实现利用MPLS VPN技术实现R5与R6互访时流量需要经过R4
数据包转发过程
- R6访问R5,R6产生数据包,源地址192.168.6.6 目的地址192.168.5.5
- 根据路由表将数据包交给了R3,进入R3时因为接口绑定在了R3的VRF实例中,所以数据包直接进入R3的VRF实例,并查看VRF的转发表
- 发现目的地址的路由隧道ID为0x3,就将数据包交到了对应的隧道中,封装了MP-BGP标签,另外按照MPLS隧道的出口将数据包发给了R1
- R1收到数据包后根据MP-BGP的标签把数据包转给了R1的VRF in实例
- R1根据VRF in实例的路由表按照下一跳通过ospf 14将数据包转给了R4
- R4收到数据包之后查询路由表,又按照ospf 41将数据包交给了R1的VRF out实例
- 收到数据包后,查询VRF out的路由表,下一跳交给了R2,R2又通过用户侧的路由交给了R5
1.底层IGP互通
R1
isis 1
is-level level-2
cost-style wide
network-entity 49.0000.0000.0001.00
R2
isis 1
is-level level-2
cost-style wide
network-entity 49.0000.0000.0002.00
R3
isis 1
is-level level-2
cost-style wide
network-entity 49.0000.0000.0003.00
2.BGP建立,并启用VPN V4路由
R1
bgp 123
peer 2.2.2.2 as-number 123
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 123
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family vpnv4 //能够传递VPN V4路由
peer 2.2.2.2 enable
peer 3.3.3.3 enable
R2
bgp 123
peer 3.3.3.3 as-number 123
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 123
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4 //能够传递VPN V4路由
peer 1.1.1.1 enable
peer 3.3.3.3 enable
R3
bgp 123
peer 2.2.2.2 as-number 123
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 123
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4 //能够传递VPN V4路由
peer 1.1.1.1 enable
peer 2.2.2.2 enable
3.MPLS建立
R1
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
R2
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
R3
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
1.创建VRF实例
R1
ip vpn-instance vpn1
ipv4-family
route-distinguisher 2:2
vpn-target 25:25 export-extcommunity
vpn-target 52:52 import-extcommunity
R2
ip vpn-instance vpn1
ipv4-family
route-distinguisher 3:3
vpn-target 36:36 export-extcommunity
vpn-target 63:63 import-extcommunity
2.将VRF实例绑定到连接用户的接口,用户流量直接进入VRF实例
R2
int g0/0/2
ip binding vpn-instance vpn1
ip address 192.168.25.2 24 //绑定VRF实例后,关于IP的配置都会失效,需要重新配置
R3
int g0/0/2
ip binding vpn-instance vpn1
ip address 192.168.36.3 24
3.配置路由学习用户侧路由
R2
ospf 1 vpn-instance vpn1
area 0
qu
int g0/0/2
ospf enable 1 area 0
R3
ospf 1 vpn-instance vpn1
area 0
qu
int g0/0/2
ospf enable 1 area 0
1.R1创建入方向VRF,现在R1可以收到R2与R3的路由并放到入方向VRF中
ip vpn-instance in
ipv4-family
route-distinguisher 14:14 RD值
vpn-target 25:25 36:36 import-extcommunity 接收RT值
2.R4稍后将路由传递给R1的出方向VRF,建立出方向VRF,将R3,R2的路由做了交互动作
R1配置出方向VRF
ip vpn-instance out
ipv4-family
route-distinguisher 41:41
vpn-target 52:52 63:63 export-extcommunity
vpn-target 52:52 63:63 import-extcommunity
1.R1与R4建立IGP,并将in VRF里面的路由传递给R4
R1
ospf 14 vpn-instance in
import-route bgp
dn-bit-set disable summary 用于防止环路产生
area 0.0.0.0
interface GigabitEthernet0/0/2.14
dot1q termination vid 14
ip binding vpn-instance in
ip address 192.168.14.1 255.255.255.0
ospf enable 14 area 0.0.0.0
arp broadcast enable
R4
ospf 1 router-id 4.4.4.4
area 0.0.0.0
interface GigabitEthernet0/0/2.14
dot1q termination vid 14
ip address 192.168.14.4 255.255.255.0
ospf enable 1 area 0.0.0.0
arp broadcast enable
2.R4使用OSPF将传递给 R1的out方向VRF
R4
ospf 1
area 0
interface GigabitEthernet0/0/2.41
dot1q termination vid 41
ip address 192.168.41.4 255.255.255.0
ospf enable 1 area 0.0.0.0
arp broadcast enable
R1
ospf 41 vpn-instance out
area 0.0.0.0
interface GigabitEthernet0/0/2.41
dot1q termination vid 41
ip binding vpn-instance out 绑定到出方向VRF
ip address 192.168.41.1 255.255.255.0
ospf enable 41 area 0.0.0.0
arp broadcast enable
1.R2将R5的路由引入到BGP中,并将BGP引入到OSPF中传递给R5
bgp 123
ipv4-family vpn-instance vpn1
import-route ospf 1
ospf 1 vpn-instance vpn1
import-route bgp
area 0.0.0.0
2.R3将R6的路由引入到BGP中,并将BGP引入到OSPF中传递给R6
bgp 123
ipv4-family vpn-instance vpn1
import-route ospf 1
ospf 1 vpn-instance vpn1
import-route bgp
area 0.0.0.0