华为运营商级路由器配置示例 | L3VdPdNdv4 over SRv6 TE Policy(静态配置)
2023-09-14 09:09:07 时间
组网需求
如图1所示:
- 路由器PE1、P和PE2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。
- PE1、P和PE2属于IS-IS进程1,都是Level-1设备。
要求在PE1和PE2之间建立双向SRv6 TE Policy,承载L3VPNv4业务。
图1 配置L3VPNv4 over SRv6 TE Policy组网图
配置思路
- 使能PE1、P和PE2各接口的IPv6转发能力,配置各接口的IPv6地址。
- 在PE1、P和PE2上使能IS-IS,配置Level级别,指定网络实体。
- 在PE1和PE2上配置VPN实例。
- 在PE和CE之间建立EBGP对等体关系。
- 在PE之间建立MP-IBGP对等体关系。
- 在PE1、P和PE2上配置SRv6 SID,配置IS-IS的SRv6能力。同时在PE1和PE2上配置VPN私网路由携带SID属性。
- 在PE1和PE2上配置SRv6 TE Policy。
- 在PE1和PE2上配置隧道策略,引入私网流量。
操作步骤
1.使能各接口的IPv6转发能力,配置各接口的IPv6地址
# 配置PE1。P和PE2的配置过程与PE1类似,不再赘述,详情可参考配置文件。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:DB8:10::1 96
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface LoopBack 1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 128
[*PE1-LoopBack1] quit
[*PE1] commit2.配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-1
[*P-isis-1] cost-style wide
[*P-isis-1] network-entity 10.0000.0000.0002.00
[*P-isis-1] ipv6 enable topology ipv6
[*P-isis-1] quit
[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] interface loopback1
[*P-LoopBack1] isis ipv6 enable 1
[*P-LoopBack1] commit
[~P-LoopBack1] quit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] commit
[~PE2-LoopBack1] quit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0002* GE1/0/0 0000.0000.0002.01 Up 8s L1 64
Total Peer(s): 1# 显示IS-IS路由表信息。以PE1为例。
[~PE1] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags
--------------------------------------------------------------------------------
2001:DB8:1::1/128 Loop1 Direct 0 D/-/L/-
2001:DB8:2::2/128 GE1/0/0 FE80::3A92:6CFF:FE21:10 10 A/-/-/-
2001:DB8:3::3/128 GE1/0/0 FE80::3A92:6CFF:FE21:10 20 A/-/-/-
2001:DB8:10::/96 GE1/0/0 Direct 10 D/-/L/-
2001:DB8:20::/96 GE1/0/0 FE80::3A92:6CFF:FE21:10 20 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, LP-Local Prefix-Sid
Protect Type: L-Link Protect, N-Node Protect3.在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit# 按图1配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
4.在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.11.11.11 32
[*CE1-LoopBack1] quit
[*CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.1 as-number 100
[*CE1-bgp] network 11.11.11.11 32
[*CE1-bgp] quit
[*CE1] commit# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.2 as-number 65410
[*PE1-bgp-vpna] import-route direct
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit# 配置CE2。
[~CE2] interface loopback 1
[*CE2-LoopBack1] ip address 22.22.22.22 32
[*CE2-LoopBack1] quit
[*CE2] bgp 65420
[*CE2-bgp] peer 10.2.1.1 as-number 100
[*CE2-bgp] network 22.22.22.22 32
[*CE2-bgp] quit
[*CE2] commit# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] router-id 2.2.2.2
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] peer 10.2.1.2 as-number 65420
[*PE2-bgp-vpna] import-route direct
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.1
Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 11 9 0 00:06:37 Established 15.在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 2001:DB8:3::3 as-number 100
[*PE1-bgp] peer 2001:DB8:3::3 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2001:DB8:3::3 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 2001:DB8:1::1 as-number 100
[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 2001:DB8:1::1 enable
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
以PE1显示为例:
[~PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001:DB8:3::3 4 100 216 220 0 03:03:35 Established 2
Peer of IPv4-family for vpn instance :
VPN-Instance vpna, Router ID 1.1.1.1:
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 216 217 0 03:06:22 Established 16.配置SRv6 SID,同时在PE上配置VPN私网路由携带SID属性
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1
[*PE1-segment-routing-ipv6] locator as1 ipv6-prefix 2001:DB8:100:: 64 static 32
[*PE1-segment-routing-ipv6-locator] opcode ::111 end psp
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2001:DB8:3::3 prefix-sid
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] segment-routing ipv6 traffic-engineer best-effort
[*PE1-bgp-vpna] segment-routing ipv6 locator as1
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit
[~PE1] isis 1
[~PE1-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*PE1-isis-1] commit
[~PE1-isis-1] quit# 配置P。
[~P] segment-routing ipv6
[*P-segment-routing-ipv6] encapsulation source-address 2001:DB8:2::2
[*P-segment-routing-ipv6] locator as1 ipv6-prefix 2001:DB8:200:: 64 static 32
[*P-segment-routing-ipv6-locator] opcode ::222 end psp
[*P-segment-routing-ipv6-locator] quit
[*P-segment-routing-ipv6] quit
[*P] isis 1
[*P-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*P-isis-1] commit
[~P-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:3::3
[*PE2-segment-routing-ipv6] locator as1 ipv6-prefix 2001:DB8:300:: 64 static 32
[*PE2-segment-routing-ipv6-locator] opcode ::333 end psp
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] bgp 100
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 2001:DB8:1::1 prefix-sid
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] segment-routing ipv6 traffic-engineer best-effort
[*PE2-bgp-vpna] segment-routing ipv6 locator as1
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit
[~PE2] isis 1
[~PE2-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*PE2-isis-1] commit
[~PE2-isis-1] quit执行命令display segment-routing ipv6 local-sid end forwarding查看SRv6的Local SID表信息。
[~PE1] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:100::111/128 FuncType : End
Flavor : PSP
LocatorName : as1 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:46:05.713
Total SID(s): 1
[~PE2] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:300::333/128 FuncType : End
Flavor : PSP
LocatorName : as1 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:47:26.426
Total SID(s): 1
[~P] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:200::222/128 FuncType : End
Flavor : PSP
LocatorName : as1 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:49:44.292
Total SID(s): 17.配置SRv6 TE Policy
# 配置PE1。
[~PE1] segment-routing ipv6
[~PE1-segment-routing-ipv6] segment-list list1
[*PE1-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:200::222
[*PE1-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:300::333
[*PE1-segment-routing-ipv6-segment-list-list1] commit
[~PE1-segment-routing-ipv6-segment-list-list1] quit
[~PE1-segment-routing-ipv6] srv6-te-policy locator as1
[*PE1-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:3::3 color 101
[*PE1-segment-routing-ipv6-policy-policy1] binding-sid 2001:DB8:100::100
[*PE1-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE1-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE1-segment-routing-ipv6-policy-policy1-path] commit
[~PE1-segment-routing-ipv6-policy-policy1-path] quit
[~PE1-segment-routing-ipv6-policy-policy1] quit
[~PE1-segment-routing-ipv6] quit# 配置PE2。
[~PE2] segment-routing ipv6
[~PE2-segment-routing-ipv6] segment-list list1
[*PE2-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:200::222
[*PE2-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:100::111
[*PE2-segment-routing-ipv6-segment-list-list1] commit
[~PE2-segment-routing-ipv6-segment-list-list1] quit
[~PE2-segment-routing-ipv6] srv6-te-policy locator as1
[*PE2-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:1::1 color 101
[*PE2-segment-routing-ipv6-policy-policy1] binding-sid 2001:DB8:300::300
[*PE2-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE2-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE2-segment-routing-ipv6-policy-policy1-path] commit
[~PE2-segment-routing-ipv6-policy-policy1-path] quit
[~PE2-segment-routing-ipv6-policy-policy1] quit
[~PE2-segment-routing-ipv6] quit配置完成后,执行命令display srv6-te policy查看SRv6 TE Policy信息。
以PE1的显示为例:
[~PE1] display srv6-te policy
PolicyName : policy1
Color : 101 Endpoint : 2001:DB8:3::3
TunnelId : 1 Binding SID : 2001:DB8:100::100
TunnelType : SRv6-TE Policy DelayTimerRemain : -
Policy State : Up State Change Time : 2019-02-17 11:45:30
Admin State : Up Traffic Statistics : Disable
Backup Hot-Standby : Disable BFD : Disable
Interface Index : - Interface Name : -
Interface State : - Encapsulation Mode : Insert
Candidate-path Count : 1
Candidate-path Preference : 100
Path State : Active Path Type : Primary
Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0
Discriminator : 100 Binding SID : 2001:DB8:100::100
GroupId : 1 Policy Name : policy1
Template ID : 0 Path Verification : Disable
DelayTimerRemain : - Segment-List Count : 1
Segment-List : list1
Segment-List ID : 1 XcIndex : 1
List State : Up DelayTimerRemain : -
Verification State : - SuppressTimeRemain : -
PMTU : 9600 Active PMTU : 9600
Weight : 1 BFD State : -
SID :
2001:DB8:200::222
2001:DB8:300::3338.配置隧道策略,引入私网流量
# 配置PE1。
[~PE1] route-policy p1 permit node 10
[*PE1-route-policy] apply extcommunity color 0:101
[*PE1-route-policy] quit
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2001:DB8:3::3 route-policy p1 import
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] quit
[*PE1] tunnel-policy p1
[*PE1-tunnel-policy-p1] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE1-tunnel-policy-p1] quit
[*PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] tnl-policy p1
[*PE1-vpn-instance-vpna-af-ipv4] commit
[~PE1-vpn-instance-vpna-af-ipv4] quit
[~PE1-vpn-instance-vpna] quit# 配置PE2。
[~PE2] route-policy p1 permit node 10
[*PE2-route-policy] apply extcommunity color 0:101
[*PE2-route-policy] quit
[*PE2] bgp 100
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 2001:DB8:1::1 route-policy p1 import
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] quit
[*PE2] tunnel-policy p1
[*PE2-tunnel-policy-p1] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE2-tunnel-policy-p1] quit
[*PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] tnl-policy p1
[*PE2-vpn-instance-vpna-af-ipv4] commit
[~PE2-vpn-instance-vpna-af-ipv4] quit
[~PE2-vpn-instance-vpna] quit配置完成后,执行命令display ip routing-table vpn-instance vpna查看VPN实例路由表信息,可以看到私网路由已经成功迭代到SRv6 TE Policy。
以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.2.1.0/24 IBGP 255 0 RD 2001:DB8:3::3 policy1
11.11.11.11/32 EBGP 255 0 RD 10.1.1.2 GigabitEthernet2/0/0
22.22.22.22/32 IBGP 255 0 RD 2001:DB8:3::3 policy1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~PE1] display ip routing-table vpn-instance vpna 22.22.22.22 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1
Destination: 22.22.22.22/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 2001:DB8:3::3 Neighbour: 2001:DB8:3::3
State: Active Adv Relied Age: 00h03m15s
Tag: 0 Priority: low
Label: 3 QoSInfo: 0x0
IndirectID: 0x10000E0 Instance:
RelayNextHop: :: Interface: policy1
TunnelID: 0x000000003400000001 Flags: RD 9.检查配置结果
同一VPN的CE能够相互Ping通,例如:
[~CE1] ping -a 11.11.11.11 22.22.22.22
PING 22.22.22.22: 56 data bytes, press CTRL_C to break
Reply from 22.22.22.22: bytes=56 Sequence=1 ttl=253 time=7 ms
Reply from 22.22.22.22: bytes=56 Sequence=2 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=3 ttl=253 time=4 ms
Reply from 22.22.22.22: bytes=56 Sequence=4 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=5 ttl=253 time=5 ms
--- 22.22.22.22 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/7 ms
相关文章
- 配置静态路由,动态路由,默认路由模式_默认路由为网络和掩码
- Java 在IDEA社区版中配置Tomcat并使用
- 华为静态路由配置[通俗易懂]
- Spring boot串口通信,windows、linux,docker环境配置说明
- 【经验】SpringMVC配置映射非WebRoot目录文件位置的静态资源访问
- Ubuntu系统下静态DNS配置详解
- Linux基础:Linux 下的 httpd静态网页配置教程
- linux防墙iptables详细介绍、配置方法与案例
- Linux下配置静态路由(静态路由linux)
- MySQL Variables datetime_format 数据库 参数变量解释及正确配置使用
- Oracle静态监听端口配置实践(oracle配置静态监听)
- 如何在Linux上配置静态IP(linux配置静态的ip)
- 惠普服务器搭建Redis让您的业务获得极致性能(惠普服务器redis配置)
- MySQL中SSL的配置和使用方法(mysql 中ssl)
- Yii框架如何配置Redis缓存(yii redis 配置)
- VSFTPD配置(匿名——本地用户——虚拟用户)