MPLS VPN跨域C2 RR反射器方案（一）-阿里云开发者社区

MPLS VPN跨域C2 RR反射器方案（一）

2023-10-27 46

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： MPLS VPN跨域C2 RR反射器方案

拓扑设计

拓扑介绍

如图，R9与R10分别是AS100和AS200中的RR反射器；R9与R10建立MP-BGP邻居关系，用于传递VPNV4路由，R1与R6都是PE设备，如果有多个PE设备那么配置起来相对复杂与繁琐，所以现在使用RR反射器进行配置，可以直接将路由传递给多个PE设备，减少配置命令与设备压力。

数据配置

ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:6 export-extcommunity
  vpn-target 6:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0000.0000.0001.00
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance vpn1
 ip address 17.1.1.1 255.255.255.0
 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ip address 12.1.1.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
#
bgp 100
 peer 9.9.9.9 as-number 100
 peer 9.9.9.9 connect-interface LoopBack0
 #
 ipv4-family unic
  peer 9.9.9.9 enable
  peer 9.9.9.9 label-route-capability
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 9.9.9.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route ospf 1

mpls lsr-id 3.3.3.3
mpls
 lsp-trigger bgp-label-route
#
mpls ldp
#
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0000.0000.0003.00
 import-route bgp
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 23.1.1.3 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 34.1.1.3 255.255.255.0
 mpls
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
 isis enable 1
#
bgp 100
 peer 9.9.9.9 as-number 100
 peer 9.9.9.9 connect-interface LoopBack0
 peer 34.1.1.4 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  network 1.1.1.1 255.255.255.255
  network 9.9.9.9 255.255.255.255
  peer 9.9.9.9 enable
  peer 9.9.9.9 label-route-capability
  peer 34.1.1.4 enable
  peer 34.1.1.4 route-policy 1 export
  peer 34.1.1.4 label-route-capability
#
route-policy 1 permit node 10
 apply mpls-label

mpls lsr-id 9.9.9.9
mpls
#
mpls ldp
#
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0000.0000.0009.00
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 29.1.1.9 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 9.9.9.9 255.255.255.255
 isis enable 1
#
bgp 100
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack0
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 peer 10.10.10.10 as-number 200
 peer 10.10.10.10 ebgp-max-hop 255
 peer 10.10.10.10 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 1.1.1.1 label-route-capability
  peer 3.3.3.3 enable
  peer 3.3.3.3 label-route-capability
  undo peer 10.10.10.10 enable
 #
 ipv4-family vpnv4
  undo policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 next-hop-invariable
  peer 10.10.10.10 enable
  peer 10.10.10.10 next-hop-invariable

mpls lsr-id 4.4.4.4
mpls
 lsp-trigger bgp-label-route
#
mpls ldp
#
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 50.0000.0000.0004.00
 import-route bgp
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 34.1.1.4 255.255.255.0
 mpls
#
interface GigabitEthernet0/0/1
 ip address 45.1.1.4 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
 isis enable 1
#
bgp 200
 peer 10.10.10.10 as-number 200
 peer 10.10.10.10 connect-interface LoopBack0
 peer 34.1.1.3 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  network 6.0.0.0
  network 6.6.6.6 255.255.255.255
  network 10.0.0.0
  network 10.10.10.10 255.255.255.255
  peer 10.10.10.10 enable
  peer 10.10.10.10 label-route-capability
  peer 34.1.1.3 enable
  peer 34.1.1.3 route-policy 1 export
  peer 34.1.1.3 label-route-capability
#
route-policy 1 permit node 10
 apply mpls-label

MPLS VPN跨域C2 RR反射器方案（一）

热门文章

最新文章

相关电子书