步骤如下:
- 将区域AS100内的IGP-isis配置完成,环回接口要进行宣告;
- 将区域AS200内的IGP-ospf配置完成,环回接口要进行宣告;
- 配置AS100、AS200内的BGP(R2、R5不建BGP)不需要在实例中建立邻居关系直接在BGP进程下直接建立邻居关系,IBGP内建议使用环回接口建立(loopback接口),R3、R4上需要配制下一跳指自己;
- 搭建EBGP之间的邻居关系:在R3和R4上进行搭建邻居关系,直接在BGP进程下直接建立邻居关系,建议使用物理接口进行建立;
- 在IBGP内搭建路由反射器:在R7上建立与R1、R3的路由反射关系,直接在BGP进程下直接建立。在R8上建立与R4、R6的路由反射关系,直接在BGP进程下直接建立;
- 在R1、R6上配置 VPN实例vpna并配置RD和RT值:
Ip vpn-instance vpna
Ipv4-family
route-distinguisher x:x(不同设备可以不一样,用于区分路由)
vpn-target x:x(用于接受相同实例的路由,相互通信的实例必须一样)
创建环回接口loopback-1,先绑定VPN实例-vpna:
ip binding vpn-instan vpna
然后配置环回接口IP:
R1:环回接口IP-100.1.1.1/32;
R2:环回接口IP-200.1.1.1/32;
- 进入R1、R6各自的BGP在ipv4-family vpn-instance vpna进程下宣告环回接口的IP;
- 配置mpls:
Mpls lsr-id <x.x.x.x>(配置可通信的地址,通常运用环回接口地址)
Mpls
Mpls ldp
Interface g<x/x/x>
Mpls
Mpls ldp(区域间建立mpls隧道,不能配置此命令,否则将出现区域混乱的现象)
- 在ASBR上配置策略分发标签:
route-policy ebgp permit no 10
apply mpls- label
route-policy ibgp permit no 10
if-match mpls-label
apply mpls-label
- ASBR在IBGP调用策略:peer <x.x.x.x> route-policy ibgp export
ASBR在eBGP调用策略:peer <x.x.x.x> route-policy ebgp export
在所有非ASBR上需要接受ASBR分发的标签:peer <x.x.x.x> label-route-capability
- 在ASBR-R3的BGP内不进实例发布R1、R3的loopback接口IP,在ASBR-R4的BGP内不进实例发布R6、R4的loopback接口IP;
- 在反射器R7、R8上配置路由迭代:route recursive-lookup tunnel
- 在反射器R7、R8上关闭RT检测策略:undo policy vpn-target
- R7与R8先建立BGP邻居关系,通过修改BGP路由传递next-hop规则,实现R7,R8能通过EBGP协议,学习到互相的环回口地址,然后配置mp-ebgp隧道:
peer <x.x.x.x> as-number <x>
Peer <x.x.x.x> ebgp-max-hop <x>
peer <x.x.x.x> connect-interface LoopBack0
Ipv4-famliy vpnv4
Peer <x.x.x.x> enable
- R7与R1建立mp-ibgp隧道用于将R1实例内的环回loopback1的IP传给R7,实现R1与R6环回接口的互联互通:
Ipv4-famliy vpnv4
Peer <x.x.x.x> enable
具体配置命令如下:
R1:
#
sysname r1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
isis 1
network-entity 00.0000.0000.0001.00
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
interface LoopBack1
ip binding vpn-instance vpna
ip address 100.1.1.1 255.255.255.255
#
bgp 100
peer 7.7.7.7 as-number 100
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 7.7.7.7 enable
peer 7.7.7.7 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 7.7.7.7 enable
#
ipv4-family vpn-instance vpna
network 100.1.1.1 255.255.255.255
R2:
#
sysname r2
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
isis 1
network-entity 00.0000.0000.0002.00
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 27.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable
R3:
#
sysname r3
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
isis 1
network-entity 00.0000.0000.0003.00
#
interface GigabitEthernet0/0/0
ip address 34.1.1.3 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 23.1.1.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 100
peer 7.7.7.7 as-number 100
peer 7.7.7.7 connect-interface LoopBack0
peer 34.1.1.4 as-number 200
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255
peer 7.7.7.7 enable
peer 7.7.7.7 route-policy ibgp export
peer 7.7.7.7 next-hop-local
peer 7.7.7.7 label-route-capability
peer 34.1.1.4 enable
peer 34.1.1.4 route-policy ebgp export
peer 34.1.1.4 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 7.7.7.7 enable
#
route-policy ebgp permit node 10
apply mpls-label
#
route-policy ibgp permit node 10
if-match mpls-label
apply mpls-label
R4:
#
sysname r4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
peer 34.1.1.3 as-number 100
#
ipv4-family unicast
undo synchronization
network 8.8.8.8 255.255.255.255
peer 8.8.8.8 enable
peer 8.8.8.8 route-policy ibgp export
peer 8.8.8.8 next-hop-local
peer 8.8.8.8 label-route-capability
peer 34.1.1.3 enable
peer 34.1.1.3 route-policy ebgp export
peer 34.1.1.3 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 8.8.8.8 enable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 45.1.1.0 0.0.0.255
#
route-policy ebgp permit node 10
apply mpls-label
#
route-policy ibgp permit node 10
if-match mpls-label
apply mpls-label
R5:
#
sysname r5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 56.1.1.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 45.1.1.5 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 58.1.1.5 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 45.1.1.0 0.0.0.255
network 56.1.1.0 0.0.0.255
network 58.1.1.0 0.0.0.255
R6:
#
sysname r6
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 6:6
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 56.1.1.6 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance vpna
ip address 200.1.1.1 255.255.255.255
#
bgp 200
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 8.8.8.8 enable
peer 8.8.8.8 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 8.8.8.8 enable
#
ipv4-family vpn-instance vpna
network 200.1.1.1 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.0 0.0.0.255
R7:
#
sysname r7
#
mpls lsr-id 7.7.7.7
mpls
#
mpls ldp
#
isis 1
network-entity 00.0000.0000.0007.00
#
interface GigabitEthernet0/0/2
ip address 27.1.1.7 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 ebgp-max-hop 6
peer 8.8.8.8 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 1.1.1.1 label-route-capability
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 label-route-capability
peer 8.8.8.8 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 8.8.8.8 enable
#
route recursive-lookup tunnel
R8:
#
sysname r8
#
mpls lsr-id 8.8.8.8
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 58.1.1.8 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 as-number 100
peer 7.7.7.7 ebgp-max-hop 6
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 6.6.6.6 label-route-capability
peer 7.7.7.7 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 6.6.6.6 enable
peer 7.7.7.7 enable
#
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 58.1.1.0 0.0.0.0
network 58.1.1.0 0.0.0.255
#
route recursive-lookup tunnel