BGP MPLS VPN(OPTION C)实验笔记
1.实验说明
(1) 实验目的
配置BGP MPLS VPN OPTION A,使得总部与分公司私网互通,分公司与总部之间可互访,但分公司之间不能互访。
(2) 实验拓扑
(3) 地址说明
业务地址段:
私网地址段
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
网络地址段:
| 路由器 | 接口 | IP | 备注 |
| R1-CE | loopback0 | 1.1.1.1/32 | |
| GE 0/0/1 | 192.168.1.2/30 | ||
| Ethernet 0/0/1 | 10.0.1.254/24 | ||
| R2-PE | loopback0 | 2.2.2.2/32 | |
| GE 0/0/1 | 192.168.1.1/30 | vpn | |
| GE 0/0/0 | 211.137.23.2/24 | ||
| R3-P | loopback0 | 3.3.3.3/32 | |
| GE 0/0/0 | 211.137.23.3/24 | ||
| GE 0/0/1 | 211.137.34.3/24 | ||
| R4-ASBR | loopback0 | 4.4.4.4/32 | |
| GE 0/0/1 | 211.137.34.4/24 | ||
| GE 0/0/2 | 211.137.45.4/24 | ||
| R5-ASBR | loopback0 | 5.5.5.5/32 | |
| GE 0/0/2 | 211.137.45.5/24 | ||
| GE 0/0/1 | 211.137.56.5/24 | ||
| R6-P | loopback0 | 6.6.6.6/32 | |
| GE 0/0/1 | 211.137.56.6/24 | ||
| GE 0/0/0 | 211.137.67.6/24 | ||
| R7-PE | loopback0 | 7.7.7.7/32 | |
| GE 0/0/0 | 211.137.67.7/24 | ||
| GE 0/0/1 | 192.168.2.1/30 | vpn | |
| GE 0/0/2 | 192.168.3.1/30 | vpn | |
| R8-CE | loopback0 | 8.8.8.8/32 | |
| GE 0/0/1 | 192.168.2.2/30 | ||
| Ethernet 0/0/1 | 10.0.2.254/24 | ||
| R9-CE | loopback0 | 9.9.9.9/32 | |
| GE 0/0/1 | 192.168.3.2/30 | ||
| Ethernet 0/0/1 | 10.0.3.254/24 |
(4) 实验思路
1、为各AS的MPLS骨干网分别配置IGP,实现同一AS内骨干网的IP连通性
2、为各AS的MPLS骨干网分别配置MPLS基本能力和MPLS LDP
3、各AS内,在与CE相连的PE上配置VPN实例,并配置接口与VPN实例关联
4、各AS内,配置PE和CE间的路由交换
5、使能标签IPv4路由交换
6、配置路由策略控制标签分配
7、PE间建立MP-EBGP对等体关系
(5) OPTION C
路由层面
C E ⟺ e b g p P E ⟺ I B G P A S B R ⟺ E B G P A S B R ⟺ I B G P P E ⟺ e b g p C E CE \stackrel{ebgp}{\Longleftrightarrow} PE \stackrel{IBGP}{\Longleftrightarrow} ASBR \stackrel{EBGP}{\Longleftrightarrow} ASBR \stackrel{IBGP}{\Longleftrightarrow} PE \stackrel{ebgp}{\Longleftrightarrow} CE CE⟺ebgpPE⟺IBGPASBR⟺EBGPASBR⟺IBGPPE⟺ebgpCE
P E ⟷ M P − E B G P P E PE \stackrel{MP-EBGP}{\longleftrightarrow} PE PE⟷MP−EBGPPE
转发层面
C E ⟺ I P P E ⟺ M P L S P ⟺ M P L S A S B R ⟺ M P L S A S B R ⟺ M P L S P ⟺ M P L S P E ⟺ I P C E CE \stackrel{IP}{\Longleftrightarrow} PE \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} ASBR \stackrel{MPLS} {\Longleftrightarrow} ASBR \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} PE \stackrel{IP}{\Longleftrightarrow} CE CE⟺IPPE⟺MPLSP⟺MPLSASBR⟺MPLSASBR⟺MPLSP⟺MPLSPE⟺IPCE
(6) ABC区别
| Option A | Option B | Option C | |
|---|---|---|---|
| ASBR间交换的路由类型 | 客户的IPv4路由 | VPNv4路由 | 公网IPv4路由 |
| AS间标签交换 | 否 | VPN标签 | IPv4路由标签(通过eBGP传递) |
| AS之间是否需要启用LDP | 否 | 否 | 否 |
| AS之间是否需要启用MP-BGP | 否 | 是 | 是 |
| VPNv4路由在哪里维护 | ASBR | ASBR | PE或RR |
| 适用场景 | 一般用于国际运营商之间 | 同一个运营商中的不同AS之间 | 同一个运营商中的不同AS之间 |
2.骨干域IGP配置(OSPF)
与OPTION A类似
OSPF配置后,PE、P、ASBR可以相互学到loopback路由,是后续MPLS/LDP标签传递等的基础
## R2-PE的ospf配置
<R2-PE>display current-configuration configuration ospf
#
ospf 1 router-id 2.2.2.2area 0.0.0.0network 211.137.23.0 0.0.0.255network 2.2.2.2 0.0.0.0
#
return## R3-P的ospf配置
<R3-P>display current-configuration configuration ospf
#
ospf 1 router-id 3.3.3.3area 0.0.0.0network 211.137.23.0 0.0.0.255network 211.137.34.0 0.0.0.255network 3.3.3.3 0.0.0.0
#
return## R4-ASBR的ospf配置
<R4-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 4.4.4.4area 0.0.0.0network 211.137.34.0 0.0.0.255network 4.4.4.4 0.0.0.0
#
return## R7-PE的ospf配置
<R7-PE>display current-configuration configuration ospf
#
ospf 1 router-id 7.7.7.7area 0.0.0.0network 211.137.67.0 0.0.0.255network 7.7.7.7 0.0.0.0
#
return## R6-P的ospf配置
<R6-P>display current-configuration configuration ospf
#
ospf 1 router-id 6.6.6.6area 0.0.0.0network 211.137.56.0 0.0.0.255network 211.137.67.0 0.0.0.255network 6.6.6.6 0.0.0.0
#
return## R5-ASBR的ospf配置
<R5-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 5.5.5.5area 0.0.0.0network 211.137.56.0 0.0.0.255network 5.5.5.5 0.0.0.0
#
return
查看lsdb,确认PE/P/ASBR的loopback均已通过ospf发布
<R3-P>display ospf lsdbOSPF Process 1 with Router ID 3.3.3.3Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.4 4.4.4.4 377 48 80000004 1Router 2.2.2.2 2.2.2.2 419 48 80000006 1Router 3.3.3.3 3.3.3.3 375 60 80000009 1Network 211.137.23.2 2.2.2.2 420 32 80000002 0Network 211.137.34.3 3.3.3.3 376 32 80000002 0<R6-P>display ospf lsdbOSPF Process 1 with Router ID 6.6.6.6Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 7.7.7.7 7.7.7.7 296 48 80000006 1Router 6.6.6.6 6.6.6.6 262 60 80000009 1Router 5.5.5.5 5.5.5.5 264 48 80000004 1Network 211.137.67.7 7.7.7.7 296 32 80000002 0Network 211.137.56.6 6.6.6.6 262 32 80000002 0
3.骨干域MPLS/LDP配置
与OPTION A类似
分别在全局和接口下启用MPLS和LDP
## R2-PE启用MPLS和LDP
[R2-PE]mpls lsr-id 2.2.2.2
[R2-PE]mpls
Info: Mpls starting, please wait... OK!
[R2-PE-mpls]mpls ldp
[R2-PE-mpls-ldp]quit
[R2-PE]interface GigabitEthernet 0/0/0
[R2-PE-GigabitEthernet0/0/0]mpls
[R2-PE-GigabitEthernet0/0/0]mpls ldp## R3-P启用MPLS和LDP
[R3-P]mpls lsr-id 3.3.3.3
[R3-P]mpls
Info: Mpls starting, please wait... OK!
[R3-P-mpls]mpls ldp
[R3-P-mpls-ldp]quit
[R3-P]interface GigabitEthernet 0/0/0
[R3-P-GigabitEthernet0/0/0]mpls
[R3-P-GigabitEthernet0/0/0]mpls ldp
[R3-P-GigabitEthernet0/0/0]quit
[R3-P]interface GigabitEthernet 0/0/1
[R3-P-GigabitEthernet0/0/1]mpls
[R3-P-GigabitEthernet0/0/1]mpls ldp## R4-ASBR启用MPLS和LDP
[R4-ASBR]mpls lsr-id 4.4.4.4
[R4-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R4-ASBR-mpls]mpls ldp
[R4-ASBR-mpls-ldp]quit
[R4-ASBR]interface GigabitEthernet 0/0/1
[R4-ASBR-GigabitEthernet0/0/1]mpls
[R4-ASBR-GigabitEthernet0/0/1]mpls ldp## R7-PE启用MPLS和LDP
[R7-PE]mpls lsr-id 7.7.7.7
[R7-PE]mpls
Info: Mpls starting, please wait... OK!
[R7-PE-mpls]mpls ldp
[R7-PE-mpls-ldp]quit
[R7-PE]interface GigabitEthernet 0/0/0
[R7-PE-GigabitEthernet0/0/0]mpls
[R7-PE-GigabitEthernet0/0/0]mpls ldp## R6-P启用MPLS和LDP
[R6-P]mpls lsr-id 6.6.6.6
[R6-P]mpls
Info: Mpls starting, please wait... OK!
[R6-P-mpls]mpls ldp
[R6-P-mpls-ldp]quit
[R6-P]interface GigabitEthernet 0/0/0
[R6-P-GigabitEthernet0/0/0]mpls
[R6-P-GigabitEthernet0/0/0]mpls ldp
[R6-P-GigabitEthernet0/0/0]quit
[R6-P]interface GigabitEthernet 0/0/1
[R6-P-GigabitEthernet0/0/1]mpls
[R6-P-GigabitEthernet0/0/1]mpls ldp## ASBR2启用MPLS和LDP
[R5-ASBR]mpls lsr-id 5.5.5.5
[R5-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R5-ASBR-mpls]mpls ldp
[R5-ASBR-mpls-ldp]quit
[R5-ASBR]interface GigabitEthernet 0/0/1
[R5-ASBR-GigabitEthernet0/0/1]mpls
[R5-ASBR-GigabitEthernet0/0/1]mpls ldp
查看LSP
<R3-P>display mpls lsp
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
3.3.3.3/32 3/NULL -/-
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1025/3 -/GE0/0/1 <R6-P>display mpls lsp
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 NULL/3 -/GE0/0/0
7.7.7.7/32 1024/3 -/GE0/0/0
6.6.6.6/32 3/NULL -/-
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1025/3 -/GE0/0/1
4.PE上VPN实例配置
(1) 分公司配置
R7-PE上创建VPN实例vpn2和vpn3,将R8-CE和R9-CE分别接入到R7-PE上
## 创建vpn实例,名称为vpn2
[R7-PE]ip vpn-instance vpn2
## 使用ipv地址
[R7-PE-vpn-instance-vpn2]ipv4-family
## RD设置为100:2
[R7-PE-vpn-instance-vpn2-af-ipv4]route-distinguisher 100:2
## 设置vpn-target
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 1:1 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]quit
[R7-PE-vpn-instance-vpn2]quit
## 创建vpn实例,名称为vpn3
[R7-PE]ip vpn-instance vpn3
[R7-PE-vpn-instance-vpn3]ipv4-family
[R7-PE-vpn-instance-vpn3-af-ipv4]route-distinguisher 100:3
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 3:3 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 1:1 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn2的实例绑定到GigabitEthernet 0/0/1上,vpn3实例绑定到GigabitEthernet 0/0/2上
绑定后需要重新配置IP
[R7-PE]interface GigabitEthernet 0/0/1
[R7-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/1]ip address 192.168.2.1 30
[R7-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpn2ip address 192.168.2.1 255.255.255.252
#
return
[R7-PE-GigabitEthernet0/0/1]quit
[R7-PE]interface GigabitEthernet 0/0/2
[R7-PE-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/2]ip address 192.168.3.1 30
[R7-PE-GigabitEthernet0/0/2]display this
#
interface GigabitEthernet0/0/2ip binding vpn-instance vpn3ip address 192.168.3.1 255.255.255.252
#
return
配置R7-PE和R8-CE、R9-CE的BGP邻居及路由
## R7-PE上配置BGP,分别在vpn2和vpn3中配置到R8-CE和R9-CE的BGP邻居
[R7-PE]bgp 200
[R7-PE-bgp]ipv4-family vpn-instance vpn2
[R7-PE-bgp-vpn2]peer 192.168.2.2 as-number 10002
[R7-PE-bgp-vpn2]quit
[R7-PE-bgp]ipv4-family vpn-instance vpn3
[R7-PE-bgp-vpn3]peer 192.168.3.2 as-number 10003## R8-CE上配置BGP
[R8-CE]bgp 10002
[R8-CE-bgp]peer 192.168.2.1 as-number 200
[R8-CE-bgp]network 10.0.2.0 255.255.255.0
## R9-CE上配置BGP
[R9-CE]bgp 10003
[R9-CE-bgp]peer 192.168.3.1 as-number 200
[R9-CE-bgp]network 10.0.3.0 255.255.255.0
在R7-PE上查看BGP收发路由情况
<R7-PE>display bgp vpnv4 vpn-instance vpn2 routing-table peer 192.168.2. receiv
ed-routesBGP Local router ID is 7.7.7.7 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteVPN-Instance vpn2, Router ID 7.7.7.7:Total Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.2.0/24 192.168.2.2 0 0 10002i<R7-PE>display bgp vpnv4 vpn-instance vpn3 routing-table peer 192.168.3.2 receiv
ed-routes BGP Local router ID is 7.7.7.7 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteVPN-Instance vpn3, Router ID 7.7.7.7:Total Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.3.0/24 192.168.3.2 0 0 10003i
(2) 总公司配置
R2-PE上创建VPN实例vpn1,将R1-CE接入到R2-PE上
[R2-PE]ip vpn-instance vpn1
[R2-PE-vpn-instance-vpn1]ipv4-family
[R2-PE-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 2:2 3:3 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn1的实例绑定到GigabitEthernet 0/0/1上
[R2-PE]interface GigabitEthernet 0/0/1
[R2-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R2-PE-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[R2-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpn1ip address 192.168.1.1 255.255.255.252
#
return
配置R2-PE和R1-CE的BGP邻居及路由
## R2-PE上配置BGP,在vpn1中配置到R1-CE的BGP邻居,并下发缺省路由
[R2-PE]bgp 100
[R2-PE-bgp]ipv4-family vpn-instance vpn1
[R2-PE-bgp-vpn1]peer 192.168.1.2 as-number 10001## R1-CE上配置BGP
[R1-CE]bgp 10001
[R1-CE-bgp]peer 192.168.1.1 as-number 100
[R1-CE-bgp]network 10.0.1.0 255.255.255.0
在R2-PE上查看BGP收发路由情况
<R2-PE>display bgp vpnv4 vpn-instance vpn1 routing-table peer 192.168.1.2 receiv
ed-routes BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteVPN-Instance vpn1, Router ID 2.2.2.2:Total Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.1.0/24 192.168.1.2 0 0 10001i
5.跨域配置
(1) 使能标签IPv4路由交换
在OptionC方式中,需要在PE间建立一条跨域的VPN LSP,相关PE、P、ASBR之间发布公网路由时携带MPLS标签信息。
首先在ASBR之间启用mpls
## R4-ASBR接口上启用mpls
[R4-ASBR]interface GigabitEthernet 0/0/2
[R4-ASBR-GigabitEthernet0/0/2]mpls## R5-ASBR接口上启用mpls
[R5-ASBR]interface GigabitEthernet 0/0/2
[R5-ASBR-GigabitEthernet0/0/2]mpls
携带MPLS标签的公网路由通过MP-BGP发布。根据RFC3107(Carrying Label Information in BGP-4)中的描述,一条路由的标签映射信息可以通过发布这条路由的BGP Update消息捎带(piggyback)。这种能力使用BGP的扩展属性实现,要求BGP对等体能够处理标签IPv4路由。
缺省情况下,BGP对等体不处理标签IPv4路由。
配置R2-PE与R4-ASBR、R4-ASBR与R5-ASBR、R5-ASBR与R7-PE的BGP邻居,并使能交换标签IPv4路由的能力
## R2-PE配置
[R2-PE]bgp 100
## 与R4-ASBR建立IBGP邻居,并使能交换标签IPv4路由的能力
[R2-PE-bgp]peer 4.4.4.4 as-number 100
[R2-PE-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R2-PE-bgp]peer 4.4.4.4 label-route-capability
[R2-PE-bgp]network 2.2.2.2 255.255.255.255## R4-ASBR配置
[R4-ASBR]bgp 100
## 与R5-ASBR建立EBGP邻居,并使能交换标签IPv4路由的能力
[R4-ASBR-bgp]peer 211.137.45.5 as-number 200
[R4-ASBR-bgp]peer 211.137.45.5 label-route-capability
## 与R2-PE建立IBGP邻居,并使能交换标签IPv4路由的能力
[R4-ASBR-bgp]peer 2.2.2.2 as-number 100
[R4-ASBR-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R4-ASBR-bgp]peer 2.2.2.2 label-route-capability
## 发布R2-PE的loopback地址
[R4-ASBR-bgp]network 2.2.2.2 255.255.255.255## R5-ASBR配置
[R5-ASBR]bgp 200
## 与R4-ASBR建立EBGP邻居,并使能交换标签IPv4路由的能力
[R5-ASBR-bgp]peer 211.137.45.4 as-number 100
[R5-ASBR-bgp]peer 211.137.45.4 label-route-capability
## 与R7-PE建立IBGP邻居,并使能交换标签IPv4路由的能力
[R5-ASBR-bgp]peer 7.7.7.7 as-number 200
[R5-ASBR-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R5-ASBR-bgp]peer 7.7.7.7 label-route-capability
## 发布R7-PE的loopback地址
[R5-ASBR-bgp]network 7.7.7.7 255.255.255.255## R7-PE配置
[R7-PE]bgp 200
## 与R5-ASBR建立IBGP邻居,并使能交换标签IPv4路由的能力
[R7-PE-bgp]peer 5.5.5.5 as-number 200
[R7-PE-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R7-PE-bgp]peer 5.5.5.5 label-route-capability
[R7-PE-bgp]network 7.7.7.7 255.255.255.255
(2) 配置路由策略控制标签分配
跨域BGP LSP需要配置路由策略来控制标签的分配,对于向本AS的PE发布的路由,如果是带标签的IPv4路由,为其重新分配MPLS标签;对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签。
在R4-ASBR和R5-ASBR上创建路由策略
## R4-ASBR配置
## 对于从对端的ASBR接收的带标签的IPv4路由,在向本AS的PE发布时,为其重新分配MPLS标签
[R4-ASBR]route-policy policy1 permit node 1
Info: New Sequence of this List.
[R4-ASBR-route-policy]if-match mpls-label
[R4-ASBR-route-policy]apply mpls-label
[R4-ASBR-route-policy]quit
## 对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签
[R4-ASBR]route-policy policy2 permit node 1
Info: New Sequence of this List.
[R4-ASBR-route-policy]apply mpls-label## R5-ASBR配置
## 对于从对端的ASBR接收的带标签的IPv4路由,在向本AS的PE发布时,为其重新分配MPLS标签
[R5-ASBR]route-policy policy1 permit node 1
Info: New Sequence of this List.
[R5-ASBR-route-policy]if-match mpls-label
[R5-ASBR-route-policy]apply mpls-label
[R5-ASBR-route-policy]quit
## 对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签
[R5-ASBR]route-policy policy2 permit node 1
Info: New Sequence of this List.
[R5-ASBR-route-policy]apply mpls-label
在ASBR的BGP配置中应用上述路由策略
## R4-ASBR配置
[R4-ASBR]bgp 100
[R4-ASBR-bgp]peer 2.2.2.2 route-policy policy1 export
[R4-ASBR-bgp]peer 211.137.45.5 route-policy policy2 export## R5-ASBR配置
[R5-ASBR]bgp 200
[R5-ASBR-bgp]peer 7.7.7.7 route-policy policy1 export
[R5-ASBR-bgp]peer 211.137.45.4 route-policy policy2 export
(3) PE间建立MP-EBGP邻居
MP-EBGP通过在BGP中引入扩展团体属性,使其能够在PE设备之间传播VPNv4路由。
## R2-PE与R7-PE建立MP-EBGP邻居
[R2-PE-bgp]peer 7.7.7.7 as-number 200
[R2-PE-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R2-PE-bgp]peer 7.7.7.7 ebgp-max-hop 50
[R2-PE-bgp]ipv4-family unicast
[R2-PE-bgp-af-ipv4]undo peer 7.7.7.7 enable
[R2-PE-bgp-af-ipv4]quit
[R2-PE-bgp]ipv4-family vpnv4
[R2-PE-bgp-af-vpnv4]policy vpn-target
[R2-PE-bgp-af-vpnv4]peer 7.7.7.7 enable## R7-PE与R2-PE建立MP-EBGP邻居
[R7-PE-bgp]peer 2.2.2.2 as-number 100
[R7-PE-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R7-PE-bgp]peer 2.2.2.2 ebgp-max-hop 50
[R7-PE-bgp]ipv4-family unicast
[R7-PE-bgp-af-ipv4]undo peer 2.2.2.2 enable
[R7-PE-bgp-af-ipv4]quit
[R7-PE-bgp]ipv4-family vpnv4
[R7-PE-bgp-af-vpnv4]policy vpn-target
[R7-PE-bgp-af-vpnv4]peer 2.2.2.2 enable
查看R2-PE和R7-PE的BGP邻居情况
<R2-PE>display bgp peer BGP local router ID : 2.2.2.2Local AS number : 100Total number of peers : 2 Peers in established state : 2Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv4.4.4.4 4 100 29 30 0 00:23:57 Established 27.7.7.7 4 200 9 8 0 00:01:54 Established 1
<R2-PE>display bgp vpnv4 all peer BGP local router ID : 2.2.2.2Local AS number : 100Total number of peers : 2 Peers in established state : 2Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv7.7.7.7 4 200 10 9 0 00:02:03 Established 2Peer of IPv4-family for vpn instance :VPN-Instance vpn1, Router ID 2.2.2.2:192.168.1.2 4 10001 170 166 0 02:41:22 Established 1<R7-PE>display bgp peer BGP local router ID : 7.7.7.7Local AS number : 200Total number of peers : 2 Peers in established state : 2Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv2.2.2.2 4 100 10 11 0 00:03:23 Established 15.5.5.5 4 200 579 550 0 09:07:30 Established 2
<R7-PE>display bgp vpnv4 all peer BGP local router ID : 7.7.7.7Local AS number : 200Total number of peers : 3 Peers in established state : 3Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv2.2.2.2 4 100 10 11 0 00:03:32 Established 1Peer of IPv4-family for vpn instance :VPN-Instance vpn2, Router ID 7.7.7.7:192.168.2.2 4 10002 11 11 0 00:08:31 Established 1VPN-Instance vpn3, Router ID 7.7.7.7:192.168.3.2 4 10003 129 116 0 01:52:06 Established 1
6.测试
在客户端上分别进行测试,总部PC1可以连通分公司PC2和PC3,但是分公司之间PC2和PC3无法互通
## 总部PC1测试结果
PC>ping 10.0.2.1Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
From 10.0.2.1: bytes=32 seq=1 ttl=124 time=312 ms
From 10.0.2.1: bytes=32 seq=2 ttl=124 time=328 ms
From 10.0.2.1: bytes=32 seq=3 ttl=124 time=297 ms
From 10.0.2.1: bytes=32 seq=4 ttl=124 time=297 ms
From 10.0.2.1: bytes=32 seq=5 ttl=124 time=359 ms--- 10.0.2.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 297/318/359 msPC>ping 10.0.3.1Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
From 10.0.3.1: bytes=32 seq=1 ttl=124 time=391 ms
From 10.0.3.1: bytes=32 seq=2 ttl=124 time=375 ms
From 10.0.3.1: bytes=32 seq=3 ttl=124 time=297 ms
From 10.0.3.1: bytes=32 seq=4 ttl=124 time=328 ms
From 10.0.3.1: bytes=32 seq=5 ttl=124 time=359 ms--- 10.0.3.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 297/350/391 ms## 分公司PC2测试结果
PC>ping 10.0.1.1Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=312 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=375 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=328 ms--- 10.0.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 312/334/375 msPC>ping 10.0.3.1Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!--- 10.0.3.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss## 分公司PC3测试结果
PC>ping 10.0.1.1Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!--- 10.0.1.1 ping statistics ---1 packet(s) transmitted0 packet(s) received100.00% packet lossPC>ping 10.0.1.1Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=297 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=313 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=313 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=312 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=313 ms--- 10.0.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 297/309/313 msPC>ping 10.0.2.1Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!--- 10.0.2.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss
在PC1上ping测试PC2,并从各个接口上抓包分析标签变化
R1-R2:CE->PE,普通IPv4报文,无标签
R2-R3:PE-P,内层标签1071,为vpn路由标签;中间标签1061,为EBGP LSP标签;外层标签1039,为LDP分配
<R2-PE>display mpls lsp
-------------------------------------------------------------------------------LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.0.1.0/24 1061/NULL -/- vpn1
7.7.7.7/32 NULL/1061 -/-
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/0
3.3.3.3/32 1054/3 -/GE0/0/0
4.4.4.4/32 NULL/1039 -/GE0/0/0
4.4.4.4/32 1060/1039 -/GE0/0/0 <R7-PE>display mpls lsp
-------------------------------------------------------------------------------LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.0.2.0/24 1071/NULL -/- vpn2
10.0.3.0/24 1077/NULL -/- vpn3
2.2.2.2/32 NULL/1056 -/-
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 3/NULL -/-
5.5.5.5/32 NULL/1039 -/GE0/0/0
5.5.5.5/32 1067/1039 -/GE0/0/0
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1068/3 -/GE0/0/0
R3-R4:P-ASBR,外层标签1039根据PHP弹出,因此仅剩中间标签1061和内层标签1071
R4-R5:ASBR-ASBR,BGP交换标签,中间标签由1061变为1049
在R4-ASBR上查看LSP,确认标签交换信息相符
<R4-ASBR>display mpls lsp
-------------------------------------------------------------------------------LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 1061/1049 -/-
2.2.2.2/32 1063/NULL -/-
7.7.7.7/32 NULL/1049 -/-
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/1037 -/GE0/0/1
2.2.2.2/32 1064/1037 -/GE0/0/1
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1058/3 -/GE0/0/1
4.4.4.4/32 3/NULL -/-
R5-R6:ASBR-P,中间标签由BGP完成替换,从1049变为1040;内层标签不变,仍为1071
R6-R7:P-PE,中间标签1040根据PHP弹出,仅剩内层标签1071
R7-R8:PE-CE,普通IPv4报文,内层标签1071也弹出
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!