通过全局路由表的方式实现MPLS ***上互联网
A.CE只配置一条默认路由到PE
B.PE设置VRF的默认路由到IGW,并设置global属性
C.这样PE就不需要有互联网的路由,只需要通过默认路由把包送到IGW
D.NAT是在CE上面做的,PE需要设置到nat后地址的静态路由指向CE,并将该静态路由重分布到IGP中,让IGW能学习的到,并通过EBGP通告给外界
E.IGW通过EBGP与外界联系,获得互联网路由,通过IGP获得内部路由,因为只负载互联网访问,可以配置路由过滤,只接收CE NAT后的路由
----测试时发现配置路由过滤的时候,必须放行LDP邻居Local LDP Ident标识的网段,都在LDP邻居无法建立
----尝试过利用mpls ldp router-id Ethernet0/2命令指定LDP Ident,但是没有效果,即使是把接口的mpls ip命令取消,再重启输入。(eth0/2不管是否开启LDP都没有用)
-----后来经人指点,在接口下配置mpls ldp discovery transport-address interface,设置成功,这样P路由器用接口地址与IGW路由器,建立LDP邻居,就不受路由过滤的影响了
三.测试拓扑:
ip address 4.4.4.4 255.255.255.255
interface Loopback1
ip address 192.168.1.1 255.255.255.0
interface Loopback2
ip address 192.168.10.1 255.255.255.0
ip address 10.1.1.1 255.255.255.0
rd 100:1
route-target export 1:1
route-target import 1:1
ip address 1.1.1.1 255.255.255.255
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
mpls ip
interface Ethernet0/1
ip vrf forwarding A
ip address 10.1.1.2 255.255.255.0
no shut
ip address 2.2.2.2 255.255.255.255
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
mpls ip
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
no shut
mpls ip
interface Ethernet0/2
ip address 26.1.1.6 255.255.255.0
mpls ip
no shut
mpls ldp discovery transport-address interface
------用接口的地址与对方建立LDP邻居,否则会受到路由过滤的影响,而无法建立LDP邻居
rd 100:1
route-target export 1:1
route-target import 1:1
ip address 3.3.3.3 255.255.255.0
ip address 23.1.1.3 255.255.255.0
ip vrf forwarding A
ip address 202.100.1.2 255.255.255.252
ip address 5.5.5.5 255.255.255.255
interface Loopback1
ip address 192.168.2.1 255.255.255.0
interface Loopback2
ip address 192.168.20.1 255.255.255.0
ip address 10.1.2.1 255.255.255.0
ip route vrf A 192.168.1.0 255.255.255.0 10.1.1.1
ip route vrf A 192.168.2.0 255.255.255.0 10.1.2.1
redistribute static subnets
network 0.0.0.0 255.255.255.255 area 0
router-id 2.2.2.2
network 0.0.0.0 255.255.255.255 area 0
router-id 3.3.3.3
redistribute static subnets
network 0.0.0.0 255.255.255.255 area 0
no synchronization
bgp router-id 1.1.1.1
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
address-family ***v4
address-family ipv4 vrf A
no synchronization
no synchronization
bgp router-id 3.3.3.3
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
no auto-summary
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
address-family ipv4 vrf A
no synchronization
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.2/32 0 Et0/0 12.1.1.2
17 19 3.3.3.3/32 0 Et0/0 12.1.1.2
18 Pop tag 23.1.1.0/24 0 Et0/0 12.1.1.2
19 Untagged 192.168.1.0/24 0 Et0/1 10.1.1.1
20 18 192.168.2.0/24 0 Et0/0 12.1.1.2
21 Untagged 192.168.1.0/24[V] 7012 Et0/1 10.1.1.1
22 Pop tag 26.1.1.0/24 0 Et0/0 12.1.1.2
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 12.1.1.0/24 0 Et0/0 23.1.1.2
17 17 1.1.1.1/32 0 Et0/0 23.1.1.2
18 Pop tag 2.2.2.2/32 0 Et0/0 23.1.1.2
19 16 192.168.1.0/24 0 Et0/0 23.1.1.2
20 Untagged 192.168.2.0/24 0 Et0/1 10.1.2.1
21 Untagged 192.168.2.0/24[V] 6410 Et0/1 10.1.2.1
22 Pop tag 26.1.1.0/24 0 Et0/0 23.1.1.2
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 10.1.1.2 188 msec 52 msec 64 msec
2 12.1.1.2 [MPLS: Labels 19/21 Exp 0] 156 msec 144 msec 140 msec
3 10.1.2.2 [MPLS: Label 21 Exp 0] 96 msec 100 msec 124 msec
4 10.1.2.1 172 msec 160 msec *
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.2.1
mode transport
set transform-set transet
ip mtu 1400
tunnel source Loopback1
tunnel destination 192.168.2.1
tunnel protection ipsec profile ipsec_profile
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.1.1
mode transport
set transform-set transet
ip mtu 1400
tunnel source Loopback1
tunnel destination 192.168.1.1
tunnel protection ipsec profile ipsec_profile
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 156/186/232 ms
dst src state conn-id slot status
192.168.2.1 192.168.1.1 QM_IDLE 2 0 ACTIVE
CE-1#show crypto engine connections active
ID Interface IP-Address State Algorithm Encrypt Decrypt
2 Tunnel0 172.16.1.1 set HMAC_MD5+3DES_56_C 0 0
2001 Tunnel0 192.168.1.1 set 3DES+MD5 4 0
2002 Tunnel0 192.168.1.1 set 3DES+MD5 0 4
ip nat inside
ip nat outside
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.0.0 0.0.255.255 any
ip nat inside source list PAT pool NATPOOL overload
ip route 202.100.1.0 255.255.255.0 Ethernet0/1 10.1.1.1
ip route vrf A 202.100.1.0 255.255.255.0 10.1.1.1
---IGP重分布静态路由已经配置
C.CE2:
ip nat inside
ip nat outside
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.0.0 0.0.255.255 any
ip nat inside source list PAT pool NATPOOL overload
ip route 202.100.2.0 255.255.255.0 Ethernet0/1 10.1.2.1
ip route vrf A 202.100.2.0 255.255.255.0 10.1.2.1
ip address 6.6.6.6 255.255.255.255
interface Ethernet0/0
ip address 26.1.1.6 255.255.255.0
no shut
mpls ip
interface Ethernet0/1
ip address 67.1.1.6 255.255.255.0
access-list 10 permit 202.100.2.0 0.0.0.255
access-list 10 permit 23.1.1.0 0.0.0.255
---如果P路由器没有在接口指定LDP的用什么IP来建立邻居,则需要根据LDP邻居的ID来确定网段来放行
router ospf 1
router-id 6.6.6.6
passive-interface default
no passive-interface Ethernet0/0
network 26.1.1.0 0.0.0.255 area 0
network 67.1.1.0 0.0.0.255 area 0
router bgp 100
no synchronization
bgp router-id 6.6.6.6
network 202.100.1.0
network 202.100.2.0
neighbor 67.1.1.7 remote-as 200
no auto-summary
ip address 7.7.7.7 255.255.255.255
interface Loopback1
ip address 202.100.3.7 255.255.255.0
interface Ethernet0/0
ip address 67.1.1.7 255.255.255.0
no synchronization
bgp router-id 7.7.7.7
network 202.100.3.0
no auto-summary
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
B 202.100.2.0/24[20/20] via 67.1.1.6, 00:11:34
C 202.100.3.0/24 is directly connected, Loopback1
67.0.0.0/24 is subnetted, 1 subnets
C 67.1.1.0 is directly connected, Ethernet0/0
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
B 202.100.1.0/24[20/20] via 67.1.1.6, 00:12:04
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O E2 202.100.2.0/24 [110/20] via 26.1.1.2, 00:04:54, Ethernet0/0
B 202.100.3.0/24[20/0] via 67.1.1.7, 00:42:18
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
67.0.0.0/24 is subnetted, 1 subnets
C 67.1.1.0 is directly connected, Ethernet0/1
O E2 202.100.1.0/24 [110/20] via 26.1.1.2, 00:04:54, Ethernet0/0
26.0.0.0/24 is subnetted, 1 subnets
C 26.1.1.0 is directly connected, Ethernet0/0
Type escape sequence to abort.
Tracing the route to 202.100.3.7
1 10.1.1.2 88 msec 124 msec 52 msec
2 12.1.1.2 [MPLS: Label 21 Exp 0] 92 msec 140 msec 120 msec
3 26.1.1.6 108 msec 168 msec 164 msec
4 67.1.1.7 172 msec 200 msec *
CE-1#
Type escape sequence to abort.
Tracing the route to 202.100.3.7
1 10.1.2.2 52 msec 108 msec 84 msec
2 23.1.1.2 [MPLS: Label 21 Exp 0] 60 msec 60 msec 140 msec
3 26.1.1.6 104 msec 148 msec 172 msec
4 67.1.1.7 160 msec 144 msec *
通过全局路由表的方式实现MPLS ***上互联网相关推荐
- 3种 Springboot 全局时间格式化方式,别再写重复代码了
时间格式化在项目中使用频率是非常高的,当我们的 API 接口返回结果,需要对其中某一个 date 字段属性进行特殊的格式化处理,通常会用到 SimpleDateFormat 工具处理. SimpleD ...
- Springboot实战:3种 Springboot 全局时间格式化方式
时间格式化在项目中使用频率是非常高的,当我们的 API 接口返回结果,需要对其中某一个 date 字段属性进行特殊的格式化处理,通常会用到 SimpleDateFormat 工具处理. SimpleD ...
- java date 格式化_3种 Springboot 全局时间格式化方式,别再写重复代码了
原文:3种 Springboot 全局时间格式化方式,别再写重复代码了 掘金 作者: 程序员内点事 时间格式化在项目中使用频率是非常高的,当我们的API接口返回结果,需要对其中某一个date字段属性进 ...
- 详解Unity 5 全局光照系统Enlighten问题(上)
Unity 5正式版面世已经一段时间,许多开发者都已经在使用Unity 5进行开发.大家在使用Unity 5时或多或少都会碰到一些问题,今天我们Unity的官方技术工程师,柳振东将在本文中针对Unit ...
- ETH:Windows搭建ETH(区块链技术)利用Web端和小程序端两种方式调用ETH上的SC智能合约
ETH:Windows搭建ETH(区块链技术)利用Web端和小程序端两种方式调用ETH上的SC智能合约 目录 1.Geth安装.配置文件.与ETH节点交互 1.1.下载并安装好geth客户端 1.2. ...
- Mockito –使用全局配置的SmartNull在NPE上提供更好的错误消息
编写Mockito参考卡后,我有机会仔细研究了Mockito不太流行但非常有用的功能. 其中一些过于先进或太稀少,无法在refcard中进行描述,因此应简短说明. 其中之一就是SmartNull. 当 ...
- python+[:]+切片_我从C ++到Python的方式:概念上的改变
python+[:]+切片 by asya f 由asya f 我从C ++到Python的方式:概念上的改变 (How I went from C++ to Python: a conceptual ...
- 全面详解Android实现多线程的几种方式(史上最全,最详细)
一.前言 Android多线程实现方式包括: 1.基础使用 继承Thread类 实现Runnable接口 Handler 2.复合使用 AsyncTask HandlerThread IntentSe ...
- 华为云DevCloud为虚拟仿真插上互联网的翅膀
华为云DevCloud为虚拟仿真插上互联网的翅膀 两三年前,虚拟仿真或者说VR,火得一塌糊涂,火得不真实.又在无人察觉中,平静地落下帷幕,这个行业开始回归本质.原本专业性极强的领域,以游戏为突破口.以 ...
最新文章
- 一文读懂Python复杂网络分析库networkx | CSDN博文精选
- ACMNO.47 矩形面积交(有图) 平面上有两个矩形,它们的边平行于直角坐标系的X轴或Y轴。对于每个矩形,我们给出它的一对相对顶点的坐标,请你编程算出两个矩形的交的面积。
- top刷新间隔_每天一个linux命令:top命令
- 将时间保存到pb_Nature Geoscience:沉积岩容矿Cu-Pb-Zn矿床受控于克拉通边缘稳定性...
- php无限极分类实例,PHP实例:PHP无限极分类
- Linux环境安装、卸载Docker
- 理解 K8s 资源更新机制,从一个 OpenKruise 用户疑问开始
- [推荐] 世界上最健康的作息时间表
- Python面试题目--汇总
- 基于openfire源码开发插件
- 程序员谈网络改变我们的生活
- iOS使用新浪微博、微信官方SDK分享内容
- 高通工具QXDM、QCAT和QPST
- 3D相机成像原理简介
- git rebase 命令 常用_git rebase命令
- 省市区级联SQL文件(MySQL)
- C# winfrom 在button按钮上显示箭头
- 第二十三课:运算放大电路正反馈
- IDEA 批量修改变量名、批量替换代码快捷键
- pyecharts柱状图颜色设置