1.实验说明
(1) 实验目的
配置BGP MPLS VPN OPTION A,使得总部与分公司私网互通,分公司与总部之间可互访,但分公司之间不能互访。
(2) 实验拓扑
(3) 地址说明
业务地址段:
私网地址段
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
网络地址段:
路由器
接口
IP
备注
R1-CE
loopback0
1.1.1.1/32
GE 0/0/1
192.168.1.2/30
Ethernet 0/0/1
10.0.1.254/24
R2-PE
loopback0
2.2.2.2/32
GE 0/0/1
192.168.1.1/30
vpn
GE 0/0/0
211.137.23.2/24
R3-P
loopback0
3.3.3.3/32
GE 0/0/0
211.137.23.3/24
GE 0/0/1
211.137.34.3/24
R4-ASBR
loopback0
4.4.4.4/32
GE 0/0/1
211.137.34.4/24
GE 0/0/2
211.137.45.4/24
R5-ASBR
loopback0
5.5.5.5/32
GE 0/0/2
211.137.45.5/24
GE 0/0/1
211.137.56.5/24
R6-P
loopback0
6.6.6.6/32
GE 0/0/1
211.137.56.6/24
GE 0/0/0
211.137.67.6/24
R7-PE
loopback0
7.7.7.7/32
GE 0/0/0
211.137.67.7/24
GE 0/0/1
192.168.2.1/30
vpn
GE 0/0/2
192.168.3.1/30
vpn
R8-CE
loopback0
8.8.8.8/32
GE 0/0/1
192.168.2.2/30
Ethernet 0/0/1
10.0.2.254/24
R9-CE
loopback0
9.9.9.9/32
GE 0/0/1
192.168.3.2/30
Ethernet 0/0/1
10.0.3.254/24
(4) 实验思路
1.在骨干网上运行IGP协议实现同一AS的ASBR与PE之间的互通,并且同一AS的ASBR与PE之间要建立MPLS LDP LSP
2.PE与CE之间建立EBGP对等体关系;PE与ASBR之间建立MP-IBGP对等体关系
3.在PE上需配置VPN实例(在ASBR上无需配置VPN实例)
4.在ASBR上与另一ASBR相连接口上分别使能MPLS,且ASBR之间建立MP-EBGP对等体关系,并且不对接收的VPNv4路由进行VPN-Target过滤
(5) OPTION B
路由层面
$$ CE \stackrel{ebgp}{\Longleftrightarrow} PE \stackrel{MP-IBGP}{\Longleftrightarrow} ASBR \stackrel{MP-EBGP}{\Longleftrightarrow} ASBR \stackrel{MP-IBGP}{\Longleftrightarrow} PE \stackrel{ebgp}{\Longleftrightarrow} CE $$
转发层面
$$ CE \stackrel{IP}{\Longleftrightarrow} PE \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} ASBR \stackrel{MPLS} {\Longleftrightarrow} ASBR \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} PE \stackrel{IP}{\Longleftrightarrow} CE $$
(6) ABC区别
| Option A | Option B | Option C | |
|---|---|---|---|
| ASBR间交换的路由类型 | 客户的IPv4路由 | VPNv4路由 | 公网IPv4路由 |
| AS间标签交换 | 否 | VPN标签 | IPv4路由标签(通过eBGP传递) |
| AS之间是否需要启用LDP | 否 | 否 | 否 |
| AS之间是否需要启用MP-BGP | 否 | 是 | 是 |
| VPNv4路由在哪里维护 | ASBR | ASBR | PE或RR |
| 适用场景 | 一般用于国际运营商之间 | 同一个运营商中的不同AS之间 | 同一个运营商中的不同AS之间 |
2.骨干域IGP配置(OSPF)
与OPTION A类似
OSPF配置后,PE、P、ASBR可以相互学到loopback路由,是后续MPLS/LDP标签传递、PE/ASBR BGP邻居建立的基础
## R2-PE的ospf配置
<R2-PE>display current-configuration configuration ospf
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 211.137.23.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
## R3-P的ospf配置
<R3-P>display current-configuration configuration ospf
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 211.137.23.0 0.0.0.255
network 211.137.34.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
return
## R4-ASBR的ospf配置
<R4-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 211.137.34.0 0.0.0.255
network 4.4.4.4 0.0.0.0
#
return
## R7-PE的ospf配置
<R7-PE>display current-configuration configuration ospf
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 211.137.67.0 0.0.0.255
network 7.7.7.7 0.0.0.0
#
return
## R6-P的ospf配置
<R6-P>display current-configuration configuration ospf
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 211.137.56.0 0.0.0.255
network 211.137.67.0 0.0.0.255
network 6.6.6.6 0.0.0.0
#
return
## R5-ASBR的ospf配置
<R5-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 211.137.56.0 0.0.0.255
network 5.5.5.5 0.0.0.0
#
return
查看lsdb,确认PE/P/ASBR的loopback均已通过ospf发布
<R3-P>display ospf lsdb
OSPF Process 1 with Router ID 3.3.3.3
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.4 4.4.4.4 20 48 80000004 1
Router 2.2.2.2 2.2.2.2 90 48 80000006 1
Router 3.3.3.3 3.3.3.3 14 60 80000009 1
Network 211.137.23.2 2.2.2.2 91 32 80000002 0
Network 211.137.34.3 3.3.3.3 14 32 80000002 0
<R6-P>display ospf lsdb
OSPF Process 1 with Router ID 6.6.6.6
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 7.7.7.7 7.7.7.7 1337 48 80000024 1
Router 6.6.6.6 6.6.6.6 1335 60 8000002F 1
Router 5.5.5.5 5.5.5.5 1335 48 80000028 1
Network 211.137.67.7 7.7.7.7 1337 32 8000001D 0
Network 211.137.56.6 6.6.6.6 1337 32 8000001C 0
3.骨干域MPLS/LDP配置
与OPTION A类似
分别在全局和接口下启用MPLS和LDP
## R2-PE启用MPLS和LDP
[R2-PE]mpls lsr-id 2.2.2.2
[R2-PE]mpls
Info: Mpls starting, please wait... OK!
[R2-PE-mpls]mpls ldp
[R2-PE-mpls-ldp]quit
[R2-PE]interface GigabitEthernet 0/0/0
[R2-PE-GigabitEthernet0/0/0]mpls
[R2-PE-GigabitEthernet0/0/0]mpls ldp
## R3-P启用MPLS和LDP
[R3-P]mpls lsr-id 3.3.3.3
[R3-P]mpls
Info: Mpls starting, please wait... OK!
[R3-P-mpls]mpls ldp
[R3-P-mpls-ldp]quit
[R3-P]interface GigabitEthernet 0/0/0
[R3-P-GigabitEthernet0/0/0]mpls
[R3-P-GigabitEthernet0/0/0]mpls ldp
[R3-P-GigabitEthernet0/0/0]quit
[R3-P]interface GigabitEthernet 0/0/1
[R3-P-GigabitEthernet0/0/1]mpls
[R3-P-GigabitEthernet0/0/1]mpls ldp
## R4-ASBR启用MPLS和LDP
[R4-ASBR]mpls lsr-id 4.4.4.4
[R4-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R4-ASBR-mpls]mpls ldp
[R4-ASBR-mpls-ldp]quit
[R4-ASBR]interface GigabitEthernet 0/0/1
[R4-ASBR-GigabitEthernet0/0/1]mpls
[R4-ASBR-GigabitEthernet0/0/1]mpls ldp
## R7-PE启用MPLS和LDP
[R7-PE]mpls lsr-id 7.7.7.7
[R7-PE]mpls
Info: Mpls starting, please wait... OK!
[R7-PE-mpls]mpls ldp
[R7-PE-mpls-ldp]quit
[R7-PE]interface GigabitEthernet 0/0/0
[R7-PE-GigabitEthernet0/0/0]mpls
[R7-PE-GigabitEthernet0/0/0]mpls ldp
## R6-P启用MPLS和LDP
[R6-P]mpls lsr-id 6.6.6.6
[R6-P]mpls
Info: Mpls starting, please wait... OK!
[R6-P-mpls]mpls ldp
[R6-P-mpls-ldp]quit
[R6-P]interface GigabitEthernet 0/0/0
[R6-P-GigabitEthernet0/0/0]mpls
[R6-P-GigabitEthernet0/0/0]mpls ldp
[R6-P-GigabitEthernet0/0/0]quit
[R6-P]interface GigabitEthernet 0/0/1
[R6-P-GigabitEthernet0/0/1]mpls
[R6-P-GigabitEthernet0/0/1]mpls ldp
## ASBR2启用MPLS和LDP
[R5-ASBR]mpls lsr-id 5.5.5.5
[R5-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R5-ASBR-mpls]mpls ldp
[R5-ASBR-mpls-ldp]quit
[R5-ASBR]interface GigabitEthernet 0/0/1
[R5-ASBR-GigabitEthernet0/0/1]mpls
[R5-ASBR-GigabitEthernet0/0/1]mpls ldp
查看LSP
<R3-P>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1025/3 -/GE0/0/1
<R6-P>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 NULL/3 -/GE0/0/0
7.7.7.7/32 1024/3 -/GE0/0/0
6.6.6.6/32 3/NULL -/-
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1025/3 -/GE0/0/1
4.PE上VPN实例配置
(1) 分公司配置
R7-PE上创建VPN实例vpn2和vpn3,将R8-CE和R9-CE分别接入到R7-PE上
## 创建vpn实例,名称为vpn2
[R7-PE]ip vpn-instance vpn2
## 使用ipv地址
[R7-PE-vpn-instance-vpn2]ipv4-family
## RD设置为100:2
[R7-PE-vpn-instance-vpn2-af-ipv4]route-distinguisher 100:2
## 设置vpn-target
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 1:1 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]quit
[R7-PE-vpn-instance-vpn2]quit
## 创建vpn实例,名称为vpn3
[R7-PE]ip vpn-instance vpn3
[R7-PE-vpn-instance-vpn3]ipv4-family
[R7-PE-vpn-instance-vpn3-af-ipv4]route-distinguisher 100:3
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 3:3 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 1:1 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn2的实例绑定到GigabitEthernet 0/0/1上,vpn3实例绑定到GigabitEthernet 0/0/2上
绑定后需要重新配置IP
[R7-PE]interface GigabitEthernet 0/0/1
[R7-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/1]ip address 192.168.2.1 30
[R7-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn2
ip address 192.168.2.1 255.255.255.252
#
return
[R7-PE-GigabitEthernet0/0/1]quit
[R7-PE]interface GigabitEthernet 0/0/2
[R7-PE-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/2]ip address 192.168.3.1 30
[R7-PE-GigabitEthernet0/0/2]display this
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn3
ip address 192.168.3.1 255.255.255.252
#
return
配置R7-PE和R8-CE、R9-CE的BGP邻居及路由
## R7-PE上配置BGP,分别在vpn2和vpn3中配置到R8-CE和R9-CE的BGP邻居,并下发缺省路由
[R7-PE]bgp 200
[R7-PE-bgp]ipv4-family vpn-instance vpn2
[R7-PE-bgp-vpn2]peer 192.168.2.2 as-number 10002
[R7-PE-bgp-vpn2]network 0.0.0.0 0.0.0.0
Info: The network does not exist.
[R7-PE-bgp-vpn2]quit
[R7-PE-bgp]ipv4-family vpn-instance vpn3
[R7-PE-bgp-vpn3]peer 192.168.3.2 as-number 10003
[R7-PE-bgp-vpn3]network 0.0.0.0 0.0.0.0
Info: The network does not exist.
[R7-PE-bgp-vpn3]quit
[R7-PE-bgp]quit
## R7-PE上配置黑洞路由,以使BGP发布路由生效
[R7-PE]ip route-static vpn-instance vpn2 0.0.0.0 0.0.0.0 NULL0 preference 255
[R7-PE]ip route-static vpn-instance vpn3 0.0.0.0 0.0.0.0 NULL0 preference 255
## R8-CE上配置BGP
[R8-CE]bgp 10002
[R8-CE-bgp]peer 192.168.2.1 as-number 200
[R8-CE-bgp]network 10.0.2.0 255.255.255.0
## R9-CE上配置BGP
[R9-CE]bgp 10003
[R9-CE-bgp]peer 192.168.3.1 as-number 200
[R9-CE-bgp]network 10.0.3.0 255.255.255.0
在R8-CE和R9-CE上查看BGP收发路由情况
## R8-CE路由信息
<R8-CE>display bgp routing-table peer 192.168.2.1 advertised-routes
BGP Local router ID is 10.0.2.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.2.0/24 192.168.2.2 0 0 10002i
<R8-CE>display bgp routing-table peer 192.168.2.1 received-routes
BGP Local router ID is 10.0.2.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 0.0.0.0 192.168.2.1 0 0 200i
## R9-CE路由信息
<R9-CE>display bgp routing-table peer 192.168.3.1 advertised-routes
BGP Local router ID is 10.0.3.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.3.0/24 192.168.3.2 0 0 10003i
<R9-CE>display bgp routing-table peer 192.168.3.1 received-routes
BGP Local router ID is 10.0.3.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 0.0.0.0 192.168.3.1 0 0 200i
(2) 总公司配置
R2-PE上创建VPN实例vpn1,将R1-CE接入到R2-PE上
[R2-PE]ip vpn-instance vpn1
[R2-PE-vpn-instance-vpn1]ipv4-family
[R2-PE-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 2:2 3:3 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn1的实例绑定到GigabitEthernet 0/0/1上
[R2-PE]interface GigabitEthernet 0/0/1
[R2-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R2-PE-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[R2-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 192.168.1.1 255.255.255.252
#
return
配置R2-PE和R1-CE的BGP邻居及路由
## R2-PE上配置BGP,在vpn1中配置到R1-CE的BGP邻居,并下发缺省路由
[R2-PE]bgp 100
[R2-PE-bgp]ipv4-family vpn-instance vpn1
[R2-PE-bgp-vpn1]peer 192.168.1.2 as-number 10001
[R2-PE-bgp-vpn1]network 0.0.0.0 0.0.0.0
Info: The network does not exist.
[R2-PE-bgp-vpn1]quit
[R2-PE-bgp]quit
## R2-PE上配置黑洞路由,以使BGP发布路由生效
[R2-PE]ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL 0 preference 255
## R1-CE上配置BGP
[R1-CE]bgp 10001
[R1-CE-bgp]peer 192.168.1.1 as-number 100
[R1-CE-bgp]network 10.0.1.0 255.255.255.0
在R1-CE上查看BGP收发路由情况
<R1-CE>display bgp routing-table peer 192.168.1.1 advertised-routes
BGP Local router ID is 10.0.1.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.1.0/24 192.168.1.2 0 0 10001i
<R1-CE>display bgp routing-table peer 192.168.1.1 received-routes
BGP Local router ID is 10.0.1.254
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 0.0.0.0 192.168.1.1 0 0 100i
在R2-PE上对业务地址进行PING测试
<R2-PE>ping -vpn-instance vpn1 10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=127 time=190 ms
Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=127 time=60 ms
Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=127 time=90 ms
Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=127 time=80 ms
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=127 time=50 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/94/190 ms
5.域内MP-IBGP配置
在R2-PE和R4-ASBR之间配置MP-IBGP,其中ASBR不对接收的VPNv4路由进行VPN-Target过滤
## R2-PE上配置
[R2-PE]bgp 100
[R2-PE-bgp]peer 4.4.4.4 as-number 100
[R2-PE-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R2-PE-bgp]ipv4-family vpnv4
[R2-PE-bgp-af-vpnv4]policy vpn-target
[R2-PE-bgp-af-vpnv4]peer 4.4.4.4 enable
## R4-ASBR上配置
[R4-ASBR]bgp 100
[R4-ASBR-bgp]peer 2.2.2.2 as-number 100
[R4-ASBR-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R4-PE-bgp]ipv4-family vpnv4
[R4-PE-bgp-af-vpnv4]undo policy vpn-target
[R4-PE-bgp-af-vpnv4]peer 2.2.2.2 enable
同样在R7-PE和R5-ASBR之间配置MP-IBGP
## R7-PE上配置
[R7-PE]bgp 200
[R7-PE-bgp]peer 5.5.5.5 as-number 200
[R7-PE-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R7-PE-bgp]ipv4-family vpnv4
[R7-PE-bgp-af-vpnv4]policy vpn-target
[R7-PE-bgp-af-vpnv4]peer 5.5.5.5 enable
## R5-ASBR上配置
[R5-ASBR]bgp 200
[R5-ASBR-bgp]peer 7.7.7.7 as-number 200
[R5-ASBR-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R5-PE-bgp]ipv4-family vpnv4
[R5-PE-bgp-af-vpnv4]undo policy vpn-target
[R5-PE-bgp-af-vpnv4]peer 7.7.7.7 enable
在ASBR上查看PE发布的路由,可以收到vpn路由中的业务地址
## R4-ASBR收BGP路由信息
<R4-ASBR>display bgp vpnv4 all routing-table peer 2.2.2.2 received-routes
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 0.0.0.0 2.2.2.2 0 100 0 i
*>i 10.0.1.0/24 2.2.2.2 0 100 0 10001i
## R5-ASBR收BGP路由信息
<R5-ASBR>display bgp vpnv4 all routing-table peer 7.7.7.7 received-routes
BGP Local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Route Distinguisher: 100:2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 0.0.0.0 7.7.7.7 0 100 0 i
*>i 10.0.2.0/24 7.7.7.7 0 100 0 10002i
Route Distinguisher: 100:3
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 0.0.0.0 7.7.7.7 0 100 0 i
*>i 10.0.3.0/24 7.7.7.7 0 100 0 10003i
6.域间MP-EBGP配置
在R4-ASBR和R5-ASBR互联接口上启用mpls
## R4-ASBR使能mpls
[R4-ASBR]interface GigabitEthernet 0/0/2
[R4-ASBR-GigabitEthernet0/0/2]mpls
## R5-ASBR使能mpls
[R5-ASBR]interface GigabitEthernet 0/0/2
[R5-ASBR-GigabitEthernet0/0/2]mpls
配置R4-ASBR与R5-ASBR建立MP-EBGP对等体关系,并且不对接收的VPNv4路由进行VPN-Target过滤
## R4-ASBR配置MP-EBGP
[R4-ASBR]bgp 100
[R4-ASBR-bgp]peer 211.137.45.5 as-number 200
[R4-ASBR-bgp]ipv4-family vpnv4
[R4-ASBR-bgp-af-vpnv4]peer 211.137.45.5 enable
## R5-ASBR配置MP-EBGP
[R5-ASBR]bgp 200
[R5-ASBR-bgp]peer 211.137.45.4 as-number 100
[R5-ASBR-bgp]ipv4-family vpnv4
[R5-ASBR-bgp-af-vpnv4]peer 211.137.45.4 enable
7.测试
在客户端上分别进行测试,总部PC1可以连通分公司PC2和PC3,但是分公司之间PC2和PC3无法互通
## 总部PC1测试结果
PC>ping 10.0.2.1
Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
From 10.0.2.1: bytes=32 seq=1 ttl=124 time=406 ms
From 10.0.2.1: bytes=32 seq=2 ttl=124 time=375 ms
From 10.0.2.1: bytes=32 seq=3 ttl=124 time=282 ms
From 10.0.2.1: bytes=32 seq=4 ttl=124 time=344 ms
From 10.0.2.1: bytes=32 seq=5 ttl=124 time=312 ms
--- 10.0.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 282/343/406 ms
PC>ping 10.0.3.1
Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
From 10.0.3.1: bytes=32 seq=1 ttl=124 time=437 ms
From 10.0.3.1: bytes=32 seq=2 ttl=124 time=234 ms
From 10.0.3.1: bytes=32 seq=3 ttl=124 time=469 ms
From 10.0.3.1: bytes=32 seq=4 ttl=124 time=234 ms
From 10.0.3.1: bytes=32 seq=5 ttl=124 time=344 ms
--- 10.0.3.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 234/343/469 ms
## 分公司PC2测试结果
PC>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=297 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=265 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=437 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 265/331/437 ms
PC>ping 10.0.3.1
Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 10.0.3.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
## 分公司PC3测试结果
PC>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=407 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=360 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=281 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=329 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=359 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 281/347/407 ms
PC>ping 10.0.2.1
Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 10.0.2.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
在PC1上ping测试PC2,并从各个接口上抓包分析标签变化
R1-R2:CE->PE,普通IPv4报文,无标签
R2-R3:PE-P,内层标签1179,为MP-BGP分配;外层标签1026,为LDP分配
R3-R4:P-ASBR,外层标签1026根据PHP弹出,因此仅剩内层标签1179
R4-R5:ASBR-ASBR,MP-EBGP完成标签交换,内层标签由1179变为1165
在R4-ASBR上查看LSP信息,确认与实际情况一致,即入标签1179,出标签1165
<R4-ASBR>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.0.1.0/24 1182/1061 -/- ASBR LSP
0.0.0.0/0 1177/1028 -/- ASBR LSP
0.0.0.0/0 1113/1100 -/- ASBR LSP
10.0.2.0/24 1179/1165 -/- ASBR LSP
0.0.0.0/0 1115/1102 -/- ASBR LSP
10.0.3.0/24 1181/1167 -/- ASBR LSP
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
4.4.4.4/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1027/3 -/GE0/0/1
2.2.2.2/32 NULL/1027 -/GE0/0/1
2.2.2.2/32 1175/1027 -/GE0/0/1
R5-R6:ASBR-P,内层标签由MP-IBGP完成替换,从1165变为1130;外层标签1026,为LDP分配
在R5-ASBR上查看LSP信息,与实际一致,即入标签1165,出标签1130
<R5-ASBR>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
0.0.0.0/0 1100/1028 -/- ASBR LSP
10.0.2.0/24 1165/1130 -/- ASBR LSP
0.0.0.0/0 1102/1029 -/- ASBR LSP
10.0.3.0/24 1166/1131 -/- ASBR LSP
10.0.1.0/24 1164/1178 -/- ASBR LSP
0.0.0.0/0 1163/1177 -/- ASBR LSP
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
5.5.5.5/32 3/NULL -/-
7.7.7.7/32 NULL/1026 -/GE0/0/1
7.7.7.7/32 1026/1026 -/GE0/0/1
6.6.6.6/32 NULL/3 -/GE0/0/1
6.6.6.6/32 1027/3 -/GE0/0/1
R6-R7:P-PE,外层标签1026根据PHP弹出,仅剩内层标签1130
R7-R8:PE-CE,普通IPv4报文,内层标签1130也弹出
