实验拓扑
实验需求
实验配置
(1)配置设备IP地址
(2)配置ISIS,部署ISP
#R1
[R1] isis 1
[R1-isis-1] is-level level-2
[R1-isis-1] network-entity 49.0123.0000.0000.0001.00
[R1] interface GigabitEthernet0/0
[R1-GigabitEthernet0/0] isis enable 1
[R1] interface LoopBack0
[R1-LoopBack0] isis enable 1
#R2
[R2] isis 1
[R2-isis-1] is-level level-2
[R2-isis-1] network-entity 49.0123.0000.0000.0002.00
[R2] interface GigabitEthernet0/0
[R2-GigabitEthernet0/0] isis enable 1
[R2] interface GigabitEthernet0/1
[R2-GigabitEthernet0/1] isis enable 1
[R2] interface LoopBack0
[R2-LoopBack0] isis enable 1
#R3
[R3] isis 1
[R3-isis-1] is-level level-2
[R3-isis-1] network-entity 49.0123.0000.0000.0003.00
[R3] interface GigabitEthernet0/0
[R3-GigabitEthernet0/0] isis enable 1
[R3] interface LoopBack0
[R3-LoopBack0] isis enable 1
(3)配置BGP
#R1
[R1] bgp 100
[R1-bgp-default] router-id 1.1.1.1
[R1-bgp-default] peer 3.3.3.3 as-number 100
[R1-bgp-default] peer 3.3.3.3 connect-interface LoopBack0
[R1-bgp-default] address-family vpnv4
[R1-bgp-default-vpnv4] peer 3.3.3.3 enable
#R3
[R3] bgp 100
[R3-bgp-default] router-id 3.3.3.3
[R3-bgp-default] peer 1.1.1.1 as-number 100
[R3-bgp-default] peer 1.1.1.1 connect-interface LoopBack0
[R3-bgp-default] address-family vpnv4
[R3-bgp-default-vpnv4] peer 1.1.1.1 enable
(4)配置MPLS
#R1
[R1] mpls lsr-id 1.1.1.1
[R1-mpls] mpls ldp
[R1-ldp] quit
[R1] interface GigabitEthernet0/0
[R1-GigabitEthernet0/0] mpls enable
[R1-GigabitEthernet0/0] mpls ldp enable
#R2
[R2] mpls lsr-id 2.2.2.2
[R2-mpls] mpls ldp
[R2-ldp] quit
[R2] interface GigabitEthernet0/0
[R2-GigabitEthernet0/0] mpls enable
[R2-GigabitEthernet0/0] mpls ldp enable
[R2] interface GigabitEthernet0/1
[R2-GigabitEthernet0/1] mpls enable
[R2-GigabitEthernet0/1] mpls ldp enable
#R3
[R3] mpls lsr-id 3.3.3.3
[R3-mpls] mpls ldp
[R3-ldp] quit
[R3] interface GigabitEthernet0/0
[R3-GigabitEthernet0/0] mpls enable
[R3-GigabitEthernet0/0] mpls ldp enable
(5)配置MPLS-VPN
1.创建 VRF
#R1
[R1] ip vpn-instance 4
[R1-vpn-instance-4] route-distinguisher 4:4
[R1-vpn-instance-4] vpn-target 4:6 export-extcommunity
[R1-vpn-instance-4] vpn-target 6:4 import-extcommunity
#R3
[R3] ip vpn-instance 6
[R3-vpn-instance-6] route-distinguisher 6:6
[R3-vpn-instance-6] vpn-target 6:4 export-extcommunity
[R3-vpn-instance-6] vpn-target 4:6 import-extcommunity
2.关联接口
#R1
[R1] interface GigabitEthernet0/1
[R1-GigabitEthernet0/1] ip binding vpn-instance 4
[R1-GigabitEthernet0/1] ip address 192.168.14.1 255.255.255.0 #R3
[R3] interface GigabitEthernet0/1
[R3-GigabitEthernet0/1] ip binding vpn-instance 6
[R3-GigabitEthernet0/1] ip address 192.168.36.3 255.255.255.0
3.建立 EBGP 邻居关系
#R1
[R1] bgp 100
[R1-bgp-default] ip vpn-instance 4
[R1-bgp-default-4] peer 192.168.14.4 as-number 65001
[R1-bgp-default-4] address-family ipv4
[R1-bgp-default-ipv4-4] peer 192.168.14.4 enable
#R4
[R4] bgp 65001
[R4-bgp-default] peer 192.168.14.1 as-number 100
[R4-bgp-default] address-family ipv4
[R4-bgp-default-ipv4] peer 192.168.14.1 enable
#R3
[R3] bgp 100
[R3-bgp-default] ip vpn-instance 6
[R3-bgp-default-6] peer 192.168.36.6 as-number 65001
[R3-bgp-default-6] address-family ipv4
[R3-bgp-default-ipv4-6] peer 192.168.36.6 enable
#R6
[R6] bgp 65001
[R6-bgp-default] peer 192.168.36.3 as-number 100
[R6-bgp-default] address-family ipv4
[R6-bgp-default-ipv4] peer 192.168.36.3 enable
4.R4 宣告 172.16.1.0/24,R6 宣告 172.16.2.0/24
#R4
[R4] bgp 65001
[R4-bgp-default] address-family ipv4
[R4-bgp-default-ipv4] network 172.16.1.0 255.255.255.0
#R6
[R6] bgp 65001
[R6-bgp-default] address-family ipv4
[R6-bgp-default-ipv4] network 172.16.2.0 255.255.255.0
5.由于 R4/6 的 AS 号相同,配置允许接收同 as 路由。(allow-as-loop)
#R4
[R4] bgp 65001
[R4-bgp-default] address-family ipv4
[R4-bgp-default-ipv4] peer 192.168.14.1 allow-as-loop
#R6
[R6] bgp 65001
[R6-bgp-default] address-family ipv4
[R6-bgp-default-ipv4] peer 192.168.36.3 allow-as-loop
(6)配置ISP与客户之间的OPSF
创建 VRF
#R1
[R1] ip vpn-instance 5
[R1-vpn-instance-5] route-distinguisher 5:5
[R1-vpn-instance-5] vpn-target 5:7 export-extcommunity
[R1-vpn-instance-5] vpn-target 7:5 import-extcommunity
#R3
[R3] ip vpn-instance 7
[R3-vpn-instance-7] route-distinguisher 7:7
[R3-vpn-instance-7] vpn-target 7:5 export-extcommunity
[R3-vpn-instance-7] vpn-target 5:7 import-extcommunity
关联地址
#R1
[R1] interface GigabitEthernet0/2
[R1-GigabitEthernet0/2] ip binding vpn-instance 5
[R1-GigabitEthernet0/2] ip address 192.168.15.1 255.255.255.0
#R3
[R3] interface GigabitEthernet0/2
[R3-GigabitEthernet0/2] ip binding vpn-instance 7
[R3-GigabitEthernet0/2] ip address 192.168.37.3 255.255.255.0
(7)配置OPSF建立邻居关系
R1/5,R3/7 建立 OSPF 邻居关系
#R1
[R1] ospf 1 router-id 1.1.1.1 vpn-instance 5
[R1-ospf-1] area 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 192.168.15.1 0.0.0.0
#R5
[R5] ospf 1 router-id 5.5.5.5
[R5-ospf-1] area 0.0.0.0
[R5-ospf-1-area-0.0.0.0] network 172.16.1.1 0.0.0.0
[R5-ospf-1-area-0.0.0.0] network 192.168.15.5 0.0.0.0
#R3
[R3] ospf 1 router-id 3.3.3.3 vpn-instance 7
[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 192.168.37.3 0.0.0.0
#R7
[R7] ospf 1 router-id 7.7.7.7
[R7-ospf-1] area 0.0.0.0
[R7-ospf-1-area-0.0.0.0] network 172.16.2.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0] network 192.168.37.7 0.0.0.0
在 R1/3 上,将 OSPF 引入 BGP。(无策略)
#R1
[R1] bgp 100
[R1-bgp-default] ip vpn-instance 5
[R1-bgp-default-5] address-family ipv4
[R1-bgp-default-ipv4-5] import-route ospf 1
#R3
[R3] bgp 100
[R3-bgp-default] ip vpn-instance 7
[R3-bgp-default-7] address-family ipv4
[R3-bgp-default-ipv4-7] import-route ospf 1
在 R1/3 上,将 BGP 引入 OSPF。(无策略)
#R1
[R1] ospf 1 router-id 1.1.1.1 vpn-instance 5
[R1-ospf-1] import-route bgp
#R3
[R3] ospf 1 router-id 3.3.3.3 vpn-instance 7
[R3-ospf-1] import-route bgp
验证
1.测试公网连通性
2.查看邻居
3.查看你LDP邻居
4.R4收到的和本地AS相同的路由
5.确认客户A的172.16.1.1与172.16.2.1互通
6.查看R1 和R3 VRF邻居