文章目录
一、Option A 实验
实验说明:
优点:原理简单,ASBR之间不需要运行MPLS,不需要为跨域进行特殊配置。适用于vpn实例较少、跨越AS不多的简单场景。
缺点:①扩展性差,每增加一个vpn实例,在中间的ASBR上就需要增加一条链路(可以是虚拟的),并创建相应实例。如果跨越多个自制系统,所有ASBR互联的地方都需要配置。【链路受限,子接口】
②ASBR需要为每个vpn创建相应的vpn实例,且需要管理所有vpn实例的路由。这使得ASBR上的vpnv4私网路由数量过于庞大,如果vpn实例很多则对ASBR性能有很强的要求。
1、R2与R4、R5与R7之间建立MP-BGP路由;
2、2个AS域的标签传递均在ASBR上面终结;
3、R4与R5之间为普通bgp vpn实例路由传递,不携带标签;
4、R1与R8两台路由器运行OSPF路由协议,在PE设备上与BGP双向引入;
5、两台ASBR之间运行BGP vpn实例路由。
注:
1、实验中只有一对CE,如果有多对CE设备,则在ASBR外联口使用子接口的形式
2、在bgp的vpn实例里面与对端asbr建立bgp邻居
3、如:
[ASBR1]interface g0/0/1.1
[ASBR1-GigabitEthernet0/0/1.1]ip binding vpn-instance vpn1
[ASBR1-GigabitEthernet0/0/1.1]vlan-type dot1q vid 10
[ASBR1-GigabitEthernet0/0/1.1]ip address 100.4.4.1 24
[ASBR1]interface g0/0/1.2
[ASBR1-GigabitEthernet0/0/1.2]ip binding vpn-instance vpn2
[ASBR1-GigabitEthernet0/0/1.2]vlan-type dot1q vid 20
[ASBR1-GigabitEthernet0/0/1.2]ip address 100.5.5.1 24
1.1 实验拓扑图
1.2 各设备IP地址基本配置及BGP设备环回口IGP互通示例
R1:
<R1>dis ip int bri
GigabitEthernet0/0/0 12.1.1.1/24 up up
LoopBack0 1.1.1.1/32 up up(s)
LoopBack10 192.1.1.1/32 up up(s) //业务口
[R1]ospf 1 rou
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]netw 12.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]netw 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]netw 192.1.1.1 0.0.0.0
R2:
<R2>dis ip int bri
GigabitEthernet0/0/0 12.1.1.2/24 up up
GigabitEthernet0/0/1 23.1.1.2/24 up up
LoopBack0 2.2.2.2/32 up up(s)
[R2]ospf 1 rou 2.2.2.2
[R2-ospf-1-area-0.0.0.0]netw 23.1.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]netw 2.2.2.2 0.0.0.0
R3:
[R3]dis ip int bri
GigabitEthernet0/0/0 23.1.1.3/24 up up
GigabitEthernet0/0/1 34.1.1.3/24 up up
LoopBack0 3.3.3.3/32 up up(s)
[R3]dis cu con ospf
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
[R3]dis ospf peer bri
OSPF Process 1 with Router ID 3.3.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 2.2.2.2 Full
0.0.0.0 GigabitEthernet0/0/1 4.4.4.4 Full
----------------------------------------------------------------------------
R8:
<R8>dis ip int bri
GigabitEthernet0/0/0 78.1.1.8/24 up up
LoopBack0 8.8.8.8/32 up up(s)
LoopBack10 192.8.8.8/32 up up(s) //业务口
[R8]ospf 1 rou 8.8.8.8
[R8-ospf-1]a 0
[R8-ospf-1-area-0.0.0.0]netw 78.1.1.8 0.0.0.0
[R8-ospf-1-area-0.0.0.0]netw 8.8.8.8 0.0.0.0
[R8-ospf-1-area-0.0.0.0]netw 192.8.8.8 0.0.0.0
1.3 vpn实例配置
R2:
[R2]ip vpn-instance vpn1 //创建vpn1实例
[R2-vpn-instance-vpn1]route-distinguisher 10:10
[R2-vpn-instance-vpn1-af-ipv4]vpn-target 10:10 both
[R2]int g0/0/0 //进入连接CE的口绑定vpn1实例
[R2-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
Info: All IPv6 related configurations on this interface are removed! //接口IP被移除,
[R2-GigabitEthernet0/0/0]ip add 12.1.1.2 24 //添加上接口IP地址
R4:
[R4]ip vpn-instance vpn2
[R4-vpn-instance-vpn2]route-distinguisher 20:20
[R4-vpn-instance-vpn2-af-ipv4]vpn-target 10:10 both
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]ip bind vpn vpn2
Info: All IPv6 related configurations on this interface are removed!
[R4-GigabitEthernet0/0/1]ip add 45.1.1.4 24
R5:
[R5]ip vpn-instance vpn3
[R5-vpn-instance-vpn3]route-distinguisher 30:30
[R5-vpn-instance-vpn3-af-ipv4]vpn-target 20:20 both
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip bind vpn vpn3
Info: All IPv6 related configurations on this interface are removed!
[R5-GigabitEthernet0/0/0]ip add 45.1.1.5 24
R7:
[R7]ip vpn-instance vpn4
[R7-vpn-instance-vpn4]route-distinguisher 40:40
[R7-vpn-instance-vpn4-af-ipv4]vpn-target 20:20 both
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ip bind vpn vpn4
Info: All IPv6 related configurations on this interface are removed!
[R7-GigabitEthernet0/0/1]ip add 78.1.1.7 24
1.4 左侧部分MP-BGP配置
R2:
[R2]mpls lsr-id 2.2.2.2
[R2]mpls
[R2]mpls ldp
[R2-mpls-ldp]int g0/0/1
[R2-GigabitEthernet0/0/1]mpls
[R2-GigabitEthernet0/0/1]mpls ldp
[R2]bgp 100
[R2-bgp]router-id 2.2.2.2
[R2-bgp]peer 4.4.4.4 as 100
[R2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R2-bgp]ipv4-family vpnv4
[R2-bgp-af-vpnv4]peer 4.4.4.4 enable
R3:
[R3]mpls lsr-id 3.3.3.3
[R3]mpls
[R3]mpls ldp
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]mpls
[R3-GigabitEthernet0/0/0]mpls ldp
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]mpls
[R3-GigabitEthernet0/0/1]mpls ldp
R4:
[R4]mpls ls 4.4.4.4
[R4]mpls
[R4]mpls ldp
[R4-mpls-ldp]int g0/0/0
[R4-GigabitEthernet0/0/0]mpls
[R4-GigabitEthernet0/0/0]mpl ld
[R4]bgp 100
[R4-bgp]router-id 4.4.4.4
[R4-bgp]peer 2.2.2.2 as 100
[R4-bgp]pee 2.2.2.2 con l 0
[R4-bgp]ipv4-family vpnv4
[R4-bgp-af-vpnv4]peer 2.2.2.2 enable
1.5 查看部分邻居表
[R2]dis bgp vpnv4 all peer
BGP local router ID : 2.2.2.2
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 100 5 7 0 00:03:33 Established 0
[R3]dis mpls ldp peer
LDP Peer Information in Public network
A '*' before a peer means the peer is being deleted.
------------------------------------------------------------------------------
PeerID TransportAddress DiscoverySource
------------------------------------------------------------------------------
2.2.2.2:0 2.2.2.2 GigabitEthernet0/0/0
4.4.4.4:0 4.4.4.4 GigabitEthernet0/0/1
------------------------------------------------------------------------------
TOTAL: 2 Peer(s) Found.
[R4]dis bgp vpnv4 all peer
BGP local router ID : 4.4.4.4
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 100 6 6 0 00:04:21 Established 0
1.6 在R2上对OSPF与BGP双向引入
#配置与R1对接的OSPF进程
[R2-ospf-10]dis this //ospf里面引入bgp
ospf 10 router-id 2.2.2.2 vpn-instance vpn1
import-route bgp
area 0.0.0.0
network 12.1.1.2 0.0.0.0
[R2]bgp 100 //bgp里面引入ospf
[R2-bgp]ipv4-family vpn-instance vpn1
[R2-bgp-vpn1]import-route ospf 10
1.7 查看R2 R7上面学习到的CE的路由
[R2]dis ip routing-table vpn-instance vpn1
192.1.1.1/32 OSPF 10 1 D 12.1.1.1 GigabitEthernet0/0/0
[R7]dis ip routing-table vpn-instance vpn4
192.8.8.8/32 OSPF 10 1 D 78.1.1.8 GigabitEthernet0/0/1
1.8 ASBR之间的路由协议配置
R4:
[R4]bgp 100
[R4-bgp]ipv4-family vpn-instance vpn2
[R4-bgp-vpn2]peer 45.1.1.5 as 200
R5:
[R5]bgp 200
[R5-bgp]ipv4-family vpn-instance vpn3
[R5-bgp-vpn4]peer 45.1.1.4 as 100
1.9 全部配置文件
【R1配置文件】:
<R1>dis cu
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface LoopBack10
ip address 192.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 12.1.1.1 0.0.0.0
network 192.1.1.1 0.0.0.0
return
【R2配置文件】:
<R2>dis cu
ip vpn-instance vpn1
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn1
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
bgp 100
router-id 2.2.2.2
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
ipv4-family vpn-instance vpn1
import-route ospf 10
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
ospf 10 router-id 2.2.2.2 vpn-instance vpn1
import-route bgp
area 0.0.0.0
network 12.1.1.2 0.0.0.0
return
【R3配置文件】:
<R3>dis cu
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
return
【R4配置文件】:终结R2的vpn实例,RT值与R2一样
<R4>dis cu
ip vpn-instance vpn2
ipv4-family
route-distinguisher 20:20
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn2
ip address 45.1.1.4 255.255.255.0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
bgp 100
router-id 4.4.4.4
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family vpnv4
peer 2.2.2.2 enable
ipv4-family vpn-instance vpn2
peer 45.1.1.5 as-number 200
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
return
【R5配置文件】:RT值与R7一样
<R5> dis cu
ip vpn-instance vpn3
ipv4-family
route-distinguisher 30:30
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
mpls lsr-id 5.5.5.5
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn3
ip address 45.1.1.5 255.255.255.0
interface GigabitEthernet0/0/1
ip address 56.1.1.5 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
router-id 5.5.5.5
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
ipv4-family vpnv4
peer 7.7.7.7 enable
ipv4-family vpn-instance vpn3
peer 45.1.1.4 as-number 100
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.1.1.5 0.0.0.0
return
【R6配置文件】:
<R6>dis cu
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.1.1.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 67.1.1.6 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
return
【R7配置文件】:
<R7>dis cu
ip vpn-instance vpn4
ipv4-family
route-distinguisher 40:40
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 67.1.1.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn4
ip address 78.1.1.7 255.255.255.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
bgp 200
router-id 7.7.7.7
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable
ipv4-family vpn-instance vpn4
import-route ospf 10
#
ospf 1
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
#
ospf 10 router-id 7.7.7.7 vpn-instance vpn4
import-route bgp
area 0.0.0.0
network 78.1.1.7 0.0.0.0
return
【R8配置文件】:
<R8>dis cu
interface GigabitEthernet0/0/0
ip address 78.1.1.8 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
interface LoopBack10
ip address 192.8.8.8 255.255.255.255
#
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 78.1.1.8 0.0.0.0
network 192.8.8.8 0.0.0.0
return
二、Option B 实验
实验说明:
优点:不受ASBR之间互联链路的限制,相比OptionA扩展性好些。
缺点:域间VPN实例的路由信息是通过ASBR保存和扩散,即ASBR需要承载处理所有域间私网路由。这使得ASBR负担较重,容易成为故障点。(解决方案:ASBR只负责vpn路由的保存和扩散,不再负责公网IP报文转发)
1、R2与R4、R4与R5、R5与R7之间建立MP-BGP路由;
2、2个AS域的标签直接传递;
3、R4与R5之间为MP-BGP路由;
4、R1与R8两台路由器运行OSPF路由协议,在PE设备上与BGP双向引入;
5、两台ASBR之间运行BGP vpnv4,并配置undo vpn-target参数。
2.1 实验拓扑
2.2 关键配置
1、ASBR外联口只使能 mpls
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
mpls
2、在 ASBR之间建立 MP-EBGP 邻居,同时配置 ASBR 不对接收的 VPNv4 路由进行 RT 过滤匹配
bgp 100
peer 45.1.1.5 as-number 200
#
ipv4-family vpnv4
undo policy vpn-target
peer 45.1.1.5 enable
2.3 实验效果
<R1>ping 192.8.8.8
PING 192.8.8.8: 56 data bytes, press CTRL_C to break
Reply from 192.8.8.8: bytes=56 Sequence=1 ttl=249 time=100 ms
Reply from 192.8.8.8: bytes=56 Sequence=2 ttl=249 time=60 ms
Reply from 192.8.8.8: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 192.8.8.8: bytes=56 Sequence=4 ttl=249 time=60 ms
Reply from 192.8.8.8: bytes=56 Sequence=5 ttl=249 time=60 ms
--- 192.8.8.8 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/68/100 ms
2.4 配置文件
【R1配置文件】
sysname R1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface LoopBack10
ip address 192.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 192.1.1.1 0.0.0.0
#
【R2配置文件】
sysname R2
ip vpn-instance vpn1 //CE的vpn实例
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
mpls ldp
#
interface GigabitEthernet0/0/0 //接CE口
ip binding vpn-instance vpn1
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1 //接P口
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
router-id 2.2.2.2
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpn1 //把OSPF引入到BGP
import-route ospf 10
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
ospf 10 router-id 2.2.2.2 vpn-instance vpn1 //把BGP引入到OSPF
import-route bgp
area 0.0.0.0
network 12.1.1.2 0.0.0.0
#
【R3配置文件】
sysname R3
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
#
【R4配置文件】
sysname R4
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0 //接P口
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1 //到对端ASBR口,使能mpls
ip address 45.1.1.4 255.255.255.0
mpls
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 100
router-id 4.4.4.4
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 45.1.1.5 as-number 200
#
ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
undo peer 45.1.1.5 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 45.1.1.5 enable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
#
【R5配置文件】
sysname R5
mpls lsr-id 5.5.5.5
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
mpls
interface GigabitEthernet0/0/1
ip address 56.1.1.5 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
peer 45.1.1.4 as-number 100
#
ipv4-family unicast
undo synchronization
undo peer 7.7.7.7 enable
undo peer 45.1.1.4 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 7.7.7.7 enable
peer 45.1.1.4 enable
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.1.1.5 0.0.0.0
#
【R6配置文件】
sysname R6
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.1.1.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 67.1.1.6 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
#
【R7配置文件】
sysname R7
ip vpn-instance vpn2
ipv4-family
route-distinguisher 20:20
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 67.1.1.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
description iths
ip binding vpn-instance vpn2
ip address 78.1.1.7 255.255.255.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
bgp 200
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable
#
ipv4-family vpn-instance vpn2
import-route ospf 10
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
#
ospf 10 router-id 7.7.7.7 vpn-instance vpn2
import-route bgp
area 0.0.0.0
network 78.1.1.7 0.0.0.0
#
【R8配置文件】
sysname R8
interface GigabitEthernet0/0/0
ip address 78.1.1.8 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
interface LoopBack10
ip address 192.8.8.8 255.255.255.255
#
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 78.1.1.8 0.0.0.0
network 192.8.8.8 0.0.0.0
#
三、Option C1 实验
实验描述:
- AS 100 和 AS 200 内部的公共网络中各自运行 OSPF 使 AS 内各设备的 Loopback 口连通。
- AS 100 和 AS 200 内部的公共网络各自运行 LDP 来建立 MPLS 路径,各路由器使用 Loopback0 口作为 LSR-id
- 在 PE 上创建 VPN 实例,并配置 RD 和 RT
- 各自 VPN 内部使用独立 OSPF 实例在 CE 和 PE 之间传递私网路由
- 在各 AS 内部的 PE 和 ASBR 间建立 IPv4 IBGP 邻居,ASBR 间建立 IPv4 EBGP 邻居。在 ASBR 上宣告各 AS 内 PE 的 Loopback 口路由,用于传递至对端 PE,稍后双方 PE 间建立 MP-EBGP 邻居
- 在 PE1 和 PE2 间建立 MP-EBGP 邻居
- 在所有 IPv4 BGP 邻居间开启接收带标签 IPv4 路由的能力
- 在 ASBR 上配置路由策略,为 IPv4 路由打上 MPLS 标签,并对 BGP 邻居应用
- 在 PE 上配置 BGP 和各 OSPF 实例的路由互相引入,来把私网路由传递到对端站点
- 效果测试:在各设备上查询路由表,可以正确学习到路由,在 CE 上使用 Loopback0 口为源地址 Ping 同 VPN 对端私网业务地址,可以 Ping 通
3.1 实验拓扑
3.2 ASBR之间的配置
【ASBR1 R4的配置,对端ASBR2类似】
bgp 100
router-id 4.4.4.4
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 45.1.1.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255 //宣告AR2的rid,与AR7建立MP-BGP
peer 2.2.2.2 enable
peer 2.2.2.2 route-policy ASNei export //匹配标签策略
peer 2.2.2.2 label-route-capability //带标签路由
peer 45.1.1.5 enable
peer 45.1.1.5 route-policy ASWai export
peer 45.1.1.5 label-route-capability
#
3.3 全部配置文件
【AR1的配置文件】
sysname R1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface LoopBack10
ip address 192.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 192.1.1.1 0.0.0.0
#
【AR2的配置文件】
sysname R2
ip vpn-instance vpn1
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn1
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
router-id 2.2.2.2
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 ebgp-max-hop 10 //跨bgp跳数,大于实际传递跳数
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
peer 4.4.4.4 label-route-capability //使能带标签路由
undo peer 7.7.7.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer 7.7.7.7 enable //与对端PE
#
ipv4-family vpn-instance vpn1
import-route ospf 10
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
ospf 10 router-id 2.2.2.2 vpn-instance vpn1
import-route bgp
area 0.0.0.0
network 12.1.1.2 0.0.0.0
#
【AR3的配置文件】
sysname R3
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
#
【AR4的配置文件】
sysname R4
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
mpls
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 100
router-id 4.4.4.4
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 45.1.1.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255 //宣告PE1的RID,用于与PE2建立MP-BGP
peer 2.2.2.2 enable
peer 2.2.2.2 route-policy ASNei export //配置策略,打标签
peer 2.2.2.2 label-route-capability //使能标签路由
peer 45.1.1.5 enable
peer 45.1.1.5 route-policy ASWai export //配置策略,打标签
peer 45.1.1.5 label-route-capability //使能标签路由
#
ipv4-family vpnv4
policy vpn-target
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
#
route-policy ASNei permit node 10
if-match mpls-label
apply mpls-label
#
route-policy ASWai permit node 10
apply mpls-label
#
【AR5的配置文件】
sysname R5
mpls lsr-id 5.5.5.5
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
mpls
interface GigabitEthernet0/0/1
ip address 56.1.1.5 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
peer 45.1.1.4 as-number 100
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255 //宣告PE2的RID,用于与PE1建立MP-BGP
peer 7.7.7.7 enable
peer 7.7.7.7 route-policy ASNei export //配置策略,打标签
peer 7.7.7.7 label-route-capability //使能标签路由
peer 45.1.1.4 enable
peer 45.1.1.4 route-policy ASWai export
peer 45.1.1.4 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.1.1.5 0.0.0.0
#
route-policy ASNei permit node 10
if-match mpls-label
apply mpls-label
#
route-policy ASWai permit node 10
apply mpls-label
#
【AR6的配置文件】
sysname R6
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.1.1.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 67.1.1.6 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
#
【AR7的配置文件】
sysname R7
ip vpn-instance vpn2
ipv4-family
route-distinguisher 20:20
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 67.1.1.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn2
ip address 78.1.1.7 255.255.255.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 100 //与PE1建立MP-BGP
peer 2.2.2.2 ebgp-max-hop 10 //大于实际跳数
peer 2.2.2.2 connect-interface LoopBack0
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
peer 5.5.5.5 enable
peer 5.5.5.5 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpn2
import-route ospf 10
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
#
ospf 10 router-id 7.7.7.7 vpn-instance vpn2
import-route bgp
area 0.0.0.0
network 78.1.1.7 0.0.0.0
#
【AR8的配置文件】
sysname R8
interface GigabitEthernet0/0/0
ip address 78.1.1.8 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
interface LoopBack10
ip address 192.8.8.8 255.255.255.255
#
ospf 1
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 78.1.1.8 0.0.0.0
network 192.8.8.8 0.0.0.0
#
四、Option C2 实验
- 配置各接口IP地址
- 在AS100和AS200的MPLS骨干网上分别配置OSPF协议,实现各自骨干网ASBR-PE和PE之间的互通
- 将域内PE的路由发送给对端PE,在asbr里面宣告pe的lsr-id,把bgp路由引入到ospf 1 里面
- 在AS100和AS200的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP,建立LDP LSP
- 在ASBR上配置标签IPv4路由交换能力
- 在ASBR上配置为带标签的公网BGP路由建立LDP LSP
- 在PE上配置VPN实例,并接入CE
- 在PE1与PE2之间建立MP-EBGP对等体关系
- 在PE与CE之间建立路由关系,引入VPN路由
4.1 实验拓扑
4.2 ASBR之间的配置
【PE1的关键配置,PE2类似】
bgp 100
peer 7.7.7.7 as-number 200
peer 7.7.7.7 ebgp-max-hop 10
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast //不需要bgp邻居
undo synchronization
undo peer 7.7.7.7 enable
#
ipv4-family vpnv4 //建立mp-bgp邻居
policy vpn-target
peer 7.7.7.7 enable
#
ipv4-family vpn-instance vpn1 //引入CE的实例路由
import-route ospf 10
#
【ASBR1的关键配置,ASBR2类似】
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route
#
mpls ldp
#
bgp 100
peer 45.1.1.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 45.1.1.5 enable
peer 45.1.1.5 route-policy ASWai export
peer 45.1.1.5 label-route-capability
#
ospf 1 router-id 4.4.4.4
import-route bgp //把对端学来的PE2的BGP路由引入到OSPF
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
#
route-policy ASWai permit node 10
apply mpls-label
#
4.3 全部配置文件
【R1的配置文件】
sysname R1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface LoopBack10
ip address 192.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 192.1.1.1 0.0.0.0
#
【R2的配置文件】
sysname R2
ip vpn-instance vpn1
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn1
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 7.7.7.7 as-number 200
peer 7.7.7.7 ebgp-max-hop 10
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 7.7.7.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer 7.7.7.7 enable
#
ipv4-family vpn-instance vpn1
import-route ospf 10
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
ospf 10 router-id 2.2.2.2 vpn-instance vpn1
import-route bgp
area 0.0.0.0
network 12.1.1.2 0.0.0.0
#
【R3的配置文件】
sysname R3
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
#
【R4的配置文件】
sysname R4
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route //mpls开启bgp标签
mpls ldp
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
mpls
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 100
peer 45.1.1.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 45.1.1.5 enable
peer 45.1.1.5 route-policy ASWai export
peer 45.1.1.5 label-route-capability
#
ospf 1 router-id 4.4.4.4
import-route bgp
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
#
route-policy ASWai permit node 10
apply mpls-label
#
【R5的配置文件】
sysname R5
mpls lsr-id 5.5.5.5
mpls
lsp-trigger bgp-label-route //mpls开启bgp标签
mpls ldp
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
mpls
interface GigabitEthernet0/0/1
ip address 56.1.1.5 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 45.1.1.4 as-number 100
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255
peer 45.1.1.4 enable
peer 45.1.1.4 route-policy ASWai export
peer 45.1.1.4 label-route-capability
#
ospf 1 router-id 5.5.5.5
import-route bgp
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.1.1.5 0.0.0.0
#
route-policy ASWai permit node 10
apply mpls-label
#
【R6的配置文件】
sysname R6
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.1.1.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 67.1.1.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
#
【R7的配置文件】
sysname R7
ip vpn-instance vpn2
ipv4-family
route-distinguisher 20:20
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 67.1.1.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn2
ip address 78.1.1.7 255.255.255.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 100
peer 2.2.2.2 ebgp-max-hop 10
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpn2
import-route ospf 10
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
#
ospf 10 router-id 7.7.7.7 vpn-instance vpn2
import-route bgp
area 0.0.0.0
network 78.1.1.7 0.0.0.0
#
【R8的配置文件】
sysname R8
interface GigabitEthernet0/0/0
ip address 78.1.1.8 255.255.255.0
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
interface LoopBack10
ip address 192.8.8.8 255.255.255.255
#
ospf 1
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 78.1.1.8 0.0.0.0
network 192.8.8.8 0.0.0.0
#