华为mpls vpn跨域C-2方案配置案例

方案二
方案二有个缺点是如果冗余线路，会有双点双向重分布的问题，因为asbr把bgp路由直接引入了igp

使用两层标签，两边asbr互联发送两层标签，私网标签和路由策略分发的中层标签。

在PE和ASBR-PE之间不用配置IBGP邻居关系，当ASBR-PE从对端的ASBR-PE学到对端AS域内的带标签BGP公网路由后，通过在ASBR-PE上将BGP路由引入IGP协议之中，LDP就能够为这些路由分配标签，触发建立跨域的LDP LSP。这样就能实现OptionC方式跨域的BGP/MPLS IP VPN。

c2方案和c1区别是asbr上面igp直接引入bgp，然后asbr和p之间不建立bgp连接

asbr只和asbr之间建立普通的ebgp连接

两边asbr都要全局mpls下开启
mpls
lsp-trigger bgp-label-route

配置思路
本例采用OptionC方式实现。配置主要思路是：
1.各AS内的MPLS骨干网上分别配置IGP协议，实现各自骨干网ASBR-PE和PE之间的互通。
2.各AS内的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP，建立LDP LSP。
3.各AS内，与CE相连的PE上需配置VPN实例，并把与CE相连的接口和相应的VPN实例绑定。
4.各AS内，RR与RR之间建立EBGP对等体关系，交换VPN路由信息。
5.将域内PE的路由发布给对端PE：先在本端ASBR-PE上通过BGP将域内PE的路由发布给对端ASBR-PE，在远端ASBR-PE上将BGP路由引入到IGP，则远端PE就依靠IGP学到了本端域内PE的路由。
6.在ASBR-PE上配置路由策略：对于向对端ASBR-PE发布的路由，分配MPLS标签。
7.ASBR-PE与对端ASBR-PE之间能够交换带标签的IPv4路由。
8.在ASBR-PE上配置为带标签的公网BGP路由建立LDP LSP。
9.在不同AS间的PE间建立MP-EBGP对等体关系；不同AS间的PE通常不是直连的，为了在它们之间建立EBGP连接，需要配置PE之间允许的最大跳数。

R2:

dis current-configuration
[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2
mpls

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip binding vpn-instance vpn
ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable

ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable

ipv4-family vpn-instance vpn
peer 10.0.12.1 as-number 65001

ospf 1
area 0.0.0.0
network 10.0.23.2 0.0.0.0

R3

[r3]dis current-configuration
[V200R003C00]

sysname r3

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3
mpls

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
undo peer 6.6.6.6 enable

ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 2.2.2.2 next-hop-invariable
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-invariable

ospf 1
area 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0

R4

dis current-configuration
[V200R003C00]

sysname r4

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls

interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 10.0.45.5 as-number 200

ipv4-family unicast
undo synchronization
import-route ospf 1
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy asbr export
peer 10.0.45.5 label-route-capability

ospf 1
import-route bgp
area 0.0.0.0
network 10.0.34.4 0.0.0.0

route-policy asbr permit node 10
if-match ip-prefix host
apply mpls-label

route-policy asbr permit node 20

ip ip-prefix host index 10 permit 0.0.0.0 0 greater-equal 32 less-equal 32

R5

dis current-configuration
[V200R003C00]

sysname r5

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 5.5.5.5
mpls
lsp-trigger bgp-label-route

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
mpls

interface GigabitEthernet0/0/1
ip address 10.0.56.5 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/2
ip address 10.0.57.5 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 5.5.5.5 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 200
peer 10.0.45.4 as-number 100

ipv4-family unicast
undo synchronization
import-route ospf 1
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy asbr export
peer 10.0.45.4 label-route-capability

ospf 1
import-route bgp
area 0.0.0.0
network 10.0.56.5 0.0.0.0

route-policy asbr permit node 10
if-match ip-prefix host
apply mpls-label

route-policy asbr permit node 20

ip ip-prefix host index 10 permit 0.0.0.0 0 greater-equal 32 less-equal 32

R6

dis current-configuration
[V200R003C00]

sysname r6

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6
mpls

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.56.6 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 200
peer 3.3.3.3 as-number 100
peer 3.3.3.3 ebgp-max-hop 255
peer 3.3.3.3 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
undo peer 7.7.7.7 enable

ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-invariable
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 next-hop-invariable

ospf 1
area 0.0.0.0
network 10.0.56.6 0.0.0.0
network 10.0.67.6 0.0.0.0

R7:

dis current-configuration
[V200R003C00]

sysname r7

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

router id 7.7.7.7

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

mpls lsr-id 7.7.7.7
mpls

mpls ldp

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 10.0.78.7 255.255.255.0

interface GigabitEthernet0/0/2
ip address 10.0.57.7 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 7.7.7.7 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
undo peer 6.6.6.6 enable

ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable

ipv4-family vpn-instance vpn
peer 10.0.78.8 as-number 65002

ospf 1
area 0.0.0.0
network 10.0.67.7 0.0.0.0