VPN-OptionC 方案一跨域VPN配置

如图所示，某公司总部和分公司跨域不同的运营商，需实现跨域的BGP/MPLS IP VPN 业务的互通，CE1连接总部，通过AS 100的PE1接入。CE2连接分部通过AS 200的PE2 接入，CE1和CE2 在一个vpn1 内。请使用OptionC 方案一实现其配置。

主要配置点摘要：

A : 在各个AS内MPLS骨干网络上配置各接口IP及IGP协议、MPLS和MPLS LDP实现PE和ASBR-PE互通，建立LDP LSP。

B ：在各个AS内 PE与ASBR-PE间建立MP-IBGP对等体 CE与PE相连配置VPN实例并与CE相连接口绑定，PE与CE间建立EBGP对等体。

C : 在不同的AS内的PE间建立MP-EBGP对等体。并在ASBR-PE配置路由策略向对端ASBR-PE发布BGP路由。

具体配置如下：

<CE1>

#

 sysname CE1

#

interface GigabitEthernet0/0/1

 ip address 11.1.1.1 255.255.255.0

#

bgp 65001

 peer 11.1.1.2 as-number 100

 #

 ipv4-family unicast

  undo synchronization

  import-route direct

  peer 11.1.1.2 enable

<CE2>

#

 sysname CE2

#

interface GigabitEthernet0/0/1

 ip address 12.1.1.1 255.255.255.0

#

bgp 65002

 peer 12.1.1.2 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  import-route direct

  peer 12.1.1.2 enable

<PE1>

 sysname PE1

#

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 100:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

#

mpls lsr-id 1.1.1.1

mpls

#

mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 192.168.1.1 255.255.255.0

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/2

 ip binding vpn-instance vpn1

 ip address 11.1.1.2 255.255.255.0

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

bgp 100

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 peer 4.4.4.4 as-number 200

 peer 4.4.4.4 ebgp-max-hop 10

 peer 4.4.4.4 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 2.2.2.2 enable

  peer 2.2.2.2 label-route-capability

  peer 4.4.4.4 enable

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 4.4.4.4 enable

 #

 ipv4-family vpn-instance vpn1

  import-route direct

  peer 11.1.1.1 as-number 65001

#

ospf 1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 192.168.1.0 0.0.0.255

<PE2>

#

 sysname PE2

#

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 200:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1import-extcommunity

#

mpls lsr-id 4.4.4.4

mpls

#

mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 162.1.1.1 255.255.255.0

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/2

 ip binding vpn-instance vpn1

 ip address 12.1.1.2 255.255.255.0

#

interface LoopBack0

 ip address 4.4.4.4 255.255.255.255

#

bgp 200

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 ebgp-max-hop 10

 peer 1.1.1.1 connect-interface LoopBack0

 peer 3.3.3.3 as-number 200

 peer 3.3.3.3 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 1.1.1.1 enable

  peer 3.3.3.3 enable

  peer 3.3.3.3 label-route-capability

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 1.1.1.1 enable

#

 ipv4-family vpn-instance vpn1

  import-route direct

  peer 12.1.1.1 as-number 65002

#

ospf 1

 area 0.0.0.0

  network 4.4.4.4 0.0.0.0

  network 162.1.1.0 0.0.0.255

<ASBR-PE1>

#

 sysname ASBR-PE1

#

mpls lsr-id 2.2.2.2

mpls

#

mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 192.168.1.2 255.255.255.0

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/2

 ip address 172.18.1.2 255.255.255.0

 mpls

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

#

bgp 100

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 peer 172.18.1.1 as-number 200

 #

 ipv4-family unicast

  undo synchronization

  network 1.1.1.1 255.255.255.255

  peer 1.1.1.1 enable

  peer 1.1.1.1 route-policy policy2 export

  peer 1.1.1.1 label-route-capability

  peer 172.18.1.1 enable

  peer 172.18.1.1 route-policy policy1 export  //向对等体发布路由应用策略分配MPLS标签

  peer 172.18.1.1 label-route-capability       //使ASBR-PE与对端ASBR-PE交换带标签的IPV4路由能力

#

ospf 1

 area 0.0.0.0

  network 2.2.2.2 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

route-policy policy1 permit node 1

 apply mpls-label                //为以上策略配置分配MPLS标签

#

route-policy policy2 permit node 1

 if-match mpls-label

 apply mpls-label

<ASBR-PE2>

sysname ASBR-PE2

mpls lsr-id 3.3.3.3

mpls

#

mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 162.1.1.2 255.255.255.0

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/2

 ip address 172.18.1.1 255.255.255.0

 mpls

#

interface LoopBack0

 ip address 3.3.3.3 255.255.255.255

#

bgp 200

 peer 4.4.4.4 as-number 200

 peer 4.4.4.4 connect-interface LoopBack0

 peer 172.18.1.2 as-number 100

 #

 ipv4-family unicast

  undo synchronization

  network 4.4.4.4 255.255.255.255

  peer 4.4.4.4 enable

  peer 4.4.4.4 route-policy policy2 export

  peer 4.4.4.4 label-route-capability

  peer 172.18.1.2 enable

  peer 172.18.1.2 route-policy policy1 export

  peer 172.18.1.2 label-route-capability

#

ospf 1

 area 0.0.0.0

  network 3.3.3.3 0.0.0.0

  network 162.1.1.0 0.0.0.255

#

route-policy policy1 permit node 1

 apply mpls-label

#

route-policy policy2 permit node 1

 if-match mpls-label

 apply mpls-label

验证如下：

1、在CE上查看路由表看CE间是否学习到对方接口路由并CE间能够ping通 查看一下路由路径。

<CE1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 8        Routes : 8        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       11.1.1.0/24  Direct  0    0           D   11.1.1.1        GigabitEthernet
0/0/1
       11.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
     11.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
       12.1.1.0/24  EBGP    255  0           D   11.1.1.2        GigabitEthernet
0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack

<CE1>ping 12.1.1.1
  PING 12.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=251 time=60 ms
    Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=251 time=40 ms
    Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=251 time=60 ms
    Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=251 time=70 ms
    Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=251 time=50 ms

  --- 12.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/56/70 ms

<CE1>tracert 12.1.1.1

 traceroute to  12.1.1.1(12.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C
 to break

 1 11.1.1.2 20 ms  20 ms  20 ms

 2 192.168.1.2 40 ms  40 ms  20 ms

 3 172.18.1.1 50 ms  50 ms  40 ms

 4 12.1.1.2 < AS=200 > 50 ms  50 ms  30 ms

 5 12.1.1.1 < AS=200 > 50 ms  50 ms  60 ms

2、在ASBR-PE上查看BGP路由标签信息

<ASBR-PE1>dis bgp routing-table label

 BGP Local router ID is 192.168.1.2
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total Number of Routes: 2

        Network           NextHop           In/Out Label

 *>     1.1.1.1           192.168.1.1       1024/NULL
 *>     4.4.4.4           172.18.1.1        1026/1024