1. The purpose of the experiment:
AS 100 and AS 200 are networks of different operators, and the OSPF protocol runs inside the operator's network. Use the mpls cross-domain option C mode to set up a group of networks to realize intercommunication between company A and company B.
2. Experimental topology:
3. Experimental steps:
Step 1: Configure the IP address, see the table for IP address planning;
device name |
interface number |
IP address |
Belonging Vpn instance |
PE1 |
G0/0/0 |
17.1.1.1/24 |
B |
PE1 |
G0/0/1 |
12.1.1.1/24 |
|
PE1 |
G0/0/2 |
19.1.1.1/24 |
A |
PE1 |
Loopback 0 |
1.1.1.1/32 |
|
P1 |
G0/0/0 |
12.1.1.2/24 |
|
P1 |
G0/0/1 |
23.1.1.1/24 |
|
P1 |
G0/0/2 |
112.1.1.1/24 |
|
P1 |
Loopback 0 |
2.2.2.2/24 |
|
ASBR1 |
G0/0/0 |
23.1.1.2/24 |
|
ASBR1 |
G0/0/1 |
34.1.1.1/24 |
|
ASBR1 |
Loopback 0 |
3.3.3.3/32 |
|
PE2 |
G0/0/0 |
56.1.1.2/24 |
|
PE2 |
G0/0/1 |
28.1.1.2/24 |
B |
PE2 |
G0/0/2 |
210.1.1.2/24 |
A |
PE2 |
Loopback 0 |
6.6.6.6/32 |
|
P2 |
G0/0/0 |
45.1.1.2/24 |
|
P2 |
G0/0/1 |
56.1.1.1/24 |
|
P2 |
G0/0/2 |
112.1.1.1/24 |
|
P2 |
Loopback 0 |
5.5.5.5/24 |
|
ASBR2 |
G0/0/1 |
45.1.1.1/24 |
|
ASBR2 |
G0/0/0 |
34.1.1.2/24 |
|
ASBR2 |
Loopback 0 |
4.4.4.4/32 |
|
CE1 |
G0/0/0 |
17.1.1.7/24 |
|
CE1 |
Loopback 0 |
7.7.7.7/32 |
|
CE2 |
G0/0/0 |
28.1.1.8/24 |
|
CE2 |
Loopback 0 |
8.8.8.8/32 |
|
CE3 |
G0/0/0 |
19.1.1.9/24 |
|
CE3 |
Loopback 0 |
9.9.9.9/32 |
|
CE4 |
G0/0/0 |
210.1.1.0/24 |
|
CE4 |
Loopback 0 |
10.10.10.10/32 |
|
RR1 |
G0/0/0 |
112.1.1.12/24 |
|
RR1 |
Loopback 0 |
12.12.12.12/32 |
|
RR2 |
G0/0/0 |
213.1.1.13/24 |
|
RR2 |
Loopback 0 |
13.13.13.13/32 |
Step 2: Configure the IGP, MPLS, and MPLS LDP protocols of the carrier network. RR does not need to run mpls and mpls ldp.
(1) Configure the IGP of the carrier network
Configuration of PE1:
[PE1]ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
Configuration of P1:
[P1]ospf 1
[P1-ospf-1] area 0
[P1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[P1-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
[P1-ospf-1-area-0.0.0.0] network 112.1.1.0 0.0.0.255
Configuration of ASBR1:
[ASBR1]ospf 1
[ASBR1-ospf-1] area 0
[ASBR1-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[ASBR1-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
Configuration of RR1:
[RR1]ospf
[RR1-ospf-1]area 0
[RR1-ospf-1-area-0.0.0.0]network 112.1.1.0 0.0.0.255
[RR1-ospf-1-area-0.0.0.0]network 12.12.12.12 0.0.0.0
Configuration of ASBR2:
[ASBR2]ospf 1
[ASBR2-ospf-1] area 0
[ASBR2-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[ASBR2-ospf-1-area-0.0.0.0] network 45.1.1.0 0.0.0.255
Configuration of P2:
[P2]ospf 1
[P2-ospf-1] area 0
[P2-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[P2-ospf-1-area-0.0.0.0] network 45.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 56.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 213.1.1.0 0.0.0.255
Configuration of PE2:
[PE2]ospf 1
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 56.1.1.0 0.0.0.255
RR2 configuration:
[RR2]ospf
[RR2-ospf-1]area 0
[RR2-ospf-1-area-0.0.0.0]network 213.1.1.0 0.0.0.255
[RR2-ospf-1-area-0.0.0.0]network 13.13.13.13 0.0.0.0
(2) Configure the MPLS and MPLS LDP protocols of the operator's network to establish a public network tunnel.
Configuration of PE1:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]mpls ldp
[PE1]interface G0/0/1
[PE1-GigabitEthernet0/0/1] mpls
[PE1-GigabitEthernet0/0/1] mpls ldp
Configuration of P1:
[P1]mpls lsr-id 2.2.2.2
[P1]mpls
[P1-mpls]mpls ldp
[P1]interface G0/0/0
[P1-GigabitEthernet0/0/0] mpls
[P1-GigabitEthernet0/0/0] mpls ldp
[P1]interface G0/0/1
[P1-GigabitEthernet0/0/1] mpls
[P1-GigabitEthernet0/0/1] mpls ldp
Configuration of ASBR1:
[ASBR1]mpls lsr-id 3.3.3.3
[ASBR1]mpls
[ASBR1-mpls]mpls ldp
[ASBR1]interface G0/0/0
ASBR1-GigabitEthernet0/0/0] mpls
[ASBR1-GigabitEthernet0/0/0] mpls ldp
Configuration of PE2:
[PE2]mpls lsr-id 6.6.6.6
[PE2]mpls
[PE2-mpls]mpls ldp
[PE2]interface G0/0/0
[PE2-GigabitEthernet0/0/0] mpls
[PE2-GigabitEthernet0/0/0] mpls ldp
Configuration of P2:
[P2]mpls lsr-id 5.5.5.5
[P2]mpls
[P2-mpls]mpls ldp
[P2]interface G0/0/0
[P2-GigabitEthernet0/0/0] mpls
[P2-GigabitEthernet0/0/0] mpls ldp
[P2]interface G0/0/1
[P2-GigabitEthernet0/0/1] mpls
[P2-GigabitEthernet0/0/1] mpls ldp
Configuration of ASBR2:
[ASBR2]mpls lsr-id 4.4.4.4
[ASBR2]mpls
[ASBR2-mpls]mpls ldp
[ASBR2]interface G0/0/1
ASBR2-GigabitEthernet0/0/1] mpls
[ASBR2-GigabitEthernet0/0/1] mpls ldp
View the LSP established by AS100 and AS200 through mpls.
Check the lsp of PE1.
<PE1>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1
3.3.3.3/32 1025/1024 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
Check the lsp of PE2.
<PE2>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
4.4.4.4/32 NULL/1024 -/GE0/0/0
4.4.4.4/32 1024/1024 -/GE0/0/0
5.5.5.5/32 NULL/3 -/GE0/0/0
5.5.5.5/32 1025/3 -/GE0/0/0
6.6.6.6/32 3/NULL -/-
The above output indicates that the public network tunnel between AS100 and AS200 has been established.
Step 3: Configure the routing protocol between PE and CE
(1)配置PE设备的 vpn实例。
PE1的配置:
[PE1]ip vpn-instance A
[PE1-vpn-instance-A] ipv4-family
[PE1-vpn-instance-A-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-A-af-ipv4] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-A-af-ipv4] vpn-target 100:1 import-extcommunity
[PE1]ip vpn-instance B
[PE1-vpn-instance-B] ipv4-family
[PE1-vpn-instance-B-af-ipv4] route-distinguisher 200:1
[PE1-vpn-instance-B-af-ipv4] vpn-target 200:1 export-extcommunity
[PE1-vpn-instance-B-af-ipv4] vpn-target 200:1 import-extcommunity
PE2的配置
[PE2]ip vpn-instance A
[PE2-vpn-instance-A] ipv4-family
[PE2-vpn-instance-A-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-A-af-ipv4] vpn-target 100:1 export-extcommunity
[PE2-vpn-instance-A-af-ipv4] vpn-target 100:1 import-extcommunity
[PE2]ip vpn-instance B
[PE2-vpn-instance-B] ipv4-family
[PE2-vpn-instance-B-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-B-af-ipv4] vpn-target 200:1 export-extcommunity
[PE2-vpn-instance-B-af-ipv4] vpn-target 200:1 import-extcommunity
(2)将对应的接口加入到vpn实例
PE1的配置:
[PE1]interface GigabitEthernet0/0/0
[PE1-GigabitEthernet0/0/0] ip binding vpn-instance B
[PE1-GigabitEthernet0/0/0] ip address 17.1.1.1 255.255.255.0
[PE1]interface GigabitEthernet0/0/2
[PE1-GigabitEthernet0/0/2] ip binding vpn-instance A
[PE1-GigabitEthernet0/0/2] ip address 19.1.1.1 255.255.255.0
PE2的配置:
[PE2]interface GigabitEthernet0/0/1
[PE2-GigabitEthernet0/0/1] ip binding vpn-instance B
[PE2-GigabitEthernet0/0/1] ip address 28.1.1.2 255.255.255.0
[PE2]interface GigabitEthernet0/0/2
[PE2-GigabitEthernet0/0/2] ip binding vpn-instance A
[PE2-GigabitEthernet0/0/2] ip address 210.1.1.2 255.255.255.0
(3)配置PE和CE之间的路由协议。
PE1和CE1的OSPF协议:
PE1的配置:
[PE1]ospf 100 vpn-instance B
[PE1-ospf-100] area 0
[PE1-ospf-100-area-0.0.0.0] network 28.1.1.0 0.0.0.255
CE1的配置:
[CE1]ospf 1
[CE1-ospf-1] area 0
[CE1-ospf-1-area-0.0.0.0] network 7.7.7.7 0.0.0.0
[CE1-ospf-1-area-0.0.0.0] network 17.1.1.0 0.0.0.255
查看ospf邻居关系:
[PE1]display ospf 100 peer brief
OSPF Process 100 with Router ID 17.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 17.1.1.7 Full
----------------------------------------------------------------------------
查看PE1的VPN实例B的路由:
[PE1]display ip routing-table vpn-instance B
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: B
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
7.7.7.7/32 OSPF 10 1 D 17.1.1.7 GigabitEthernet0/0/0
17.1.1.0/24 Direct 0 0 D 17.1.1.1 GigabitEthernet0/0/0
17.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
17.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以看到PE1的实例B上学习到CE1的7.7.7.7/32的路由。
PE1和CE3的bgp配置:
PE1的配置:
[PE1]Bgp 100
[PE1-bgp]ipv4-family vpn-instance A
[PE1-bgp-A] peer 19.1.1.9 as-number 300
CE3的配置:
[CE3]bgp 300
[CE3-bgp] peer 19.1.1.1 as-number 100
[CE3-bgp] network 9.9.9.9 255.255.255.255
查看PE1的vpnv4路由表:
[PE1]display bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
可以看到PE1学习到CE3的9.9.9.9/32的路由。
PE2和CE2的ospf协议:
PE2的配置:
[PE2]ospf 100 vpn-instance B
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 28.1.1.0 0.0.0.255
CE2的配置:
[CE2]ospf 1
[CE2-ospf-1] area 0
[CE2-ospf-1-area-0.0.0.0] network 8.8.8.8 0.0.0.0
[CE2-ospf-1-area-0.0.0.0] network 28.1.1.0 0.0.0.255
查看PE2的VPN实例B的路由:
[PE2]display ip routing-table vpn-instance B
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: B
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
8.8.8.8/32 OSPF 10 1 D 28.1.1.8 GigabitEthernet0/0/1
28.1.1.0/24 Direct 0 0 D 28.1.1.2 GigabitEthernet0/0/1
28.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
28.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
PE2学习到CE2的8.8.8.8/32的路由
PE2和CE4的BGP协议:
PE2的配置:
[PE2]Bgp 200
[PE2-bgp] ipv4-family vpn-instance A
[PE2-bgp-A] peer 210.1.1.10 as-number 400
CE4的配置:
[CE4]bgp 400
[CE4-bgp] peer 210.1.1.2 as-number 200
[CE4-bgp] network 10.10.10.10 255.255.255.255
查看PE2的vpnv4路由:
[PE2]display bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 56.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 56.1.1.2:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 210.1.1.10 0 0 400i
可以看到PE2学习到CE4的路由。
将PE的vpn实例B的ospf路由和BGP路由做双向引入,由于vpn实例B全部运行在BGP中,无需引入。
PE1的配置:
[PE1]ospf 100 vpn-instance B
[PE1-ospf-100] import-route bgp
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance B
[PE1-bgp-B] import-route ospf 100
PE2的配置:
[PE2]ospf 100 vpn-instance B
[PE2-ospf-100] import-route bgp
[PE2]bgp 200
[PE2-bgp]ipv4-family vpn-instance B
[PE2-bgp-B] import-route ospf 100
步骤3:配置AS100和AS200之间的bgp邻居关系。此步骤的目的是让PE1和PE2学习到对端的环回口路由,PE1和PE2的环回口路由作为vpnv4的下一跳,防止下一跳不可达。RR1和RR2学习到对端的环回口路由。(RR1和RR2后续需要建立MP-BGP的邻居关系,需要环回口地址可达才能建立tcp连接)
AS 100内的BGP邻居关系:RR1和PE1、P1、ASBR1建立IBGP邻居关系,RR1作为反射器。
AS 200内的BGP邻居关系:RR2和PE2、P2、ASBR2建立IBGP邻居关系,RR1作为反射器。
AS 100和AS 200之间的邻居关系:ASBR1和ASBR2建立EBGP邻居关系。
(1)按需求配置BGP邻居关系
PE1的配置:
[PE1]bgp 100
[PE1-bgp] peer 12.12.12.12 as-number 100
[PE1-bgp] peer 12.12.12.12 connect-interface LoopBack0
P1的配置:
[P1]bgp 100
[P1-bgp] peer 12.12.12.12 as-number 100
[P1-bgp] peer 12.12.12.12 connect-interface LoopBack0
ASBR1的配置:
[ASBR1] bgp 100
[ASBR1-bgp] peer 12.12.12.12 as-number 100
[ASBR1-bgp] peer 12.12.12.12 connect-interface LoopBack0
[ASBR1-bgp]peer 12.12.12.12 next-hop-local
[ASBR1-bgp]peer 34.1.1.2 as-number 200
RR1的配置:
[RR1]bgp 100
[RR1-bgp] peer 1.1.1.1 as-number 100
[RR1-bgp] peer 1.1.1.1 connect-interface LoopBack0
[RR1-bgp]peer 1.1.1.1 reflect-client
[RR1-bgp] peer 2.2.2.2 as-number 100
[RR1-bgp] peer 2.2.2.2 connect-interface LoopBack0
[RR1-bgp]peer 2.2.2.2 reflect-client
[RR1-bgp] peer 3.3.3.3 as-number 100
[RR1-bgp] peer 3.3.3.3 connect-interface LoopBack0
[RR1-bgp]peer 3.3.3.3 reflect-client
PE2的配置:
[PE2]bgp 200
[PE2-bgp] peer 13.13.13.13 as-number 200
[PE2-bgp] peer 13.13.13.13 connect-interface LoopBack0
P2的配置:
[P2]bgp 200
[P2-bgp] peer 13.13.13.13 as-number 200
[P2-bgp] peer 13.13.13.13 connect-interface LoopBack0
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp] peer 13.13.13.13 as-number 200
[ASBR2-bgp] peer 13.13.13.13 connect-interface LoopBack0
[ASBR2-bgp]peer 13.13.13.13 next-hop-local
[ASBR2-bgp]peer 34.1.1.1 as-number 100
RR2的配置:
[RR2]bgp 200
[RR2-bgp] peer 4.4.4.4 as-number 200
[RR2-bgp] peer 4.4.4.4 connect-interface LoopBack0
[RR2-bgp]peer 4.4.4.4 reflect-client
[RR2-bgp] peer 5.5.5.5 as-number 200
[RR2-bgp] peer 5.5.5.5 connect-interface LoopBack0
[RR2-bgp]peer 5.5.5.5 reflect-client
[RR2-bgp] peer 6.6.6.6 as-number 200
[RR2-bgp] peer 6.6.6.6 connect-interface LoopBack0
[RR2-bgp]peer 6.6.6.6 reflect-client
查看邻居关系的建立情况:
[RR1]display bgp peer
BGP local router ID : 112.1.1.12
Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.1 4 100 5 5 0 00:03:43 Established 0
2.2.2.2 4 100 5 5 0 00:03:38 Established 0
3.3.3.3 4 100 5 5 0 00:03:32 Established 0
[RR2]display bgp peer
BGP local router ID : 213.1.1.13
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 200 2 2 0 00:00:38 Established 0
5.5.5.5 4 200 2 2 0 00:00:29 Established 0
6.6.6.6 4 200 2 2 0 00:00:15 Established 0
[ASBR1]display bgp peer
BGP local router ID : 23.1.1.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
12.12.12.12 4 100 6 7 0 00:04:19 Established 0
34.1.1.2 4 200 4 6 0 00:02:22 Established 0
[ASBR2]display bgp peer
BGP local router ID : 34.1.1.2
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
13.13.13.13 4 200 4 5 0 00:02:07 Established 0
34.1.1.1 4 100 4 4 0 00:02:38 Established 0
通过以上输出可以看到,邻居关系已经按照需求建立好了。
(2)分别在ASBR设备宣告本AS的RR和PE设备的环回口路由。
ASBR1的配置:
[ASBR1]bgp 100
[ASBR1-bgp] network 1.1.1.1 255.255.255.255
[ASBR1-bgp] network 12.12.12.12 255.255.255.255
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp]network 6.6.6.6 255.255.255.255
[ASBR2-bgp] network 13.13.13.13 255.255.255.255
查看PE和ASBR 设备是否能学习到的BGP路由。
[PE1]display bgp routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 3.3.3.3 2 100 0 i
*>i 6.6.6.6/32 3.3.3.3 2 100 0 200i
*>i 12.12.12.12/32 3.3.3.3 2 100 0 i
*>i 13.13.13.13/32 3.3.3.3 2 100 0 200i
[PE2]display bgp routing-table
BGP Local router ID is 56.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 4.4.4.4 2 100 0 100i
*>i 6.6.6.6/32 4.4.4.4 2 100 0 i
*>i 12.12.12.12/32 4.4.4.4 2 100 0 100i
*>i 13.13.13.13/32 4.4.4.4 2 100 0 i
通过以上输出可以看到AS100和AS200内的设备以及可以学习到对应的BGP路由。
步骤4:建立AS100和AS200的MP-BGP邻居关系。
AS100内PE1和RR1建立MP-IBGP邻居关系。
AS200内PE2和RR2建立MP-IBGP邻居关系。
RR1和RR2建立MP-EBGP邻居关系。
PE1的配置:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 12.12.12.12 enable //使能与RR1的vpnv4邻居关系
RR1的配置:
[RR1]bgp 100
[RR1-bgp]peer 13.13.13.13 as-number 200
Error: The peer already exists in AS 200.
[RR1-bgp] peer 13.13.13.13 ebgp-max-hop 10 //配置EBGP邻居的多跳
[RR1-bgp] peer 13.13.13.13 connect-interface LoopBack0
[RR1-bgp]ipv4-family vpnv4
[RR1-bgp-af-vpnv4]undo policy vpn-target //关闭RT的检测
[RR1-bgp-af-vpnv4] peer 1.1.1.1 enable
[RR1-bgp-af-vpnv4]peer 1.1.1.1 next-hop-invariable //传递vpnv4路由的时候下一跳保持不变
[RR1-bgp-af-vpnv4] peer 13.13.13.13 enable
[RR1-bgp-af-vpnv4]peer 13.13.13.13 next-hop-invariable
PE2的配置:
[PE2]bgp 200
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 13.13.13.13 enable
RR2的配置:
[RR2]bgp 200
[RR2-bgp]peer 12.12.12.12 as-number 100
[RR2-bgp] peer 12.12.12.12 ebgp-max-hop 10
[RR2-bgp] peer 12.12.12.12 connect-interface LoopBack0
[RR2-bgp]ipv4-family vpnv4
[RR2-bgp-af-vpnv4] undo policy vpn-target
[RR2-bgp-af-vpnv4] peer 6.6.6.6 enable
[RR2-bgp-af-vpnv4] peer 6.6.6.6 next-hop-invariable
[RR2-bgp-af-vpnv4] peer 12.12.12.12 enable
[RR2-bgp-af-vpnv4] peer 12.12.12.12 next-hop-invariable
注意:
①由于RR之间非直连,因此RR之间建立MP-EBGP需要配置EBGP邻居的多跳。
②RR与PE或RR建立邻居的时候必须配置传递路由下一跳不变,因为后续隧道的建立基于vpnv4路由的下一跳建立的。因此需要保证对端PE学习到的vpnv4路由的下一跳为本端PE的环回口地址,
③RR设备无需配置vpn实例,因此需要关闭RT检测。
查看MP-BGP的邻居建立情况:
[RR1]display bgp vpnv4 all peer
BGP local router ID : 112.1.1.12
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.1 4 100 24 28 0 00:18:55 Established 3
13.13.13.13 4 200 24 25 0 00:14:58 Established 3
[RR2]display bgp vpnv4 all peer
BGP local router ID : 213.1.1.13
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
6.6.6.6 4 200 21 24 0 00:15:12 Established 3
12.12.12.12 4 100 24 25 0 00:15:20 Established 3
通过以上输出可以看到RR设备已经跟对端RR和本端PE建立好了MP-BGP邻居关系。
查看PE设备是否能学习到对端站点的VPNV4路由。
[PE1]display bgp vpnv4 all routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 6
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
i 10.10.10.10/32 6.6.6.6 100 0 200 400i
VPN-Instance B, Router ID 12.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
i 28.1.1.0/24 6.6.6.6 100 0 200?
以上输出为PE1的vpnv4路由表,可以看到表中已经接收到了对端站点的私网路由,但是vpn实例的路由表中并不认为对端的私网路由是有效路由,因此也不会将这些路由发送给CE设备。其原因是由于隧道还未建立。
步骤5:建立BGP隧道
[ASBR1]interface GigabitEthernet0/0/1
[ASBR1-GigabitEthernet0/0/1]mpls
ASBR2的配置:
[ASBR2]interface GigabitEthernet0/0/0
[ASBR2-GigabitEthernet0/0/0]mpls
(2)创建标签分配的策略,(创建两个策略,分别用于与ASBR建立邻居以及与RR建立邻居的时候使用)
ASBR1的配置:
[ASBR1]route-policy asbr-asbr permit node 10
[ASBR1-route-policy] apply mpls-label //策略asbr-asbr的意思为当发布bgp路由给asbr设备时,给此路由分配mpls标签。
[ASBR1]route-policy asbr-RR permit node 10
[ASBR1-route-policy] if-match mpls-label
[ASBR1-route-policy] apply mpls-label //策略asbr-rr的意思为当发布bgp路由给rr设备时,如果此路由携带标签,那么给此路由分配mpls标签。
ASBR2的配置:
[ASBR2]route-policy asbr-asbr permit node 10
[ASBR2-route-policy] apply mpls-label
[ASBR2-route-policy]route-policy asbr-RR permit node 10
[ASBR2-route-policy] if-match mpls-label
[ASBR2-route-policy] apply mpls-label
(3)ASBR与ASBR、RR建立bgp邻居时应用策略,并且开启ASBR与ASBR、RR以及RR和PE之间的bgp标签交互能力。
ASBR1的配置:
[ASBR1]bgp 100
[ASBR1-bgp]peer 12.12.12.12 route-policy asbr-RR export
[ASBR1-bgp]peer 12.12.12.12 label-route-capability //开启标签交互能力
[ASBR1-bgp]peer 34.1.1.2 route-policy asbr-asbr export
[ASBR1-bgp]peer 34.1.1.2 label-route-capability
ASBR2的配置:
[ASBR2]bgp 200
[ASBR2-bgp]peer 13.13.13.13 route-policy asbr-RR export
[ASBR2-bgp]peer 13.13.13.13 label-route-capability
[ASBR2-bgp]peer 34.1.1.1 route-policy asbr-asbr export
[ASBR2-bgp]peer 34.1.1.1 label-route-capability
RR1的配置:
[RR1]bgp 100
[RR1-bgp]peer 1.1.1.1 label-route-capability
[RR1-bgp]peer 3.3.3.3 label-route-capability
RR2的配置:
[RR2]bgp 200
[RR2-bgp]peer 4.4.4.4 label-route-capability
[RR2-bgp]peer 6.6.6.6 label-route-capability
PE1的配置:
[PE1]bgp 100
[PE1-bgp]peer 12.12.12.12 label-route-capability
PE2的配置:
[PE2]bgp 200
[PE2-bgp]peer 13.13.13.13 label-route-capability
查看LSP的建立情况。以6.6.6.6/32为例。
[ASBR1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
12.12.12.12/32 1025/NULL -/-
1.1.1.1/32 1027/NULL -/-
13.13.13.13/32 NULL/1025 -/-
6.6.6.6/32 NULL/1027 -/-
6.6.6.6/32 1029/1027 -/-
13.13.13.13/32 1030/1025 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
12.12.12.12/32 NULL/1025 -/GE0/0/0
12.12.12.12/32 1026/1025 -/GE0/0/0
1.1.1.1/32 NULL/1026 -/GE0/0/0
1.1.1.1/32 1028/1026 -/GE0/0/0
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
9.9.9.9/32 1027/NULL -/- A
17.1.1.0/24 1028/NULL -/- B
7.7.7.7/32 1029/NULL -/- B
13.13.13.13/32 NULL/1030 -/-
6.6.6.6/32 NULL/1029 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1
3.3.3.3/32 1025/1024 -/GE0/0/1
12.12.12.12/32 NULL/1025 -/GE0/0/1
12.12.12.12/32 1026/1025 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
通过以上输出可以得知,去往对端VPNV4路由的下一跳地址有对应的隧道,此时再次查看PE1的路由表,观察对端的私网的VPNV4路由是否是有效路由。
[PE1]display bgp vpnv4 all routing-table
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 6
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
VPN-Instance A, Router ID 12.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.9.9.9/32 19.1.1.9 0 0 300i
*>i 10.10.10.10/32 6.6.6.6 100 0 200 400i
VPN-Instance B, Router ID 12.1.1.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 7.7.7.7/32 0.0.0.0 2 0 ?
*>i 8.8.8.8/32 6.6.6.6 100 0 200?
*> 17.1.1.0/24 0.0.0.0 0 0 ?
*>i 28.1.1.0/24 6.6.6.6 100 0 200?
可以看到下一跳为6.6.6.6的vpnv4路由被vpn实例所优选,并且会更新给对应的CE设备。
查看CE1和CE3的路由表。
[CE1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
7.7.7.7/32 Direct 0 0 D 127.0.0.1 LoopBack0
8.8.8.8/32 OSPF 10 2 D 17.1.1.1 GigabitEthernet0/0/0
17.1.1.0/24 Direct 0 0 D 17.1.1.7 GigabitEthernet0/0/0
17.1.1.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
17.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
28.1.1.0/24 O_ASE 150 1 D 17.1.1.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[CE3]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
9.9.9.9/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.10.10.10/32 EBGP 255 0 D 19.1.1.1 GigabitEthernet0/0/0
19.1.1.0/24 Direct 0 0 D 19.1.1.9 GigabitEthernet0/0/0
19.1.1.9/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
19.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
通过以上输出,可以看到CE1和CE3能够学习到对端站点的私网路由。
步骤6:测试网络连通性,并且再PE1的G0/0/1口抓包。
[CE1]ping 8.8.8.8
PING 8.8.8.8: 56 data bytes, press CTRL_C to break
Reply from 8.8.8.8: bytes=56 Sequence=1 ttl=249 time=60 ms
Reply from 8.8.8.8: bytes=56 Sequence=2 ttl=249 time=70 ms
Reply from 8.8.8.8: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 8.8.8.8: bytes=56 Sequence=4 ttl=249 time=50 ms
Reply from 8.8.8.8: bytes=56 Sequence=5 ttl=249 time=50 ms
--- 8.8.8.8 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/58/70 ms
[CE3]ping -a 9.9.9.9 10.10.10.10
PING 10.10.10.10: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.10: bytes=56 Sequence=1 ttl=249 time=50 ms
Reply from 10.10.10.10: bytes=56 Sequence=2 ttl=249 time=50 ms
Reply from 10.10.10.10: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 10.10.10.10: bytes=56 Sequence=4 ttl=249 time=60 ms
Reply from 10.10.10.10: bytes=56 Sequence=5 ttl=249 time=50 ms
--- 10.10.10.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/54/60 ms
可以看到有三层标签,这些标签再何时使用,怎么使用,了解下整个过程。
①CE1将流量发给PE1。(此时是纯ip流量)。
②PE1从G0/0/0口收到流量后,将查看对应的vpn实例的路由表,可以看到分配的私网标签是1031.迭代的下一跳地址为6.6.6.6。此时该报文将打上私网标签1031.
<PE1>display bgp vpnv4 all routing-table 8.8.8.8
BGP local router ID : 12.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 8.8.8.8/32:
Label information (Received/Applied): 1031/NULL //PE2给其分配的私网标签1031
From: 6.6.6.6 (56.1.1.2)
Route Duration: 01h01m35s
Relay IP Nexthop: 12.1.1.2
Relay IP Out-Interface: GigabitEthernet0/0/1
Relay Tunnel Out-Interface: GigabitEthernet0/0/1
Relay token: 0xa
Original nexthop: 6.6.6.6// 迭代下一跳为6.6.6.6
-------------------------------------------
③查看去往6.6.6.6的BGP路由信息。此时将流量将打上第二层标签1028。
<PE1>display bgp routing-table 6.6.6.6
BGP local router ID : 12.1.1.1
Local AS number : 100
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
Label information (Received/Applied): 1028/NULL//ASBR1给其分配的BGP隧道标签1028
From: 3.3.3.3 (23.1.1.2)
Route Duration: 00h49m55s
Relay IP Nexthop: 12.1.1.2
Relay IP Out-Interface: GigabitEthernet0/0/1
Relay Tunnel Out-Interface: GigabitEthernet0/0/1
Relay token: 0x3
Original nexthop: 3.3.3.3 //迭代下一跳为3.3.3.3
------------------------
④查看去往3.3.3.3的mpls lsp 隧道。此时将流量将打上第三层标签1024。
<PE1>display mpls lsp
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1024 -/GE0/0/1 //去往3.3.3.3的流量迭代进入该隧道,并打上标签1024
3.3.3.3/32 1025/1024 -/GE0/0/1
1.1.1.1/32 3/NULL -/-
⑤此流量沿着AS100内部ldp 建立的lsp 隧道由P1设备将流量发给ASBR1。P1设备是3.3.3.3的次末跳,此时将直接弹出外层标签1024。ASBR1收到的报文只有两层标签。
⑥ASBR1收到次报文后,查看mpls lsp标签。并且会将1028 交换为1026 转发给ASBR2。注意此时用的是BGP的LSP。
<ASBR1>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 1026/NULL -/-
6.6.6.6/32 NULL/1026 -/-
6.6.6.6/32 1028/1026 -/-
⑦ASBR2收到此报文后,再次查看mpls lsp标签表项。
<ASBR2>display mpls lsp in-label 1026 verbose
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex :
RD Value : 0:0
Fec : 6.6.6.6/32
Nexthop : -------
In-Label : 1026
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4096
Token : 0x0
LsrType : Egress
Outgoing token : 0x3//迭代进入0x3隧道。
Label Operation : POPGO//执行popgo的动作,意思为将标签弹出并加上另外一个公网标签。
Mpls-Mtu : ------
TimeStamp : 4658sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : -------
BackupBGPKey : -------
FrrOutLabel : -------
查看0x3隧道,出标签为1025.此时ASBR2发出去的流量将存在两层标签。外层为1025,由ldp分配。内层标签还是1031。并且沿着lsp隧道发给PE2。PE2收到后将查看内层标签1031将查看对应的vpn实例路由表,把流量发给CE2。
<ASBR2>display tunnel-info tunnel-id 3
Tunnel ID: 0x3
Tunnel Token: 3
Type: lsp
Destination: 6.6.6.6
Out Slot: 0
Instance ID: 0
Out Interface: GigabitEthernet0/0/1
Out Label: 1025
Next Hop: 45.1.1.2
Lsp Index: 6147