解决思路:
c1方案的主要思路是直接两边pe建立mp-ebgp邻居。
使用三层标签,内层mp-bgp分发,中层asbr策略分发,外层ldp分发。
c1难点是主要解决两边pe或者rr建立vpnv4路由后,两边pe的loopback口的地址mpls隧道互通问题
两边pe建立完vpnv4路由后都可以学到对端域内的私网路由,但是发现不是有效的路由,因为两边的pe的mpls没打通。
私网标签是对端pe直接通过vpnv4路由发给本端pe的,中层标签是本端asbr发给本端pe设备用的,外层标签是本域内ldp分发使用的,防止p设备不清楚中层标签如何传递使用的。两边asbr只传递私网标签和中层标签。
配置思路(P就是RR)
pe至p使用vpnn4路路,P设备建立对pe的vpnv4客户端反射
p到pe、asbr之间的ipv4路由客户端反射
p至asbr使用ibgp路由
asbr至asbr之间要开mpls,但不开ldp
asbr要开next-hop-local,pe则不需要开
asbr之间建立ebgp
asbr上面要在bgp中导入igp协议
p到p之间建立vpnv4路由,并改bgp跳数
p至p建立连接后要在ipv4-falmy unicast中关闭undo XXXX enabe,因为已经通过asbr学到对端路由了,再从对端P学到等于学了2遍,会有问题。
p设备next-hop-invalvbo 下一跳无效,因为pe至asbr有一条线,让业务数据默认走那条线
pe上起vpn实例,绑到接ce口上
pe的bgp的vpn实例中设备和ce连接
pe到p到asbr所有bgp的ipv4连接指定发送 label-route-capability功能,包括asbr之间也得开
asbr对p、对对端asbr都要对报文加上mpls-lab(先建立route-policy 再在bgp里面调用 )
asbr对p端策略是如果检测到对端有带标签的数据包过来:
if-match apply-label
apply mpls-label
asbr对对端asbr发送过去的直接打上标签:
apply mpls-label
R2:
dis current-configuration
[V200R003C00]
sysname pe1
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 2.2.2.2
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.23.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 10.0.12.2 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
ipv4-family vpn-instance vpn
peer 10.0.12.1 as-number 65001
ospf 1
area 0.0.0.0
R3:
dis current-configuration
[V200R003C00]
sysname p1
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 3.3.3.3
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
undo peer 6.6.6.6 enable
ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 next-hop-invariable
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable
ospf 1
area 0.0.0.0
R4
dis current-configuration
[V200R003C00]
sysname asbr1
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 4.4.4.4
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls
interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 10.0.45.5 as-number 200
ipv4-family unicast
undo synchronization
import-route ospf 1
peer 3.3.3.3 enable
peer 3.3.3.3 route-policy rr export
peer 3.3.3.3 next-hop-local
peer 3.3.3.3 label-route-capability
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy asbr export
peer 10.0.45.5 label-route-capability
ospf 1
area 0.0.0.0
route-policy rr permit node 10
if-match mpls-label
apply mpls-label
route-policy asbr permit node 20
apply mpls-label
R5
dis current-configuration
[V200R003C00]
sysname asbr2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 5.5.5.5
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 5.5.5.5
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.56.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.45.5 255.255.255.0
mpls
interface GigabitEthernet0/0/2
ip address 10.0.57.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 10.0.45.4 as-number 100
ipv4-family unicast
undo synchronization
import-route ospf 1
peer 6.6.6.6 enable
peer 6.6.6.6 route-policy rr export
peer 6.6.6.6 next-hop-local
peer 6.6.6.6 label-route-capability
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy asbr export
peer 10.0.45.4 label-route-capability
ospf 1
area 0.0.0.0
route-policy rr permit node 10
if-match mpls-label
apply mpls-label
route-policy asbr permit node 20
apply mpls-label
R6
dis current-configuration
[V200R003C00]
sysname p2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 6.6.6.6
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.56.6 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 3.3.3.3 as-number 100
peer 3.3.3.3 ebgp-max-hop 255
peer 3.3.3.3 connect-interface LoopBack0
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 5.5.5.5 label-route-capability
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability
ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-invariable
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 next-hop-invariable
ospf 1
area 0.0.0.0
标题R7:
dis current-configuration
[V200R003C00]
sysname pe2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 7.7.7.7
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 10.0.78.7 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.0.57.7 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 6.6.6.6 enable
peer 6.6.6.6 label-route-capability
ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable
ipv4-family vpn-instance vpn
peer 10.0.78.8 as-number 65002
ospf 1
area 0.0.0.0