MPLS VPN跨域A

  1. 拓扑设计

  1. 拓扑介绍

  如图,上海分公司与山东分公司之间为保证业务可以互通,需要使用MPLS VPN技术进行连接。中间R3与R4之间运行IGP,使用IGP传递路由,因为网络需要经过联通与移动两个AS域,所以使用MPLS VPN OptionA方案来进行配置。

  1. 数据配置

R1配置

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 1:1

  vpn-target 1:3 export-extcommunity

  vpn-target 3:1 import-extcommunity

#

mpls lsr-id 1.1.1.1

mpls

#

mpls ldp

isis 1

 is-level level-2

 cost-style wide

 network-entity 49.0000.0000.0001.00

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip binding vpn-instance vpn1

 ip address 17.1.1.1 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface GigabitEthernet0/0/1

 ip address 12.1.1.1 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

 isis enable 1

#

bgp 100

 peer 3.3.3.3 as-number 100

 peer 3.3.3.3 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 3.3.3.3 enable

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 3.3.3.3 enable

 #

 ipv4-family vpn-instance vpn1

  import-route ospf 1

#

ospf 1 vpn-instance vpn1

 import-route bgp

 area 0.0.0.0

#

R2配置

mpls lsr-id 2.2.2.2

mpls

#

mpls ldp

#

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

isis 1

 is-level level-2

 cost-style wide

 network-entity 49.0000.0000.0002.00

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip address 12.1.1.2 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 23.1.1.2 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

 isis enable 1

R3配置

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 3:3

  vpn-target 3:1 export-extcommunity

  vpn-target 1:3 import-extcommunity

#

mpls lsr-id 3.3.3.3

mpls

#

mpls ldp

#

interface GigabitEthernet0/0/0

 ip address 23.1.1.3 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/1

 ip binding vpn-instance vpn1

 ip address 34.1.1.3 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface LoopBack0

 ip address 3.3.3.3 255.255.255.255

 isis enable 1

#

bgp 100

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 1.1.1.1 enable

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 1.1.1.1 enable

 #

 ipv4-family vpn-instance vpn1

  import-route ospf 1

#

ospf 1 vpn-instance vpn1

 import-route bgp

 dn-bit-check disable summary

 dn-bit-check disable ase

 dn-bit-check disable nssa

 area 0.0.0.0

R4配置

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 4:4

  vpn-target 4:6 export-extcommunity

  vpn-target 6:4 import-extcommunity

#

mpls lsr-id 4.4.4.4

mpls

#

mpls ldp

#

isis 1

 is-level level-2

 cost-style wide

 network-entity 50.0000.0000.0004.00

#

interface GigabitEthernet0/0/0

 ip binding vpn-instance vpn1

 ip address 34.1.1.4 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface GigabitEthernet0/0/1

 ip address 45.1.1.4 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface LoopBack0

 ip address 4.4.4.4 255.255.255.255

 isis enable 1

#

bgp 200

 peer 6.6.6.6 as-number 200

 peer 6.6.6.6 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 6.6.6.6 enable

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 6.6.6.6 enable

 #

 ipv4-family vpn-instance vpn1

  import-route ospf 1

#

ospf 1 vpn-instance vpn1

 import-route bgp

 dn-bit-check disable summary

 dn-bit-check disable ase

 dn-bit-check disable nssa

 area 0.0.0.0

R5配置

mpls lsr-id 5.5.5.5

mpls

#

mpls ldp

#

isis 1

 is-level level-2

 cost-style wide

 network-entity 50.0000.0000.0005.00

#

interface GigabitEthernet0/0/0

 ip address 45.1.1.5 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/1

 ip address 56.1.1.5 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface LoopBack0

 ip address 5.5.5.5 255.255.255.255

 isis enable 1

R6配置

ip vpn-instance vpn1

 ipv4-family

  route-distinguisher 6:6

  vpn-target 6:4 export-extcommunity

  vpn-target 4:6 import-extcommunity

#

mpls lsr-id 6.6.6.6

mpls

#

mpls ldp

#

isis 1

 is-level level-2

 cost-style wide

 network-entity 50.0000.0000.0006.00

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip address 56.1.1.6 255.255.255.0

 isis enable 1

 mpls

 mpls ldp

#

interface GigabitEthernet0/0/1

 ip binding vpn-instance vpn1

 ip address 68.1.1.6 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface LoopBack0

 ip address 6.6.6.6 255.255.255.255

 isis enable 1

#

bgp 200

 peer 4.4.4.4 as-number 200

 peer 4.4.4.4 connect-interface LoopBack0

 #

 ipv4-family unicast

  undo synchronization

  peer 4.4.4.4 enable

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 4.4.4.4 enable

 #

 ipv4-family vpn-instance vpn1

  import-route ospf 1

#

ospf 1 vpn-instance vpn1

 import-route bgp

 area 0.0.0.0

R7配置

interface GigabitEthernet0/0/0

 ip address 17.1.1.7 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

 ip address 7.7.7.7 255.255.255.255

 ospf enable 1 area 0.0.0.0

#

ospf 1

R8配置

interface GigabitEthernet0/0/0

 ip address 68.1.1.8 255.255.255.0

 ospf enable 1 area 0.0.0.0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

 ip address 8.8.8.8 255.255.255.255

 ospf enable 1 area 0.0.0.0

#

ospf 1

 area 0.0.0.0

  1. 查看现象

由此可见,VPN可以正常转发数据包

  1. 注意事项

 接收不到OSPF的时候,需要考虑是否是dn位的问题

  1. 转发平面
  • R7的路由通过OSPF传递给R1,R1把路由通过MP-BGP传递给R3,此时R3上面有收方向实例,就会接收路由;R3会把R4当做CE设备,绑定到端口通过IGP协议传递给R4;R4收到路由后把路由变为VPNV4路由通过MP-BGP传递给R6,R6把路由交到实例里面传给R8设备。
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

ICT大龙

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值