設定使用纜線的GRE通道
簡介
本文包含有線環境中的通用路由封裝(GRE)的說明、設定和驗證。GRE是由Cisco開發的一種通道通訊協定,可將各種通訊協定封包型別封裝到IP通道中。
開始之前
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
必要條件
本文件沒有特定先決條件。
採用元件
本檔案中的資訊是根據以下軟體和硬體版本。
-
執行Cisco IOS®軟體版本12.1(5)T4的纜線資料機uBR924
註:雖然可以在其他Cisco纜線資料機平台(例如使用不同Cisco IOS版本的uBR904上)中設定GRE通道,但是在Cisco IOS 12.1(5)T4 for uBR920和從Cisco IOS 12.1(3)for uBR910上對此功能的正式支援是相同的。
| 纜線資料機平台 | Cisco IOS軟體版本 |
|---|---|
| uBR920 | 12.1(5)T4 |
| uBR910 | 自12.1(3)及更高版本 |
若要執行此組態,您需要在兩個纜線資料機之間具有IP連線。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您在即時網路中工作,請確保在使用任何命令之前瞭解其潛在影響。
背景理論
通道提供了一種在傳輸通訊協定中封裝外來通訊協定封包的方法。通道是作為虛擬介面實作,以提供簡單的介面來進行組態。通道介面並不與特定乘客或傳輸通訊協定掛鉤,但此架構的目的是提供實作任何標準點對點封裝方案所需的服務。隧道是點對點鏈路,您必須為每個鏈路配置單獨的隧道。
GRE通過IP網際網路建立到遠端點的Cisco路由器的虛擬點對點鏈路。通過在單協定主幹環境中連線多協定子網,使用GRE的IP隧道允許在單協定主幹環境中擴展網路。纜線資料機終端系統(CMTS)是與有線電纜資料服務介面規範(DOCSIS)相容的任何頭端纜線路由器,例如思科uBR7246、uBR7223或uBR7246VXR。
設定
本節提供用於設定本文件中所述功能的資訊。
網路圖表
本文檔使用下圖所示的網路設定。
此安裝程式在兩個纜線資料機uBR924-ddd5和uBR924-b5db之間建立隧道。以下範例使用兩個uBR924s和一個uBR7246VXR。對於此設定,纜線資料機的名稱是ubr924-ddd5和ubr924-b5db,並且它們使用Cisco IOS版本12.1(5)T4。在全域性配置模式下通過發出interface tunnel 0命令動態建立通道介面。
註:只要兩個纜線資料機之間存在IP連線,uBR900纜線資料機不必連線到同一個uBR7200 CMTS或同一個服務供應商的網路上。
組態
本文檔使用如下所示的配置。
注意:粗體文本指的是GRE相關的命令。註釋為藍色,請參考上行。
| ubr924-ddd5 |
|---|
version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ubr924-ddd5 ! logging rate-limit console 10 except errors ! clock timezone - -80 ip subnet-zero no ip finger ! call rsvp-sync ! ! ! ! ! ! ! ! ! ! interface Tunnel0 !--- Tunnel interface 0. ip address 192.168.20.1 255.255.255.0 !--- IP address of the GRE tunnel interface 0. tunnel source Ethernet0 !--- IP source of the tunnel. It is best to make this an !--- interface with a public, routable IP address so that !--- it is reachable from the other endpoint of the tunnel. tunnel destination 11.11.11.11 !--- IP destination of the tunnel. Make sure this is !--- reachable via the ping command !--- Otherwise, the tunnel will not be created properly. ! interface Ethernet0 ip address 9.9.9.9 255.255.255.0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. ! interface cable-modem0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. cable-modem downstream saved channel 525000000 40 1 cable-modem mac-timer t2 40000 no cable-modem compliant bridge ! router rip version 2 passive-interface Tunnel0 !--- This command is used to avoid recursive routing. network 10.0.0.0 network 9.0.0.0 no auto-summary ! ip default-gateway 10.1.4.1 ip classless no ip http server no ip http cable-monitor ! snmp-server packetsize 4096 snmp-server manager ! voice-port 0 input gain -2 ! voice-port 1 input gain -2 ! ! line con 0 transport input none line vty 0 4 login ! end ubr924-ddd5# |
| ubr924-b5db |
|---|
version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ubr924-b5db ! logging rate-limit console 10 except errors enable password ww ! clock timezone - -80 ip subnet-zero no ip finger ! mgcp call rsvp-sync ! ! ! ! ! ! ! ! ! ! interface Tunnel0 !--- Tunnel interface 0 ip address 192.168.20.2 255.255.255.0 !--- IP address of the gre tunnel interface 0 tunnel source Ethernet0 !--- IP source of the tunnel. It is best to make this an !--- interface with a public, routable IP address so that !--- it is reachable from the other endpoint of the tunnel. tunnel destination 9.9.9.9 !--- IP destination of the tunnel. Make sure this is !--- reachable via the ping command !--- Otherwise, the tunnel will not be created properly. ! interface Ethernet0 ip address 11.11.11.11 255.255.255.0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. ! no ip route-cache no ip mroute-cache ! interface cable-modem0 ip rip send version 2 !--- Send RIP version 2 packets. ip rip receive version 2 !--- Receive RIP version 2 packets. no ip route-cache no ip mroute-cache no cable-modem compliant bridge ! router rip version 2 passive-interface Tunnel0 !--- This command is used to avoid recursive routing. network 10.0.0.0 network 11.0.0.0 no auto-summary ! ip default-gateway 10.1.4.1 ip classless no ip http server no ip http cable-monitor ! snmp-server packetsize 4096 snmp-server manager ! voice-port 0 input gain -2 ! voice-port 1 input gain -2 ! ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 password ww login ! end ubr924-b5db# |
驗證
本節提供的資訊可用於確認您的組態是否正常運作。
輸出直譯器工具支援某些show命令,該工具允許您檢視show命令輸出的分析。
驗證CMTS(7246VXR)配置是否正確,以及纜線資料機是否聯機。CMTS的配置如下所示。
7246VXR#show run
Building configuration...
Current configuration : 4579 bytes
!
! Last configuration change at 13:22:17 PDT Mon Feb 26 2001
! NVRAM config last updated at 13:22:46 PDT Mon Feb 26 2001
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
service linenumber
service udp-small-servers max-servers no-limit
!
hostname 7246VXR
!
logging buffered 1000000 debugging
logging rate-limit console 10 except errors
enable password cable
!
cable qos profile 8
cable qos profile 10
cable qos profile 10 grant-size 1500
cable qos profile 12 guaranteed-upstream 100000
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
clock timezone PDT -8
clock summer-time PDT recurring
clock calendar-valid
ip subnet-zero
no ip finger
!
interface Ethernet2/0
ip address 172.16.30.4 255.255.255.192
no ip mroute-cache
half-duplex
!
interface Cable4/0
ip address 172.16.29.1 255.255.255.224 secondary
ip address 10.1.4.1 255.255.255.0
no keepalive
cable downstream rate-limit token-bucket shaping
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 555000000
cable upstream 0 frequency 40000000
cable upstream 0 power-level 0
no cable upstream 0 shutdown
cable upstream 1 shutdown
cable upstream 2 shutdown
cable upstream 3 shutdown
cable upstream 4 shutdown
cable upstream 5 shutdown
cable dhcp-giaddr policy
cable helper-address 172.16.30.2
!
interface Cable5/0
ip address 172.16.29.225 255.255.255.224 secondary
ip address 10.1.5.1 255.255.255.0
load-interval 30
no keepalive
cable downstream rate-limit token-bucket shaping
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 620000000
cable upstream 0 frequency 25008000
cable upstream 0 power-level 0
no cable upstream 0 shutdown
no cable upstream 1 shutdown
cable dhcp-giaddr policy
!
router eigrp 202
redistribute connected
redistribute static
network 10.0.0.0
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
router rip
version 2
redistribute connected
redistribute static
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip default-gateway 172.16.30.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.30.1
ip route 172.16.30.0 255.255.255.0 Ethernet2/0
ip http server
ip http authentication local
!
access-list 188 permit tcp any any eq www log
access-list 188 permit ip any any
route-map docsis permit 10
!
snmp-server engineID local 00000009020000E01ED77E40
snmp-server community public RO
snmp-server community private RW
line con 0
exec-timeout 0 0
transport input none
line aux 0
speed 19200
line vty 0 4
session-timeout 60
exec-timeout 0 0
!
ntp clock-period 17179973
end
7246VXR#show cable modem
Interface Prim Online Timing Rec QoS CPE IP address MAC address
Sid State Offset Power
Cable4/0/U0 69 online 2812 0.25 5 0 10.1.4.3 0002.1685.b5db
Cable4/0/U0 70 online 2288 0.00 5 0 10.1.4.6 0010.7bed.9b23
Cable4/0/U0 71 online 2289 0.50 5 0 10.1.4.2 0010.7bed.9b45
Cable4/0/U0 72 online 2812 0.00 5 0 10.1.4.4 0002.fdfa.0a63
Cable4/0/U0 73 online 2812 -0.75 5 0 10.1.4.5 0004.2752.ddd5
Cable4/0/U0 74 online 2813 0.25 5 0 10.1.4.7 0001.64ff.e47d
如果纜線資料機線上狀態未顯示online,請參閱疑難排解uBR纜線資料機無法連線文檔。
7246VXR#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.7.253 YES NVRAM up down
Ethernet2/0 172.16.30.4 YES manual up up
Ethernet2/1 unassigned YES NVRAM administratively down down
Ethernet2/2 unassigned YES NVRAM administratively down down
Ethernet2/3 unassigned YES NVRAM administratively down down
Cable3/0 10.1.3.1 YES manual up up
Cable4/0 10.1.4.1 YES manual up up
Cable5/0 10.1.5.1 YES manual up up
7246VXR#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.16.30.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.16.29.224/27 is directly connected, Cable5/0
C 172.16.29.0/27 is directly connected, Cable4/0
S 172.16.30.0/24 is directly connected, Ethernet2/0
C 172.16.30.0/26 is directly connected, Ethernet2/0
9.0.0.0/24 is subnetted, 1 subnets
R 9.9.9.0 [120/1] via 10.1.4.5, 00:00:09, Cable4/0
R 192.168.20.0/24 [120/1] via 10.1.4.5, 00:00:09, Cable4/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.3.0/24 is directly connected, Cable3/0
R 10.5.5.0/24 [120/1] via 10.1.4.4, 00:00:01, Cable4/0
R 10.0.0.0/8 [120/1] via 172.16.30.10, 00:00:24, Ethernet2/0
C 10.1.5.0/24 is directly connected, Cable5/0
C 10.1.4.0/24 is directly connected, Cable4/0
11.0.0.0/24 is subnetted, 1 subnets
R 11.11.11.0 [120/1] via 10.1.4.3, 00:00:15, Cable4/0
S* 0.0.0.0/0 is directly connected
從纜線資料機端,確認兩台裝置的sh版本,如下所示。
ubr924-ddd5#sh ver Cisco Internetwork Operating System Software IOS (tm) 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/pcgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 02-Feb-01 10:55 by ccai Image text-base: 0x800100A0, data-base: 0x806DB770 ROM: System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE (fc1) ROM: 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) ubr924-ddd5 uptime is 2 hours, 1 minute System returned to ROM by reload at 12:45:25 - Fri Feb 23 2001 System restarted at 12:46:07 - Fri Feb 23 2001 System image file is "flash:ubr920-k1v4y556i-mz.121-5.T4" cisco uBR920 CM (MPC850) processor (revision 4.d) with 15872K/1024K bytes of memory. Processor board ID FAA0444Q14Z Bridging software. 1 Ethernet/IEEE 802.3 interface(s) 1 Cable Modem network interface(s) 3968K bytes of processor board System flash (Read/Write) 1536K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 ubr924-b5db#show ver Cisco Internetwork Operating System Software IOS (tm) 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/pcgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 02-Feb-01 10:55 by ccai Image text-base: 0x800100A0, data-base: 0x806DB770 ROM: System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE (fc1) ROM: 920 Software (UBR920-K1V4Y556I-M), Version 12.1(5)T4, RELEASE SOFTWARE (fc1) ubr924-b5db uptime is 1 hour, 53 minutes System returned to ROM by reload at 12:55:34 - Fri Feb 23 2001 System restarted at 12:56:15 - Fri Feb 23 2001 System image file is "flash:ubr920-k1v4y556i-mz.121-5.T4" cisco uBR920 CM (MPC850) processor (revision 3.e) with 15872K/1024K bytes of memory. Processor board ID FAA0422Q04F Bridging software. 1 Ethernet/IEEE 802.3 interface(s) 1 Cable Modem network interface(s) 3968K bytes of processor board System flash (Read/Write) 1536K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102
只要存在以下情況,隧道就會顯示up/up:
-
它配置了有效的IP地址。
-
路由表中有一條路由通往通道目的地IP位址,而不是分配給通道遠端的IP位址。
無論是否能ping通目的地位址,情況都應該如此。錯誤的靜態路由或指向錯誤方向的預設路由將啟動隧道,但隧道無法工作。
驗證通道是否工作的第一步是驗證通道是否啟動。在兩條纜線資料機上發出show ip interface brief和show interface tunnel 0指令。命令輸出示例如下所示。
ubr924-ddd5#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 9.9.9.9 YES manual up up
Tunnel0 192.168.20.1 YES manual up up
cable-modem0 10.1.4.5 YES unset up up
ubr924-ddd5#show interface tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.20.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 9.9.9.9 (Ethernet0), destination 11.11.11.11
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled
Last input 00:15:25, output 00:14:27, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0, 2 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
146 packets input, 21024 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
172 packets output, 57392 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
ubr924-b5db#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 11.11.11.11 YES manual up up
Tunnel0 192.168.20.2 YES manual up up
cable-modem0 10.1.4.3 YES NVRAM up up
ubr924-b5db#show interface tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.20.2/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 11.11.11.11 (Ethernet0), destination 9.9.9.9
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled
Last input 00:16:42, output 00:17:40, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0, 5 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
118 packets input, 19144 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
164 packets output, 49624 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
驗證通道是否工作正常,以便ping通道目的地IP位址。這將僅檢驗IP連線,而不是隧道的實際功能。
From ubr924-ddd5 we ping 11.11.11.11 ubr924-ddd5#ping 11.11.11.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/17 ms ubr924-ddd5#
從ubr924-b5db ping目的地址9.9.9.9。
ubr924-b5db#ping 9.9.9.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms ubr924-b5db#
若要驗證通道是否運作,請發出show ip route x.x.x.x 命令,其中x.x.x.x 是指定給通道遠端的IP位址。在這種情況下,它將是遠端路由器的回圈位址。如果顯示的唯一路由是到隧道介面,對該地址執行ping將證明隧道正常工作。
如果有在網路中將路由通告回隧道段的IP編址方案,則通往隧道介面遠端的多條路由將會出現。如果是這種情況,很難驗證隧道是否正常工作。通常,在這種情況下,您不希望到隧道網路的路由重複。應採取措施,防止通過網路上的路由協定通告路由。如果通道用於傳輸來自IP的不同協定的流量,則應用相同的基本驗證方法。
From ubr924-ddd5 we get
ubr924-ddd5#show ip route 192.168.20.2
Routing entry for 192.168.20.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Tunnel0
Route metric is 0, traffic share count is 1
From ubr924-b5db we get
ubr924-b5db#show ip route 192.168.20.1
Routing entry for 192.168.20.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Tunnel0
Route metric is 0, traffic share count is 1
要驗證PC1可以訪問PC2,反之亦然,請在電纜數據機上執行擴展ping,同時從PC執行ping。
對ubr924-b5db執行從乙太網介面(11.11.11.11)到ubr924-ddd5乙太網介面(9.9.9.9)的擴展ping。
ubr924-b5db#ping ip Target IP address: 9.9.9.9 !--- ubr924-ddd5 Ethernet's IP address. Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 11.11.11.11 !--- ubr924-b5db Ethernet's IP address. Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/28 ms ubr924-b5db#
執行相反操作,測試另一端的連通性。
ubr924-ddd5#ping ip Target IP address: 11.11.11.11 !--- ubr924-b5db Ethernet's IP address. Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 9.9.9.9 !--- ubr924-ddd5 Ethernet's IP address. Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms ubr924-ddd5#
最後的測試是從PC1 ping PC2,然後從PC2 ping PC1。
PC1的IP地址為9.9.9.1。
PC2的和IP地址為11.11.11.1。
從PC1 ping PC2。
從PC2 ping PC1。
疑難排解
目前尚無適用於此組態的具體疑難排解資訊。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
04-Oct-2005 |
初始版本 |
意見