一、实验拓扑图
1.实验拓扑图
二、实验目的
1.配置OSPF的伪连接
三、OSPF的伪连接
1.配置经过MPLS VPN骨干网的路由成为OSPF区域内路由。
2.使得在同一个OSPF区域内属于同一个VPN的site之间的通
信通过经过MPLS VPN骨干网的路由转发。
四、注意事项
1.每个VPN实例中必须有一个伪连接的端点地址,伪连接的源地址和目的地址使用32位掩码的
Loopback接口地址,该Loopback接口需要绑定到VPN实例中,并通过BGP发布。
2.同一个OSPF进程的多条伪连接可以共用端点地址,但不同OSPF
进程不能拥有两条端点地址完全相同的伪连接。
3.伪连接端点地址的路由不能通过私网的OSPF进程发布到对端PE上。
4.为了使VPN流量通过MPLS骨干网转发,在配置sham-link时,应保证sham link
的cost值小于通过用户网络转发时OSPF路由的cost值。因此,常常需要调整用
户网络转发接口的cost值,使它比sham link的cost值大。
5.如果伪连接端点地址的路由通过私网的OSPF进程发布到对端PE上,则对端PE
将同时存在两条到该伪连接端点地址的路由。其中一条是通过私网OSPF学习到
的,另一条是通过MP-BGP学习到的。OSPF路由比BGP路由优先级高,对端PE
错误地选择了OSPF路由,所以伪连接无法建立成功。
五、简单配置
AR1
sysname AR1
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.15.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.15.1 0.0.0.0
#
return
AR2
sysname AR2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance vpna
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpna
ip address 22.22.22.22 255.255.255.255
#
bgp 100
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
network 22.22.22.22 255.255.255.255
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpna
network 22.22.22.22 255.255.255.255
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.23.0 0.0.0.255
#
ospf 2 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 10.0.12.0 0.0.0.255
sham-link 22.22.22.22 44.44.44.44
#
return
AR3
sysname AR3
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 10.0.34.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.0.23.3 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.23.0 0.0.0.255
network 10.0.34.0 0.0.0.255
#
return
AR4
sysname AR4
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 1:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpna
ip address 10.0.45.4 255.255.255.0
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpna
ip address 44.44.44.44 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpna
network 44.44.44.44 255.255.255.255
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.34.0 0.0.0.255
#
ospf 2 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 10.0.45.0 0.0.0.255
sham-link 44.44.44.44 22.22.22.22
#
return
AR5
sysname AR5
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.15.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
bgp 100
#
ipv4-family unicast
undo synchronization
#
ospf 1
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.15.5 0.0.0.0
network 10.0.45.0 0.0.0.255
#
return