文章目录
实验环境
拓扑
目的
此实验演示有RR的场景,通过RR之间建立BGP邻居的方式将各站点的路由通告给对方,最终实现CE之间的互访。
步骤
基础环境的配置
1)配置各设备接口IP地址。
2)完成各域内的OSPF邻居建立。
3)各PE创建VPN实例并绑定。
3)PE和CE建立OSPF邻居关系。
4)各域内开启MPLS和LDP。
5)各CE发布路由。
####控制层面的配置
1)PE和RR建立iBGP VPNv4邻居关系,RR关闭RT值检查,学习到CE端的客户路由。
2)ASBR(R3或R4)和RR之间建立IPv4单播iBGP邻居关系。
3)ASBR(R3和R4)之间建立IPv4单播eBGP邻居关系,并发布各RR的环回口地址。
4)RR之间使用对端的环回口地址建立VPNv4 eBGP多跳邻居关系,并关闭RR之间IPv4的邻居关系,否则可能产生路由动荡。
数据层面的配置
1)PE和RR、RR和ASBR、ASBR和ASBR之间需要增加BGP为IPv4单播提供标签分发的能力,是扩展BGP为IPv4单播路由提供标签分发的能力,为PE到PE之间建立一条完整的LSP。
2)ASBR之间开启MPLS
3)ASBR之间使用路由策略应用标签
4)ASBR针对RR使用路由策略应用标签
实验配置
基础环境的配置
Area100
R1
全局路由表中IP地址和OSPF配置
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.1.12.1 24
[R1-GigabitEthernet0/0/0]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 10.1.13.1 24
[R1-GigabitEthernet0/0/2]int loo0
[R1-LoopBack0]ip add 11.1.1.1 32
[R1-LoopBack0]q
[R1]ospf 1 router-id 11.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]q
[R1-ospf-1]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ospf enable 1 area 0
[R1-GigabitEthernet0/0/0]int g0/0/2
[R1-GigabitEthernet0/0/2]ospf enable 1 area 0
[R1-GigabitEthernet0/0/2]int loo0
[R1-LoopBack0]ospf enable 1 area 0
VPN实例和OSPF配置
[R1]ip vpn-instance test
[R1-vpn-instance-test]route-distinguisher 1:7
[R1-vpn-instance-test-af-ipv4]q
[R1-vpn-instance-test]vpn-target 100:100 import-extcommunity
[R1-vpn-instance-test]vpn-target 100:100 export-extcommunity
[R1]ospf 10 vpn-instance test
[R1-ospf-10]area 0
[R1-ospf-10-area-0.0.0.0]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip binding vpn-instance test
[R1-GigabitEthernet0/0/1]ip add 10.1.17.1 24
[R1-GigabitEthernet0/0/1]ospf enable 10 area 0
[R1-GigabitEthernet0/0/1]q
MPLS和LDP配置
[R1]mpls lsr-id 11.1.1.1
[R1]mpls
Info: Mpls starting, please wait... OK!
[R1-mpls]q
[R1]mpls ldp
[R1-mpls-ldp]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]mpls
[R1-GigabitEthernet0/0/0]mpls ldp
[R1-GigabitEthernet0/0/0]q
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]mpls
[R1-GigabitEthernet0/0/2]mpls ldp
[R1-GigabitEthernet0/0/2]q
R2
全局路由表中IP地址和OSPF配置
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.1.12.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 10.1.23.2 24
[R2-GigabitEthernet0/0/1]int loo0
[R2-LoopBack0]ip add 22.1.1.1 32
[R2-LoopBack0]q
[R2]ospf 1 router-id 22.1.1.1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]int g0/0/0
[R2-GigabitEthernet0/0/0]ospf en area 0
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ospf en area 0
[R2-GigabitEthernet0/0/1]int loo0
[R2-LoopBack0]ospf en area 0
MPLS和LDP配置
[R2]mpls lsr-id 22.1.1.1
[R2]mpls
Info: Mpls starting, please wait... OK!
[R2-mpls]q
[R2]mpls ldp
[R2-mpls-ldp]q
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]mpls
[R2-GigabitEthernet0/0/0]mpls ldp
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]mpls
[R2-GigabitEthernet0/0/1]mpls ldp
[R2-GigabitEthernet0/0/1]q
R3
全局路由表中IP地址和OSPF配置
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 10.1.23.3 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip add 10.1.13.3 24
[R3-GigabitEthernet0/0/2]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 10.1.34.3 24
[R3-GigabitEthernet0/0/0]int loo0
[R3-LoopBack0]ip add 33.1.1.1 32
[R3]ospf 1 router-id 33.1.1.1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]q
[R3-ospf-1]q
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ospf en 1 area 0
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ospf en 1 area 0
[R3-GigabitEthernet0/0/2]q
[R3]int loo0
[R3-LoopBack0]ospf en 1 area 0
MPLS和LDP配置
[R3]mpls lsr-id 33.1.1.1
[R3]mpls
Info: Mpls starting, please wait... OK!
[R3-mpls]q
[R3]mpls ldp
[R3-mpls-ldp]q
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]mpls
[R3-GigabitEthernet0/0/1]mpls ldp
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]mpls
[R3-GigabitEthernet0/0/2]mpls ldp
[R3-GigabitEthernet0/0/2]q
R7
全局路由表中IP地址和OSPF配置
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ip add 10.1.17.7 24
[R7-GigabitEthernet0/0/1]int loo0
[R7-LoopBack0]ip add 77.1.1.1 32
[R7-LoopBack0]q
[R7]ospf 10
[R7-ospf-10]area 0
[R7-ospf-10-area-0.0.0.0]q
[R7-ospf-10]q
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ospf en 10 area 0
[R7]int loo0
[R7-LoopBack0]ospf en 10 area 0
[R7-LoopBack0]q
Area200
R6
###全局路由表中IP地址和OSPF配置
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ip add 10.1.56.6 24
[R6-GigabitEthernet0/0/0]int g0/0/2
[R6-GigabitEthernet0/0/2]ip add 10.1.46.6 24
[R6-GigabitEthernet0/0/2]int loo0
[R6-LoopBack0]ip add 66.1.1.1 32
[R6-LoopBack0]q
[R6]ospf 1 router-id 66.1.1.1
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]q
[R6-ospf-1]q
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ospf en 1 area 0
[R6-GigabitEthernet0/0/0]int g0/0/2
[R6-GigabitEthernet0/0/2]ospf en 1 area 0
[R6-GigabitEthernet0/0/2]q
[R6]int loo0
[R6-LoopBack0]ospf en 1 area 0
###VPN实例和OSPF配置
[R6]ip vpn-instance test
[R6-vpn-instance-test]route-distinguisher 6:8
[R6-vpn-instance-test-af-ipv4]q
[R6-vpn-instance-test]vpn-target 100:100 im
[R6-vpn-instance-test]vpn-target 100:100 export-extcommunity
[R6-vpn-instance-test]q
[R6]ospf 10 vpn-instance test
[R6-ospf-10]area 0
[R6-ospf-10-area-0.0.0.0]q
[R6-ospf-10]q
[R6]int g0/0/1
[R6-GigabitEthernet0/0/1]ip binding vpn-instance test
[R6-GigabitEthernet0/0/1]ip add 10.1.68.6 24
[R6-GigabitEthernet0/0/1]ospf en 10 area 0
[R6-GigabitEthernet0/0/1]q
###MPLS和LDP配置
[R6]mpls lsr-id 66.1.1.1
[R6]mpls
Info: Mpls starting, please wait... OK!
[R6-mpls]q
[R6]mpls ldp
[R6-mpls-ldp]q
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]mpls
[R6-GigabitEthernet0/0/0]mpls ldp
[R6-GigabitEthernet0/0/0]int g0/0/2
[R6-GigabitEthernet0/0/2]mpls
[R6-GigabitEthernet0/0/2]mpls ldp
[R6-GigabitEthernet0/0/2]q
R5
###全局路由表中IP地址和OSPF配置
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 10.1.56.5 24
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]ip add 10.1.45.5 24
[R5-GigabitEthernet0/0/1]int loo0
[R5-LoopBack0]ip add 55.1.1.1 32
[R5-LoopBack0]q
[R5]ospf 1 router-id 55.1.1.1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]q
[R5-ospf-1]q
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]ospf en 1 area 0
[R5-GigabitEthernet0/0/1]int g0/0/0
[R5-GigabitEthernet0/0/0]ospf en 1 area 0
[R5-GigabitEthernet0/0/0]int loo0
[R5-LoopBack0]ospf en 1 area 0
[R5-LoopBack0]q
###MPLS和LDP配置
[R5]mpls lsr-id 55.1.1.1
[R5]mpls
Info: Mpls starting, please wait... OK!
[R5-mpls]q
[R5]mpls ldp
[R5-mpls-ldp]q
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]mpls
[R5-GigabitEthernet0/0/1]mpls ldp
[R5-GigabitEthernet0/0/1]int g0/0/0
[R5-GigabitEthernet0/0/0]mpls
[R5-GigabitEthernet0/0/0]mpls ldp
[R5-GigabitEthernet0/0/0]q
R4
###全局路由表中IP地址和OSPF配置
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 10.1.45.4 24
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip add 10.1.46.4 24
[R4-GigabitEthernet0/0/2]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 10.1.34.4 24
[R4-GigabitEthernet0/0/0]int loo0
[R4-LoopBack0]ip add 44.1.1.1 32
[R4-LoopBack0]q
[R4]ospf 1 router-id 44.1.1.1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]q
[R4-ospf-1]q
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]ospf en 1 area 0
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ospf en 1 area 0
[R4]int loo0
[R4-LoopBack0]ospf en 1 area 0
###MPLS和LDP配置
[R4]mpls lsr-id 44.1.1.1
[R4]mpls
Info: Mpls starting, please wait... OK!
[R4-mpls]q
[R4]mpls ldp
[R4-mpls-ldp]q
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]mpls
[R4-GigabitEthernet0/0/1]mpls ldp
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]mpls
[R4-GigabitEthernet0/0/2]mpls ldp
[R4-GigabitEthernet0/0/2]q
R8
###全局路由表中IP地址和OSPF配置
[R8]int g0/0/1
[R8-GigabitEthernet0/0/1]ip add 10.1.68.8 24
[R8-GigabitEthernet0/0/1]int loo0
[R8-LoopBack0]ip add 88.1.1.1 32
[R8-LoopBack0]q
[R8]ospf 10
[R8-ospf-10]area 0
[R8-ospf-10-area-0.0.0.0]q
[R8-ospf-10]q
[R8]int g0/0/1
[R8-GigabitEthernet0/0/1]ospf en 10 area 0
[R8-GigabitEthernet0/0/1]int loo0
[R8-LoopBack0]ospf en 10 area 0
[R8-LoopBack0]q
验证
<R1>dis ip rou vpn test
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: test
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.17.0/24 Direct 0 0 D 10.1.17.1 GigabitEthernet0/0/1
10.1.17.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.17.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
77.1.1.1/32 OSPF 10 1 D 10.1.17.7 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R1>dis ospf pe br
OSPF Process 1 with Router ID 11.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 22.1.1.1 Full
0.0.0.0 GigabitEthernet0/0/2 33.1.1.1 Full
----------------------------------------------------------------------------
OSPF Process 10 with Router ID 10.1.17.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.1.17.7 Full
----------------------------------------------------------------------------
<R1>dis mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
22.1.1.1:0 Operational DU Passive 0000:00:29 117/117
33.1.1.1:0 Operational DU Passive 0000:00:19 79/79
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
<R6>dis ip rou vpn test
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: test
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.68.0/24 Direct 0 0 D 10.1.68.6 GigabitEthernet0/0/1
10.1.68.6/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.68.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
88.1.1.1/32 OSPF 10 1 D 10.1.68.8 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R6>dis ospf pe b
OSPF Process 1 with Router ID 66.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 55.1.1.1 Full
0.0.0.0 GigabitEthernet0/0/2 44.1.1.1 Full
----------------------------------------------------------------------------
OSPF Process 10 with Router ID 10.1.68.6
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.1.68.8 Full
----------------------------------------------------------------------------
<R6>dis mpls ldp se
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
44.1.1.1:0 Operational DU Active 0000:00:05 21/21
55.1.1.1:0 Operational DU Active 0000:00:08 36/36
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
控制层面的配置
第一步:
PE和RR建立iBGP VPNv4邻居关系,RR关闭RT值检查,学习到CE端的客户路由。
配置
R1
[R1]bgp 100
[R1-bgp]router-id 11.1.1.1
[R1-bgp]peer 22.1.1.1 as 100
[R1-bgp]peer 22.1.1.1 connect-interface loo0
[R1-bgp]ipv4 vpnv4
[R1-bgp-af-vpnv4]peer 22.1.1.1 enable
[R1-bgp]ipv4 vpn-instance test ### 进入vpn实例引入OSPF
[R1-bgp-test]import-route ospf 10
[R1]ospf 10
[R1-ospf-10]import-route bgp ### 引入BGP
R2
[R2]bgp 100
[R2-bgp]router-id 22.1.1.1
[R2-bgp]peer 11.1.1.1 as 100
[R2-bgp]peer 11.1.1.1 connect-interface loo0
[R2-bgp]ipv4 vpnv4
[R2-bgp-af-vpnv4]peer 11.1.1.1 enable
[R2-bgp-af-vpnv4]undo policy vpn-target ### 关闭对RT值的检查。
R6
[R6]bgp 200
[R6-bgp]router-id 66.1.1.1
[R6-bgp]peer 55.1.1.1 as 200
[R6-bgp]peer 55.1.1.1 connect-interface loo0
[R6-bgp]ipv4 vpnv4
[R6-bgp-af-vpnv4]peer 55.1.1.1 enable
[R6-bgp]ipv4 vpn-instance test
[R6-bgp-test]import-route ospf 10
[R6]ospf 10
[R6-ospf-10]import-route bgp
R5
[R5]bgp 200
[R5-bgp]router-id 55.1.1.1
[R5-bgp]peer 66.1.1.1 as 200
[R5-bgp]peer 66.1.1.1 connect-interface loo0
[R5-bgp]ipv4 vpnv4
[R5-bgp-af-vpnv4]peer 66.1.1.1 enable
[R5-bgp-af-vpnv4]undo policy vpn-target
验证
<R2>dis bgp vpnv4 all routing-table
BGP Local router ID is 22.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 0 100 0 ?
*>i 77.1.1.1/32 11.1.1.1 2 100 0 ?
<R5>dis bgp vpnv4 all routing-table
BGP Local router ID is 55.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 66.1.1.1 0 100 0 ?
*>i 88.1.1.1/32 66.1.1.1 2 100 0 ?
第二步
ASBR(R3或R4)和RR之间建立IPv4单播iBGP邻居关系。
配置
R2
[R2]bgp 100
[R2-bgp]peer 33.1.1.1 as 100
[R2-bgp]peer 33.1.1.1 connect-interface loo0
R3
[R3]bgp 100
[R3-bgp]router-id 33.1.1.1
[R3-bgp]peer 22.1.1.1 as 100
[R3-bgp]peer 22.1.1.1 connect-interface loo0
[R3-bgp]peer 22.1.1.1 next-hop-local
R5
[R5]bgp 200
[R5-bgp]peer 44.1.1.1 as 200
[R5-bgp]peer 44.1.1.1 connect-interface loo0
R4
[R4]bgp 200
[R4-bgp]router-id 44.1.1.1
[R4-bgp]peer 55.1.1.1 as 200
[R4-bgp]peer 55.1.1.1 connect-interface loo0
[R4-bgp]peer 55.1.1.1 next-hop-local
验证
<R2>dis bgp peer
BGP local router ID : 22.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
11.1.1.1 4 100 25 23 0 00:21:38 Established 0
33.1.1.1 4 100 3 4 0 00:01:47 Established 0
<R5>dis bgp peer
BGP local router ID : 55.1.1.1
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
44.1.1.1 4 200 2 3 0 00:00:12 Established 0
66.1.1.1 4 200 20 18 0 00:16:19 Established 0
第三步
ASBR(R3和R4)之间建立IPv4单播eBGP邻居关系,并发布各RR的环回口地址。之所以在ASBR上发布RR的地址是因为如果在RR上发布,ASBR会认为其是不优选的,而由于路由优先级的缘故,RR学习到ASBR通告的自己的地址也不会造成其他影响。
配置
R3
[R3]bgp 100
[R3-bgp]network 22.1.1.1 32
[R3-bgp]peer 10.1.34.4 as 200
R4
[R4]bgp 200
[R4-bgp]network 55.1.1.1 32
[R4-bgp]peer 10.1.34.3 as 100
验证
<R3>dis bgp peer
BGP local router ID : 33.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.34.4 4 200 2 3 0 00:00:15 Established 0
<R4>dis bgp peer
BGP local router ID : 44.1.1.1
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.34.3 4 100 2 2 0 00:00:05 Established 0
第四步
RR之间使用对端的环回口地址建立VPNv4 eBGP多跳邻居关系,并关闭RR之间IPv4的邻居关系,否则可能产生路由动荡。
配置
R2
[R2]bgp 100
[R2-bgp]peer 55.1.1.1 as 200
[R2-bgp]peer 55.1.1.1 connect-interface loo0
[R2-bgp]peer 55.1.1.1 ebgp-max-hop 255 ### eBGP多跳
[R2-bgp]ipv4 unicast
[R2-bgp-af-ipv4]undo peer 55.1.1.1 enable ### 关闭ipv4单播邻居
[R2-bgp-af-ipv4]q
[R2-bgp]ipv4 vpnv4
[R2-bgp-af-vpnv4]peer 55.1.1.1 enable ### 建立VPNv4邻居
[R2-bgp-af-vpnv4]q
R5
[R5]bgp 200
[R5-bgp]peer 22.1.1.1 as 100
[R5-bgp]peer 22.1.1.1 connect-interface loo0
[R5-bgp]peer 22.1.1.1 ebgp-max-hop 255
[R5-bgp]ipv4 unicast
[R5-bgp-af-ipv4]undo peer 22.1.1.1 enable
[R5-bgp-af-ipv4]q
[R5-bgp]ipv4 vpnv4
[R5-bgp-af-vpnv4]peer 22.1.1.1 enable
验证
<R1>dis bgp vpnv4 all peer
BGP local router ID : 11.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
22.1.1.1 4 100 45 45 0 00:37:58 Established 2
<R1>dis bgp vpnv4 all routing-table
BGP Local router ID is 11.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
VPN-Instance test, Router ID 11.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
<R5>dis bgp vpnv4 all peer
BGP local router ID : 55.1.1.1
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
22.1.1.1 4 100 4 4 0 00:00:12 Established 2
66.1.1.1 4 200 39 39 0 00:31:48 Established 2
<R5>dis bgp vpnv4 all routing-table
BGP Local router ID is 55.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 22.1.1.1 0 100?
*> 77.1.1.1/32 22.1.1.1 0 100?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 66.1.1.1 0 100 0 ?
*>i 88.1.1.1/32 66.1.1.1 2 100 0 ?
<R7>dis ip routing-table protocol o
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.68.0/24 O_ASE 150 1 D 10.1.17.1 GigabitEthernet0/0/1
88.1.1.1/32 OSPF 10 2 D 10.1.17.1 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
<R8>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.17.0/24 O_ASE 150 1 D 10.1.68.6 GigabitEthernet0/0/1
77.1.1.1/32 OSPF 10 2 D 10.1.68.6 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
注:此时还不能够通信因为数据层面的标签还没完善
数据层面的配置
第一步:
PE和RR、RR和ASBR、ASBR和ASBR之间需要增加BGP为IPv4单播提供标签分发的能力,是扩展BGP为IPv4单播路由提供标签分发的能力,为PE到PE之间建立一条完整的LSP。
配置
R1
[R1]bgp 100
[R1-bgp]ipv4 unicast
[R1-bgp-af-ipv4]peer 22.1.1.1 label-route-capability
R2
[R2]bgp 100
[R2-bgp]ipv4 unicast
[R2-bgp-af-ipv4]peer 11.1.1.1 label-route-capability
[R2-bgp-af-ipv4]peer 33.1.1.1 label-route-capability
R3
[R3]bgp 100
[R3-bgp]ipv4 unicast
[R3-bgp-af-ipv4]peer 22.1.1.1 label-route-capability
[R3-bgp-af-ipv4]peer 10.1.34.4 label-route-capability
R4
[R4]bgp 200
[R4-bgp]ipv4 unicast
[R4-bgp-af-ipv4]peer 10.1.34.3 label-route-capability
[R4-bgp-af-ipv4]peer 55.1.1.1 label-route-capability
R5
[R5]bgp 200
[R5-bgp]ipv4 unicast
[R5-bgp-af-ipv4]peer 44.1.1.1 label-route-capability
[R5-bgp-af-ipv4]peer 66.1.1.1 label-route-capability
R6
[R6]bgp 200
[R6-bgp]ipv4 unicast
[R6-bgp-af-ipv4]peer 55.1.1.1 label-route-capability
验证
<R2>display bgp peer verbose | include Label
Address family IPv4 Unicast Label: advertised and received
Address family IPv4 Unicast Label: advertised and received
第二步:
ASBR之间开启MPLS
配置
R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]mpls
R4
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]mpls
第三步:
ASBR之间使用路由策略应用标签
配置
R3
[R3]route-policy ASBR permit node 10
Info: New Sequence of this List.
[R3-route-policy]apply mpls-label
[R3-route-policy]q
[R3]bgp 100
[R3-bgp]ipv4 unicast
[R3-bgp-af-ipv4]peer 10.1.34.4 route-policy ASBR export
R4
[R4]route-policy ASBR permit node 10
Info: New Sequence of this List.
[R4-route-policy]apply mpls-label
[R4-route-policy]q
[R4]bgp 200
[R4-bgp]ipv4 unicast
[R4-bgp-af-ipv4]peer 10.1.34.3 route-policy ASBR export
第四步:
ASBR针对RR使用路由策略应用标签
配置
R3
[R3]route-policy RR permit node 10
Info: New Sequence of this List.
[R3-route-policy]if-match mpls-label
[R3-route-policy]apply mpls-label
[R3-route-policy]q
[R3]bgp 100
[R3-bgp]ipv4 unicast
[R3-bgp-af-ipv4]peer 22.1.1.1 route-policy RR export
R4
[R4]route-policy RR permit node 10
Info: New Sequence of this List.
[R4-route-policy]if-match mpls-label
[R4-route-policy]apply mpls-label
[R4-route-policy]q
[R4]bgp 200
[R4-bgp]ipv4 unicast
[R4-bgp-af-ipv4]peer 55.1.1.1 route-policy RR export
验证
RR的标签表
[R2]dis mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 NULL/1027 -/-
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.17.0/24 1042/1032 -/- ASBR LSP
77.1.1.1/32 1043/1033 -/- ASBR LSP
88.1.1.1/32 1046/1040 -/- ASBR LSP
10.1.68.0/24 1047/1039 -/- ASBR LSP
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
11.1.1.1/32 NULL/3 -/GE0/0/0
11.1.1.1/32 1024/3 -/GE0/0/0
22.1.1.1/32 3/NULL -/-
33.1.1.1/32 NULL/3 -/GE0/0/1
33.1.1.1/32 1025/3 -/GE0/0/1
PE的BGP VPNv4路由表
<R1>dis bgp vpnv4 all routing-table
BGP Local router ID is 11.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
VPN-Instance test, Router ID 11.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
RR的BGP VPNv4路由表
<R2>dis bgp vpnv4 all routing-table
BGP Local router ID is 22.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 0 100 0 ?
*>i 77.1.1.1/32 11.1.1.1 2 100 0 ?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.68.0/24 55.1.1.1 0 200?
*> 88.1.1.1/32 55.1.1.1 0 200?
ASBR的路由表
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.12.0/24 OSPF 10 2 D 10.1.23.2 GigabitEthernet0/0/1
OSPF 10 2 D 10.1.13.1 GigabitEthernet0/0/2
10.1.13.0/24 Direct 0 0 D 10.1.13.3 GigabitEthernet0/0/2
10.1.13.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.1.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.1.23.0/24 Direct 0 0 D 10.1.23.3 GigabitEthernet0/0/1
10.1.23.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.34.0/24 Direct 0 0 D 10.1.34.3 GigabitEthernet0/0/0
10.1.34.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
11.1.1.1/32 OSPF 10 1 D 10.1.13.1 GigabitEthernet0/0/2
22.1.1.1/32 OSPF 10 1 D 10.1.23.2 GigabitEthernet0/0/1
33.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
55.1.1.1/32 EBGP 255 1 RD 10.1.34.4 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
标签
<R1>dis bgp vpnv4 all routing-table label
BGP Local router ID is 11.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop In/Out Label
*> 10.1.17.0 10.1.17.1 1032/NULL
*> 77.1.1.1 10.1.17.7 1033/NULL
Route Distinguisher: 6:8
Network NextHop In/Out Label
*>i 10.1.68.0 22.1.1.1 NULL/1047
*>i 88.1.1.1 22.1.1.1 NULL/1046
VPN-Instance test, Router ID 11.1.1.1:
Total Number of Routes: 2
Network NextHop In/Out Label
*>i 10.1.68.0 22.1.1.1 NULL/1047
*>i 88.1.1.1 22.1.1.1 NULL/1046
<R1>dis mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.17.0/24 1032/NULL -/- test
77.1.1.1/32 1033/NULL -/- test
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
11.1.1.1/32 3/NULL -/-
22.1.1.1/32 NULL/3 -/GE0/0/0
22.1.1.1/32 1026/3 -/GE0/0/0
33.1.1.1/32 NULL/3 -/GE0/0/2
33.1.1.1/32 1027/3 -/GE0/0/2
<R2>dis mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 NULL/1027 -/-
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.17.0/24 1042/1032 -/- ASBR LSP
77.1.1.1/32 1043/1033 -/- ASBR LSP
88.1.1.1/32 1046/1040 -/- ASBR LSP
10.1.68.0/24 1047/1039 -/- ASBR LSP
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
11.1.1.1/32 NULL/3 -/GE0/0/0
11.1.1.1/32 1024/3 -/GE0/0/0
22.1.1.1/32 3/NULL -/-
33.1.1.1/32 NULL/3 -/GE0/0/1
33.1.1.1/32 1025/3 -/GE0/0/1
<R3>dis mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
22.1.1.1/32 1026/NULL -/-
55.1.1.1/32 1027/1028 -/-
55.1.1.1/32 NULL/1028 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
22.1.1.1/32 NULL/3 -/GE0/0/1
22.1.1.1/32 1024/3 -/GE0/0/1
33.1.1.1/32 3/NULL -/-
11.1.1.1/32 NULL/3 -/GE0/0/2
11.1.1.1/32 1025/3 -/GE0/0/2
tracert
RR没有回包的原因是没有VPN实例,也就是说因为此时还是只有VPNv4的标签且RR的全局路由表中并没有客户路由,所以不会回包,而ASBR回回报是因为此时用的已经是BGP LSP了,不需要关心有没有客户路由。
<R7>tracert -a 77.1.1.1 88.1.1.1
traceroute to 88.1.1.1(88.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.17.1 30 ms 10 ms 10 ms
2 * * *
3 10.1.23.3 90 ms 40 ms 30 ms
4 10.1.34.4 50 ms 40 ms 40 ms
5 * * *
6 10.1.68.6 40 ms 40 ms 50 ms
7 10.1.68.8 60 ms 50 ms 40 ms
ping
<R7>ping -a 77.1.1.1 88.1.1.1
PING 88.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 88.1.1.1: bytes=56 Sequence=1 ttl=249 time=60 ms
Reply from 88.1.1.1: bytes=56 Sequence=2 ttl=249 time=40 ms
Reply from 88.1.1.1: bytes=56 Sequence=3 ttl=249 time=40 ms
Reply from 88.1.1.1: bytes=56 Sequence=4 ttl=249 time=50 ms
Reply from 88.1.1.1: bytes=56 Sequence=5 ttl=249 time=50 ms
--- 88.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
数据层面分析
此时R8去往R7的标签转发情况:
1)R8的88.1.1.1去往R7的77.1.1.1的下一跳是R6且是IP转发
2)R6去往77.1.1.1的下一跳是R5,VPNv4标签转发
3)当数据包到达R5后,R5去往77.1.1.1的下一跳是22.1.1.1,查看22.1.1.1的LSP,可以发现是通过BGP生成的出标签1029,下一跳是R4
4)R4收到数据包后,查看去往22.1.1.1的LSP,出标签是1026,下一跳是R3,但是能发现R5将里层的VPNv4标签改成了1042,这里我也没有理解,但不影响最终结果
5)此时数据包到达AS100的ASBR R3上,R3根据22.1.1.1的LSP发现出标签是空,则会将标签弹出,下一跳是R2
6)数据包到达R2上,这个时候只剩下VPNv4标签了,查找VPNv4的标签表,得知
7)R1收到1032的标签后就会拆除标签了,最后IP转发,所以中间转发时它的标签切换了,我也不知道是什么原因
问题:为什么中间VPNv4的标签切换了,从目标地址77.1.1.1切换成了10.1.17.0,在R5上被切换了
小结
到这里基础的Option C方案一已经完成了,但现在的做法是有不足的。由于现在的做法是通过RR建立VPNv4的邻居关系,PE之间学习到的客户路由都是需要通过RR的,这是我们不想看到的,可以通过在RR上让BGP学来的路由下一跳不变优化,在下面演示。
配置优化(不改变下一跳的情况)
在RR上对对端RR和本端PE的VPNv4邻居执行下一跳不变命令,然后需要在ASBR上发布本区域内PE的环回口地址,还需要在RR上打破iBGP防环
R2
[R2]bgp 100
[R2-bgp]ipv4 vpnv4
[R2-bgp-af-vpnv4]peer 11.1.1.1 next-hop-invariable
[R2-bgp-af-vpnv4]peer 55.1.1.1 next-hop-invariable
[R2-bgp-af-vpnv4]q
[R2-bgp]peer 11.1.1.1 reflect-client
R5
[R5]bgp 200
[R5-bgp]ipv4 vpnv4
[R5-bgp-af-vpnv4]peer 22.1.1.1 next-hop-invariable
[R5-bgp-af-vpnv4]peer 66.1.1.1 next-hop-invariable
[R5-bgp-af-vpnv4]q
[R5-bgp]peer 66.1.1.1 reflect-client
R3
[R3]bgp 100
[R3-bgp]network 11.1.1.1 32
[R4]bgp 200
[R4-bgp]network 66.1.1.1 32
验证
R1
<R1>dis bgp routing-table
BGP Local router ID is 11.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 55.1.1.1/32 33.1.1.1 1 100 0 200i
*>i 66.1.1.1/32 33.1.1.1 1 100 0 200i
<R1>dis bgp vpnv4 all routing-table
BGP Local router ID is 11.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 66.1.1.1 100 0 200?
*>i 88.1.1.1/32 66.1.1.1 100 0 200?
VPN-Instance test, Router ID 11.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 66.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 66.1.1.1 100 0 200?
R6
<R6>dis bgp routing-table
BGP Local router ID is 66.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 11.1.1.1/32 44.1.1.1 1 100 0 100i
*>i 22.1.1.1/32 44.1.1.1 1 100 0 100i
<R6>dis bgp vpnv4 all routing-table
BGP Local router ID is 66.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:7
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 100 0 100?
*>i 77.1.1.1/32 11.1.1.1 100 0 100?
Route Distinguisher: 6:8
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
VPN-Instance test, Router ID 66.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 100 0 100?
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*>i 77.1.1.1/32 11.1.1.1 100 0 100?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
<R7>tracert -a 77.1.1.1 88.1.1.1
traceroute to 88.1.1.1(88.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.17.1 30 ms 10 ms 10 ms
2 10.1.13.3 30 ms 20 ms 40 ms
3 10.1.34.4 30 ms 40 ms 40 ms
4 10.1.68.6 40 ms 30 ms 30 ms
5 10.1.68.8 40 ms 50 ms 40 ms
小结
到这里只是方案1结束了,方案2在下面继续介绍,内容很多比较复杂,要耐心,加油!!!
扫一扫
1723
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
