跨域VPN(OptionC方案2)
文章目录
- 实验拓扑
- 实验要求
- OptionC方案2基本原理
- 实验步骤
- 实验配置
一、实验拓扑
二、实验要求
1.如图所示,某企业存在两个Site,计划采用MPLS VPN实现互联互通,但两个Site接入ISP的不同AS,故此需要采用跨域VPN实现互联。ISP经过考虑决定采用OptionC方案2实现客户的业务互联
2.完成AS100,AS200 IGP,MPLS LDP的配置
3.完成BGP IPv4单播邻居关系建立 AR5和AR9分别是AS100、AS200内的RR设备,PE设备、ASBR设备都需要与RR设备建立BGP IPv4单播邻居关系,ASBR之间也需要建立BGP IPv4邻居关系,且互联接口间需要开启MPLS
4.AR3与AR6建立EBGP IPv4邻居关系并将BGP与IBG做双向引入
5.所有BGP IPv4单播邻居关系之间都要使能标签IPv4路由交换功能
6.宣告PE与RR的路由进入BGP并分发标签并使能策略在向对端ASBR和本端RR传递路由时分配标签
7.完成VPNv4邻居关系建立 PE1 需要与PE2 建立VPNv4邻居关系
三、OptionC方案2基本原理
通过建立AS间BGP来传递PEloopback路由与标签,然后在引入到IGP
存在问题:
1.路由问题:AR2没有去往AR7的路由
2.标签问题:AR2上没有AR7的标签
处理方式
1.路由问题:通过AS域内建立IBGP邻居关系,在ASBR上BGP与IBG互相引入
2.标签问题:BGP IPv4单播邻居关系之间都要使能标签IPv4路由交换功能,ASBR配置路由策略出方向分配标签
优点
减轻ASBR的负担,不用传递VPNv4路由
缺点
配置复杂
四、实验步骤
1.配置CE与PE之间的路由协议(EBGP,ISIS,OSPF)
2.配置PE与RR反射器,ASBR与RR反射器的BGP IPv4邻居关系
3.配置两台ASBR之间的BGP IPv4邻居关系并对BGP与IGP做互相引入
4.所有BGP IPv4单播邻居关系之间都要使能标签IPv4路由交换功能
5.ASBR设备配置路由策略,BGP使能路由策略
6.PE1与PE2建立VPNv4邻居关系传递路由
五、实验配置
1.AS100,AS200 底层IBG配置省略
2.AS100,AS200 MPLS LDP配置省略
CE设备AR1配置
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.255
#
bgp 65001
peer 172.16.12.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 172.16.1.1 255.255.255.255
network 172.16.12.0 255.255.255.0
peer 172.16.12.2 enable
#
PE1设备AR2配置
#
mpls
lsp-trigger bgp-label-route
#
ip vpn-instance 1
ipv4-family
route-distinguisher 1:1
vpn-target 1:2 export-extcommunity
vpn-target 2:1 import-extcommunity
#
bgp 100
peer 10.5.5.5 as-number 100
peer 10.5.5.5 connect-interface LoopBack0
peer 10.7.7.7 as-number 200
peer 10.7.7.7 ebgp-max-hop 5
peer 10.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.5.5.5 enable
peer 10.5.5.5 label-route-capability
undo peer 10.7.7.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.7.7.7 enable
#
ipv4-family vpn-instance 1
peer 172.16.12.1 as-number 65001
#
5.RR设备AR5配置
#
mpls
lsp-trigger bgp-label-route
#
bgp 100
peer 10.2.2.2 as-number 100
peer 10.2.2.2 connect-interface LoopBack0
peer 10.3.3.3 as-number 100
peer 10.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.2.2.2 enable
peer 10.2.2.2 label-route-capability
peer 10.3.3.3 enable
peer 10.3.3.3 label-route-capability
#
ASBR1设备AR3配置
#
mpls
lsp-trigger bgp-label-route
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0000.0000.0003.00
import-route bgp
#
interface GigabitEthernet0/0/1
ip address 10.1.36.3 255.255.255.0
mpls
#
bgp 100
peer 10.1.36.6 as-number 200
peer 10.5.5.5 as-number 100
peer 10.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1
peer 10.1.36.6 enable
peer 10.1.36.6 route-policy lable1 export
peer 10.1.36.6 label-route-capability
peer 10.5.5.5 enable
peer 10.5.5.5 route-policy lable1 export
peer 10.5.5.5 label-route-capability
#
route-policy lable1 permit node 10
apply mpls-label
#
ASBR2设备AR6配置
#
mpls
lsp-trigger bgp-label-route
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0006.00
import-route bgp
#
interface GigabitEthernet0/0/0
ip address 10.1.36.6 255.255.255.0
mpls
#
bgp 200
peer 10.1.36.3 as-number 100
peer 10.9.9.9 as-number 200
peer 10.9.9.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1
peer 10.1.36.3 enable
peer 10.1.36.3 route-policy lable1 export
peer 10.1.36.3 label-route-capability
peer 10.9.9.9 enable
peer 10.9.9.9 route-policy lable1 export
peer 10.9.9.9 label-route-capability
#
route-policy lable1 permit node 10
apply mpls-label
#
RR设备AR9配置
#
mpls
lsp-trigger bgp-label-route
#
bgp 200
peer 10.6.6.6 as-number 200
peer 10.6.6.6 connect-interface LoopBack0
peer 10.7.7.7 as-number 200
peer 10.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.6.6.6 enable
peer 10.6.6.6 reflect-client
peer 10.6.6.6 label-route-capability
peer 10.7.7.7 enable
peer 10.7.7.7 reflect-client
peer 10.7.7.7 label-route-capability
#
PE2设备AR7配置
#
mpls
lsp-trigger bgp-label-route
#
ip vpn-instance 2
ipv4-family
route-distinguisher 2:2
vpn-target 2:1 export-extcommunity
vpn-target 1:2 import-extcommunity
#
bgp 200
peer 10.2.2.2 as-number 100
peer 10.2.2.2 ebgp-max-hop 5
peer 10.2.2.2 connect-interface LoopBack0
peer 10.9.9.9 as-number 200
peer 10.9.9.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.2.2.2 enable
peer 10.9.9.9 enable
peer 10.9.9.9 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 10.2.2.2 enable
#
ipv4-family vpn-instance 2
import-route ospf 2
#
3.可以查看到AR2设备具有去往AR7设备的路由
4.可以查看到AR2设备具有去往AR7设备的标签
5.查看PE2与PE7邻居关系
6.测试AR1访问AR10