接入VLL组网图

Switch	接口	对应的三层接口	IP地址
PE1	GigabitEthernet1/0/0	GigabitEthernet1/0/0.1	-
-	GigabitEthernet2/0/0	VLANIF20	10.1.1.1/24
-	Loopback1	-	1.1.1.1/32
PE2	GigabitEthernet1/0/0	VLANIF30	10.2.2.1/24
-	GigabitEthernet2/0/0	GigabitEthernet2/0/0.1	-
-	Loopback1	-	3.3.3.3/32
P	GigabitEthernet1/0/0	VLANIF30	10.2.2.2/24
-	GigabitEthernet2/0/0	VLANIF20	10.1.1.2/24
-	Loopback1	-	2.2.2.2/32
CE1	GigabitEthernet1/0/0	VLANIF10	10.10.10.1/24
CE2	GigabitEthernet1/0/0	VLANIF10	10.10.10.2/24

配置思路

采用如下的思路配置QinQ终结子接口接入VLL：

在骨干网相关设备（PE、P）上配置路由协议实现互通，并使能MPLS。
本例使用缺省隧道策略，建立LSP作为传输业务数据的隧道。
PE上使能MPLS L2VPN，并创建VC连接。
在PE连接Switch的接口上配置QinQ终结子接口接入VLL。
在Switch连接CE的接口上配置灵活QinQ。

操作步骤

按图1配置CE、PE和P的各接口所属VLAN和VLANIF接口的IP地址

# 配置CE1，要求CE1发送给Switch1的报文带有一层VLAN Tag。

<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit

# 配置CE2，要求CE2发送给Switch2的报文带有一层VLAN Tag。

<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] port link-type trunk
[CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface vlanif 10
[CE2-Vlanif10] ip address 10.10.10.2 24
[CE2-Vlanif10] quit

# 配置PE1。

<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type hybrid
[PE1-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[PE1-GigabitEthernet2/0/0] port hybrid tagged vlan 20
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit

# 配置P。

<HUAWEI> system-view
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port link-type hybrid
[P-GigabitEthernet1/0/0] port hybrid pvid vlan 30
[P-GigabitEthernet1/0/0] port hybrid tagged vlan 30
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] port link-type hybrid
[P-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[P-GigabitEthernet2/0/0] port hybrid tagged vlan 20
[P-GigabitEthernet2/0/0] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit

# 配置PE2。

<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 30
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port link-type hybrid
[PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 30
[PE2-GigabitEthernet1/0/0] port hybrid tagged vlan 30
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit

在Switch的接口上配置灵活QinQ和允许通过的VLAN

# 配置Switch1。

<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet2/0/0
[Switch1-GigabitEthernet2/0/0] port link-type hybrid
[Switch1-GigabitEthernet2/0/0] port hybrid tagged vlan 100
[Switch1-GigabitEthernet2/0/0] quit
[Switch1] interface gigabitethernet1/0/0
[Switch1-GigabitEthernet1/0/0] port link-type hybrid
[Switch1-GigabitEthernet1/0/0] port hybrid untagged vlan 100
[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 10 stack-vlan 100  //盒式交换机，需要先通过命令qinq vlan-translation enable使能VLAN转换功能
[Switch1-GigabitEthernet1/0/0] quit

# 配置Switch2。

<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet2/0/0
[Switch2-GigabitEthernet2/0/0] port link-type hybrid
[Switch2-GigabitEthernet2/0/0] port hybrid tagged vlan 100
[Switch2-GigabitEthernet2/0/0] quit
[Switch2] interface gigabitethernet1/0/0
[Switch2-GigabitEthernet1/0/0] port link-type hybrid
[Switch2-GigabitEthernet1/0/0] port hybrid untagged vlan 100
[Switch2-GigabitEthernet1/0/0] port vlan-stacking vlan 10 stack-vlan 100  //盒式交换机，需要先通过命令qinq vlan-translation enable使能VLAN转换功能
[Switch2-GigabitEthernet1/0/0] quit

在MPLS骨干网上配置IGP，本示例中使用OSPF

配置OSPF时，注意需要发布PE1、P和PE2作为LSR ID的32位Loopback接口地址。

# 配置PE1。

[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# 配置P。

[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit

# 配置PE2。

[PE2] router id 3.3.3.3
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

# 配置完成后，PE1、P、PE2之间应能建立OSPF邻居关系，执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1接口路由。以PE1的显示为例：

[PE1] display ospf peer
                                                                                
         OSPF Process 1 with Router ID 1.1.1.1                              
                 Neighbors                                                      
                                                                                
 Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors                          
 Router ID: 2.2.2.2      Address: 10.1.1.2                                  
   State: Full  Mode:Nbr is  Master  Priority: 1                                
   DR: 10.1.1.2  BDR: 10.1.1.1  MTU: 0                                          
   Dead timer due in 34  sec                                                    
   Retrans timer interval: 5                                                    
   Neighbor is up for 00:01:16                                                  
   Authentication Sequence: [ 0 ]

[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance                                     
------------------------------------------------------------------------------  
Routing Tables: Public                                                          
         Destinations : 8       Routes : 8                                    
                                                                                
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                
        1.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack1      
        2.2.2.2/32  OSPF    10   1           D   10.1.1.2        Vlanif20       
        3.3.3.3/32  OSPF    10   2           D   10.1.1.2        Vlanif20       
       10.1.1.0/24  Direct  0    0           D   10.1.1.1        Vlanif20       
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       Vlanif20       
       10.2.2.0/24  OSPF    10   2           D   10.1.1.2        Vlanif20       
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0    
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0

在MPLS骨干网上配置MPLS基本能力和LDP

# 配置PE1。

[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit

# 配置P。

[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit

# 配置PE2。

[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

在PE之间建立远端LDP会话

# 配置PE1。

[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit

# 配置PE2。

[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit

上述配置完成后，在PE1上执行display mpls ldp session命令查看LDP会话的建立情况，可以看到增加了与PE2的LDP会话。

以PE1的显示为例：

[PE1] display mpls ldp session

 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted.
 ------------------------------------------------------------------------------
 PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
 ------------------------------------------------------------------------------
 2.2.2.2:0          Operational DU Passive  0000:15:29   3717/3717
 3.3.3.3:0          Operational DU Passive  0000:00:00   2/2
 ------------------------------------------------------------------------------
 TOTAL: 2 session(s) Found.

在PE上使能MPLS L2VPN，并创建VC连接

# 配置PE1：在接入Switch1的接口gigabitethernet1/0/0.1上创建VC。

[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet1/0/0
[PE1-GigabitEthernet1/0/0] port link-type hybrid
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet1/0/0.1
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet1/0/0.1] quit

# 配置PE2：在接入Switch2的接口gigabitethernet2/0/0.1上创建VC。

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vcmp role silent
[PE2] interface gigabitethernet2/0/0
[PE2-GigabitEthernet2/0/0] port link-type hybrid
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet2/0/0.1
[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.1 101
[PE2-GigabitEthernet2/0/0.1] quit

验证配置结果

在PE上查看L2VPN连接信息，可以看到建立了一条L2VC，状态为UP。

以PE1的显示为例：

[PE1] display mpls l2vc interface gigabitethernet1/0/0.1
 *client interface       : GigabitEthernet1/0/0.1 is up
  Administrator PW       : no
  session state          : up
  AC status              : up
  Ignore AC state        : disable
  VC state               : up
  Ignore AC state        : disable
  Label state            : 0
  Token state            : 0
  VC ID                  : 101
  VC type                : VLAN
  destination            : 3.3.3.3
  local group ID         : 0            remote group ID      : 0
  local VC label         : 23552        remote VC label      : 23552
  local AC OAM State     : up
  local PSN OAM State    : up
  local forwarding state : forwarding
  local status code      : 0x0
  remote AC OAM state    : up
  remote PSN OAM state   : up
  remote forwarding state: forwarding
  remote status code     : 0x0
  ignore standby state   : no
  BFD for PW             : unavailable
  VCCV State             : up
  manual fault           : not set
  active state           : active
  forwarding entry       : exist
  link state             : up
  local VC MTU           : 1500         remote VC MTU        : 1500
  local VCCV             : alert ttl lsp-ping bfd
  remote VCCV            : alert ttl lsp-ping bfd
  local control word     : disable      remote control word  : disable
  tunnel policy name     : --
  PW template name       : --
  primary or secondary   : primary
  load balance type      : flow                                                 
  Access-port            : false                                                
  Switchover Flag        : false                                                
  VC tunnel/token info   : 1 tunnels/tokens
    NO.0  TNL type       : lsp   , TNL ID : 0x10031
    Backup TNL type      : lsp   , TNL ID : 0x0
  create time            : 1 days, 22 hours, 15 minutes, 9 seconds
  up time                : 0 days, 22 hours, 54 minutes, 57 seconds
  last change time       : 0 days, 22 hours, 54 minutes, 57 seconds
  VC last up time        : 2010/10/09 19:26:37
  VC total up time       : 1 days, 20 hours, 42 minutes, 30 seconds
  CKey                   : 8
  NKey                   : 3
  PW redundancy mode     : frr
  AdminPw interface      : --
  AdminPw link state     : --
  Diffserv Mode          : uniform                                              
  Service Class          : be                                                   
  Color                  : --                                                   
  DomainId               : --                                                   
  Domain Name            : --

CE1和CE2能够相互Ping通。

以CE1的显示为例：

[CE1] ping 10.10.10.2
  PING 10.10.10.2: 56  data bytes, press CTRL_C to break
    Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
    Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=255 time=10 ms
    Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=255 time=5 ms
    Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=255 time=2 ms
    Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=255 time=28 ms

  --- 10.10.10.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 2/15/31 ms

配置文件

CE1的配置文件

#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
 ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

Switch1的配置文件

#
sysname Switch1
#
vlan batch 100
#
interface GigabitEthernet1/0/0
 port link-type hybrid
 port hybrid untagged vlan 100
 port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet2/0/0
 port link-type hybrid
 port hybrid tagged vlan 100
#
return

PE1的配置文件

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
 remote-ip 3.3.3.3
#
interface Vlanif20
 ip address 10.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0  port link-type hybrid
#
interface GigabitEthernet1/0/0.1
 qinq termination pe-vid 100 ce-vid 10
 mpls l2vc 3.3.3.3 101
#
interface GigabitEthernet2/0/0
 port link-type hybrid
 port hybrid pvid vlan 20
 port hybrid tagged vlan 20
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.1.1.0 0.0.0.255
#
return

P的配置文件

#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
 ip address 10.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface Vlanif30
 ip address 10.2.2.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type hybrid
 port hybrid pvid vlan 30
 port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
 port link-type hybrid
 port hybrid pvid vlan 20
 port hybrid tagged vlan 20
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 10.2.2.0 0.0.0.255
#
return

PE2的配置文件

#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
 remote-ip 1.1.1.1
#
interface Vlanif30
 ip address 10.2.2.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type hybrid
 port hybrid pvid vlan 30
 port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0  port link-type hybrid
#
interface GigabitEthernet2/0/0.1
 qinq termination pe-vid 100 ce-vid 10
 mpls l2vc 1.1.1.1 101
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.2.2.0 0.0.0.255
#
return

Switch2的配置文件

#
sysname Switch2
#
vlan batch 100
#
interface GigabitEthernet1/0/0
 port link-type hybrid
 port hybrid untagged vlan 100
 port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet2/0/0
 port link-type hybrid
 port hybrid tagged vlan 100
#
return

CE2的配置文件

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
 ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
return