拓扑图如下
- 配置两个RR之间建立MP-EBGP邻居
- R9配置
bgp 100 peer 10.10.10.10 as-number 200 peer 10.10.10.10 ebgp-max-hop 255 peer 10.10.10.10 connect-interface LoopBack0 ipv4-family vpnv4 peer 10.10.10.10 enable peer 10.10.10.10 next-hop-invariable
- R10配置
bgp 200 peer 9.9.9.9 as-number 100 peer 9.9.9.9 ebgp-max-hop 255 peer 9.9.9.9 connect-interface LoopBack0 ipv4-family vpnv4 peer 9.9.9.9 enable peer 9.9.9.9 next-hop-invariable
现在虽然配置了建立邻居的BGP进程,但是因为双方是没有对方的路由的,所以无法建立。
- R3与R4建立EBGP邻居,各自宣告9.9.9.9与10.10.10.10
- R3配置
bgp 100 peer 34.1.1.4 as-number 200 peer 34.1.1.4 enable peer 34.1.1.4 route-policy 1 export peer 34.1.1.4 label-route-capability network 9.9.9.9 255.255.255.255
- R4配置
bgp 200 peer 34.1.1.3 as-number 100 peer 34.1.1.3 enable peer 34.1.1.3 route-policy 1 export peer 34.1.1.3 label-route-capability network 10.10.10.10 255.255.255.255
- R3与R9建立邻居,R4与R10建立邻居(IBGP邻居关系)
- AS 100
R9 bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 reflect-client R3 bgp 100 peer 9.9.9.9 as-number 100 peer 9.9.9.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 9.9.9.9 255.255.255.255 peer 9.9.9.9 enable peer 9.9.9.9 route-policy 2 export peer 9.9.9.9 label-route-capability
- AS 200
R10 bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 4.4.4.4 label-route-capability R4 bgp 200 peer 10.10.10.10 as-number 200 peer 10.10.10.10 connect-interface LoopBack0 ipv4-family unicast undo synchronization network 6.6.6.6 255.255.255.255 network 10.10.10.10 255.255.255.255 peer 10.10.10.10 enable peer 10.10.10.10 route-policy 2 export peer 10.10.10.10 label-route-capability
- 配置策略路由
- R3配置,应用策略已在上一步配置
route-policy 1 permit node 10 apply mpls-label route-policy 2 permit node 10 if-match mpls-label apply mpls-label
- R4配置
route-policy 1 permit node 10 apply mpls-label route-policy 2 permit node 10 if-match mpls-label apply mpls-label
此时,两个RR之间的路由可达,RR之间可以正常建立MP-EGBP邻居。
下一步需要R1与R9建立MP-IBGP邻居关系,R1把VPNV4路由传给R9
R6与R10建立MP-IBGP邻居关系,R6把VPNVR路由传给R10
之后R9与R10互相传递VPNVR路由,他们就能收到了。
- R1与R9,R6与R10建立MP-IBGP邻居
- AS 100
R1 bgp 100 peer 9.9.9.9 as-number 100 peer 9.9.9.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 9.9.9.9 enable peer 9.9.9.9 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 9.9.9.9 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 R9 bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 1.1.1.1 reflect-client peer 1.1.1.1 label-route-capability# ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 reflect-client
- AS 200
R9 bgp 100 peer 10.10.10.10 as-number 200 peer 10.10.10.10 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.10 enable peer 10.10.10.10 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 10.10.10.10 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 R9 bgp 100 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 6.6.6.6 enable peer 1.1.1.1 reflect-client peer 1.1.1.1 label-route-capability# ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 reflect-client
现在路由就可以正常传递了,但是对于两边的PE设备来说,1.1.1.1和6.6.6.6都不是可达的。所以需要在中间设备R3与R4上面分别network 1.1.1.1和 6.6.6.6.
数据配置
R1
<R1> dis cu [V200R003C00] # sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # ip vpn-instance vpn1 ipv4-family route-distinguisher 1:1 vpn-target 1:6 export-extcommunity vpn-target 6:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0001.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip binding vpn-instance vpn1 ip address 17.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/1 ip address 12.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 9.9.9.9 as-number 100 peer 9.9.9.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 9.9.9.9 enable peer 9.9.9.9 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 9.9.9.9 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 # ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
