MPLS VPN跨域A

简介: MPLS VPN跨域A


  1. 拓扑设计

  1. 拓扑介绍

 如图,上海分公司与山东分公司之间为保证业务可以互通,需要使用MPLS VPN技术进行连接。中间R3与R4之间运行IGP,使用IGP传递路由,因为网络需要经过联通与移动两个AS域,所以使用MPLS VPN OptionA方案来进行配置。

  1. 数据配置

R1配置

ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:3 export-extcommunity
  vpn-target 3:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0000.0000.0001.00
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance vpn1
 ip address 17.1.1.1 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ip address 12.1.1.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
 #
 ipv4-family vpn-instance vpn1
  import-route ospf 1
#
ospf 1 vpn-instance vpn1
 import-route bgp
 area 0.0.0.0
#

R2配置

mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0000.0000.0002.00
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
 isis enable 1

R3配置

ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 3:3
  vpn-target 3:1 export-extcommunity
  vpn-target 1:3 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 23.1.1.3 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance vpn1
 ip address 34.1.1.3 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
 isis enable 1
#
bgp 100
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
 #
 ipv4-family vpn-instance vpn1
  import-route ospf 1
#
ospf 1 vpn-instance vpn1
 import-route bgp
 dn-bit-check disable summary
 dn-bit-check disable ase
 dn-bit-check disable nssa
 area 0.0.0.0

R4配置

ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 4:4
  vpn-target 4:6 export-extcommunity
  vpn-target 6:4 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 50.0000.0000.0004.00
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance vpn1
 ip address 34.1.1.4 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ip address 45.1.1.4 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
 isis enable 1
#
bgp 200
 peer 6.6.6.6 as-number 200
 peer 6.6.6.6 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 6.6.6.6 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 6.6.6.6 enable
 #
 ipv4-family vpn-instance vpn1
  import-route ospf 1
#
ospf 1 vpn-instance vpn1
 import-route bgp
 dn-bit-check disable summary
 dn-bit-check disable ase
 dn-bit-check disable nssa
 area 0.0.0.0

R5配置

mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 50.0000.0000.0005.00
#
interface GigabitEthernet0/0/0
 ip address 45.1.1.5 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 56.1.1.5 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255
 isis enable 1

R6配置

ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 6:6
  vpn-target 6:4 export-extcommunity
  vpn-target 4:6 import-extcommunity
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 50.0000.0000.0006.00
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 56.1.1.6 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance vpn1
 ip address 68.1.1.6 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.255
 isis enable 1
#
bgp 200
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance vpn1
  import-route ospf 1
#
ospf 1 vpn-instance vpn1
 import-route bgp
 area 0.0.0.0

R7配置

interface GigabitEthernet0/0/0
 ip address 68.1.1.8 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255
 ospf enable 1 area 0.0.0.0
#
ospf 1
 area 0.0.0.0

R8配置

interface GigabitEthernet0/0/0
 ip address 68.1.1.8 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255
 ospf enable 1 area 0.0.0.0
#
ospf 1
 area 0.0.0.0
  1. 查看现象

由此可见,VPN可以正常转发数据包

  1. 注意事项

接收不到OSPF的时候,需要考虑是否是dn位的问题

  1. 转发平面
  • R7的路由通过OSPF传递给R1,R1把路由通过MP-BGP传递给R3,此时R3上面有收方向实例,就会接收路由;R3会把R4当做CE设备,绑定到端口通过IGP协议传递给R4;R4收到路由后把路由变为VPNV4路由通过MP-BGP传递给R6,R6把路由交到实例里面传给R8设备。


目录
相关文章
|
3月前
|
网络协议 Shell 网络虚拟化
手把手教你玩MPLS VPN如何配置
手把手教你玩MPLS VPN如何配置
294 0
|
5月前
|
网络协议 网络虚拟化 网络架构
MPLS VPN协议高级应用
MPLS VPN协议高级应用
|
5月前
|
网络协议 网络虚拟化 虚拟化
|
5月前
|
网络协议 网络虚拟化
MPLS VPN跨域方案(一)
MPLS VPN跨域方案(一)
|
6月前
|
网络虚拟化
配置BGP/MPLS IP VPN示例
配置BGP/MPLS IP VPN示例
|
6月前
|
网络协议 PHP 网络虚拟化
BGP MPLS VPN(OPTION C)实验笔记
BGP MPLS VPN(OPTION C)实验笔记
166 1
|
6月前
|
网络协议 网络虚拟化
MPLS VPN 跨域OptionC2
MPLS VPN 跨域OptionC2
|
网络虚拟化
MPLS VPN跨域C2 RR反射器方案(二)
MPLS VPN跨域C2 RR反射器方案
142 0
|
网络虚拟化
MPLS VPN跨域C2 RR反射器方案(一)
MPLS VPN跨域C2 RR反射器方案
155 0
|
网络虚拟化
MPLS VPN跨域C1方案 RR反射器(二)
MPLS VPN跨域C1方案 RR反射器
87 0