前言
相比于OptionA和OptionB,Optionc方案中,ASBR上不保存VPNv4路由,相互之间也不通告VPNv4路由。
OptionC方案中不同As的PE之间建立Multhop方式的EBGP连接,交换VPNv4路由。针对不同方式实现PE之间路由互通,Optionc又可以分为两种方式:
方式一:由ASBR将去往其它AS中的PE路由通过BGP发送给本地PE设备。
方式二:由ASBR将去往其它AS中的PE路由引入IGP。
由于ASBR无VPNv4的路由,因此为了避免转发数据包时出现路由黑洞_PE设备必须将数据包引入隧道,使非PE设备不感知VPN的封装信息,因此OptionC的两种方式都需要ASBB之河发布带标签的路由,以构建AS之间的外层转发隧道:
实验拓扑:
IP地址,IGP协议,MPLS LDP配置。
RR1
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
P2
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.23.2 0.0.0.0
network 10.0.24.2 0.0.0.0
PE3
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.35.3 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
ASBR4
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.24.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.46.4 255.255.255.0
mpls
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.24.4 0.0.0.0
CE5
interface GigabitEthernet0/0/0
ip address 10.0.35.5 255.255.255.0
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
ASBR6
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.46.6 255.255.255.0
mpls
interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.67.6 0.0.0.0
P7
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.79.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 10.0.78.7 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 10.0.67.7 0.0.0.0
network 10.0.78.7 0.0.0.0
network 10.0.79.7 0.0.0.0
PE8
mpls lsr-id 8.8.8.8
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.78.8 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance A
ip address 10.0.81.8 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 10.0.78.8 0.0.0.0
RR9
mpls lsr-id 9.9.9.9
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.79.9 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 9.9.9.9 255.255.255.255
ospf 1 router-id 9.9.9.9
area 0.0.0.0
network 9.9.9.9 0.0.0.0
network 10.0.79.9 0.0.0.0
CE10
interface GigabitEthernet0/0/0
ip address 10.0.81.10 255.255.255.0
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
在PE、P、ASBR配置与RR之间的IBGP,并设置其为RR的反射客户体,配置CE邻居及宣告网段。
RR1
bgp 100
router-id 1.1.1.1
peer 2.2.2.2 as-number 100
peer 2.2.2.2 reflect-client
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 reflect-client
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 reflect-client
peer 4.4.4.4 connect-interface LoopBack0
ipv4-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
P2
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4
peer 1.1.1.1 enable
PE3
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 10.0.35.5 as-number 1
ipv4-family vpnv4
peer 1.1.1.1 enable
ASBR4
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
CE5
bgp 1
peer 10.0.35.3 as-number 100
network 5.5.5.5 255.255.255.255
ASBR6
bgp 200
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
ipv4-family vpnv4
peer 9.9.9.9 enable
P7
bgp 200
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
ipv4-family vpnv4
peer 9.9.9.9 enable
PE8
bgp 200
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
ipv4-family vpnv4
peer 9.9.9.9 enable
RR9
bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 reflect-client
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 reflect-client
peer 7.7.7.7 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 reflect-client
peer 8.8.8.8 connect-interface LoopBack0
ipv4-family vpnv4
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
CE10
bgp 2
peer 10.0.81.8 as-number 200
network 10.10.10.10 255.255.255.255
在ASBR1与ASBR2之间配置EBGP
ASBR4
bgp 100
peer 10.0.46.6 as-number 200
ASBR6
bgp 200
peer 10.0.46.4 as-number 100
PE配置VPN实例,接口绑定VPN,BGP通过VPN建立邻居。
PE3
ip vpn-instance A
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance A
ip address 10.0.35.3 255.255.255.0、
bgp100
ipv4-family vpn-instance A
peer 10.0.35.5 as-number 1
PE8
ip vpn-instance A
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance A
ip address 10.0.81.8 255.255.255.0
bgp200
ipv4-family vpn-instance A
peer 10.0.81.10 as-number 2
配置PE与RR,RR之间的MP-BGP
PE3
bgp100
ipv4-family vpnv4
peer 1.1.1.1 enable
RR1
bgp100
peer 9.9.9.9 as-number 200
peer 9.9.9.9 ebgp-max-hop 255
peer 9.9.9.9 connect-interface LoopBack0
ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 next-hop-invariable
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-invariable
PE8
bgp200
ipv4-family vpnv4
peer 9.9.9.9 enable
RR9
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 255
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-invariable
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 8.8.8.8 next-hop-invariable
peer ebgp-max-hop命令用来配置允许BGP同非直连网络上的对等体建立EBGP连接,并同时可以指定允许的最大跳数,BGP使用Loopback口建立EBGP邻居时,必须配置命令peer ebgp-max-hop(其中hop-count≥2),否则邻居无法建立。所以要对EBGP邻居使能peer ebgp-max-hop。
peer next-hop-invariable命令配置不同AS域的PE向EBGP对等体发布路由时不改变下一跳;向IBGP对等体发布引入的IGP路由时使用IGP路由的下一跳地址。在采用RR的跨域VPN OptionC方式组网中,需要在RR上执行peer next-hop-invariable命令,配置向EBGP对等体发布路由时不改变下一跳,保证对端PE可以在流量传输时迭代到通往本端PE的BGP LSP。
配置PE、RR、ASBR交换标签IPv4路由能力
PE3
bgp100
peer 1.1.1.1 label-route-capability
RR1
bgp100
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 label-route-capability
ASBR4
bgp100
peer 1.1.1.1 label-route-capability
peer 10.0.46.6 label-route-capability
ASBR6
bgp200
peer 9.9.9.9 label-route-capability
peer 10.0.46.4 label-route-capability
PE8
bgp200
peer 9.9.9.9 label-route-capability
RR9
bgp200
peer 6.6.6.6 label-route-capability
peer 8.8.8.8 label-route-capability
peer label-route-capability命令用来使能发送标签路由能力。
ASBR配置路由策略
route-policy A permit node 10
apply mpls-label
route-policy B permit node 10
if-match mpls-label
apply mpls-label
ASBR6
bgp200
peer 9.9.9.9 route-policy B export
peer 10.0.46.4 route-policy A export
network 8.8.8.8 255.255.255.255
network 9.9.9.9 255.255.255.255
interface GigabitEthernet0/0/0
mpls
ASBR4
bgp100
peer 1.1.1.1 route-policy B export
peer 10.0.46.6 route-policy A export
network 1.1.1.1 255.255.255.255
network 3.3.3.3 255.255.255.255
interface GigabitEthernet0/0/1
mpls
对向RR1发布的路由应用路由策略,对于向本AS内的RR发布的路由,如果是带标签的IPv4路由,为其分配新的MPLS标签。
对向ASBR发布的路由应用路由策略,对于从本AS内的RR接收的路由,在向对端AS的ASBR发布时,分配MPLS标签。
将PE和RR的Loopback地址发布给ASBR,进而发布给对端RR和PE,实现bgp之间的通信。
结果验证
成功通信。
检查配置结果
在bgp单播邻居中,我们可以将单播视图下对于对端RR的邻居给关闭,以免导致其他配置路由引入时导致路由环路。