https://support.huawei.com/enterprise/zh/doc/EDOC1100332321?section=j053
配置分支使用5G双链路和总部建立GRE主备隧道互联示例
场景介绍
可靠性是企业组网中必须考虑的一个重要因素,特别是对于那些大型企业,业务一旦中断,可能会损失惨重。为了增强企业分支接入Internet的可靠性,分支与总部互联时一般都会部署两条广域上行链路,一条为主链路,一条为备链路。当主链路发生故障后,流量可以切换到备链路上转发,保证业务的连续性。在某些场景,不仅需要高可靠性,还需要链路之间可以快速切换。例如工业控制场景,需要亚秒级甚至毫秒级的切换。还有一些场景,对上行带宽的要求比较高,例如视频监控回传场景。
为了满足这些多样化的需求,企业可以选择使用两条5G链路作为广域上行链路,并配置BFD功能。由于5G链路开通快、带宽大、成本低,加上BFD快速检测机制,当主链路发生故障时,业务可以立即切换到5G备份链路上转发,减少业务中断时间,提高网络的可靠性。
组网方式
如图1所示,企业分支和总部之间通过Internet网络互联。企业分支使用AR1企业路由器作为出口网关。为了提高链路可靠性,AR1企业路由器上插了两块5G单板,提供两条5G链路接入Internet。当企业分支和总部之间需要交互三层业务时,分支和总部之间要在两条5G链路上分别构建GRE隧道,通过配置不同的静态路由优先级实现业务主备。BFD检测并监控主GRE隧道的连通状态,实现分支及总部之间三层业务的快速收敛。
图7-17 配置分支使用5G双链路和总部建立GRE主备隧道互联组网图
数据准备
表7-21 数据准备表
项目 | 数据 | 说明 |
|---|---|---|
运营商A给分支分配的APN名称 | 5gneta | APN名称需提前从运营商处获取。 |
运营商B给分支分配的APN名称 | 5gnetb | |
运营商A给分支主5G Cellular1/0/0接口分配的IP地址 | 1.1.1.1/32 | 5G Cellular接口拨号接入运营商后,运营商给5G Cellular接口自动分配的IP地址。 说明:使用GRE隧道时,要求运营商给5G Cellular接口分配的IP地址为固定IP地址。本例中,假设运营商为5G Cellular接口分配的固定IP地址为1.1.1.1和3.3.3.3。 |
运营商B给分支备5G Cellular2/0/0接口分配的IP地址 | 3.3.3.3/32 | |
运营商给总部GE0/0/9接口分配的IP地址 | 2.2.2.2/24 | 总部AR2通过有线的方式接入Internet,该有线接口GE0/0/9采用静态方式配置IP地址。 |
运营商对接总部GE0/0/9接口的IP地址 | 2.2.2.1/24 | 运营商对接总部AR2 GE0/0/9接口的IP地址用于配置路由信息,使总部和Internet之间的路由互通。 |
分支AR1主Tunnel0/0/1接口的IP地址 | 10.3.1.1/24 | 分支和总部主备GRE隧道的Tunnel接口地址。 |
分支AR1备Tunnel0/0/2接口的IP地址 | 10.4.1.1/24 | |
总部AR2主Tunnel0/0/1接口的IP地址 | 10.3.1.2/24 | |
总部AR2备Tunnel0/0/2接口的IP地址 | 10.4.1.2/24 | |
分支AR1 LAN侧接口信息 | 所属VLAN:10 网关地址:VLANIF10(10.1.1.1/24) LAN侧物理接口:GE0/0/1 | VLAN 10为分支子网用户所在的VLAN,且分支子网用户的网关为VLANIF10接口。 |
总部AR2 LAN侧接口信息 | 所属VLAN:20 网关地址:VLANIF20(10.2.1.1/24) LAN侧物理接口:GE0/0/1 | VLAN 20为总部子网用户所在的VLAN,且总部子网用户的网关为VLANIF20接口。 |
TCP MSS参数配置说明
为了减少网络传输中不必要的分片和重组,网络规划时需要合理设置终端发出的报文大小。对于TCP报文,可以配置5G AR设备的TCP MSS值,通过修改应用层报文数据包的长度来避免报文分片。在5G 2B专线场景中,TCP MSS取值比较简单,在隧道两端AR设备的LAN侧接入物理口或VLANIF口上配置TCP MSS为推荐值1200。
配置思路
配置5G Cellular接口的连接参数,实现5G Cellular接口接入5G网络。
配置企业子网,为内部用户自动分配IP地址。
配置Tunnel接口,创建主备GRE隧道,使分支和总部之间的业务流量通过GRE隧道传输。
配置BFD会话,探测分支和总部之间主GRE隧道的连通性。
配置静态路由,使企业分支和总部子网的用户可以互通。
在5G Cellular接口下执行命令dialer enable-circular配置轮询拨号功能时,设备会同时下发自动拨号、IP地址协商和5G Modem自愈的相关配置,无需再重复配置。
操作步骤
配置5G Cellular接口的连接参数,实现5G Cellular接口接入5G网络。
创建APN模板。
<Huawei> system-view [Huawei] sysname AR1 [AR1] apn profile 5gprofilea [AR1-apn-profile-5gprofilea] apn 5gneta [AR1-apn-profile-5gprofilea] quit [AR1] apn profile 5gprofileb [AR1-apn-profile-5gprofileb] apn 5gnetb [AR1-apn-profile-5gprofileb] quit
使能轮询DCC功能,配置自动拨号连接。
[AR1] interface Cellular 1/0/0 [AR1-Cellular1/0/0] dialer enable-circular [AR1-Cellular1/0/0] quit [AR1] interface Cellular 2/0/0 [AR1-Cellular2/0/0] dialer enable-circular [AR1-Cellular2/0/0] quit
在5G Cellular接口上绑定APN模板。
[AR1] interface Cellular 1/0/0 [AR1-Cellular1/0/0] apn-profile 5gprofilea Info: The configuration will become effective after link reset. [AR1-Cellular1/0/0] shutdown [AR1-Cellular1/0/0] undo shutdown [AR1-Cellular1/0/0] quit [AR1] interface Cellular 2/0/0 [AR1-Cellular2/0/0] apn-profile 5gprofileb Info: The configuration will become effective after link reset. [AR1-Cellular2/0/0] shutdown [AR1-Cellular2/0/0] undo shutdown [AR1-Cellular2/0/0] quit
配置企业子网,为内部用户自动分配IP地址。
配置分支子网,创建VLAN10,将GE0/0/1接口加入VLAN10。配置VLANIF 10接口TCP最大报文段长度为1200字节并配置DHCP功能。
[AR1] vlan 10 [AR1-vlan10] quit [AR1] interface GigabitEthernet 0/0/1 [AR1-GigabitEthernet0/0/1] port link-type access [AR1-GigabitEthernet0/0/1] port default vlan 10 [AR1-GigabitEthernet0/0/1] quit [AR1] dhcp enable [AR1] interface Vlanif 10 [AR1-Vlanif10] ip address 10.1.1.1 24 [AR1-Vlanif10] dhcp select interface [AR1-Vlanif10] tcp adjust-mss 1200 [AR1-Vlanif10] quit
配置总部子网,创建VLAN20,将GE0/0/1接口加入VLAN20。配置VLANIF 20接口TCP最大报文段长度为1200字节并配置DHCP功能。
<Huawei> system-view [Huawei] sysname AR2 [AR2] vlan 20 [AR2-vlan20] quit [AR2] interface GigabitEthernet 0/0/1 [AR2-GigabitEthernet0/0/1] port link-type access [AR2-GigabitEthernet0/0/1] port default vlan 20 [AR2-GigabitEthernet0/0/1] quit [AR2] dhcp enable [AR2] interface Vlanif 20 [AR2-Vlanif20] ip address 10.2.1.1 24 [AR2-Vlanif20] dhcp select interface [AR2-Vlanif20] tcp adjust-mss 1200 [AR2-Vlanif20] quit
配置Tunnel接口,创建GRE隧道。
配置总部WAN侧接口GE0/0/9的IP地址。
[AR2] interface GigabitEthernet 0/0/9 [AR2-GigabitEthernet0/0/9] ip address 2.2.2.2 24 [AR2-GigabitEthernet0/0/9] quit
配置总部的两个Tunnel接口。
[AR2] interface Tunnel0/0/1 [AR2-Tunnel0/0/1] tunnel-protocol gre Warning: After this tunnel encapsulation protocol was configured, the MTU and other parameter settings of the tunnel were deleted. [AR2-Tunnel0/0/1] ip address 10.3.1.2 255.255.255.0 [AR2-Tunnel0/0/1] source GigabitEthernet 0/0/9 [AR2-Tunnel0/0/1] destination 1.1.1.1 [AR2-Tunnel0/0/1] quit [AR2] interface Tunnel0/0/2 [AR2-Tunnel0/0/2] tunnel-protocol gre Warning: After this tunnel encapsulation protocol was configured, the MTU and other parameter settings of the tunnel were deleted. [AR2-Tunnel0/0/2] ip address 10.4.1.2 255.255.255.0 [AR2-Tunnel0/0/2] source GigabitEthernet 0/0/9 [AR2-Tunnel0/0/2] destination 3.3.3.3 [AR2-Tunnel0/0/2] quit
配置分支的两个Tunnel接口。
[AR1] interface Tunnel0/0/1 [AR1-Tunnel0/0/1] tunnel-protocol gre Warning: After this tunnel encapsulation protocol was configured, the MTU and other parameter settings of the tunnel were deleted. [AR1-Tunnel0/0/1] ip address 10.3.1.1 255.255.255.0 [AR1-Tunnel0/0/1] source Cellular 1/0/0 [AR1-Tunnel0/0/1] destination 2.2.2.2 [AR1-Tunnel0/0/1] quit [AR1] interface Tunnel0/0/2 [AR1-Tunnel0/0/2] tunnel-protocol gre Warning: After this tunnel encapsulation protocol was configured, the MTU and other parameter settings of the tunnel were deleted. [AR1-Tunnel0/0/2] ip address 10.4.1.1 255.255.255.0 [AR1-Tunnel0/0/2] source Cellular 2/0/0 [AR1-Tunnel0/0/2] destination 2.2.2.2 [AR1-Tunnel0/0/2] quit
配置BFD会话,探测分支和总部之间主GRE隧道的连通性。
配置分支的BFD会话。
[AR1] bfd [AR1-bfd] quit [AR1] bfd aa bind peer-ip 10.3.1.2 source-ip 10.3.1.1 [AR1-bfd-session-aa] discriminator local 10 [AR1-bfd-session-aa] discriminator remote 20 [AR1-bfd-session-aa] commit Info: The configuration succeeds, but BFD session cannot be created for the moment because the route cannot be found. [AR1-bfd-session-aa] quit
配置总部的BFD会话。
[AR2] bfd [AR2-bfd] quit [AR2] bfd bb bind peer-ip 10.3.1.1 source-ip 10.3.1.2 [AR2-bfd-session-bb] discriminator local 20 [AR2-bfd-session-bb] discriminator remote 10 [AR2-bfd-session-bb] commit Info: The configuration succeeds, but BFD session cannot be created for the moment because the route cannot be found. [AR2-bfd-session-bb] quit
配置静态路由,使企业分支和总部子网的用户可以互通。
配置分支的静态路由,两条静态路由的出接口为5G Cellular接口,两条到总部子网的静态路由的出接口为Tunnel接口,并在主隧道接口Tunnel0/0/1所在的路由上绑定BFD会话。
[AR1] ip route-static 2.2.2.2 32 Cellular 1/0/0 [AR1] ip route-static 2.2.2.2 32 Cellular 2/0/0 preference 70 [AR1] ip route-static 10.2.1.0 255.255.255.0 Tunnel 0/0/1 track bfd-session aa [AR1] ip route-static 10.2.1.0 255.255.255.0 Tunnel 0/0/2 preference 70 [AR1] quit
配置总部的静态路由,并在主隧道接口Tunnel0/0/1所在的路由上绑定BFD会话。
[AR2] ip route-static 0.0.0.0 0.0.0.0 2.2.2.1 [AR2] ip route-static 10.1.1.0 255.255.255.0 Tunnel 0/0/1 track bfd-session bb [AR2] ip route-static 10.1.1.0 255.255.255.0 Tunnel 0/0/2 preference 70 [AR2] quit
验证
在AR1上执行命令display ip interface brief Cellular 1/0/0,查看Cellular1/0/0接口获取到的IP地址。
<AR1> display ip interface brief Cellular 1/0/0 *down: administratively down ^down: standby (l): loopback (s): spoofing (E): E-Trunk down Interface IP Address/Mask Physical Protocol Cellular1/0/0 1.1.1.1/32 up up
在AR1上执行命令display ip interface brief Cellular 2/0/0,查看Cellular2/0/0接口获取到的IP地址。
<AR1> display ip interface brief Cellular 2/0/0 *down: administratively down ^down: standby (l): loopback (s): spoofing (E): E-Trunk down Interface IP Address/Mask Physical Protocol Cellular2/0/0 3.3.3.3/32 up up
在AR1上执行命令display Cellular 1/0/0 all,查看Cellular1/0/0接口的状态信息。
<AR1> display Cellular 1/0/0 all Modem State: Hardware Information. ===================== Model = RG801 Modem Type = 5G module Modem Firmware Version = RG801HEAAAR01A07M8G Hardware Version = HiB5000_MODEM Ver.A Integrate circuit card identity (ICCID) = 98681020100202000069 International Mobile Subscriber Identity (IMSI) = 460070075591996 Mobile Station International ISDN Number (MSISDN) = None International Mobile Equipment Identity (IMEI) = 867147050004457 Factory Serial Number (FSN) = 0123456789ABCDEF Modem Status = Online Profile Information. ==================== Profile 1 -------- PDP Type = IPv4, Header Compression = OFF Data Compression = OFF Access Point Name (APN) = 5gneta Packet Session Status = Active * - Default profile Network Information. ==================== Current Service Status = Service available Service Domain = Combined Current Service = PS Packet Service = Attached Packet Session Status = Active Current Roaming Status = Roaming Network Selection Mode = Automatic Network Connection Mode = LTE-NR Current Network Connection = 5G(NSA) Mobile Country Code (MCC) = 369 Mobile Network Code (MNC) = 77 Mobile Operator Information = Unknown Tracking Area Code (TAC) = 1002 Cell ID = 9881858 Radio Information. ================== Current Bands : WCDMA: AUTO LTE: B3 NR: AUTO LTE: Current Band = B3 Current RSSI >= -51 dBm Current RSRP = -68 dBm (strong) Current RSRQ >= -3 dB Current SINR = 6 dB NR: Current Band = N78 Current RSRP = -64 dBm (strong) Current RSRQ = -10 dB Current SINR = 35 dB Bands supported : WCDMA: WCDMA850 WCDMA900 WCDMA2100 FDD LTE: B1 B3 B5 B7 B8 B20 B28 TDD LTE: B34 B38 B39 B40 B41 FDD NR: N1 N3 N28 TDD NR: N41 N77 N78 N79 SUL NR: N80 Modem Security Information. =========================== SIM ID = 1 PIN Verification = Disabled PIN Status = Ready Number of Retries remaining = 3 SIM Status = OK
在AR1上执行display bfd session all命令,可以看到BFD会话已经建立,且状态为UP。
<AR1> display bfd session all -------------------------------------------------------------------------------- Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------- 10 20 10.3.1.2 Up S_IP_PEER - -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 1/0
在AR1的Cellular1/0/0接口上执行命令shutdown,模拟5G主链路故障。
<AR1> system-view [AR1] interface Cellular 1/0/0 [AR1-Cellular1/0/0] shutdown [AR1-Cellular1/0/0] quit [AR1] quit
在AR1上执行命令ping -a 10.1.1.1 10.2.1.1,模拟分支用户访问总部用户的流量,流量能Ping通。
<AR1> ping -a 10.1.1.1 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=255 time=51 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=255 time=35 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=255 time=45 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=255 time=37 ms --- 10.2.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 35/41/51 ms
配置文件
AR1配置文件
# sysname AR1 # vlan batch 10 # dhcp enable # bfd # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select interface tcp adjust-mss 1200 # interface GigabitEthernet0/0/1 port link-type access port default vlan 10 # interface Cellular1/0/0 dialer enable-circular apn-profile 5gprofilea dialer timer autodial 10 modem auto-recovery dial action modem-reboot fail-times 128 modem auto-recovery icmp-unreachable action modem-reboot modem auto-recovery services-unavailable action modem-reboot test-times 0 interval 3600 ip address negotiate # interface Cellular2/0/0 dialer enable-circular apn-profile 5gprofileb dialer timer autodial 10 modem auto-recovery dial action modem-reboot fail-times 128 modem auto-recovery icmp-unreachable action modem-reboot modem auto-recovery services-unavailable action modem-reboot test-times 0 interval 3600 ip address negotiate # interface Tunnel0/0/1 ip address 10.3.1.1 255.255.255.0 tunnel-protocol gre source Cellular1/0/0 destination 2.2.2.2 # interface Tunnel0/0/2 ip address 10.4.1.1 255.255.255.0 tunnel-protocol gre source Cellular2/0/0 destination 2.2.2.2 # apn profile 5gprofilea apn 5gneta apn profile 5gprofileb apn 5gnetb # bfd aa bind peer-ip 10.3.1.2 source-ip 10.3.1.1 discriminator local 10 discriminator remote 20 commit # ip route-static 2.2.2.2 255.255.255.255 Cellular1/0/0 ip route-static 2.2.2.2 255.255.255.255 Cellular2/0/0 preference 70 ip route-static 10.2.1.0 255.255.255.0 Tunnel0/0/1 track bfd-session aa ip route-static 10.2.1.0 255.255.255.0 Tunnel0/0/2 preference 70 # return
AR2配置文件
# sysname AR2 # vlan batch 20 # dhcp enable # bfd # interface Vlanif20 ip address 10.2.1.1 255.255.255.0 dhcp select interface tcp adjust-mss 1200 # interface GigabitEthernet0/0/1 port link-type access port default vlan 20 # interface GigabitEthernet0/0/9 ip address 2.2.2.2 255.255.255.0 # interface Tunnel0/0/1 ip address 10.3.1.2 255.255.255.0 tunnel-protocol gre source GigabitEthernet0/0/9 destination 1.1.1.1 # interface Tunnel0/0/2 ip address 10.4.1.2 255.255.255.0 tunnel-protocol gre source GigabitEthernet0/0/9 destination 3.3.3.3 # bfd bb bind peer-ip 10.3.1.1 source-ip 10.3.1.2 discriminator local 20 discriminator remote 10 commit # ip route-static 0.0.0.0 0.0.0.0 2.2.2.1 ip route-static 10.1.1.0 255.255.255.0 Tunnel0/0/1 track bfd-session bb ip route-static 10.1.1.0 255.255.255.0 Tunnel0/0/2 preference 70 # return
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/8758.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
官码2024000195号
萌ICP备20248119号
