首先,我们应该设计拓扑的结构以及各个路由器在ISP内的区域
我的设计如下:
(1)R1、R5、R6在BGP的AS2中;(R1、R5、R6不在同一个AS内)
(2)R2、R3、R4、R6在BGP的AS1中;
(3)BGP内运行的IGP协议为OSPF,区域为骨干区域;
(3)R4-R2、R6-R2建立MPLS VPN关系;
(4)R1至R7的IPV4地址均为10.1.X.0/24(例如10.1.12.1/24为R1-R2之间的接口IPV4地址);
(5)R1至R7的环回地址均为X.X.X.X/32(例如R1为1.1.1.1/32);
(6)在R1-R2之间存在子接口e0/0.1与e0/0.2,其接口IPV4地址分别为10.1.12.1/24与10.2.12.1/24;
(7)在R1-R2、R4-R5、R6-R7之间存在BGP的AS PATH防环机制导致路由无法传递,在其接口上取消AS PATH的防环机制,让其路由可以传递进入对应的BGP AS之内。
(8)在R1-R2之间的VRF空间名称为a1-1与a1-2
a1-1
rd 1:1
route-target export 1:1
route-target export 1:2
a1-2
rd 1:2
route-target import 1:4
route-target import 1:6
在R4-R5之间的VRF空间名称为a4
a4
rd 1:4
route-target export 1:4
route-target import 1:1
route-target import 1:2
在R6-R7之间的VRF空间名称为a6
a6
rd 1:6
route-target export 1:6
route-target import 1:1
route-target import 1:2
配置如下:
注意:(以下命令建议路由器都应该配置)
Router#en
Router#conf t
Router(config)#line c 0
Router(config-line)#exec-t 0 0
Router(config-line)#logg sy
Router(config-line)#logg synchronous
Router(config-line)#no ip domain-lo
Router(config)#ho R1
首先给每一个路由器的接口和环回配置相关的IPV4地址
R1的loopback 1的IPV4地址为1.1.1.1/32
R2的loopback 1的IPV4地址为2.2.2.2/32
R3的loopback 1的IPV4地址为3.3.3.3/32
R4的loopback 1的IPV4地址为4.4.4.4/32
R5的loopback 1的IPV4地址为5.5.5.5/32
R6的loopback 1的IPV4地址为6.6.6.6/32
R7的loopback 1的IPV4地址为7.7.7.7/32
R1-R2的e0/0.1的IPV4地址为10.1.12.1/24
R1-R2的e0/0.2的IPV4地址为10.2.12.1/24
R2-R1的e0/0.1的IPV4地址为10.1.12.2/24
R2-R1的e0/0.2的IPV4地址为10.2.12.2/24
R2-R3的s1/1的IPV4地址为10.1.23.1/24
R3-R2的s1/0的IPV4地址为10.1.23.2/24
R3-R4的s1/1的IPV4地址为10.1.34.1/24
R3-R4的s1/0的IPV4地址为10.1.34.2/24
R4-R5的s1/1的IPV4地址为10.1.45.1/24
R4-R5的s1/0的IPV4地址为10.1.45.2/24
R3-R6的s1/2的IPV4地址为10.1.36.1/24
R6-R6的s1/2的IPV4地址为10.1.36.2/24.
R6-R7的s1/1的IPV4地址为10.1.67.1/24
R7-R6的s1/0的IPV4地址为10.1.67.2/24
在R2/R3/R4/R6之间运行OSPF
R2#show run | s ospf
router ospf 100
router-id 2.2.2.2
network 2.2.2.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
R3#show run | s ospf
router ospf 100
router-id 3.3.3.3
network 3.3.3.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.1.34.0 0.0.0.255 area 0
network 10.1.36.0 0.0.0.255 area 0
R4#show run | s ospf
router ospf 100
router-id 4.4.4.4
network 4.4.4.0 0.0.0.255 area 0
network 10.1.34.0 0.0.0.255 area 0
R6#show run | s ospf
router ospf 100
router-id 6.6.6.6
network 6.6.6.0 0.0.0.255 area 0
network 10.1.36.0 0.0.0.255 area 0
在R1/R2/R4/R6/R5/R7上运行BGP,其AS号分别为2、1、1、1、2、2
R1#show run | s bgp
router bgp 2
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 10.1.12.2 remote-as 1
neighbor 10.2.12.2 remote-as 1
R2#show run | s bgp
router bgp 1
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 1
neighbor 4.4.4.4 update-source Loopback1
neighbor 6.6.6.6 remote-as 1
neighbor 6.6.6.6 update-source Loopback1
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf a1-1
neighbor 10.1.12.1 remote-as 2
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 allowas-in
exit-address-family
!
address-family ipv4 vrf a1-2
neighbor 10.2.12.1 remote-as 2
neighbor 10.2.12.1 activate
neighbor 10.2.12.1 as-override
exit-address-family
R4#show run | s bgp
router bgp 1
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback1
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf a4
neighbor 10.1.45.2 remote-as 2
neighbor 10.1.45.2 activate
neighbor 10.1.45.2 as-override
exit-address-family
R5#show run | s bgp
router bgp 2
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
neighbor 10.1.45.1 remote-as 1
R6#show run | s bgp
router bgp 1
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback1
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf a6
neighbor 10.1.67.2 remote-as 2
neighbor 10.1.67.2 activate
neighbor 10.1.67.2 as-override
exit-address-family
R7#show run | s bgp
router bgp 2
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
neighbor 10.1.67.1 remote-as 1
注意:R1-R2之间E0/0.1的接口属于VRF A1-1,E0/0.2的接口属于VRF A1-2
R4-R5之间的S1/1接口属于VRF A4,R6-R7之间的S1/0接口属于VRF A6
R2#show run | s vrf
ip vrf a1-1
rd 1:1
route-target export 1:1
route-target export 1:2
ip vrf a1-2
rd 1:2
route-target import 1:4
route-target import 1:6
ip vrf forwarding a1-1
ip vrf forwarding a1-2
address-family ipv4 vrf a1-1
neighbor 10.1.12.1 remote-as 2
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 allowas-in
address-family ipv4 vrf a1-2
neighbor 10.2.12.1 remote-as 2
neighbor 10.2.12.1 activate
neighbor 10.2.12.1 as-override
R4#show run | s vrf
ip vrf a4
rd 1:4
route-target export 1:4
route-target import 1:1
route-target import 1:2
ip vrf forwarding a4
address-family ipv4 vrf a4
neighbor 10.1.45.2 remote-as 2
neighbor 10.1.45.2 activate
neighbor 10.1.45.2 as-override
R6#show run | s vrf
ip vrf a6
rd 1:6
route-target export 1:6
route-target import 1:1
route-target import 1:2
ip vrf forwarding a6
ip vrf forwarding a6
address-family ipv4 vrf a6
neighbor 10.1.67.2 remote-as 2
neighbor 10.1.67.2 activate
neighbor 10.1.67.2 as-override
在R2的S1/1与R3的S1/1、S1/0、S1/2与R4的S1/0与R6的S1/2接口上开通MPLS VPN
R2(config-if)#mpls ip
R2(config-if)#mpls label range 200 299 (建议配置,规定了MPLS VPN的标签范围,方便查看)
以上配置完成之后,可以使用traceroute 1.1.1.1 source 5.5.5.5 numeric来检测环回5.5.5.5/32到1.1.1.1/32是否连通,也要检测5.5.5.5/32到7.7.7.7/32之间是否连通。
正确的示范:
R5#traceroute 1.1.1.1 source 5.5.5.5 numeric
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.45.1 9 msec 9 msec 9 msec
2 10.1.34.1 [MPLS: Labels 300/16 Exp 0] 27 msec 23 msec 27 msec
3 10.1.12.2 [MPLS: Label 16 Exp 0] 28 msec 27 msec 31 msec
4 10.1.12.1 26 msec * 24 msec
R5#traceroute 7.7.7.7 source 5.5.5.5 numeric
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.45.1 9 msec 9 msec 8 msec
2 10.1.34.1 [MPLS: Labels 300/19 Exp 0] 24 msec 27 msec 23 msec
3 10.1.12.2 [MPLS: Label 19 Exp 0] 27 msec 23 msec 27 msec
4 10.1.12.1 23 msec 27 msec 23 msec
5 10.2.12.2 27 msec 23 msec 26 msec
6 10.1.23.2 [MPLS: Labels 302/16 Exp 0] 54 msec 53 msec 54 msec
7 10.1.67.1 [MPLS: Label 16 Exp 0] 45 msec 45 msec 55 msec
8 10.1.67.2 61 msec * 54 msec
**谢谢观看
西安建筑科技大学华清学院
机电工程学院
左旭晨**