1、实验目的:
AS 100和AS 200为不同运营商的网络,运营商网络内部运行OSPF协议。使用mpls跨域option C方式一组网,实现公司A互通、公司B互通。
2、实验拓扑:
3、实验步骤:
步骤1:配置IP地址,IP地址规划见表;
设备名称 |
接口编号 |
Ip地址 |
所属Vpn实例 |
PE1 |
G0/0/0 |
17.1.1.1/24 |
B |
PE1 |
G0/0/1 |
12.1.1.1/24 |
|
PE1 |
G0/0/2 |
19.1.1.1/24 |
A |
PE1 |
Loopback 0 |
1.1.1.1/32 |
|
P1 |
G0/0/0 |
12.1.1.2/24 |
|
P1 |
G0/0/1 |
23.1.1.1/24 |
|
P1 |
G0/0/2 |
112.1.1.1/24 |
|
P1 |
Loopback 0 |
2.2.2.2/24 |
|
ASBR1 |
G0/0/0 |
23.1.1.2/24 |
|
ASBR1 |
G0/0/1 |
34.1.1.1/24 |
|
ASBR1 |
Loopback 0 |
3.3.3.3/32 |
|
PE2 |
G0/0/0 |
56.1.1.2/24 |
|
PE2 |
G0/0/1 |
28.1.1.2/24 |
B |
PE2 |
G0/0/2 |
210.1.1.2/24 |
A |
PE2 |
Loopback 0 |
6.6.6.6/32 |
|
P2 |
G0/0/0 |
45.1.1.2/24 |
|
P2 |
G0/0/1 |
56.1.1.1/24 |
|
P2 |
G0/0/2 |
112.1.1.1/24 |
|
P2 |
Loopback 0 |
5.5.5.5/24 |
|
ASBR2 |
G0/0/1 |
45.1.1.1/24 |
|
ASBR2 |
G0/0/0 |
34.1.1.2/24 |
|
ASBR2 |
Loopback 0 |
4.4.4.4/32 |
|
CE1 |
G0/0/0 |
17.1.1.7/24 |
|
CE1 |
Loopback 0 |
7.7.7.7/32 |
|
CE2 |
G0/0/0 |
28.1.1.8/24 |
|
CE2 |
Loopback 0 |
8.8.8.8/32 |
|
CE3 |
G0/0/0 |
19.1.1.9/24 |
|
CE3 |
Loopback 0 |
9.9.9.9/32 |
|
CE4 |
G0/0/0 |
210.1.1.0/24 |
|
CE4 |
Loopback 0 |
10.10.10.10/32 |
|
RR1 |
G0/0/0 |
112.1.1.12/24 |
|
RR1 |
Loopback 0 |
12.12.12.12/32 |
|
RR2 |
G0/0/0 |
213.1.1.13/24 |
|
RR2 |
Loopback 0 |
13.13.13.13/32 |
步骤2:配置运营商网络的IGP及MPLS 、MPLS LDP协议,RR无需运行mpls以及mpls ldp。
(1)配置运营商网络的IGP
PE1的配置:
[PE1]ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
P1的配置:
[P1]ospf 1
[P1-ospf-1] area 0
[P1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[P1-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
[P1-ospf-1-area-0.0.0.0] network 112.1.1.0 0.0.0.255
ASBR1的配置:
[ASBR1]ospf 1
[ASBR1-ospf-1] area 0
[ASBR1-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[ASBR1-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
RR1的配置:
[RR1]ospf
[RR1-ospf-1]area 0
[RR1-ospf-1-area-0.0.0.0]network 112.1.1.0 0.0.0.255
[RR1-ospf-1-area-0.0.0.0]network 12.12.12.12 0.0.0.0
ASBR2的配置:
[ASBR2]ospf 1
[ASBR2-ospf-1] area 0
[ASBR2-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[ASBR2-ospf-1-area-0.0.0.0] network 45.1.1.0 0.0.0.255
P2的配置:
[P2]ospf 1
[P2-ospf-1] area 0
[P2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[P2-ospf-1-area-0.0.0.0] network 45.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 56.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 213.1.1.0 0.0.0.255
PE2的配置:
[PE2]ospf 1
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 56.1.1.0 0.0.0.255
RR2的配置:
[RR2]ospf
[RR2-ospf-1]area 0
[RR2-ospf-1-area-0.0.0.0]network 213.1.1.0 0.0.0.255
[RR2-ospf-1-area-0.0.0.0]network 13.13.13.13 0.0.0.0
(2)配置运营商网络的MPLS 、MPLS LDP协议,建立公网隧道。
PE1的配置:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]mpls ldp
[PE1]interface G0/0/1
[PE1-GigabitEthernet0/0/1] mpls
[PE1-GigabitEthernet0/0/1] mpls ldp
P1的配置:
[P1]mpls lsr-id 2.2.2.2
[P1]mpls
[P1-mpls]mpls ldp
[P1]interface G0/0/0
[P1-GigabitEthernet0/0/0] mpls
[P1-GigabitEthernet0/0/0] mpls ldp
[P1]interface G0/0/1
[P1-GigabitEthernet0/0/1] mpls
[P1-GigabitEthernet0/0/1] mpls ldp
ASBR1的配置:
[ASBR1]mpls lsr-id 3.3.3.3
[ASBR1]mpls
[ASBR1-mpls]mpls ldp
[ASBR1]interface G0/0/0
ASBR1-GigabitEthernet0/0/0] mpls
[ASBR1-GigabitEthernet0/0/0] mpls ldp
PE2的配置:
[PE2]mpls lsr-id 6.6.6.6
[PE2]mpls
[PE2-mpls]mpls ldp
[PE2]interface G0/0/0
[PE2-GigabitEthernet0/0/0] mpls
[PE2-GigabitEthernet0/0/0] mpls ldp
P2的配置:
[P2]mpls lsr-id 5.5.5.5
[P2]mpls
[P2-mpls]mpls ldp
[P2]interface G0/0/0
[P2-GigabitEthernet0/0/0] mpls
[P2-GigabitEthernet0/0/0] mpls ldp
[P2]interface G0/0/1
[P2-GigabitEthernet0/0/1] mpls
[P2-GigabitEthernet0/0/1] mpls ldp
ASBR2的配置:
[ASBR2]mpls lsr-id 4.4.4.4
[ASBR2]mpls
[ASBR2-mpls]mpls ldp
[ASBR2]interface G0/0/1
ASBR2-GigabitEthernet0/0/1] mpls
[ASBR2-GigabitEthernet0/0/1] mpls ldp
查看AS100和AS200通过mpls 建立的LSP。
查看PE1的lsp。
<PE1>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1
3.3.3.3/32 1025/1024 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
查看PE2的lsp。
<PE2>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
4.4.4.4/32 NULL/1024 -/GE0/0/0
4.4.4.4/32 1024/1024 -/GE0/0/0
5.5.5.5/32 NULL/3 -/GE0/0/0
5.5.5.5/32 1025/3 -/GE0/0/0
6.6.6.6/32 3/NULL -/-
通过以上输出,表示AS100和AS200的公网隧道已经建立完毕。
步骤3:配置PE 和CE 之间的路由协议
(1)配置PE设备的 vpn实例。
PE1的配置:
[PE1]ip vpn-instance A
[PE1-vpn-instance-A] ipv4-family
[PE1-vpn-instance-A-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-A-af-ipv4] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-A-af-ipv4] vpn-target 100:1 import-extcommunity
[PE1]ip vpn-instance B
[PE1-vpn-instance-B] ipv4-family
[PE1-vpn-instance-B-af-ipv4] route-distinguisher 200:1
[PE1-vpn-instance-B-af-ipv4] vpn-target 200:1 export-extcommunity
[PE1-vpn-instance-B-af-ipv4] vpn-target 200:1 import-extcommunity
PE2的配置
[PE2]ip vpn-instance A
[PE2-vpn-instance-A] ipv4-family
[PE2-vpn-instance-A-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-A-af-ipv4] vpn-target 100:1 export-extcommunity
[PE2-vpn-instance-A-af-ipv4] vpn-target 100:1 import-extcommunity
[PE2]ip vpn-instance B
[PE2-vpn-instance-B] ipv4-family
[PE2-vpn-instance-B-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-B-af-ipv4] vpn-target 200:1 export-extcommunity
[PE2-vpn-instance-B-af-ipv4] vpn-target 200:1 import-extcommunity
(2)将对应的接口加入到vpn实例
PE1的配置:
[PE1]interface GigabitEthernet0/0/0
[PE1-GigabitEthernet0/0/0] ip binding vpn-instance B
[PE1-GigabitEthernet0/0/0] ip address 17.1.1.1 255.255.255.0
[PE1]interface GigabitEthernet0/0/2
[PE1-GigabitEthernet0/0/2] ip binding vpn-instance A
[PE1-GigabitEthernet0/0/2] ip address 19.1.1.1 255.255.255.0
PE2的配置:
[PE2]interface GigabitEthernet0/0/1
[PE2-GigabitEthernet0/0/1] ip binding vpn-instance B
[PE2-GigabitEthernet0/0/1] ip address 28.1.1.2 255.255.255.0
[PE2]interface GigabitEthernet0/0/2
[PE2-GigabitEthernet0/0/2] ip binding vpn-instance A
[PE2-GigabitEthernet0/0/2] ip address 210.1.1.2 255.255.255.0
(3)配置PE和CE之间的路由协议。
PE1和CE1的OSPF协议:
PE1的配置:
[PE1]ospf 100 vpn-instance B
[PE1-ospf-100] area 0
[PE1-ospf-100-area-0.0.0.0] network 28.1.1.0 0.0.0.255
CE1的配置:
[CE1]ospf 1
[CE1-ospf-1] area 0
[CE1-ospf-1-area-0.0.0.0] network 7.7.7.7 0.0.0.0
[CE1-ospf-1-area-0.0.0.0] network 17.1.1.0 0.0.0.255
查看ospf邻居关系:
[PE1]display ospf 100 peer brief
OSPF Process 100 with Router ID 17.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 17.1.1.7 Full
----------------------------------------------------------------------------
查看PE1的VPN实例B的路由:
[PE1]display ip routing-table vpn-instance B
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: B
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
7.7.7.7/32 OSPF 10 1 D 17.1.1.7 GigabitEthernet0/0/0
17.1.1.0/24 Direct 0 0 D 17.1.1.1 GigabitEthernet0/0/0
17.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
17.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以看到PE1的实例B上学习到CE1的7.7.7.7/32的路由。
PE1和CE3的bgp配置:
PE1的配置:
[PE1]Bgp 100
[PE1-bgp]ipv4-family vpn-instance A
[PE1-bgp-A] peer 19.1.1.9 as-number 300
CE3的配置:
[CE3]bgp 300
[CE3-bgp] peer 19.1.1.1 as-number 100
[CE3-bgp] network 9.9.9.9 255.255.255.255
查看PE1的vpnv4路由表:
[PE1]display bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
可以看到PE1学习到CE3的9.9.9.9/32的路由。
PE2和CE2的ospf协议:
PE2的配置:
[PE2]ospf 100 vpn-instance B
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 28.1.1.0 0.0.0.255
CE2的配置:
[CE2]ospf 1
[CE2-ospf-1] area 0
[CE2-ospf-1-area-0.0.0.0] network 8.8.8.8 0.0.0.0
[CE2-ospf-1-area-0.0.0.0] network 28.1.1.0 0.0.0.255
查看PE2的VPN实例B的路由:
[PE2]display ip routing-table vpn-instance B
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: B
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
8.8.8.8/32 OSPF 10 1 D 28.1.1.8 GigabitEthernet0/0/1
28.1.1.0/24 Direct 0 0 D 28.1.1.2 GigabitEthernet0/0/1
28.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
28.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
PE2学习到CE2的8.8.8.8/32的路由
PE2和CE4的BGP协议:
PE2的配置:
[PE2]Bgp 200
[PE2-bgp] ipv4-family vpn-instance A
[PE2-bgp-A] peer 210.1.1.10 as-number 400
CE4的配置:
[CE4]bgp 400
[CE4-bgp] peer 210.1.1.2 as-number 200
[CE4-bgp] network 10.10.10.10 255.255.255.255
查看PE2的vpnv4路由:
[PE2]display bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 56.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 56.1.1.2:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 210.1.1.10 0 0 400i
可以看到PE2学习到CE4的路由。
将PE的vpn实例B的ospf路由和BGP路由做双向引入,由于vpn实例B全部运行在BGP中,无需引入。
PE1的配置:
[PE1]ospf 100 vpn-instance B
[PE1-ospf-100] import-route bgp
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance B
[PE1-bgp-B] import-route ospf 100
PE2的配置:
[PE2]ospf 100 vpn-instance B
[PE2-ospf-100] import-route bgp
[PE2]bgp 200
[PE2-bgp]ipv4-family vpn-instance B
[PE2-bgp-B] import-route ospf 100
步骤3:配置AS100和AS200之间的bgp邻居关系。此步骤的目的是让PE1和PE2学习到对端的环回口路由,PE1和PE2的环回口路由作为vpnv4的下一跳,防止下一跳不可达。RR1和RR2学习到对端的环回口路由。(RR1和RR2后续需要建立MP-BGP的邻居关系,需要环回口地址可达才能建立tcp连接)
AS 100内的BGP邻居关系:RR1和PE1、P1、ASBR1建立IBGP邻居关系,RR1作为反射器。
AS 200内的BGP邻居关系:RR2和PE2、P2、ASBR2建立IBGP邻居关系,RR1作为反射器。
AS 100和AS 200之间的邻居关系:ASBR1和ASBR2建立EBGP邻居关系。
(1)按需求配置BGP邻居关系
PE1的配置:
[PE1]bgp 100
[PE1-bgp] peer 12.12.12.12 as-number 100
[PE1-bgp] peer 12.12.12.12 connect-interface LoopBack0
P1的配置:
[P1]bgp 100
[P1-bgp] peer 12.12.12.12 as-number 100
[P1-bgp] peer 12.12.12.12 connect-interface LoopBack0
ASBR1的配置:
[ASBR1] bgp 100
[ASBR1-bgp] peer 12.12.12.12 as-number 100
[ASBR1-bgp] peer 12.12.12.12 connect-interface LoopBack0
[ASBR1-bgp]peer 12.12.12.12 next-hop-local
[ASBR1-bgp]peer 34.1.1.2 as-number 200
RR1的配置:
[RR1]bgp 100
[RR1-bgp] peer 1.1.1.1 as-number 100
[RR1-bgp] peer 1.1.1.1 connect-interface LoopBack0
[RR1-bgp]peer 1.1.1.1 reflect-client
[RR1-bgp] peer 2.2.2.2 as-number 100
[RR1-bgp] peer 2.2.2.2 connect-interface LoopBack0
[RR1-bgp]peer 2.2.2.2 reflect-client
[RR1-bgp] peer 3.3.3.3 as-number 100
[RR1-bgp] peer 3.3.3.3 connect-interface LoopBack0
[RR1-bgp]peer 3.3.3.3 reflect-client
PE2的配置:
[PE2]bgp 200
[PE2-bgp] peer 13.13.13.13 as-number 200
[PE2-bgp] peer 13.13.13.13 connect-interface LoopBack0
P2的配置:
[P2]bgp 200
[P2-bgp] peer 13.13.13.13 as-number 200
[P2-bgp] peer 13.13.13.13 connect-interface LoopBack0
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp] peer 13.13.13.13 as-number 200
[ASBR2-bgp] peer 13.13.13.13 connect-interface LoopBack0
[ASBR2-bgp]peer 13.13.13.13 next-hop-local
[ASBR2-bgp]peer 34.1.1.1 as-number 100
RR2的配置:
[RR2]bgp 200
[RR2-bgp] peer 4.4.4.4 as-number 200
[RR2-bgp] peer 4.4.4.4 connect-interface LoopBack0
[RR2-bgp]peer 4.4.4.4 reflect-client
[RR2-bgp] peer 5.5.5.5 as-number 200
[RR2-bgp] peer 5.5.5.5 connect-interface LoopBack0
[RR2-bgp]peer 5.5.5.5 reflect-client
[RR2-bgp] peer 6.6.6.6 as-number 200
[RR2-bgp] peer 6.6.6.6 connect-interface LoopBack0
[RR2-bgp]peer 6.6.6.6 reflect-client
查看邻居关系的建立情况:
[RR1]display bgp peer
BGP local router ID : 112.1.1.12
Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.1 4 100 5 5 0 00:03:43 Established 0
2.2.2.2 4 100 5 5 0 00:03:38 Established 0
3.3.3.3 4 100 5 5 0 00:03:32 Established 0
[RR2]display bgp peer
BGP local router ID : 213.1.1.13
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 200 2 2 0 00:00:38 Established 0
5.5.5.5 4 200 2 2 0 00:00:29 Established 0
6.6.6.6 4 200 2 2 0 00:00:15 Established 0
[ASBR1]display bgp peer
BGP local router ID : 23.1.1.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
12.12.12.12 4 100 6 7 0 00:04:19 Established 0
34.1.1.2 4 200 4 6 0 00:02:22 Established 0
[ASBR2]display bgp peer
BGP local router ID : 34.1.1.2
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
13.13.13.13 4 200 4 5 0 00:02:07 Established 0
34.1.1.1 4 100 4 4 0 00:02:38 Established 0
通过以上输出可以看到,邻居关系已经按照需求建立好了。
(2)分别在ASBR设备宣告本AS的RR和PE设备的环回口路由。
ASBR1的配置:
[ASBR1]bgp 100
[ASBR1-bgp] network 1.1.1.1 255.255.255.255
[ASBR1-bgp] network 12.12.12.12 255.255.255.255
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp]network 6.6.6.6 255.255.255.255
[ASBR2-bgp] network 13.13.13.13 255.255.255.255
查看PE和ASBR 设备是否能学习到的BGP路由。
[PE1]display bgp routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 3.3.3.3 2 100 0 i
*>i 6.6.6.6/32 3.3.3.3 2 100 0 200i
*>i 12.12.12.12/32 3.3.3.3 2 100 0 i
*>i 13.13.13.13/32 3.3.3.3 2 100 0 200i
[PE2]display bgp routing-table
BGP Local router ID is 56.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 4.4.4.4 2 100 0 100i
*>i 6.6.6.6/32 4.4.4.4 2 100 0 i
*>i 12.12.12.12/32 4.4.4.4 2 100 0 100i
*>i 13.13.13.13/32 4.4.4.4 2 100 0 i
通过以上输出可以看到AS100和AS200内的设备以及可以学习到对应的BGP路由。
步骤4:建立AS100和AS200的MP-BGP邻居关系。
AS100内PE1和RR1建立MP-IBGP邻居关系。
AS200内PE2和RR2建立MP-IBGP邻居关系。
RR1和RR2建立MP-EBGP邻居关系。
PE1的配置:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 12.12.12.12 enable //使能与RR1的vpnv4邻居关系
RR1的配置:
[RR1]bgp 100
[RR1-bgp]peer 13.13.13.13 as-number 200
Error: The peer already exists in AS 200.
[RR1-bgp] peer 13.13.13.13 ebgp-max-hop 10 //配置EBGP邻居的多跳
[RR1-bgp] peer 13.13.13.13 connect-interface LoopBack0
[RR1-bgp]ipv4-family vpnv4
[RR1-bgp-af-vpnv4]undo policy vpn-target //关闭RT的检测
[RR1-bgp-af-vpnv4] peer 1.1.1.1 enable
[RR1-bgp-af-vpnv4]peer 1.1.1.1 next-hop-invariable //传递vpnv4路由的时候下一跳保持不变
[RR1-bgp-af-vpnv4] peer 13.13.13.13 enable
[RR1-bgp-af-vpnv4]peer 13.13.13.13 next-hop-invariable
PE2的配置:
[PE2]bgp 200
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 13.13.13.13 enable
RR2的配置:
[RR2]bgp 200
[RR2-bgp]peer 12.12.12.12 as-number 100
[RR2-bgp] peer 12.12.12.12 ebgp-max-hop 10
[RR2-bgp] peer 12.12.12.12 connect-interface LoopBack0
[RR2-bgp]ipv4-family vpnv4
[RR2-bgp-af-vpnv4] undo policy vpn-target
[RR2-bgp-af-vpnv4] peer 6.6.6.6 enable
[RR2-bgp-af-vpnv4] peer 6.6.6.6 next-hop-invariable
[RR2-bgp-af-vpnv4] peer 12.12.12.12 enable
[RR2-bgp-af-vpnv4] peer 12.12.12.12 next-hop-invariable
注意:
①由于RR之间非直连,因此RR之间建立MP-EBGP需要配置EBGP邻居的多跳。
②RR与PE或RR建立邻居的时候必须配置传递路由下一跳不变,因为后续隧道的建立基于vpnv4路由的下一跳建立的。因此需要保证对端PE学习到的vpnv4路由的下一跳为本端PE的环回口地址,
③RR设备无需配置vpn实例,因此需要关闭RT检测。
查看MP-BGP的邻居建立情况:
[RR1]display bgp vpnv4 all peer
BGP local router ID : 112.1.1.12
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.1 4 100 24 28 0 00:18:55 Established 3
13.13.13.13 4 200 24 25 0 00:14:58 Established 3
[RR2]display bgp vpnv4 all peer
BGP local router ID : 213.1.1.13
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
6.6.6.6 4 200 21 24 0 00:15:12 Established 3
12.12.12.12 4 100 24 25 0 00:15:20 Established 3
通过以上输出可以看到RR设备已经跟对端RR和本端PE建立好了MP-BGP邻居关系。
查看PE设备是否能学习到对端站点的VPNV4路由。
[PE1]display bgp vpnv4 all routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 6
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
i 10.10.10.10/32 6.6.6.6 100 0 200 400i
VPN-Instance B, Router ID 12.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
i 28.1.1.0/24 6.6.6.6 100 0 200?
以上输出为PE1的vpnv4路由表,可以看到表中已经接收到了对端站点的私网路由,但是vpn实例的路由表中并不认为对端的私网路由是有效路由,因此也不会将这些路由发送给CE设备。其原因是由于隧道还未建立。
步骤5:建立BGP隧道
[ASBR1]interface GigabitEthernet0/0/1
[ASBR1-GigabitEthernet0/0/1]mpls
ASBR2的配置:
[ASBR2]interface GigabitEthernet0/0/0
[ASBR2-GigabitEthernet0/0/0]mpls
(2)创建标签分配的策略,(创建两个策略,分别用于与ASBR建立邻居以及与RR建立邻居的时候使用)
ASBR1的配置:
[ASBR1]route-policy asbr-asbr permit node 10
[ASBR1-route-policy] apply mpls-label //策略asbr-asbr的意思为当发布bgp路由给asbr设备时,给此路由分配mpls标签。
[ASBR1]route-policy asbr-RR permit node 10
[ASBR1-route-policy] if-match mpls-label
[ASBR1-route-policy] apply mpls-label //策略asbr-rr的意思为当发布bgp路由给rr设备时,如果此路由携带标签,那么给此路由分配mpls标签。
ASBR2的配置:
[ASBR2]route-policy asbr-asbr permit node 10
[ASBR2-route-policy] apply mpls-label
[ASBR2-route-policy]route-policy asbr-RR permit node 10
[ASBR2-route-policy] if-match mpls-label
[ASBR2-route-policy] apply mpls-label
(3)ASBR与ASBR、RR建立bgp邻居时应用策略,并且开启ASBR与ASBR、RR以及RR和PE之间的bgp标签交互能力。
ASBR1的配置:
[ASBR1]bgp 100
[ASBR1-bgp]peer 12.12.12.12 route-policy asbr-RR export
[ASBR1-bgp]peer 12.12.12.12 label-route-capability //开启标签交互能力
[ASBR1-bgp]peer 34.1.1.2 route-policy asbr-asbr export
[ASBR1-bgp]peer 34.1.1.2 label-route-capability
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp]peer 13.13.13.13 route-policy asbr-RR export
[ASBR2-bgp]peer 13.13.13.13 label-route-capability
[ASBR2-bgp]peer 34.1.1.1 route-policy asbr-asbr export
[ASBR2-bgp]peer 34.1.1.1 label-route-capability
RR1的配置:
[RR1]bgp 100
[RR1-bgp]peer 1.1.1.1 label-route-capability
[RR1-bgp]peer 3.3.3.3 label-route-capability
RR2的配置:
[RR2]bgp 200
[RR2-bgp]peer 4.4.4.4 label-route-capability
[RR2-bgp]peer 6.6.6.6 label-route-capability
PE1的配置:
[PE1]bgp 100
[PE1-bgp]peer 12.12.12.12 label-route-capability
PE2的配置:
[PE2]bgp 200
[PE2-bgp]peer 13.13.13.13 label-route-capability
查看LSP的建立情况。以6.6.6.6/32为例。
[ASBR1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
12.12.12.12/32 1025/NULL -/-
1.1.1.1/32 1027/NULL -/-
13.13.13.13/32 NULL/1025 -/-
6.6.6.6/32 NULL/1027 -/-
6.6.6.6/32 1029/1027 -/-
13.13.13.13/32 1030/1025 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
12.12.12.12/32 NULL/1025 -/GE0/0/0
12.12.12.12/32 1026/1025 -/GE0/0/0
1.1.1.1/32 NULL/1026 -/GE0/0/0
1.1.1.1/32 1028/1026 -/GE0/0/0
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
9.9.9.9/32 1027/NULL -/- A
17.1.1.0/24 1028/NULL -/- B
7.7.7.7/32 1029/NULL -/- B
13.13.13.13/32 NULL/1030 -/-
6.6.6.6/32 NULL/1029 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1
3.3.3.3/32 1025/1024 -/GE0/0/1
12.12.12.12/32 NULL/1025 -/GE0/0/1
12.12.12.12/32 1026/1025 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
通过以上输出可以得知,去往对端VPNV4路由的下一跳地址有对应的隧道,此时再次查看PE1的路由表,观察对端的私网的VPNV4路由是否是有效路由。
[PE1]display bgp vpnv4 all routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 6
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
VPN-Instance B, Router ID 12.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
可以看到下一跳为6.6.6.6的vpnv4路由被vpn实例所优选,并且会更新给对应的CE设备。
查看CE1和CE3的路由表。
[CE1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
7.7.7.7/32 Direct 0 0 D 127.0.0.1 LoopBack0
8.8.8.8/32 OSPF 10 2 D 17.1.1.1 GigabitEthernet0/0/0
17.1.1.0/24 Direct 0 0 D 17.1.1.7 GigabitEthernet0/0/0
17.1.1.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
17.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
28.1.1.0/24 O_ASE 150 1 D 17.1.1.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[CE3]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
9.9.9.9/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.10.10.10/32 EBGP 255 0 D 19.1.1.1 GigabitEthernet0/0/0
19.1.1.0/24 Direct 0 0 D 19.1.1.9 GigabitEthernet0/0/0
19.1.1.9/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
19.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
通过以上输出,可以看到CE1和CE3能够学习到对端站点的私网路由。
步骤6:测试网络连通性,并且再PE1的G0/0/1口抓包。
[CE1]ping 8.8.8.8
PING 8.8.8.8: 56 data bytes, press CTRL_C to break
Reply from 8.8.8.8: bytes=56 Sequence=1 ttl=249 time=60 ms
Reply from 8.8.8.8: bytes=56 Sequence=2 ttl=249 time=70 ms
Reply from 8.8.8.8: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 8.8.8.8: bytes=56 Sequence=4 ttl=249 time=50 ms
Reply from 8.8.8.8: bytes=56 Sequence=5 ttl=249 time=50 ms
--- 8.8.8.8 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/58/70 ms
[CE3]ping -a 9.9.9.9 10.10.10.10
PING 10.10.10.10: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.10: bytes=56 Sequence=1 ttl=249 time=50 ms
Reply from 10.10.10.10: bytes=56 Sequence=2 ttl=249 time=50 ms
Reply from 10.10.10.10: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 10.10.10.10: bytes=56 Sequence=4 ttl=249 time=60 ms
Reply from 10.10.10.10: bytes=56 Sequence=5 ttl=249 time=50 ms
--- 10.10.10.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/54/60 ms
可以看到有三层标签,这些标签再何时使用,怎么使用,了解下整个过程。
①CE1将流量发给PE1。(此时是纯ip流量)。
②PE1从G0/0/0口收到流量后,将查看对应的vpn实例的路由表,可以看到分配的私网标签是1031.迭代的下一跳地址为6.6.6.6。此时该报文将打上私网标签1031.
<PE1>display bgp vpnv4 all routing-table 8.8.8.8
BGP local router ID : 12.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 8.8.8.8/32:
Label information (Received/Applied): 1031/NULL //PE2给其分配的私网标签1031
From: 6.6.6.6 (56.1.1.2)
Route Duration: 01h01m35s
Relay IP Nexthop: 12.1.1.2
Relay IP Out-Interface: GigabitEthernet0/0/1
Relay Tunnel Out-Interface: GigabitEthernet0/0/1
Relay token: 0xa
Original nexthop: 6.6.6.6// 迭代下一跳为6.6.6.6
-------------------------------------------
③查看去往6.6.6.6的BGP路由信息。此时将流量将打上第二层标签1028。
<PE1>display bgp routing-table 6.6.6.6
BGP local router ID : 12.1.1.1
Local AS number : 100
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
Label information (Received/Applied): 1028/NULL//ASBR1给其分配的BGP隧道标签1028
From: 3.3.3.3 (23.1.1.2)
Route Duration: 00h49m55s
Relay IP Nexthop: 12.1.1.2
Relay IP Out-Interface: GigabitEthernet0/0/1
Relay Tunnel Out-Interface: GigabitEthernet0/0/1
Relay token: 0x3
Original nexthop: 3.3.3.3 //迭代下一跳为3.3.3.3
------------------------
④查看去往3.3.3.3的mpls lsp 隧道。此时将流量将打上第三层标签1024。
<PE1>display mpls lsp
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1 //去往3.3.3.3的流量迭代进入该隧道,并打上标签1024
3.3.3.3/32 1025/1024 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
⑤此流量沿着AS100内部ldp 建立的lsp 隧道由P1设备将流量发给ASBR1。P1设备是3.3.3.3的次末跳,此时将直接弹出外层标签1024。ASBR1收到的报文只有两层标签。
⑥ASBR1收到次报文后,查看mpls lsp标签。并且会将1028 交换为1026 转发给ASBR2。注意此时用的是BGP的LSP。
<ASBR1>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 1026/NULL -/-
6.6.6.6/32 NULL/1026 -/-
6.6.6.6/32 1028/1026 -/-
⑦ASBR2收到此报文后,再次查看mpls lsp标签表项。
<ASBR2>display mpls lsp in-label 1026 verbose
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex :
RD Value : 0:0
Fec : 6.6.6.6/32
Nexthop : -------
In-Label : 1026
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4096
Token : 0x0
LsrType : Egress
Outgoing token : 0x3//迭代进入0x3隧道。
Label Operation : POPGO//执行popgo的动作,意思为将标签弹出并加上另外一个公网标签。
Mpls-Mtu : ------
TimeStamp : 4658sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : -------
BackupBGPKey : -------
FrrOutLabel : -------
查看0x3隧道,出标签为1025.此时ASBR2发出去的流量将存在两层标签。外层为1025,由ldp分配。内层标签还是1031。并且沿着lsp隧道发给PE2。PE2收到后将查看内层标签1031将查看对应的vpn实例路由表,把流量发给CE2。
<ASBR2>display tunnel-info tunnel-id 3
Tunnel ID: 0x3
Tunnel Token: 3
Type: lsp
Destination: 6.6.6.6
Out Slot: 0
Instance ID: 0
Out Interface: GigabitEthernet0/0/1
Out Label: 1025
Next Hop: 45.1.1.2
Lsp Index: 6147