实验要求:
a.实现分部与总部通讯,网络拓扑具有可拓展性
b.实现分部之间相互通讯,且流量必须经过总部
说明:
Ra、Rb直连IP设置为ab.1.1.a/24与ab.1.1.b/24
例:R3的g0/0/2设为34.1.1.3/24 ;R4的g0/0/0设为34.1.1.4/24
各路由设备都有lo0:x.x.x.x /32;例:R1的lo0为 1.1.1.1/32
R1的lo1:172.16.1.1/32;R2的lo1:172.16.2.1/32;R3的lo1:172.16.3.1/32
1.配置IGP (解法略)
2.配置MPLS LDP (mpls lsr-id 采用lo0地址 解法略)
3.建立R3与R5的vpnv4邻居 (解法略)
4.建立实例
R3:
ip vpn-instance 1
ipv4-family
route-distinguisher 1:1
vpn-target 12:1 export-extcommunity
vpn-target 6:1 import-extcommunity
#
ip vpn-instance 2
ipv4-family
route-distinguisher 2:2
vpn-target 12:1 export-extcommunity
vpn-target 6:1 import-extcommunity
R5:
ip vpn-instance in \\建立实例in;负责收路由
ipv4-family
route-distinguisher 5:5
vpn-target 12:1 import-extcommunity \\与R3的12:1 对应;实例in中只有IRT值(收)
#
ip vpn-instance out \\建立实例out;负责发路由
ipv4-family
route-distinguisher 5:6
vpn-target 6:1 export-extcommunity \\与R3的6:1 对应;实例out中只有ERT值(发)
*好处是将来如果还有分部3、分部4接入网络,在PE(R5)设备上无需再做配置;
具有可拓展性
5.R3分别与R1和R2建立实例邻居
R3:
interface GigabitEthernet0/0/0
ip binding vpn-instance 1
ip address 192.168.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 2
ip address 192.168.23.3 255.255.255.0
#
bgp 500
ipv4-family vpn-instance 1
peer 192.168.13.1 as-number 100
#
ipv4-family vpn-instance 2
peer 192.168.23.2 as-number 200
R1:
bgp 100
router-id 1.1.1.1
peer 192.168.13.3 as-number 500
R2:
bgp 200
router-id 2.2.2.2
peer 192.168.23.3 as-number 500
6.R5与R6建立实例邻居
*因为R5有两个实例邻居,且R5与R6只有一条链路,所以需要启用路由器的子接口
R5:
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding vpn-instance in
ip address 192.168.10.5 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 20
ip binding vpn-instance out
ip address 192.168.20.5 255.255.255.0
arp broadcast enable
#
bgp 500
ipv4-family vpn-instance in
peer 192.168.10.6 as-number 300
#
ipv4-family vpn-instance out
peer 192.168.20.6 as-number 300
R6:
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 192.168.10.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 20
ip address 192.168.20.6 255.255.255.0
arp broadcast enable
#
bgp 300
router-id 6.6.6.6
peer 192.168.10.5 as-number 500
peer 192.168.20.5 as-number 500
7.分别在R1/R2/R6发布lo1的32位路由(解法略)
8.检查R1、R2、R6通信
9.R1、R2之间通信
检查R1路由表,发现R1没有去往R2(172.16.2.1/32)的路由
#
检查R3的路由表 (命令:dis bgp vpnv4 all routing-table)
R3的实例1中没有R2的路由
#
检查R5的路由表 (命令:dis bgp vpnv4 all routing-table)
R5的实例out表中没有R2的路由
#
检查R6的路由表
R6有去往R2的路由
#
检查172.16.2.1路由条目发现R6已经发给R5的实例out表,只是R5不收
(命令:dis bgp routing-table 172.16.2.1)
所以要在R5上加 peer x.x.x.x allow-as-p \\允许as环路
R5:
bgp500
#
ipv4-family vpn-instance out
peer 192.168.20.6 allow-as-loop
至此在R1上可以收到R2的路由条目
ping 测试
追踪流量
达到实验预设目的。