跨域MPLS option C1
跨越AS100和AS200两个自治系统
MCE1和MCE2上的loopback10组建vpn a,loopback20组建vpn b
P1、P2、P3间运行OSPF,打通AS 100内部路由;运行MPLS LDP;P1和P3间建立IBGP邻居,并且通告label-route-capability功能,让BGP协议为路由分配标签
P4、P5、P6间运行OSPF,打通AS 200内部路由;运行MPLS LDP;P4和P6间建立IBGP邻居,并且通告label-route-capability功能
P3和P4做为ASBR,建立EBGP邻居,传递1.1.1.1和6.6.6.6路由,并且通告label-route-capability功能;P3和P4间运行MPLS,无需LDP
P1和P6建立EBGP vpnv4邻居,用于传递vpnv4路由
P1至P3间有完整的MPLS链路,P4和P6间也有完整的MPLS链路,到P3和P4时被中断,需要修复MPLS链路。
因此做两个路由策略(完成后即可打通完整MPLS链路):
策略1:P3和P4发往对方的BGP路由,添加MPLS标签。
策略2:P3发往P1的路由,以及P4发往P6的路由,如果原来带有MPLS标签,再加一层
MPLS标签。
vpn a的PE和CE间使用EBGP传路由,P3和P4间运行OSPF传路由
vpn b的PE和CE间,MCE1和P1间用静态路由,MCE2和P6间运行OPF,P3和P4间用静态路由
配置如下表:
| MCE1 | P1 | P2 | P3 | P4 | P5 | P6 | MCE2 | |
| int loo 0 | int loo 0 | int loo 0 | int loo 0 | int loo 0 | int loo 0 | int loo 0 | int loo 0 | |
| ip add 11.11.11.11 32 | ip add 1.1.1.1 32 | ip add 2.2.2.2 32 | ip add 3.3.3.3 32 | ip add 4.4.4.4 32 | ip add 5.5.5.5 32 | ip add 6.6.6.6 32 | ip add 22.22.22.22 32 | |
| mpls lsr-id 1.1.1.1 | mpls lsr-id 2.2.2.2 | mpls lsr-id 3.3.3.3 | mpls lsr-id 4.4.4.4 | mpls lsr-id 5.5.5.5 | mpls lsr-id 6.6.6.6 | |||
| mpls | mpls | mpls | mpls | mpls | mpls | |||
| mpls ldp | mpls ldp | mpls ldp | mpls ldp | mpls ldp | mpls ldp | |||
| int g0/0/0 | int g0/0/0 | int g0/0/0 | int g0/0/0 | int g0/0/0 | int g0/0/0 | |||
| ip add 12.1.1.1 24 | ip add 12.1.1.2 24 | ip add 34.1.1.3 24 | ip add 34.1.1.4 24 | ip add 56.1.1.5 24 | ip add 56.1.1.6 24 | |||
| mpls | mpls | mpls | mpls | mpls | mpls | |||
| mpls ldp | mpls ldp | mpls ldp | mpls ldp | |||||
| int g0/0/1 | int g0/0/1 | int g0/0/1 | int g0/0/1 | |||||
| ip add 23.1.1.2 24 | ip add 23.1.1.3 24 | ip add 45.1.1.4 24 | ip add 45.1.1.5 24 | |||||
| mpls | mpls | mpls | mpls | |||||
| mpls ldp | mpls ldp | mpls ldp | mpls ldp | |||||
| ospf router-id 1.1.1.1 | ospf router-id 2.2.2.2 | ospf router-id 3.3.3.3 | ospf router-id 4.4.4.4 | ospf router-id 5.5.5.5 | ospf router-id 6.6.6.6 | |||
| area 0 | area 0 | area 0 | area 0 | area 0 | area 0 | |||
| network 1.1.1.1 0.0.0.0 | network 2.2.2.2 0.0.0.0 | network 3.3.3.3 0.0.0.0 | network 4.4.4.4 0.0.0.0 | network 5.5.5.5 0.0.0.0 | network 6.6.6.6 0.0.0.0 | |||
| network 12.1.1.1 0.0.0.0 | network 12.1.1.2 0.0.0.0 | network 23.1.1.3 0.0.0.0 | network 45.1.1.4 0.0.0.0 | network 56.1.1.5 0.0.0.0 | network 56.1.1.6 0.0.0.0 | |||
| network 23.1.1.2 0.0.0.0 | network 45.1.1.5 0.0.0.0 | |||||||
| ip vpn-instance a | ip vpn-instance a | ip vpn-instance a | ip vpn-instance a | |||||
| route-distinguisher 11:1 | route-distinguisher 1:1 | route-distinguisher 6:1 | route-distinguisher 22:1 | |||||
| vpn-target 1:10 | vpn-target 1:10 | |||||||
| ip vpn-instance b | ip vpn-instance b | ip vpn-instance b | ip vpn-instance b | |||||
| route-distinguisher 11:2 | route-distinguisher 1:2 | route-distinguisher 6:2 | route-distinguisher 22:2 | |||||
| vpn-target 1:20 | vpn-target 1:20 | |||||||
| route-policy toP1_apply_label permit node 10 | route-policy toP6_apply_label permit node 10 | |||||||
| if-match mpls-label | if-match mpls-label | |||||||
| apply mpls-label | apply mpls-label | |||||||
| route-policy toP4_apply_label permit node 10 | route-policy toP3_apply_label permit node 10 | |||||||
| apply mpls-label | apply mpls-label | |||||||
| bgp 100 | bgp 100 | bgp 200 | bgp 200 | |||||
| peer 3.3.3.3 as-number 100 | peer 1.1.1.1 as-number 100 | peer 6.6.6.6 as-number 200 | peer 4.4.4.4 as-number 200 | |||||
| peer 3.3.3.3 con loo 0 | peer 1.1.1.1 con loo 0 | peer 6.6.6.6 con loo 0 | peer 4.4.4.4 con loo 0 | |||||
| peer 3.3.3.3 label-route-capability | peer 1.1.1.1 label-route-capability | peer 6.6.6.6 label-route-capability | peer 4.4.4.4 label-route-capability | |||||
| peer 6.6.6.6 as-number 200 | peer 1.1.1.1 next-hop-local | peer 6.6.6.6 next-hop-local | peer 1.1.1.1 as-number 100 | |||||
| peer 6.6.6.6 ebgp-max-hop 255 | peer 1.1.1.1 route-policy toP1_apply_label export | peer 6.6.6.6 route-policy toP6_apply_label export | peer 1.1.1.1 ebgp-max-hop 255 | |||||
| peer 6.6.6.6 connect-interface LoopBack0 | peer 34.1.1.4 as-number 200 | peer 34.1.1.3 as-number 100 | peer 1.1.1.1 connect-interface LoopBack0 | |||||
| undo peer 6.6.6.6 enable | peer 34.1.1.4 label-route-capability | peer 34.1.1.3 label-route-capability | undo peer 1.1.1.1 enable | |||||
| ipv4-family vpnv4 | peer 34.1.1.4 route-policy toP4_apply_label export | peer 34.1.1.3 route-policy toP3_apply_label export | ipv4-family vpnv4 | |||||
| peer 6.6.6.6 enable | network 1.1.1.1 32 | network 6.6.6.6 32 | peer 1.1.1.1 enable | |||||
| int loo 10 | int loo 10 | |||||||
| ip binding vpn-instance a | ip binding vpn-instance a | |||||||
| ip add 192.168.1.1 24 | ip add 172.16.1.1 24 | |||||||
| int loo 20 | int loo 20 | |||||||
| ip binding vpn-instance b | ip binding vpn-instance b | |||||||
| ip add 192.168.1.1 24 | ip add 172.16.1.1 24 | |||||||
| int g0/0/1 | int g0/0/1 | int g0/0/1 | int g0/0/1 | |||||
| int g0/0/1.10 | int g0/0/1.10 | int g0/0/1.10 | int g0/0/1.10 | |||||
| ip binding vpn-instance a | ip binding vpn-instance a | ip binding vpn-instance a | ip binding vpn-instance a | |||||
| ip add 10.1.11.11 24 | ip add 10.1.11.1 24 | ip add 10.1.62.6 24 | ip add 10.1.62.22 24 | |||||
| dot1q termination vid 10 | dot1q termination vid 10 | dot1q termination vid 10 | dot1q termination vid 10 | |||||
| arp broadcast enable | arp broadcast enable | arp broadcast enable | arp broadcast enable | |||||
| int g0/0/1.20 | int g0/0/1.20 | int g0/0/1.20 | int g0/0/1.20 | |||||
| ip binding vpn-instance b | ip binding vpn-instance b | ip binding vpn-instance b | ip binding vpn-instance b | |||||
| ip add 10.2.11.11 24 | ip add 10.2.11.1 24 | ip add 10.2.62.6 24 | ip add 10.2.62.22 24 | |||||
| dot1q termination vid 20 | dot1q termination vid 20 | dot1q termination vid 20 | dot1q termination vid 20 | |||||
| arp broadcast enable | arp broadcast enable | arp broadcast enable | arp broadcast enable | |||||
| vpn a的CE至PE配置,用EBGP互联 | bgp 65001 | bgp 100 | bgp 200 | bgp 65001 | ||||
| ipv4-family vpn-instance a | ipv4-family vpn-instance a | ipv4-family vpn-instance a | ipv4-family vpn-instance a | |||||
| peer 10.1.11.1 as-nu 100 | peer 10.1.11.11 as-nu 65001 | peer 10.1.62.22 as-nu 65001 | peer 10.1.62.6 as-nu 200 | |||||
| peer 10.1.11.1 allow-as-loop | peer 10.1.62.6 allow-as-loop | |||||||
| network 192.168.1.0 24 | network 172.16.1.0 24 | |||||||
| vpn b的CE至PE配置,一端用静态,一端用OSPF | ip route-static vpn-instance b 172.16.1.0 24 10.2.11.1 | ip route-static vpn-instance b 192.168.1.0 24 10.2.11.11 | ospf 20 vpn-instance b | ospf 20 vpn-instance b | ||||
| bgp 100 | import bgp permit-ibgp | silent-interface loop 0 | ||||||
| ipv4-family vpn-instance b | route-tag disable | |||||||
| import-route static | vpn-instance-capability simple | |||||||
| area 0 | area 0 | |||||||
| network 10.2.62.6 0.0.0.0 | network 10.2.62.22 0.0.0.0 | |||||||
| network 172.16.1.1 0.0.0.0 | ||||||||
| bgp 200 | ||||||||
| ipv4-family vpn-instance b | ||||||||
| import-route ospf 20 |
P1和P6上为VPN路由分配的MPLS 标签
以从MCE2上的vpn a 的172.16.1.1为源ping 192.168.1.1为例,分析标签
在P6上,收到的BGP vpnv4路由192.168.1.0/24的标签为1032,因此打上内层的vpn私网标签1032,且其隧道ID为Ox13
根据tunnel id查nhlfe表,得到两个标签,依次打上1034和1024标签
这两标签的来源:1034为P1和P6间EBGP分配的标签,1024为下一跳4.4.4.4的LDP标签
最终P5和P6间抓包得到标签从底层到外层依次为1032--->1034--->1024,如下图
P4和P5间由于次末跳弹出,只有两层标签从底层到外层依次为1032--->1034,如下图
并且在P4上将1034交换为1033,如下图
P3和P4间抓包得到的标签从底层到外层依次为1032--->1033,如下图
在P3上将1033标签弹出,再加上去往1.1.1.1的LDP标签1025,在P2和P3间抓包有两层标签,由底层到外层依次是1032--->1025
在P2上执行次末跳弹出,仅剩一层标签1032
在P1上收到1032标签路由,进入vpn-instance a 路由表,查fib转发
最终效果:
扫一扫
1010
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
