建立邻居关系:通过建立两台提供商边缘(PE)路由器之间的外部边界网关协议(EBGP)-VPNv4 邻居关系来实现跨域通信。
解决路由问题:由于 PE 路由器可能没有去往对端 PE 的路由,需要在 AS 域内建立内部边界网关协议(IBGP)邻居关系,并在自治系统边界路由器(ASBR)上宣告 PE 的环回(loopback)地址,以确保 PE 之间能够学习到对方的路由。
解决标签问题:为了使数据包能够在跨域的 MPLS 网络中正确转发,需要为每条路由分配标签。在 MultiAS-OptionC1 中,BGP IPv4 单播邻居关系之间都要使能标签 IPv4 路由交换功能,ASBR 配置路由策略,在出方向分配标签。
注意事项:
1、vpn实例的RD要不同;
2、跨域-optionC(方式一)实现方式中,保证不同AS域内PE的vpn实例的vpn-target相同。
操作要求:
1、PE与CE之间配置EBGP;
2、配置mpls vpn-跨域-optionC(方式一);
3、实现7.7.7.7/32与8.8.8.8/32相互连通。
实验拓扑
一、配置IP地址
[Huawei]sysname AR1
[AR1]int lo 0
[AR1-LoopBack0]ip add 1.1.1.1 32
[AR1-LoopBack0]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 10.0.12.1 24
[Huawei]sysname AR2
[AR2]int lo 0
[AR2-LoopBack0]
[AR2-LoopBack0]ip add 2.2.2.2 32
[AR2-LoopBack0]
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEthernet0/0/0]
[AR2-GigabitEthernet0/0/0]ip add 10.0.12.2 24
[AR2-GigabitEthernet0/0/0]
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]
[AR2-GigabitEthernet0/0/1]ip add 10.0.23.2 24
[AR2-GigabitEthernet0/0/1]
[Huawei]sysname AR3
[AR3]int lo 0
[AR3-LoopBack0]
[AR3-LoopBack0]ip add 3.3.3.3 32
[AR3-LoopBack0]
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEthernet0/0/0]
[AR3-GigabitEthernet0/0/0]ip add 10.0.23.3 24
[AR3-GigabitEthernet0/0/0]
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]
[AR3-GigabitEthernet0/0/1]ip add 10.0.34.3 24
[Huawei]sysname AR4
[AR4]int lo 0
[AR4-LoopBack0]
[AR4-LoopBack0]ip add 4.4.4.4 32
[AR4-LoopBack0]
[AR4-LoopBack0]int g0/0/0
[AR4-GigabitEthernet0/0/0]
[AR4-GigabitEthernet0/0/0]ip add 10.0.34.4 24
[AR4-GigabitEthernet0/0/0]
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]
[AR4-GigabitEthernet0/0/1]ip add 10.0.45.4 24
[Huawei]sysname AR5
[AR5]int lo 0
[AR5-LoopBack0]
[AR5-LoopBack0]ip add 5.5.5.5 32
[AR5-LoopBack0]
[AR5-LoopBack0]int g0/0/0
[AR5-GigabitEthernet0/0/0]
[AR5-GigabitEthernet0/0/0]ip add 10.0.56.5 24
[AR5-GigabitEthernet0/0/0]
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]
[AR5-GigabitEthernet0/0/1]ip add 10.0.45.5 24
[Huawei]sysname AR6
[AR6]int lo 0
[AR6-LoopBack0]
[AR6-LoopBack0]ip add 6.6.6.6 32
[AR6-LoopBack0]
[AR6-LoopBack0]int g0/0/0
[AR6-GigabitEthernet0/0/0]
[AR6-GigabitEthernet0/0/0]ip add 10.0.56.6 24
[Huawei]sysname LSW7
[LSW7]vlan 17
[LSW7-vlan17]q
[LSW7]int lo 0
[LSW7-LoopBack0]ip add 7.7.7.7 32
[LSW7-LoopBack0]int vlanif 17
[LSW7-Vlanif17]ip add 10.0.17.7 24
[LSW7-Vlanif17]int g0/0/1
[LSW7-GigabitEthernet0/0/1]po li ac
[LSW7-GigabitEthernet0/0/1]po de vl 17
[Huawei]sysname LSW8
[LSW8]vlan 68
[LSW8-vlan68]q
[LSW8]int lo 0
[LSW8-LoopBack0]ip add 8.8.8.8 32
[LSW8-LoopBack0]int vlanif 68
[LSW8-Vlanif68]ip add 10.0.68.8 24
[LSW8-Vlanif68]int g0/0/1
[LSW8-GigabitEthernet0/0/1]po li ac
[LSW8-GigabitEthernet0/0/1]po de vl 68
二、配置OSPF
[AR1]ospf 100 router-id 1.1.1.1
[AR1-ospf-100]area 0
[AR1-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR1-ospf-100-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[AR2]ospf 100 router-id 2.2.2.2
[AR2-ospf-100]area 0
[AR2-ospf-100-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[AR2-ospf-100-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[AR2-ospf-100-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[AR3]ospf 100 router-id 3.3.3.3
[AR3-ospf-100]area 0
[AR3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[AR3-ospf-100-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[AR4]ospf 200 router-id 4.4.4.4
[AR4-ospf-200]area 0
[AR4-ospf-200-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[AR4-ospf-200-area-0.0.0.0]network 10.0.45.0 0.0.0.255
[AR5]ospf 200 router-id 5.5.5.5
[AR5-ospf-200]area 0
[AR5-ospf-200-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[AR5-ospf-200-area-0.0.0.0]network 10.0.45.0 0.0.0.255
[AR5-ospf-200-area-0.0.0.0]network 10.0.56.0 0.0.0.255
[AR6]ospf 200 router-id 6.6.6.6
[AR6-ospf-200]area 0
[AR6-ospf-200-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[AR6-ospf-200-area-0.0.0.0]network 10.0.56.0 0.0.0.255
三、启用MPLS
[AR1]mpls lsr-id 1.1.1.1
[AR1]mpls
[AR1-mpls]mpls ldp
[AR1-mpls-ldp]int g0/0/0
[AR1-GigabitEthernet0/0/0]mpls
[AR1-GigabitEthernet0/0/0]mpls ldp
[AR2]mpls lsr-id 2.2.2.2
[AR2]mpls
[AR2-mpls]mpls ldp
[AR2-mpls-ldp]int g0/0/0
[AR2-GigabitEthernet0/0/0]mpls
[AR2-GigabitEthernet0/0/0]mpls ldp
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]mpls
[AR2-GigabitEthernet0/0/1]mpls ldp
[AR3]mpls lsr-id 3.3.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]int g0/0/0
[AR3-GigabitEthernet0/0/0]mpls
[AR3-GigabitEthernet0/0/0]mpls ldp
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]mpls
[AR4]mpls lsr-id 4.4.4.4
[AR4]mpls
[AR4-mpls]mpls ldp
[AR4-mpls-ldp]int g0/0/0
[AR4-GigabitEthernet0/0/0]mpls
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]mpls
[AR4-GigabitEthernet0/0/1]mpls ldp
[AR5]mpls lsr-id 5.5.5.5
[AR5]mpls
[AR5-mpls]mpls ldp
[AR5-mpls-ldp]int g0/0/0
[AR5-GigabitEthernet0/0/0]mpls
[AR5-GigabitEthernet0/0/0]mpls ldp
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]mpls
[AR5-GigabitEthernet0/0/1]mpls ldp
[AR6]mpls lsr-id 6.6.6.6
[AR6]mpls
[AR6-mpls]mpls ldp
[AR6-mpls-ldp]int g0/0/0
[AR6-GigabitEthernet0/0/0]mpls
[AR6-GigabitEthernet0/0/0]mpls ldp
四、配置VPN实例
[AR1]ip vpn-instance vpna
[AR1-vpn-instance-vpna]route-distinguisher 123:1
[AR1-vpn-instance-vpna-af-ipv4]vpn-target 1:1 both
[AR1-vpn-instance-vpna-af-ipv4]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip binding vpn-instance vpna
[AR1-GigabitEthernet0/0/1]ip add 10.0.17.1 24
[AR6]ip vpn-instance vpnb
[AR6-vpn-instance-vpnb]route-distinguisher 456:6
[AR6-vpn-instance-vpnb-af-ipv4]vpn-target 1:1 both
[AR6-vpn-instance-vpnb-af-ipv4]int g0/0/1
[AR6-GigabitEthernet0/0/1]ip binding vpn-instance vpnb
[AR6-GigabitEthernet0/0/1]ip add 10.0.68.6 24
五、配置BGP
[AR1]bgp 123
[AR1-bgp]peer 3.3.3.3 as 123
[AR1-bgp]peer 3.3.3.3 con lo 0
[AR1-bgp]peer 6.6.6.6 as 456
[AR1-bgp]peer 6.6.6.6 con lo 0
[AR1-bgp]peer 6.6.6.6 ebgp-max-hop 15
[AR1-bgp]peer 3.3.3.3 label-route-capability ---关键命令,允许标签交换
[AR1-bgp]ipv4-family vpnv4
[AR1-bgp-af-vpnv4]peer 3.3.3.3 enable
[AR1-bgp-af-vpnv4]peer 6.6.6.6 enable
[AR1-bgp-af-vpnv4]q
[AR1-bgp]ipv4-family vpn-instance vpna
[AR1-bgp-vpna]peer 10.0.17.7 as 65001
#路由策略,用于添加mpls标签(向ASBR-PE2)
[AR3]route-policy ASBR-PE2 permit node 1
[AR3-route-policy]apply mpls-label
[AR3-route-policy]q
#路由策略,用于添加mpls标签,交换标签(向PE1)
[AR3]route-policy PE1 permit node 1
[AR3-route-policy]if-match mpls-label
[AR3-route-policy]apply mpls-label
[AR3]bgp 123
[AR3-bgp]pe
[AR3-bgp]peer 1.1.1.1 as 123
[AR3-bgp]peer 1.1.1.1 con lo 0
[AR3-bgp]peer 10.0.34.4 as 456
[AR3-bgp]network 1.1.1.1 32
[AR3-bgp]peer 1.1.1.1 route-policy PE1 export
[AR3-bgp]peer 1.1.1.1 label-route-capability
[AR3-bgp]peer 10.0.34.4 route-policy ASBR-PE2 export
[AR3-bgp]peer 10.0.34.4 label-route-capability
[AR3-bgp]ipv4-family vpnv4
[AR3-bgp-af-vpnv4]peer 1.1.1.1 enable
#路由策略,用于添加mpls标签(向ASBR-PE1)
[AR4]route-policy ASBR-PE1 permit node 1
[AR4-route-policy]apply mpls-label
[AR4-route-policy]q
#路由策略,用于添加mpls标签,交换标签(向PE2)
[AR4]route-policy PE2 permit node 1
[AR4-route-policy]if-match mpls-label
[AR4-route-policy]apply mpls-label
[AR4-route-policy]q
[AR4]bgp 456
[AR4-bgp]pe
[AR4-bgp]peer 6.6.6.6 as 456
[AR4-bgp]peer 6.6.6.6 con lo 0
[AR4-bgp]peer 10.0.34.3 as 123
[AR4-bgp]network 6.6.6.6 32
[AR4-bgp]peer 6.6.6.6 route-policy PE2 export
[AR4-bgp]peer 6.6.6.6 label-route-capability
[AR4-bgp]peer 10.0.34.3 route-policy ASBR-PE1 export
[AR4-bgp]peer 10.0.34.3 label-route-capability
[AR4-bgp]ipv4-family vpnv4
[AR4-bgp-af-vpnv4]peer 6.6.6.6 enable
[AR6]bgp 456
[AR6-bgp]peer 1.1.1.1 as 123
[AR6-bgp]peer 1.1.1.1 con lo 0
[AR6-bgp]peer 1.1.1.1 ebgp-max-hop 15
[AR6-bgp]peer 4.4.4.4 as 456
[AR6-bgp]peer 4.4.4.4 con lo 0
[AR6-bgp]peer 4.4.4.4 label-route-capability ---关键命令,允许标签交换
[AR6-bgp]ipv4-family vpnv4
[AR6-bgp-af-vpnv4]peer 1.1.1.1 enable
[AR6-bgp-af-vpnv4]peer 4.4.4.4 enable
[AR6-bgp-af-vpnv4]q
[AR6-bgp]ipv4-family vpn-instance vpnb
[AR6-bgp-vpnb]peer 10.0.68.8 as 65002
六、CE发布路由
[LSW7]bgp 65001
[LSW7-bgp]peer 10.0.17.1 as 123
[LSW7-bgp]network 7.7.7.7 32
[LSW8]bgp 65002
[LSW8-bgp]peer 10.0.68.6 as 456
[LSW8-bgp]network 8.8.8.8 32
七、验证
LSW7查看bgp路由表
LSW8查看bgp路由表
AR1查看BGP VPNv4对等体
AR6查看BGP VPNv4对等体
测试LSW7与LSW8连通性
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
