如图所示,某公司总部和分公司跨域不同的运营商,需实现跨域的BGP/MPLS IP VPN 业务的互通,CE1连接总部,通过AS 100的PE1接入。CE2连接分部通过AS 200的PE2 接入,CE1和CE2 在一个vpn1 内。请使用OptionC 方案一实现其配置。
主要配置点摘要:
A : 在各个AS内MPLS骨干网络上配置各接口IP及IGP协议、MPLS和MPLS LDP实现PE和ASBR-PE互通,建立LDP LSP。
B :在各个AS内 PE与ASBR-PE间建立MP-IBGP对等体 CE与PE相连配置VPN实例并与CE相连接口绑定,PE与CE间建立EBGP对等体。
C : 在不同的AS内的PE间建立MP-EBGP对等体。并在ASBR-PE配置路由策略向对端ASBR-PE发布BGP路由。
具体配置如下:
<CE1>
#
sysname CE1
#
interface GigabitEthernet0/0/1
ip address 11.1.1.1 255.255.255.0
#
bgp 65001
peer 11.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 11.1.1.2 enable
<CE2>
#
sysname CE2
#
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
#
bgp 65002
peer 12.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
import-route direct
peer 12.1.1.2 enable
<PE1>
sysname PE1
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 200
peer 4.4.4.4 ebgp-max-hop 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 label-route-capability
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 11.1.1.1 as-number 65001
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.1.0 0.0.0.255
<PE2>
#
sysname PE2
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 200:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 162.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn1
ip address 12.1.1.2 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 10
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 12.1.1.1 as-number 65002
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 162.1.1.0 0.0.0.255
<ASBR-PE1>
#
sysname ASBR-PE1
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 172.18.1.2 255.255.255.0
mpls
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 172.18.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy policy2 export
peer 1.1.1.1 label-route-capability
peer 172.18.1.1 enable
peer 172.18.1.1 route-policy policy1 export //向对等体发布路由应用策略分配MPLS标签
peer 172.18.1.1 label-route-capability //使ASBR-PE与对端ASBR-PE交换带标签的IPV4路由能力
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.1.0 0.0.0.255
#
route-policy policy1 permit node 1
apply mpls-label //为以上策略配置分配MPLS标签
#
route-policy policy2 permit node 1
if-match mpls-label
apply mpls-label
<ASBR-PE2>
sysname ASBR-PE2
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 162.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 172.18.1.1 255.255.255.0
mpls
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
peer 172.18.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 4.4.4.4 255.255.255.255
peer 4.4.4.4 enable
peer 4.4.4.4 route-policy policy2 export
peer 4.4.4.4 label-route-capability
peer 172.18.1.2 enable
peer 172.18.1.2 route-policy policy1 export
peer 172.18.1.2 label-route-capability
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 162.1.1.0 0.0.0.255
#
route-policy policy1 permit node 1
apply mpls-label
#
route-policy policy2 permit node 1
if-match mpls-label
apply mpls-label
验证如下:
1、在CE上查看路由表看CE间是否学习到对方接口路由并CE间能够ping通 查看一下路由路径。
<CE1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
11.1.1.0/24 Direct 0 0 D 11.1.1.1 GigabitEthernet
0/0/1
11.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
11.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.0/24 EBGP 255 0 D 11.1.1.2 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack
<CE1>ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=251 time=60 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=251 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=251 time=60 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=251 time=70 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=251 time=50 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/56/70 ms
<CE1>tracert 12.1.1.1
traceroute to 12.1.1.1(12.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C
to break
1 11.1.1.2 20 ms 20 ms 20 ms
2 192.168.1.2 40 ms 40 ms 20 ms
3 172.18.1.1 50 ms 50 ms 40 ms
4 12.1.1.2 < AS=200 > 50 ms 50 ms 30 ms
5 12.1.1.1 < AS=200 > 50 ms 50 ms 60 ms
2、在ASBR-PE上查看BGP路由标签信息
<ASBR-PE1>dis bgp routing-table label
BGP Local router ID is 192.168.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop In/Out Label
*> 1.1.1.1 192.168.1.1 1024/NULL
*> 4.4.4.4 172.18.1.1 1026/1024