一、组网需求
- CE1、CE2属于vpna
- vpna使用的VPN-target属性为111:1
- 配置L3VPN迭代OSPF SR-BE隧道,保证相同VPN用户之间的安全互访。同时由于公网PE之间存在多条链路,要求数据流量在公网能够进行负载分担。
二、组网拓扑
三、注意事项
- 实验参考NE40E产品文档
- PE与CE相连的接口绑定了VPN实例后,将删除该接口上已经配置的IP地址、路由协议等三层特性,如果需要应重新配置。
四、配置思路
1. 骨干网上配置OSPF实现PE之间的互通。
2. 骨干网上使能MPLS,配置Segment Routing,建立SR LSP。使能TI-LFA FRR。
3. PE上配置使能IPv4地址族VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
4. PE之间配置MP-IBGP交换路由信息。
5. CE与PE之间配置EBGP交换路由信息。
五、配置步骤
1. 配置各设备的名称和IP地址,略
2. 在骨干网上配置IGP协议,实现骨干网PE和P的互通。本例中以OSPF为例进行说明
## PE1配置,其他骨干网设备配置类似,略
[PE1]ospf 1 router-id 1.1.1.1
[PE1-ospf-1]opaque-capability enable //使能不透明标签,生成LSA
[PE1-ospf-1-area-0.0.0.0]netw 12.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]netw 13.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]netw 1.1.1.1 0.0.0.0
3. 在骨干网上配置MPLS基本能力
## PE1配置,其他骨干网设备配置类似,略
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
4. 在骨干网上配置Segment Routing,同时使能TI-LFA FRR功能
## PE1配置,其他骨干网设备配置类似,略
[PE1]segment-routing
[PE1]ospf
[PE1-ospf-1]segment-routing mpls
[PE1-ospf-1]segment-routing global-block 16000 23999 //所有骨干网设备保持一致
[PE1-ospf-1]frr
[PE1-ospf-1-frr]loop-free-alternate
[PE1-ospf-1-frr]ti-lfa enable
[PE1]int l 0
[PE1-LoopBack0]ospf prefix-sid index 10
## 查看结果
display segment-routing prefix mpls forwarding
display tunnel-info all
5. 在PE之间建立MP-IBGP对等体关系
## PE1配置
[PE1]bgp 100
[PE1-bgp]peer 4.4.4.4 as-number 100
[PE1-bgp]peer 4.4.4.4 con l 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]pe 4.4.4.4 en
Warning: This operation will reset the peer session. Continue? [Y/N]:y
## PE4配置
[PE4]bgp 100
[PE4-bgp]pee 1.1.1.1 as-number 100
[PE4-bgp]pee 1.1.1.1 con l 0
[PE4-bgp]ipv4-famil vpnv4
[PE4-bgp-af-vpnv4]pe 1.1.1.1 en
Warning: This operation will reset the peer session. Continue? [Y/N]:y
## 查看结果
display bgp peer
display bgp vpnv4 all peer
6. 在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
## PE1配置,绑定VPN后会删掉IP地址,需要重新配置上IP,两端RT值保持一致
[PE1]ip vpn-instance vpna
[PE1-vpn-instance-vpna]route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4]vpn-target 111:1
[PE1-vpn-instance-vpna-af-ipv4]int ethe1/0/2
[PE1-Ethernet1/0/2]ip binding vpn-instance vpna
Info: All IPv4 and IPv6 related configurations on this interface are removed.
[PE1-Ethernet1/0/2]ip address 11.1.1.2 255.255.255.0
## 查看结果
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。
各PE能ping通自己接入的CE。
7. 在PE设备上配置隧道选择策略,优选SR LSP。
## PE1配置,PE4配置相似
[PE1]tunnel-policy sr1
Info: New tunnel-policy is configured.
[PE1-tunnel-policy-sr1]tunnel select-seq sr-lsp load-balance-number 2
[PE1]ip vpn vpna
[PE1-vpn-instance-vpna]tnl-policy sr1
8. 在PE与CE之间建立EBGP对等体关系
## CE1配置
[CE1]int g0/0/0
[CE1-GigabitEthernet0/0/0]ip add 11.1.1.1 24
[CE10]int l 0
[CE1-LoopBack0]ip add 192.1.1.1 32
[CE1-LoopBack0]bgp 65410
[CE1-bgp]peer 11.1.1.2 as-number 100
[CE1-bgp]import-route direct //这里直接引入直连,不宣告
## PE1配置
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpna
[PE1-bgp-vpna]peer 11.1.1.1 as-number 65410
## 查看结果
display bgp vpnv4 vpn-instance vpna peer
display ip routing-table vpn-instance vpna
ping -vpn-instance vpna 192.1.1.1
9. 结果验证,CE1 ping CE2
六、全部配置文件
1. CE1配置文件
sysname CE1
interface GigabitEthernet0/0/0
ip address 11.1.1.1 255.255.255.0
interface LoopBack0
ip address 192.1.1.1 255.255.255.255
#
bgp 65410
peer 11.1.1.2 as-number 100
#
ipv4-family unicast
import-route direct
peer 11.1.1.2 enable
#
2. PE1配置文件
sysname PE1
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
tnl-policy sr1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
mpls lsr-id 1.1.1.1
mpls
segment-routing
interface Ethernet1/0/0
ip address 12.1.1.1 255.255.255.0
interface Ethernet1/0/1
ip address 13.1.1.1 255.255.255.0
interface Ethernet1/0/2
ip binding vpn-instance vpna
ip address 11.1.1.2 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf prefix-sid index 10
bgp 100
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpna
peer 11.1.1.1 as-number 65410
#
ospf 1 router-id 1.1.1.1
opaque-capability enable
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate
ti-lfa enable
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 13.1.1.1 0.0.0.0
#
tunnel-policy sr1
tunnel select-seq sr-lsp load-balance-number 2
3. P2配置文件
sysname P2
mpls lsr-id 2.2.2.2
#
mpls
segment-routing
#
interface Ethernet1/0/0
ip address 12.1.1.2 255.255.255.0
interface Ethernet1/0/1
ip address 24.1.1.2 255.255.255.0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf prefix-sid index 20
ospf 1 router-id 2.2.2.2
opaque-capability enable
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate
ti-lfa enable
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 24.1.1.2 0.0.0.0
#
4. P3配置文件
sysname P3
mpls lsr-id 3.3.3.3
#
mpls
segment-routing
interface Ethernet1/0/0
ip address 13.1.1.3 255.255.255.0
interface Ethernet1/0/1
ip address 34.1.1.3 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf prefix-sid index 30
ospf 1 router-id 3.3.3.3
opaque-capability enable
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate
ti-lfa enable
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
#
5. PE4配置文件
sysname PE4
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
tnl-policy sr1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 4.4.4.4
#
mpls
segment-routing
#
interface Ethernet1/0/0
ip address 24.1.1.4 255.255.255.0
interface Ethernet1/0/1
ip address 34.1.1.4 255.255.255.0
interface Ethernet1/0/2
ip binding vpn-instance vpna
ip address 42.1.1.4 255.255.255.0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf prefix-sid index 40
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpna
peer 42.1.1.2 as-number 65420
#
ospf 1 router-id 4.4.4.4
opaque-capability enable
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate
ti-lfa enable
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 24.1.1.4 0.0.0.0
network 34.1.1.4 0.0.0.0
#
tunnel-policy sr1
tunnel select-seq sr-lsp load-balance-number 2
6. CE2配置文件
sysname CE2
interface GigabitEthernet0/0/0
ip address 42.1.1.2 255.255.255.0
interface LoopBack0
ip address 192.2.2.2 255.255.255.255
#
bgp 65420
peer 42.1.1.4 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 42.1.1.4 enable
#
扫一扫
518
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
