MPLS VPN 跨域RR C1&C2方案
RR C1
目录
带RR的mpls vpn 跨域C1方案,是需要RR与RR之间建立MP EBGP关系,增加RR的本质就是减少IBGP邻居关系的建立,公网路由走向是 3 9 1 4 10 6,我们需要在3和9(RR)上建立ibgp邻居关系,9(RR)和 1建立IBGP邻居关系 ,依次类推建立bgp邻居关系。我们采用C1方案使用策略标签传递路由。我们其实可以将RR也看做一个PE,当作PE与PE之间建立MP EBGP。
配置思路
- 我们首先要建立BGP邻居关系,建立反射关系
- 我们需要建立RR与RR之间的mp ebgp隧道,所以我们需要使用标签策略。并且宣告9.9.9.9和3.3.3.3在9上,在10上宣告10.10.10.10 和6.6.6.6.我们不需要在PE上建立MP EBGP,但是得有LDP隧道转发。还需要注意RR上不配置实例,需要关闭RT的检查。从而才能收到VPNV4的路由。
- 我们需要考虑LDP默认是不会为BGP路由打标签的,我们需要使其给BGP路由打标签。
- 有路由了以后,我们开始传递私网路由,需要在3 和 9(RR)建立vpnv4关系。RR和RR之间建立MP EBGP, 10(RR)和6建立mp bgp 关系。为了避免次优路径的产生我们需要在配置传递时不改变下一跳。最优的下一跳直接是R3或者是R6。
配置总结
9(RR):
[RR9]dis current-configuration
[V200R003C00]
sysname RR9
mpls lsr-id 9.9.9.9 //配置MPLS ID
mpls
mpls ldp
isis 100
is-level level-2 //底层互通isis
cost-style wide
network-entity 49.0001.0000.0000.0009.00
interface GigabitEthernet0/0/0
ip address 100.1.39.9 255.255.255.0
isis enable 100
mpls
mpls ldp
interface LoopBack0
ip address 9.9.9.9 255.255.255.255
isis enable 100
bgp 100
router-id 9.9.9.9
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 ebgp-max-hop 255
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast //与R1 R3建立BGP邻居关系,支持标签功能,配置反射关系
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 1.1.1.1 label-route-capability
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 label-route-capability
peer 10.10.10.10 enable
#
ipv6-family unicast
undo synchronization
#
ipv4-family vpnv4
undo policy vpn-target //关闭RT检查,从而可以收到vpnv4路由
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-invariable //传递时候不改变下一跳
peer 10.10.10.10 enable //与RR10建立MP EBGP关系
peer 10.10.10.10 next-hop-invariable
R3:
[V200R003C00]
#
sysname AS100-3
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:200
vpn-target 100:200 export-extcommunity
vpn-target 100:200 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0003.00
interface GigabitEthernet0/0/0
ip address 100.1.39.3 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 100.1.23.3 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn1
ip address 192.168.100.3 255.255.255.0
ospf enable 1 area 0.0.0.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 100
#
bgp 100 //和9建立MPLS EBGP邻居关系
peer 9.9.9.9 as-number 100
peer 9.9.9.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 9.9.9.9 enable
peer 9.9.9.9 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 9.9.9.9 enable
#
ipv4-family vpn-instance vpn1
import-route ospf 1 //引入
#
ospf 1 router-id 3.3.3.3 vpn-instance vpn1 //OSPF绑定实例
import-route bgp //引入
area 0.0.0.0
R2:
[AS100-2]DIS current-configuration
[V200R003C00]
#
sysname AS100-2
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0002.00
interface GigabitEthernet0/0/0
ip address 100.1.12.2 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 100.1.23.2 255.255.255.0
isis enable 100
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 100
R1(ASBR):
<AS100-1>dis current-configuration
[V200R003C00]
#
sysname AS100-1
mpls lsr-id 1.1.1.1
mpls
lsp-trigger bgp-label-route //开启给bgp路由大标签的功能
#
mpls ldp
#
#
isis 100 //底层网络isis
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0001.00
#
interface GigabitEthernet0/0/0
ip address 100.1.12.1 255.255.255.0
isis enable 100
mpls
mpls ldp
interface GigabitEthernet0/0/2 //开启mpls 功能
ip address 120.1.14.1 255.255.255.0
mpls
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 100
#
bgp 100
peer 9.9.9.9 as-number 100 //与RR建立BGP关系
peer 120.1.14.4 as-number 200
#
ipv4-family unicast
undo synchronization
network 3.3.3.3 255.255.255.255
network 9.9.9.9 255.255.255.255
peer 9.9.9.9 enable
peer 9.9.9.9 route-policy 2 export //传递标签路由
peer 9.9.9.9 label-route-capability
peer 120.1.14.4 enable
peer 120.1.14.4 route-policy 1 export
peer 120.1.14.4 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
#
route-policy 1 permit node 5 //标签路由
apply mpls-label
#
route-policy 2 permit node 5 //匹配带标签的路由,再次打标签
if-match mpls-label
apply mpls-label
<AS100-1>
R4(ASBR):
<AS200-4>DIS current-configuration
[V200R003C00]
#
sysname AS200-4
#
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route //给bgp路由打标签
#
mpls ldp
#
isis 200
is-level level-2
cost-style wide
network-entity 49.0002.0000.0000.0004.00
interface GigabitEthernet0/0/0
ip address 200.1.45.4 255.255.255.0
isis enable 200
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 120.1.14.4 255.255.255.0
mpls
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 200
#
bgp 200
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
peer 120.1.14.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
network 10.10.10.10 255.255.255.255
peer 10.10.10.10 enable
peer 10.10.10.10 route-policy 2 export
peer 10.10.10.10 label-route-capability
peer 120.1.14.1 enable
peer 120.1.14.1 route-policy 1 export
peer 120.1.14.1 label-route-capability
#
route-policy 1 permit node 5
apply mpls-label
#
route-policy 2 permit node 5
if-match mpls-label
apply mpls-label
R5:
<AS200-5>DIS current-configuration
[V200R003C00]
#
sysname AS200-5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
isis 200
is-level level-2
cost-style wide
network-entity 49.0002.0000.0000.0005.00
interface GigabitEthernet0/0/0
ip address 200.1.45.5 255.255.255.0
isis enable 200
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 200.1.56.5 255.255.255.0
isis enable 200
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 200
R6:
<AS200-6>DIS CU
<AS200-6>DIS current-configuration
[V200R003C00]
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:200
vpn-target 100:200 export-extcommunity
vpn-target 100:200 import-extcommunity
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
isis 200
is-level level-2
cost-style wide
network-entity 49.0002.0000.0000.0006.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.1.6 255.255.255.0
isis enable 200
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 200.1.56.6 255.255.255.0
isis enable 200
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn1
ip address 192.168.200.6 255.255.255.0
ospf enable 1 area 0.0.0.0
#
ip address 6.6.6.6 255.255.255.255
isis enable 200
#
bgp 200
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.10 enable
peer 10.10.10.10 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 10.10.10.10 enable
#
ipv4-family vpn-instance vpn1
import-route ospf 1
#
ospf 1 router-id 6.6.6.6 vpn-instance vpn1
import-route bgp
area 0.0.0.0
R10(RR):
<RR10>DIS current-configuration
[V200R003C00]
#
sysname RR10
mpls lsr-id 10.10.10.10
mpls
#
mpls ldp
#
isis 200
is-level level-2
cost-style wide
network-entity 49.0002.0000.0000.0010.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.1.10 255.255.255.0
isis enable 200
mpls
mpls ldp
#
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
isis enable 200
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 9.9.9.9 as-number 100
peer 9.9.9.9 ebgp-max-hop 255
peer 9.9.9.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 6.6.6.6 label-route-capability
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-invariable
#
ipv4-family vpnv4
undo policy vpn-target
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-invariable
配置总结
我们来验证一下:
看看流量的路径