方案二
方案二有个缺点是如果冗余线路,会有双点双向重分布的问题,因为asbr把bgp路由直接引入了igp
使用两层标签,两边asbr互联发送两层标签,私网标签和路由策略分发的中层标签。
在PE和ASBR-PE之间不用配置IBGP邻居关系,当ASBR-PE从对端的ASBR-PE学到对端AS域内的带标签BGP公网路由后,通过在ASBR-PE上将BGP路由引入IGP协议之中,LDP就能够为这些路由分配标签,触发建立跨域的LDP LSP。这样就能实现OptionC方式跨域的BGP/MPLS IP VPN。
c2方案和c1区别是asbr上面igp直接引入bgp,然后asbr和p之间不建立bgp连接
asbr只和asbr之间建立普通的ebgp连接
两边asbr都要全局mpls下开启
mpls
lsp-trigger bgp-label-route
配置思路
本例采用OptionC方式实现。配置主要思路是:
1.各AS内的MPLS骨干网上分别配置IGP协议,实现各自骨干网ASBR-PE和PE之间的互通。
2.各AS内的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP,建立LDP LSP。
3.各AS内,与CE相连的PE上需配置VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
4.各AS内,RR与RR之间建立EBGP对等体关系,交换VPN路由信息。
5.将域内PE的路由发布给对端PE:先在本端ASBR-PE上通过BGP将域内PE的路由发布给对端ASBR-PE,在远端ASBR-PE上将BGP路由引入到IGP,则远端PE就依靠IGP学到了本端域内PE的路由。
6.在ASBR-PE上配置路由策略:对于向对端ASBR-PE发布的路由,分配MPLS标签。
7.ASBR-PE与对端ASBR-PE之间能够交换带标签的IPv4路由。
8.在ASBR-PE上配置为带标签的公网BGP路由建立LDP LSP。
9.在不同AS间的PE间建立MP-EBGP对等体关系;不同AS间的PE通常不是直连的,为了在它们之间建立EBGP连接,需要配置PE之间允许的最大跳数。
R2:
dis current-configuration
[V200R003C00]
sysname r2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 2.2.2.2
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
mpls lsr-id 2.2.2.2
mpls
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn
ip address 10.0.12.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
ipv4-family vpn-instance vpn
peer 10.0.12.1 as-number 65001
ospf 1
area 0.0.0.0
network 10.0.23.2 0.0.0.0
R3
[r3]dis current-configuration
[V200R003C00]
sysname r3
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 3.3.3.3
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 3.3.3.3
mpls
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
undo peer 6.6.6.6 enable
ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 next-hop-invariable
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable
ospf 1
area 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0
R4
dis current-configuration
[V200R003C00]
sysname r4
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 4.4.4.4
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls
interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 100
peer 10.0.45.5 as-number 200
ipv4-family unicast
undo synchronization
import-route ospf 1
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy asbr export
peer 10.0.45.5 label-route-capability
ospf 1
import-route bgp
area 0.0.0.0
network 10.0.34.4 0.0.0.0
route-policy asbr permit node 10
if-match ip-prefix host
apply mpls-label
route-policy asbr permit node 20
ip ip-prefix host index 10 permit 0.0.0.0 0 greater-equal 32 less-equal 32
R5
dis current-configuration
[V200R003C00]
sysname r5
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 5.5.5.5
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 5.5.5.5
mpls
lsp-trigger bgp-label-route
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
mpls
interface GigabitEthernet0/0/1
ip address 10.0.56.5 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 10.0.57.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 10.0.45.4 as-number 100
ipv4-family unicast
undo synchronization
import-route ospf 1
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy asbr export
peer 10.0.45.4 label-route-capability
ospf 1
import-route bgp
area 0.0.0.0
network 10.0.56.5 0.0.0.0
route-policy asbr permit node 10
if-match ip-prefix host
apply mpls-label
route-policy asbr permit node 20
ip ip-prefix host index 10 permit 0.0.0.0 0 greater-equal 32 less-equal 32
R6
dis current-configuration
[V200R003C00]
sysname r6
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 6.6.6.6
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
mpls lsr-id 6.6.6.6
mpls
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.56.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 3.3.3.3 as-number 100
peer 3.3.3.3 ebgp-max-hop 255
peer 3.3.3.3 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
undo peer 7.7.7.7 enable
ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-invariable
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 next-hop-invariable
ospf 1
area 0.0.0.0
network 10.0.56.6 0.0.0.0
network 10.0.67.6 0.0.0.0
R7:
dis current-configuration
[V200R003C00]
sysname r7
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
router id 7.7.7.7
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
mpls lsr-id 7.7.7.7
mpls
mpls ldp
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 10.0.78.7 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.0.57.7 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface NULL0
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
ospf enable 1 area 0.0.0.0
bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 6.6.6.6 enable
ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable
ipv4-family vpn-instance vpn
peer 10.0.78.8 as-number 65002
ospf 1
area 0.0.0.0
network 10.0.67.7 0.0.0.0