实现利用MPLS VPN技术实现R5与R6互访时流量需要经过R4
数据包转发过程
- R6访问R5,R6产生数据包,源地址192.168.6.6 目的地址192.168.5.5
- 根据路由表将数据包交给了R3,进入R3时因为接口绑定在了R3的VRF实例中,所以数据包直接进入R3的VRF实例,并查看VRF的转发表
- 发现目的地址的路由隧道ID为0x3,就将数据包交到了对应的隧道中,封装了MP-BGP标签,另外按照MPLS隧道的出口将数据包发给了R1
- R1收到数据包后根据MP-BGP的标签把数据包转给了R1的VRF in实例
- R1根据VRF in实例的路由表按照下一跳通过ospf 14将数据包转给了R4
- R4收到数据包之后查询路由表,又按照ospf 41将数据包交给了R1的VRF out实例
- 收到数据包后,查询VRF out的路由表,下一跳交给了R2,R2又通过用户侧的路由交给了R5
1.底层IGP互通 R1 isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0001.00 R2 isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0002.00 R3 isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0003.00 2.BGP建立,并启用VPN V4路由 R1 bgp 123 peer 2.2.2.2 as-number 123 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 123 peer 3.3.3.3 connect-interface LoopBack0 ipv4-family vpnv4 //能够传递VPN V4路由 peer 2.2.2.2 enable peer 3.3.3.3 enable R2 bgp 123 peer 3.3.3.3 as-number 123 peer 1.1.1.1 connect-interface LoopBack0 peer 3.3.3.3 as-number 123 peer 1.1.1.1 connect-interface LoopBack0 ipv4-family vpnv4 //能够传递VPN V4路由 peer 1.1.1.1 enable peer 3.3.3.3 enable R3 bgp 123 peer 2.2.2.2 as-number 123 peer 1.1.1.1 connect-interface LoopBack0 peer 2.2.2.2 as-number 123 peer 1.1.1.1 connect-interface LoopBack0 ipv4-family vpnv4 //能够传递VPN V4路由 peer 1.1.1.1 enable peer 2.2.2.2 enable 3.MPLS建立 R1 mpls mpls ldp int g0/0/0 mpls mpls ldp int g0/0/1 mpls mpls ldp R2 mpls mpls ldp int g0/0/0 mpls mpls ldp R3 mpls mpls ldp int g0/0/0 mpls mpls ldp
1.创建VRF实例 R1 ip vpn-instance vpn1 ipv4-family route-distinguisher 2:2 vpn-target 25:25 export-extcommunity vpn-target 52:52 import-extcommunity R2 ip vpn-instance vpn1 ipv4-family route-distinguisher 3:3 vpn-target 36:36 export-extcommunity vpn-target 63:63 import-extcommunity 2.将VRF实例绑定到连接用户的接口,用户流量直接进入VRF实例 R2 int g0/0/2 ip binding vpn-instance vpn1 ip address 192.168.25.2 24 //绑定VRF实例后,关于IP的配置都会失效,需要重新配置 R3 int g0/0/2 ip binding vpn-instance vpn1 ip address 192.168.36.3 24 3.配置路由学习用户侧路由 R2 ospf 1 vpn-instance vpn1 area 0 qu int g0/0/2 ospf enable 1 area 0 R3 ospf 1 vpn-instance vpn1 area 0 qu int g0/0/2 ospf enable 1 area 0
1.R1创建入方向VRF,现在R1可以收到R2与R3的路由并放到入方向VRF中 ip vpn-instance in ipv4-family route-distinguisher 14:14 RD值 vpn-target 25:25 36:36 import-extcommunity 接收RT值 2.R4稍后将路由传递给R1的出方向VRF,建立出方向VRF,将R3,R2的路由做了交互动作 R1配置出方向VRF ip vpn-instance out ipv4-family route-distinguisher 41:41 vpn-target 52:52 63:63 export-extcommunity vpn-target 52:52 63:63 import-extcommunity
1.R1与R4建立IGP,并将in VRF里面的路由传递给R4 R1 ospf 14 vpn-instance in import-route bgp dn-bit-set disable summary 用于防止环路产生 area 0.0.0.0 interface GigabitEthernet0/0/2.14 dot1q termination vid 14 ip binding vpn-instance in ip address 192.168.14.1 255.255.255.0 ospf enable 14 area 0.0.0.0 arp broadcast enable R4 ospf 1 router-id 4.4.4.4 area 0.0.0.0 interface GigabitEthernet0/0/2.14 dot1q termination vid 14 ip address 192.168.14.4 255.255.255.0 ospf enable 1 area 0.0.0.0 arp broadcast enable 2.R4使用OSPF将传递给 R1的out方向VRF R4 ospf 1 area 0 interface GigabitEthernet0/0/2.41 dot1q termination vid 41 ip address 192.168.41.4 255.255.255.0 ospf enable 1 area 0.0.0.0 arp broadcast enable R1 ospf 41 vpn-instance out area 0.0.0.0 interface GigabitEthernet0/0/2.41 dot1q termination vid 41 ip binding vpn-instance out 绑定到出方向VRF ip address 192.168.41.1 255.255.255.0 ospf enable 41 area 0.0.0.0 arp broadcast enable
1.R2将R5的路由引入到BGP中,并将BGP引入到OSPF中传递给R5 bgp 123 ipv4-family vpn-instance vpn1 import-route ospf 1 ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0 2.R3将R6的路由引入到BGP中,并将BGP引入到OSPF中传递给R6 bgp 123 ipv4-family vpn-instance vpn1 import-route ospf 1 ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0
