学习精彩网络技术老师:华为、华三、锐捷、WLAN、IPv6等全套视频课程
通过配置基本和高级VPN-Target扩展团体属性过滤器,可以对私网或VPNv4路由进行过滤。
组网需求
如图1,PE1和PE2之间建立MP-IBGP邻居,PE2从PE1接收到两条BGP VPNv4路由3.3.3.3/32和4.4.4.4/32,通过配置基本或高级VPN-Target扩展团体属性过滤器,对PE2接收到的VPNv4路由进行过滤,让路由4.4.4.4/32被过滤掉。
图1 配置基本或高级VPN-Target扩展团体属性过滤器组网图
本例中interface1分别代表GE0/1/0。
配置思路
采用如下的思路配置基本或高级VPN-Target扩展团体属性过滤器:
配置各接口的IP地址。
配置MPLS基本能力和MPLS LDP,建立MPLS LSP。
在PE上配置使能IPv4地址族VPN实例。
在PE之间配置MP-IBGP。
在PE1上配置静态路由并引入私网。
在PE2上配置基本或高级VPN-Target扩展团体属性过滤器,两者配置其中之一即可。
在PE2上配置Route-Policy。
在PE2上配置BGP路由接收时应用Route-Policy。
数据准备
为完成此配置例,需准备如下数据:
VPN实例名称vpna、vpnb和vpnc。
基本VPN-Target扩展团体属性过滤器号1和高级VPN-Target扩展团体属性过滤器名称test。
操作步骤
- 配置各接口的IP地址,具体配置请参见配置文件。
- 配置MPLS基本能力和MPLS LDP,建立MPLS LSP。
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.1
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit
[~PE1] mpls ldp
[*PE1-mpls-ldp] commit
[~PE1-mpls-ldp] quit
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] mpls
[*PE1-GigabitEthernet0/1/0] mpls ldp
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
# 配置PE2。
[~PE2] mpls lsr-id 2.2.2.2
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit
[~PE2] mpls ldp
[*PE2-mpls-ldp] commit
[~PE2-mpls-ldp] quit
[~PE2] interface gigabitethernet 0/1/0
[~PE2-GigabitEthernet0/1/0] mpls
[*PE2-GigabitEthernet0/1/0] mpls ldp
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
- 在PE上配置使能IPv4地址族VPN实例。
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:100
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 1:100 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] ip vpn-instance vpnb
[*PE1-vpn-instance-vpnb] ipv4-family
[*PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 2:100
[*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 2:100 both
[*PE1-vpn-instance-vpnb-af-ipv4] quit
[*PE1-vpn-instance-vpnb] quit
[*PE1] commit
# 配置PE2。
[~PE2] ip vpn-instance vpnc
[*PE2-vpn-instance-vpnc] ipv4-family
[*PE2-vpn-instance-vpnc-af-ipv4] route-distinguisher 1:100
[*PE2-vpn-instance-vpnc-af-ipv4] vpn-target 3:100 export-extcommunity
[*PE2-vpn-instance-vpnc-af-ipv4] vpn-target 1:100 import-extcommunity
[*PE2-vpn-instance-vpnc-af-ipv4] vpn-target 2:100 import-extcommunity
[*PE2-vpn-instance-vpnc-af-ipv4] quit
[*PE2-vpn-instance-vpnc] quit
[*PE2] commit
- 在PE之间配置MP-IBGP。
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 2.2.2.2 as-number 100
[*PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2.2.2.2 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit
# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit
- 在PE1上配置静态路由并引入私网。
[~PE1] ip route-static vpn-instance vpna 3.3.3.3 32 NULL0
[*PE1] ip route-static vpn-instance vpnb 4.4.4.4 32 NULL0
[*PE1] commit
[~PE1] bgp 100
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] import-route static
[*PE1-bgp-vpna] quit
[*PE1-bgp] ipv4-family vpn-instance vpnb
[*PE1-bgp-vpnb] import-route static
[*PE1-bgp-vpnb] quit
[*PE1-bgp] quit
[*PE1] commit
# 在PE2上执行display bgp vpnv4 all routing-table命令查看BGP VPNv4路由信息,可以看到vpnc下收到两条路由3.3.3.3/32和4.4.4.4/32。
[~PE2] display bgp vpnv4 all routing-table 3.3.3.3
BGP local router ID : 10.1.1.2
Local AS number : 100
Total routes of Route Distinguisher(1:100): 1
BGP routing table entry information of 3.3.3.3/32:
Label information (Received/Applied): 32905/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h06m19s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: GigabitEthernet0/1/0
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <1 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
VPN-Instance vpnc, Router ID 10.1.1.2:
Total Number of Routes: 1
BGP routing table entry information of 3.3.3.3/32:
Route Distinguisher: 1:100
Remote-Cross route
Label information (Received/Applied): 32905/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h06m19s
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <1 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
[~PE2] display bgp vpnv4 all routing-table 4.4.4.4
BGP local router ID : 10.1.1.2
Local AS number : 100
Total routes of Route Distinguisher(2:100): 1
BGP routing table entry information of 4.4.4.4/32:
Label information (Received/Applied): 32906/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h06m24s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: GigabitEthernet0/1/0
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <2 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
VPN-Instance vpnc, Router ID 10.1.1.2:
Total Number of Routes: 1
BGP routing table entry information of 4.4.4.4/32:
Route Distinguisher: 2:100
Remote-Cross route
Label information (Received/Applied): 32906/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h06m24s
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <2 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
- 在PE2上配置基本或高级VPN-Target扩展团体属性过滤器,两者配置其中之一即可。
配置基本VPN-Target扩展团体属性过滤器。
[~PE2] ip extcommunity-filter 1 index 10 permit rt 1:100
[*PE2] commit
配置高级VPN-Target扩展团体属性过滤器。
[~PE2] ip extcommunity-filter advanced test index 10 permit ^1:100$
[*PE2] commit
- 在PE2上配置Route-Policy。
对于基本VPN-Target扩展团体属性过滤器:
[~PE2] route-policy test permit node 10
[*PE2-route-policy] if-match extcommunity-filter 1
[*PE2-route-policy] quit
[*PE2] route-policy test deny node 20
[*PE2] commit
对于高级VPN-Target扩展团体属性过滤器:
[~PE2] route-policy test permit node 10
[*PE2-route-policy] if-match extcommunity-filter test
[*PE2-route-policy] quit
[*PE2] route-policy test deny node 20
[*PE2] commit
- 在PE2上配置BGP路由接收时应用Route-Policy。
[~PE2] bgp 100
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1.1.1.1 route-policy test import
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] quit
[*PE2] commit
# 在PE2上执行display bgp vpnv4 all routing-table命令查看BGP VPNv4路由信息,可以看到路由4.4.4.4/32被过滤掉了。
[~PE2] display bgp vpnv4 all routing-table 3.3.3.3
BGP local router ID : 10.1.1.2
Local AS number : 100
Total routes of Route Distinguisher(1:100): 1
BGP routing table entry information of 3.3.3.3/32:
Label information (Received/Applied): 32905/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h05m41s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: GigabitEthernet0/1/0
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <1 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
VPN-Instance vpnc, Router ID 10.1.1.2:
Total Number of Routes: 1
BGP routing table entry information of 3.3.3.3/32:
Route Distinguisher: 1:100
Remote-Cross route
Label information (Received/Applied): 32905/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h37m42s
Relay Tunnel Out-Interface: GigabitEthernet0/1/0
Original nexthop: 1.1.1.1
Qos information : 0x0
Ext-Community: RT <1 : 100>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Not advertised to any peer yet
[~PE2] display bgp vpnv4 all routing-table 4.4.4.4
Info: The network does not exist.
配置文件
PE1的配置文件
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 1:100
vpn-target 1:100 export-extcommunity
vpn-target 1:100 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 2:100
vpn-target 2:100 export-extcommunity
vpn-target 2:100 import-extcommunity
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls ldp
#
interface GigabitEthernet0/1/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpna
import-route static
#
ipv4-family vpn-instance vpnb
import-route static
#
ip route-static 2.2.2.2 255.255.255.255 GigabitEthernet0/1/0 10.1.1.2
ip route-static vpn-instance vpna 3.3.3.3 255.255.255.255 NULL0
ip route-static vpn-instance vpnb 4.4.4.4 255.255.255.255 NULL0
#
return
PE2的配置文件
#
sysname PE2
#
ip vpn-instance vpnc
ipv4-family
route-distinguisher 1:100
vpn-target 3:100 export-extcommunity
vpn-target 1:100 import-extcommunity
vpn-target 2:100 import-extcommunity
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
#
interface GigabitEthernet0/1/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy test import
#
route-policy test permit node 10
if-match extcommunity-filter 1
#
route-policy test deny node 20
#
ip extcommunity-filter 1 index 10 permit rt 1:100
#
ip route-static 1.1.1.1 255.255.255.255 GigabitEthernet0/1/0 10.1.1.1
#
return
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
