一.配置思路
1.配置基础ip
2.配置ospf或者isis使其内网互通
3.配置MPLS使内网靠标签打通隧道
4.在ASBR之间配置ebgp邻居传递igp路由,并引入igp
5.配置RR、PE和RR之间的MP-BGP邻居关系
6.在PE配置VPN实例,并绑定接口
7.配置PE和CE之间的vpn实例邻居关系,传递路由
8.配置ASBR之间通告标签的能力
9.配置ASBR之间的路由策略应用标签
10.在ASBR的MPLS中通告bgp路由,并在接口启用mpls
1.配置基础IP
拓扑图上已有规划,照配即可
2.配置ospf或者isis使其内网互通
DX内配置OSPF:
DX-PE1:
ospf 1 router-id 1.1.1.1
area 0.0.0.0
interface GigabitEthernet0/0/2
ospf network-type p2p ---将网络类型改为P2P,不选举DR和BDR,加快收敛
ospf enable 1 area 0.0.0.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0
DX-P:
ospf 1 router-id 2.2.2.2
area 0.0.0.0
interface GigabitEthernet0/0/0
ospf network-type p2p
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1
ospf network-type p2p
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2
ospf network-type p2p
ospf enable 1 area 0.0.0.0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
DX-ASBR:
ospf 1 router-id 3.3.3.3
area 0.0.0.0
interface GigabitEthernet0/0/0
ospf network-type p2p
ospf enable 1 area 0.0.0.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
DX-RR:
ospf 1 router-id 7.7.7.7
area 0.0.0.0
interface GigabitEthernet0/0/0
ospf network-type p2p
ospf enable 1 area 0.0.0.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
ospf enable 1 area 0.0.0.0
#看OSPF邻居和路由正不正常
看邻居:display ospf peer brief
看OSPF路由:display ospf routing
YD内配置ISIS:
YD-ASBR:
isis 100
is-level level-2
network-entity 10.0000.0000.0004.00
is-name YD-ASBR --定义一个名字,好区别是那一台路由器
interface GigabitEthernet0/0/0
isis enable 100
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 100
YD-PE1:
isis 100
is-level level-2
network-entity 10.0000.0000.0006.00
is-name YD-PE1
interface GigabitEthernet0/0/1
isis enable 100
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
isis enable 100
YD-P:
isis 100
is-level level-2
network-entity 10.0000.0000.0005.00
is-name YD-P
interface GigabitEthernet0/0/0
isis enable 100
interface GigabitEthernet0/0/1
isis enable 100
interface GigabitEthernet0/0/2
isis enable 100
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 100
YD-RR:
isis 100
is-level level-2
network-entity 10.0000.0000.0008.00
is-name YD-RR
interface GigabitEthernet0/0/0
isis enable 100
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
isis enable 100
#在YD-P上看看邻居和路由正不正常
看邻居:display isis peer
看ISIS路由:display isis route
3.配置MPLS使内网靠标签传递私网路由
DX-PE1:
全局模式下:
mpls lsr-id 1.1.1.1
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/2
mpls
mpls ldp
DX-P:
全局模式下:
mpls lsr-id 2.2.2.2
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/0
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
DX-ASBR:
全局模式下:
mpls lsr-id 3.3.3.3
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/0
mpls
mpls ldp
YD-PE1:
全局模式下:
mpls lsr-id 6.6.6.6
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/1
mpls
mpls ldp
YD-P:
全局模式下:
mpls lsr-id 5.5.5.5
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/0
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
YD-ASBR:
全局模式下:
mpls lsr-id 4.4.4.4
mpls
mpls ldp
接口模式下:
interface GigabitEthernet0/0/0
mpls
mpls ldp
#查看两条mpls隧道是否打通
DX-P:display mpls ldp peer --查看邻居
查看mpls lsp:display mpls lsp
YD-P:display mpls ldp peer --查看邻居
查看mpls lsp:display mpls lsp
4.在ASBR之间配置ebgp邻居传递igp路由,并引入igp
DX-ASBR:
bgp 10000
peer 34.1.1.2 as-number 10086
#
ipv4-family unicast
network 1.1.1.1 255.255.255.255 --宣告PE的路由,用于后面私网路由的传递
network 7.7.7.7 255.255.255.255 --宣告RR的路由用于RR间建立MP-BGP邻居
peer 34.1.1.2 enable
在ospf进程下引入BGP路由:
ospf 1
import-route bgp --- 引入路由的目的是让RR和PE 学习到对面的路由从而建立MP-BGP或者传递MPLS的标签
YD-ASBR:
bgp 10086
peer 34.1.1.1 as-number 10000
#
ipv4-family unicast
network 6.6.6.6 255.255.255.255
network 8.8.8.8 255.255.255.255
peer 34.1.1.1 enable
在ISIS进程下引入BGP路由:
isis 100
import-route bgp
5.配置RR之间、PE和RR之间的MP-BGP邻居关系
PE和RR之间:
DX-PE1:
bgp 10000
undo default ipv4-unicast --华为默认建立ipv4单播邻居,这里不需要建立ipv4邻居,在这里先给他禁了先
peer 7.7.7.7 as-number 10000
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family vpnv4
peer 7.7.7.7 enable
YD-PE1:
bgp 10086
undo default ipv4-unicast
peer 8.8.8.8 as-number 10086
peer 8.8.8.8 connect-interface LoopBack0
#
ipv4-family vpnv4
peer 8.8.8.8 enable
RR之间、PE和RR之间:
DX-RR:
bgp 10000
undo default ipv4-unicast
peer 1.1.1.1 as-number 10000
peer 1.1.1.1 connect-interface LoopBack0
peer 8.8.8.8 as-number 10086
peer 8.8.8.8 ebgp-max-hop 255 --因为是EBGP邻居关系跳数合理规划即可,我这里就给他个最大的(懒)
peer 8.8.8.8 connect-interface LoopBack0
#
ipv4-family vpnv4
undo policy vpn-target ---因为没有配置vpn实例,所以要禁,不然后面接收和传递不了VPNV4路由
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-invariable --改下一跳为本身,因为这个RR就是用来控制路由的接收和发送而已,它本身不用来转发业务数据。
peer 8.8.8.8 enable
peer 8.8.8.8 next-hop-invariable
YD-RR:
bgp 10086
undo default ipv4-unicast
peer 6.6.6.6 as-number 10086
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 as-number 10000
peer 7.7.7.7 ebgp-max-hop 255
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family vpnv4
undo policy vpn-target
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable
peer 7.7.7.7 enable
peer 7.7.7.7 next-hop-invariable
6.在PE配置VPN实例,并绑定接口
DX-PE1:
ip vpn-instance x
ipv4-family
route-distinguisher 1:1 ---vpnv4路由标识,例ipv4地址为:192.168.1.1,则vpnv4地址则为:1:1-192.168.1.1
vpn-target 1:1 1:2 export-extcommunity --发送的数据打上1:1 1:2 的标签
vpn-target 2:1 import-extcommunity --对收到的标签为2:1的数据才接收
在接口绑定:
interface GigabitEthernet0/0/0
ip binding vpn-instance x ---绑定后,原来配置的ip地址会消失,所以IP地址要重新配,或者配置完实例后再配置ip地址。
ip address 100.1.1.2 255.255.255.252
YD-PE1:
ip vpn-instance y
ipv4-family
route-distinguisher 2:1
vpn-target 2:1 export-extcommunity
vpn-target 1:1 1:2 import-extcommunity
在接口下绑定实例:
interface GigabitEthernet0/0/0
ip binding vpn-instance y
ip address 200.1.1.2 255.255.255.252
7.配置PE和CE之间的vpn实例邻居关系,传递路由
DX-PE1:
bgp 10000
#
ipv4-family vpn-instance x ---在vpn实例里面建立邻居
peer 100.1.1.1 as-number 65001
peer 100.1.2.1 as-number 65001
X-Export-1:
bgp 65001
peer 100.1.1.2 as-number 10000
#
ipv4-family unicast
network 5.5.5.5 255.255.255.255 --宣告自己的环回口0
peer 100.1.1.2 enable
X-Export-2:
bgp 65001
peer 100.1.2.2 as-number 10000
#
ipv4-family unicast
network 6.6.6.6 255.255.255.255 --宣告自己的环回口0
peer 100.1.2.2 enable
YD-PE1:
bgp 10086
#
ipv4-family vpn-instance y ---在vpn实例里面建立邻居
peer 200.1.1.1 as-number 65002
Y-Export:
bgp 65002
peer 200.1.1.2 as-number 10086
#
ipv4-family unicast
network 7.7.7.7 255.255.255.255 --宣告自己的环回口0
peer 200.1.1.2 enable
8.配置ASBR之间通告标签的能力
DX-ASBR:
bgp 10000
ipv4-family unicast
peer 34.1.1.2 label-route-capability
YD-ASBR:
bgp 10086
ipv4-family unicast
peer 34.1.1.1 label-route-capability
9.配置ASBR之间的路由策略应用标签
DX-ASBR:
route-policy to-y permit node 10 --写路由策略,对发送出去的路由携带mpls标签
apply mpls-label
bgp 10000
ipv4-family unicast
peer 34.1.1.2 route-policy to-x export
YD-ASBR:
route-policy to-x permit node 10 --写路由策略,对发送出去的路由携带mpls标签
apply mpls-label
bgp 10086
ipv4-family unicast
peer 34.1.1.1 route-policy to-x export
10.在ASBR的MPLS中通告bgp路由,并在接口启用mpls
DX-ASBR:
mpls
lsp-trigger bgp-label-route ----华为设备中没有为bgp路由配置标签,要自己开启
interface GigabitEthernet0/0/1 --在连接EBGP邻居的接口启用MPLS
mpls
YD-ASBR:
mpls
lsp-trigger bgp-label-route
interface GigabitEthernet0/0/1 --在连接EBGP邻居的接口启用MPLS
mpls
二.在CE设备查看BGP路由
X-Export-1:
Y-Export:
三.测试路由是否能通
以Y-Export为例:
ping:
tracert:
没有问题,收工!!!