华为mpls vpn跨域C-1方案配置案例

项目工程师余工

已于 2024-02-26 23:19:05 修改

阅读量1k

点赞数

分类专栏：网络工程文章标签：华为网络

于 2023-07-02 13:22:09 首次发布

项目工程师余工

本文链接：https://blog.csdn.net/ydaxia110/article/details/131500025

版权

网络工程专栏收录该内容

238 篇文章 38 订阅

订阅专栏

在这里插入图片描述

解决思路：

c1方案的主要思路是直接两边pe建立mp-ebgp邻居。
使用三层标签，内层mp-bgp分发，中层asbr策略分发，外层ldp分发。

c1难点是主要解决两边pe或者rr建立vpnv4路由后，两边pe的loopback口的地址mpls隧道互通问题
两边pe建立完vpnv4路由后都可以学到对端域内的私网路由，但是发现不是有效的路由，因为两边的pe的mpls没打通。
私网标签是对端pe直接通过vpnv4路由发给本端pe的，中层标签是本端asbr发给本端pe设备用的，外层标签是本域内ldp分发使用的，防止p设备不清楚中层标签如何传递使用的。两边asbr只传递私网标签和中层标签。

配置思路(P就是RR)

pe至p使用vpnn4路路，P设备建立对pe的vpnv4客户端反射
p到pe、asbr之间的ipv4路由客户端反射
p至asbr使用ibgp路由
asbr至asbr之间要开mpls，但不开ldp
asbr要开next-hop-local，pe则不需要开
asbr之间建立ebgp
asbr上面要在bgp中导入igp协议
p到p之间建立vpnv4路由，并改bgp跳数
p至p建立连接后要在ipv4-falmy unicast中关闭undo XXXX enabe，因为已经通过asbr学到对端路由了，再从对端P学到等于学了2遍，会有问题。
p设备next-hop-invalvbo 下一跳无效，因为pe至asbr有一条线，让业务数据默认走那条线
pe上起vpn实例，绑到接ce口上
pe的bgp的vpn实例中设备和ce连接
pe到p到asbr所有bgp的ipv4连接指定发送 label-route-capability功能，包括asbr之间也得开
asbr对p、对对端asbr都要对报文加上mpls-lab（先建立route-policy 再在bgp里面调用 )

asbr对p端策略是如果检测到对端有带标签的数据包过来:
if-match apply-label
apply mpls-label

asbr对对端asbr发送过去的直接打上标签：
apply mpls-label

R2:

dis current-configuration
[V200R003C00]

sysname pe1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2
mpls

mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.23.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability

ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable

ipv4-family vpn-instance vpn
peer 10.0.12.1 as-number 65001

ospf 1
area 0.0.0.0

R3:

dis current-configuration
[V200R003C00]

sysname p1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3
mpls

mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
undo peer 6.6.6.6 enable

ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 next-hop-invariable
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable

ospf 1
area 0.0.0.0

R4

dis current-configuration
[V200R003C00]

sysname asbr1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 4.4.4.4
mpls

mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls

interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 10.0.45.5 as-number 200

ipv4-family unicast
undo synchronization
import-route ospf 1
peer 3.3.3.3 enable
peer 3.3.3.3 route-policy rr export
peer 3.3.3.3 next-hop-local
peer 3.3.3.3 label-route-capability
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy asbr export
peer 10.0.45.5 label-route-capability

ospf 1
area 0.0.0.0

route-policy rr permit node 10
if-match mpls-label
apply mpls-label

route-policy asbr permit node 20
apply mpls-label

R5

dis current-configuration
[V200R003C00]

sysname asbr2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 5.5.5.5
mpls

mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.56.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.45.5 255.255.255.0
mpls

interface GigabitEthernet0/0/2
ip address 10.0.57.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 5.5.5.5 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 10.0.45.4 as-number 100

ipv4-family unicast
undo synchronization
import-route ospf 1
peer 6.6.6.6 enable
peer 6.6.6.6 route-policy rr export
peer 6.6.6.6 next-hop-local
peer 6.6.6.6 label-route-capability
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy asbr export
peer 10.0.45.4 label-route-capability

ospf 1
area 0.0.0.0

route-policy rr permit node 10
if-match mpls-label
apply mpls-label

route-policy asbr permit node 20
apply mpls-label

R6

dis current-configuration
[V200R003C00]

sysname p2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6
mpls

mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.56.6 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 200
peer 3.3.3.3 as-number 100
peer 3.3.3.3 ebgp-max-hop 255
peer 3.3.3.3 connect-interface LoopBack0
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 5.5.5.5 label-route-capability
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability

ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-invariable
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 next-hop-invariable

ospf 1
area 0.0.0.0