BGP MPLS VPN(OPTION A)实验笔记
2024-05-14 06:59:10
1.实验说明
(1) 实验目的
配置BGP MPLS VPN OPTION A,使得总部与分公司私网互通,分公司与总部之间可互访,但分公司之间不能互访。
(2) 实验拓扑
(3) 地址说明
业务地址段:
私网地址段
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
网络地址段:
| 路由器 | 接口 | IP | 备注 |
| R1-CE | loopback0 | 1.1.1.1/32 | |
| GE 0/0/1 | 192.168.1.2/30 | ||
| Ethernet 0/0/1 | 10.0.1.254/24 | ||
| R2-PE | loopback0 | 2.2.2.2/32 | |
| GE 0/0/1 | 192.168.1.1/30 | vpn | |
| GE 0/0/0 | 211.137.23.2/24 | ||
| R3-P | loopback0 | 3.3.3.3/32 | |
| GE 0/0/0 | 211.137.23.3/24 | ||
| GE 0/0/1 | 211.137.34.3/24 | ||
| R4-ASBR | loopback0 | 4.4.4.4/32 | |
| GE 0/0/1 | 211.137.34.4/24 | ||
| GE 0/0/2 | 211.137.45.4/24 | vpn | |
| R5-ASBR | loopback0 | 5.5.5.5/32 | |
| GE 0/0/2 | 211.137.45.5/24 | vpn | |
| GE 0/0/1 | 211.137.56.5/24 | ||
| R6-P | loopback0 | 6.6.6.6/32 | |
| GE 0/0/1 | 211.137.56.6/24 | ||
| GE 0/0/0 | 211.137.67.6/24 | ||
| R7-PE | loopback0 | 7.7.7.7/32 | |
| GE 0/0/0 | 211.137.67.7/24 | ||
| GE 0/0/1 | 192.168.2.1/30 | vpn | |
| GE 0/0/2 | 192.168.3.1/30 | vpn | |
| R8-CE | loopback0 | 8.8.8.8/32 | |
| GE 0/0/1 | 192.168.2.2/30 | ||
| Ethernet 0/0/1 | 10.0.2.254/24 | ||
| R9-CE | loopback0 | 9.9.9.9/32 | |
| GE 0/0/1 | 192.168.3.2/30 | ||
| Ethernet 0/0/1 | 10.0.3.254/24 |
(4) 实验思路
1.各AS内的MPLS骨干网上分别配置IGP协议,实现各自骨干网ASBR和PE之间的互通
2.各AS内的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP,建立LDP LSP
3.各AS内,PE与ASBR-PE之间建立MP-IBGP对等体关系,交换VPN路由信息
4.各AS内,与CE相连的PE上需配置VPN实例,并把与CE相连的接口和相应的VPN实例绑定
5.各AS内,PE与CE之间建立EBGP对等体关系,交换VPN路由信息
6.在两个ASBR-PE上创建VPN实例,并将此实例绑定到连接另一个ASBR的接口(把一个ASBR-PE当成是自己的CE),并在ASBR之间建立EBGP对等体关系传递VPN路由信息
(5) OPTION A
路由层面
C E ⟺ e b g p P E ⟺ M P − I B G P A S B R ⟺ s t a t i c A S B R ⟺ M P − I B G P P E ⟺ e b g p C E CE \stackrel{ebgp}{\Longleftrightarrow} PE \stackrel{MP-IBGP}{\Longleftrightarrow} ASBR \stackrel{static}{\Longleftrightarrow} ASBR \stackrel{MP-IBGP}{\Longleftrightarrow} PE \stackrel{ebgp}{\Longleftrightarrow} CE CE⟺ebgpPE⟺MP−IBGPASBR⟺staticASBR⟺MP−IBGPPE⟺ebgpCE
转发层面
C E ⟺ I P P E ⟺ M P L S P ⟺ M P L S A S B R ⟺ I P A S B R ⟺ M P L S P ⟺ M P L S P E ⟺ I P C E CE \stackrel{IP}{\Longleftrightarrow} PE \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} ASBR \stackrel{IP} {\Longleftrightarrow} ASBR \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} PE \stackrel{IP}{\Longleftrightarrow} CE CE⟺IPPE⟺MPLSP⟺MPLSASBR⟺IPASBR⟺MPLSP⟺MPLSPE⟺IPCE
(6) ABC区别
| Option A | Option B | Option C | |
|---|---|---|---|
| ASBR间交换的路由类型 | 客户的IPv4路由 | VPNv4路由 | 公网IPv4路由 |
| AS间标签交换 | 否 | VPN标签 | IPv4路由标签(通过eBGP传递) |
| AS之间是否需要启用LDP | 否 | 否 | 否 |
| AS之间是否需要启用MP-BGP | 否 | 是 | 是 |
| VPNv4路由在哪里维护 | ASBR | ASBR | PE或RR |
| 适用场景 | 一般用于国际运营商之间 | 同一个运营商中的不同AS之间 | 同一个运营商中的不同AS之间 |
2. 骨干域IGP配置(OSPF)
OSPF配置后,PE、P、ASBR可以相互学到loopback路由,是后续MPLS/LDP标签传递、PE/ASBR BGP邻居建立的基础
## R2-PE的ospf配置
<R2-PE>display current-configuration configuration ospf
#
ospf 1 router-id 2.2.2.2area 0.0.0.0network 211.137.23.0 0.0.0.255network 2.2.2.2 0.0.0.0
#
return## R3-P的ospf配置
<R3-P>display current-configuration configuration ospf
#
ospf 1 router-id 3.3.3.3area 0.0.0.0network 211.137.23.0 0.0.0.255network 211.137.34.0 0.0.0.255network 3.3.3.3 0.0.0.0
#
return## R4-ASBR的ospf配置
<R4-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 4.4.4.4area 0.0.0.0network 211.137.34.0 0.0.0.255network 4.4.4.4 0.0.0.0
#
return## R7-PE的ospf配置
<R7-PE>display current-configuration configuration ospf
#
ospf 1 router-id 7.7.7.7area 0.0.0.0network 211.137.67.0 0.0.0.255network 7.7.7.7 0.0.0.0
#
return## R6-P的ospf配置
<R6-P>display current-configuration configuration ospf
#
ospf 1 router-id 6.6.6.6area 0.0.0.0network 211.137.56.0 0.0.0.255network 211.137.67.0 0.0.0.255network 6.6.6.6 0.0.0.0
#
return## R5-ASBR的ospf配置
<R5-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 5.5.5.5area 0.0.0.0network 211.137.56.0 0.0.0.255network 5.5.5.5 0.0.0.0
#
return
查看lsdb,确认PE/P/ASBR的loopback均已通过ospf发布
<R3-P>display ospf lsdbOSPF Process 1 with Router ID 3.3.3.3Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.4 4.4.4.4 8 48 80000004 0Router 2.2.2.2 2.2.2.2 91 48 80000006 0Router 3.3.3.3 3.3.3.3 0 60 80000009 0Network 211.137.23.2 2.2.2.2 91 32 80000002 0Network 211.137.34.3 3.3.3.3 0 32 80000002 0<R6-P>display ospf lsdbOSPF Process 1 with Router ID 6.6.6.6Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 7.7.7.7 7.7.7.7 18 48 80000006 0Router 6.6.6.6 6.6.6.6 19 60 80000007 0Router 5.5.5.5 5.5.5.5 26 48 80000006 0Network 211.137.67.7 7.7.7.7 18 32 80000002 0Network 211.137.56.5 5.5.5.5 26 32 80000002 0
3.骨干域MPLS/LDP配置
分别在全局和接口下启用MPLS和LDP
## R2-PE启用MPLS和LDP
[R2-PE]mpls lsr-id 2.2.2.2
[R2-PE]mpls
Info: Mpls starting, please wait... OK!
[R2-PE-mpls]mpls ldp
[R2-PE-mpls-ldp]quit
[R2-PE]interface GigabitEthernet 0/0/0
[R2-PE-GigabitEthernet0/0/0]mpls
[R2-PE-GigabitEthernet0/0/0]mpls ldp## R3-P启用MPLS和LDP
[R3-P]mpls lsr-id 3.3.3.3
[R3-P]mpls
Info: Mpls starting, please wait... OK!
[R3-P-mpls]mpls ldp
[R3-P-mpls-ldp]quit
[R3-P]interface GigabitEthernet 0/0/0
[R3-P-GigabitEthernet0/0/0]mpls
[R3-P-GigabitEthernet0/0/0]mpls ldp
[R3-P-GigabitEthernet0/0/0]quit
[R3-P]interface GigabitEthernet 0/0/1
[R3-P-GigabitEthernet0/0/1]mpls
[R3-P-GigabitEthernet0/0/1]mpls ldp## R4-ASBR启用MPLS和LDP
[R4-ASBR]mpls lsr-id 4.4.4.4
[R4-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R4-ASBR-mpls]mpls ldp
[R4-ASBR-mpls-ldp]quit
[R4-ASBR]interface GigabitEthernet 0/0/1
[R4-ASBR-GigabitEthernet0/0/1]mpls
[R4-ASBR-GigabitEthernet0/0/1]mpls ldp## R7-PE启用MPLS和LDP
[R7-PE]mpls lsr-id 7.7.7.7
[R7-PE]mpls
Info: Mpls starting, please wait... OK!
[R7-PE-mpls]mpls ldp
[R7-PE-mpls-ldp]quit
[R7-PE]interface GigabitEthernet 0/0/0
[R7-PE-GigabitEthernet0/0/0]mpls
[R7-PE-GigabitEthernet0/0/0]mpls ldp## R6-P启用MPLS和LDP
[R6-P]mpls lsr-id 6.6.6.6
[R6-P]mpls
Info: Mpls starting, please wait... OK!
[R6-P-mpls]mpls ldp
[R6-P-mpls-ldp]quit
[R6-P]interface GigabitEthernet 0/0/0
[R6-P-GigabitEthernet0/0/0]mpls
[R6-P-GigabitEthernet0/0/0]mpls ldp
[R6-P-GigabitEthernet0/0/0]quit
[R6-P]interface GigabitEthernet 0/0/1
[R6-P-GigabitEthernet0/0/1]mpls
[R6-P-GigabitEthernet0/0/1]mpls ldp## ASBR2启用MPLS和LDP
[R5-ASBR]mpls lsr-id 5.5.5.5
[R5-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R5-ASBR-mpls]mpls ldp
[R5-ASBR-mpls-ldp]quit
[R5-ASBR]interface GigabitEthernet 0/0/1
[R5-ASBR-GigabitEthernet0/0/1]mpls
[R5-ASBR-GigabitEthernet0/0/1]mpls ldp查看LSP
<R3-P>display mpls lsp
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
3.3.3.3/32 3/NULL -/-
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1025/3 -/GE0/0/1<P1>display mpls lsp<R6-P>display mpls lsp
-------------------------------------------------------------------------------LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 3/NULL -/-
7.7.7.7/32 NULL/3 -/GE0/0/0
7.7.7.7/32 1024/3 -/GE0/0/0
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1025/3 -/GE0/0/1
4.骨干域MP-IBGP配置
在R2-PE和R4-ASBR之间配置IBGP
## R2-PE上配置
[R2-PE]bgp 100
[R2-PE-bgp]peer 4.4.4.4 as-number 100
[R2-PE-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R2-PE-bgp]ipv4-family vpnv4
[R2-PE-bgp-af-vpnv4]policy vpn-target
[R2-PE-bgp-af-vpnv4]peer 4.4.4.4 enable## R4-ASBR上配置
[R4-ASBR]bgp 100
[R4-ASBR-bgp]peer 2.2.2.2 as-number 100
[R4-ASBR-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R4-PE-bgp]ipv4-family vpnv4
[R4-PE-bgp-af-vpnv4]policy vpn-target
[R4-PE-bgp-af-vpnv4]peer 2.2.2.2 enable
同样在R7-PE和R5-ASBR之间配置IBGP
## R7-PE上配置
[R7-PE]bgp 200
[R7-PE-bgp]peer 5.5.5.5 as-number 200
[R7-PE-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R7-PE-bgp]ipv4-family vpnv4
[R7-PE-bgp-af-vpnv4]policy vpn-target
[R7-PE-bgp-af-vpnv4]peer 5.5.5.5 enable
## R5-ASBR上配置
[R5-ASBR]bgp 200
[R5-ASBR-bgp]peer 7.7.7.7 as-number 200
[R5-ASBR-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R5-PE-bgp]ipv4-family vpnv4
[R5-PE-bgp-af-vpnv4]policy vpn-target
[R5-PE-bgp-af-vpnv4]peer 7.7.7.7 enable
5.PE上VPN实例配置
(1) 分公司配置
同一AS内的ASBR-PE与PE的VPN实例的VPN-Target应能匹配,不同AS的PE的VPN实例的VPN-Target则不需要匹配。
R7-PE上创建VPN实例vpn2和vpn3,将R8-CE和R9-CE分别接入到R7-PE上
## 创建vpn实例,名称为vpn2
[R7-PE]ip vpn-instance vpn2
## 使用ipv地址
[R7-PE-vpn-instance-vpn2]ipv4-family
## RD设置为100:2
[R7-PE-vpn-instance-vpn2-af-ipv4]route-distinguisher 100:2
## 设置vpn-target
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 4:4 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]quit
[R7-PE-vpn-instance-vpn2]quit
## 创建vpn实例,名称为vpn3
[R7-PE]ip vpn-instance vpn3
[R7-PE-vpn-instance-vpn3]ipv4-family
[R7-PE-vpn-instance-vpn3-af-ipv4]route-distinguisher 100:3
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 3:3 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 4:4 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn2的实例绑定到GigabitEthernet 0/0/1上,vpn3实例绑定到GigabitEthernet 0/0/2上
绑定后需要重新配置IP
[R7-PE]interface GigabitEthernet 0/0/1
[R7-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/1]ip address 192.168.2.1 30
[R7-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpn2ip address 192.168.2.1 255.255.255.252
#
return
[R7-PE-GigabitEthernet0/0/1]quit
[R7-PE]interface GigabitEthernet 0/0/2
[R7-PE-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/2]ip address 192.168.3.1 30
[R7-PE-GigabitEthernet0/0/2]display this
#
interface GigabitEthernet0/0/2ip binding vpn-instance vpn3ip address 192.168.3.1 255.255.255.252
#
return
配置R7-PE和R8-CE、R9-CE的BGP邻居及路由
## R7-PE上配置BGP,分别在vpn2和vpn3中配置到R8-CE和R9-CE的BGP邻居,并下发缺省路由
[R7-PE]bgp 200
[R7-PE-bgp]ipv4-family vpn-instance vpn2
[R7-PE-bgp-vpn2]peer 192.168.2.2 as-number 10002
[R7-PE-bgp-vpn2]network 0.0.0.0 0.0.0.0
[R7-PE-bgp-vpn2]quit
[R7-PE-bgp]ipv4-family vpn-instance vpn3
[R7-PE-bgp-vpn3]peer 192.168.3.2 as-number 10003
[R7-PE-bgp-vpn3]network 0.0.0.0 0.0.0.0
[R7-PE-bgp-vpn3]quit
[R7-PE-bgp]quit
## R7-PE上配置黑洞路由,以使BGP发布路由生效
[R7-PE]ip route-static vpn-instance vpn2 0.0.0.0 0.0.0.0 NULL0 preference 255
[R7-PE]ip route-static vpn-instance vpn3 0.0.0.0 0.0.0.0 NULL0 preference 255## R8-CE上配置BGP
[R8-CE]bgp 10002
[R8-CE-bgp]peer 192.168.2.1 as-number 200
[R8-CE-bgp]network 10.0.2.0 255.255.255.0
## R9-CE上配置BGP
[R9-CE]bgp 10003
[R9-CE-bgp]peer 192.168.3.1 as-number 200
[R9-CE-bgp]network 10.0.3.0 255.255.255.0
在R8-CE和R9-CE上查看BGP收发路由情况
<R8-CE>display bgp routing-table peer 192.168.2.1 advertised-routes BGP Local router ID is 8.8.8.8 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.2.0/24 192.168.2.2 0 0 10002i
<R8-CE>display bgp routing-table peer 192.168.2.1 received-routes BGP Local router ID is 8.8.8.8 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 0.0.0.0 192.168.2.1 0 0 200i<R9-CE>display bgp routing-table peer 192.168.3.1 advertised-routes BGP Local router ID is 9.9.9.9 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.3.0/24 192.168.3.2 0 0 10003i
<R9-CE>display bgp routing-table peer 192.168.3.1 received-routes BGP Local router ID is 9.9.9.9 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 0.0.0.0 192.168.3.1 0 0 200i
在R7-PE上对两段业务地址进行PING测试
<R7-PE>ping -vpn-instance vpn2 10.0.2.1PING 10.0.2.1: 56 data bytes, press CTRL_C to breakReply from 10.0.2.1: bytes=56 Sequence=1 ttl=127 time=100 msReply from 10.0.2.1: bytes=56 Sequence=2 ttl=127 time=70 msReply from 10.0.2.1: bytes=56 Sequence=3 ttl=127 time=80 msReply from 10.0.2.1: bytes=56 Sequence=4 ttl=127 time=40 msReply from 10.0.2.1: bytes=56 Sequence=5 ttl=127 time=60 ms--- 10.0.2.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 40/70/100 ms<R7-PE>ping -vpn-instance vpn3 10.0.3.1PING 10.0.3.1: 56 data bytes, press CTRL_C to breakReply from 10.0.3.1: bytes=56 Sequence=1 ttl=127 time=50 msReply from 10.0.3.1: bytes=56 Sequence=2 ttl=127 time=80 msReply from 10.0.3.1: bytes=56 Sequence=3 ttl=127 time=70 msReply from 10.0.3.1: bytes=56 Sequence=4 ttl=127 time=50 msReply from 10.0.3.1: bytes=56 Sequence=5 ttl=127 time=130 ms--- 10.0.3.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 50/76/130 ms
(2) 总公司配置
R2-PE上创建VPN实例vpn1,将R1-CE接入到R2-PE上
[R2-PE]ip vpn-instance vpn1
[R2-PE-vpn-instance-vpn1]ipv4-family
[R2-PE-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn1的实例绑定到GigabitEthernet 0/0/1上
[R2-PE]interface GigabitEthernet 0/0/1
[R2-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R2-PE-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[R2-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpn1ip address 192.168.1.1 255.255.255.252
#
return
配置R2-PE和R1-CE的BGP邻居及路由
## R2-PE上配置BGP,在vpn1中配置到R1-CE的BGP邻居,并下发缺省路由
[R2-PE]bgp 100
[R2-PE-bgp]ipv4-family vpn-instance vpn1
[R2-PE-bgp-vpn1]peer 192.168.1.2 as-number 10001
[R2-PE-bgp-vpn1]network 0.0.0.0 0.0.0.0## R2-PE上配置黑洞路由,以使BGP发布路由生效
[R2-PE]ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL 0 preference 255## R1-CE上配置BGP
[R1-CE]bgp 10001
[R1-CE-bgp]peer 192.168.1.1 as-number 100
[R1-CE-bgp]network 10.0.1.0 255.255.255.0
在R1-CE上查看BGP收发路由情况
<R1-CE>display bgp routing-table peer 192.168.1.1 advertised-routes BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 10.0.1.0/24 192.168.1.2 0 0 10001i
<R1-CE>display bgp routing-table peer 192.168.1.1 received-routes BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped,h - history, i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network NextHop MED LocPrf PrefVal Path/Ogn*> 0.0.0.0 192.168.1.1 0 0 100i
在R2-PE上对业务地址进行PING测试
<R2-PE>ping -vpn-instance vpn1 10.0.1.1PING 10.0.1.1: 56 data bytes, press CTRL_C to breakReply from 10.0.1.1: bytes=56 Sequence=1 ttl=127 time=60 msReply from 10.0.1.1: bytes=56 Sequence=2 ttl=127 time=60 msReply from 10.0.1.1: bytes=56 Sequence=3 ttl=127 time=40 msReply from 10.0.1.1: bytes=56 Sequence=4 ttl=127 time=60 msReply from 10.0.1.1: bytes=56 Sequence=5 ttl=127 time=100 ms--- 10.0.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 40/64/100 ms
6.跨域VPN配置
ASBR之间设置VRF来进行RT值的过滤,选择合适的RT值来完成需求
配置R4-ASBR和R5-ASBR之间的EBGP邻居
## R4-ASBR的vpn实例配置
[R4-ASBR]ip vpn-instance vpn4
[R4-ASBR-vpn-instance-vpn4]route-distinguisher 100:4
[R4-ASBR-vpn-instance-vpn4-af-ipv4]vpn-target 1:1 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R4-ASBR-vpn-instance-vpn4-af-ipv4]vpn-target 1:1 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
[R4-ASBR-vpn-instance-vpn4-af-ipv4]quit
[R4-ASBR-vpn-instance-vpn4]quit## R4-ASBR的BGP配置
[R4-ASBR]bgp 100
[R4-ASBR-bgp]ipv4-family vpn-instance vpn4
[R4-ASBR-bgp-vpn4]peer 192.168.45.5 as-number 200## R4-ASBR将VPN实例绑定至接口上
[R4-ASBR]interface GigabitEthernet 0/0/2
[R4-ASBR-GigabitEthernet0/0/2]ip binding vpn-instance vpn4
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R4-ASBR-GigabitEthernet0/0/2]ip address 211.137.45.4 24## R5-ASBR的vpn实例配置
[R5-ASBR]ip vpn-instance vpn5
[R5-ASBR-vpn-instance-vpn5]route-distinguisher 100:5
[R5-ASBR-vpn-instance-vpn5-af-ipv4]vpn-target 4:4 export-extcommunity EVT Assignment result:
Info: VPN-Target assignment is successful.
[R5-ASBR-vpn-instance-vpn5-af-ipv4]vpn-target 2:2 3:3 import-extcommunity IVT Assignment result:
Info: VPN-Target assignment is successful.
[R5-ASBR-vpn-instance-vpn5-af-ipv4]quit
[R5-ASBR-vpn-instance-vpn5]quit## R5-ASBR的BGP配置
[R5-ASBR]bgp 200
[R5-ASBR-bgp]ipv4-family vpn-instance vpn5
[R5-ASBR-bgp-vpn5]peer 192.168.45.4 as-number 100## R5-ASBR将VPN实例绑定至接口上
[R5-ASBR]interface GigabitEthernet 0/0/2
[R5-ASBR-GigabitEthernet0/0/2]ip binding vpn-instance vpn5
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R5-ASBR-GigabitEthernet0/0/2]ip address 211.137.45.5 24
7.测试
在客户端上分别进行测试,总部PC1可以连通分公司PC2和PC3,但是分公司之间PC2和PC3无法互通
## 总部PC1测试结果
PC>ping 10.0.2.1Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
From 10.0.2.1: bytes=32 seq=1 ttl=122 time=328 ms
From 10.0.2.1: bytes=32 seq=2 ttl=122 time=297 ms
From 10.0.2.1: bytes=32 seq=3 ttl=122 time=297 ms
From 10.0.2.1: bytes=32 seq=4 ttl=122 time=406 ms
From 10.0.2.1: bytes=32 seq=5 ttl=122 time=375 ms--- 10.0.2.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 297/340/406 msPC>ping 10.0.3.1Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
From 10.0.3.1: bytes=32 seq=1 ttl=122 time=328 ms
From 10.0.3.1: bytes=32 seq=2 ttl=122 time=344 ms
From 10.0.3.1: bytes=32 seq=3 ttl=122 time=250 ms
From 10.0.3.1: bytes=32 seq=4 ttl=122 time=313 ms
From 10.0.3.1: bytes=32 seq=5 ttl=122 time=250 ms--- 10.0.3.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 250/297/344 ms## 分公司PC2测试结果
PC>ping 10.0.1.1Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=122 time=391 ms
From 10.0.1.1: bytes=32 seq=2 ttl=122 time=359 ms
From 10.0.1.1: bytes=32 seq=3 ttl=122 time=406 ms
From 10.0.1.1: bytes=32 seq=4 ttl=122 time=234 ms
From 10.0.1.1: bytes=32 seq=5 ttl=122 time=297 ms--- 10.0.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 234/337/406 msPC>ping 10.0.3.1Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!--- 10.0.3.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss## 分公司PC3测试结果
PC>ping 10.0.1.1Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=122 time=390 ms
From 10.0.1.1: bytes=32 seq=2 ttl=122 time=360 ms
From 10.0.1.1: bytes=32 seq=3 ttl=122 time=375 ms
From 10.0.1.1: bytes=32 seq=4 ttl=122 time=359 ms
From 10.0.1.1: bytes=32 seq=5 ttl=122 time=375 ms--- 10.0.1.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 359/371/390 msPC>ping 10.0.2.1Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!--- 10.0.2.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss
在PC1上ping测试PC2,并从各个接口上抓包分析标签变化
R1-R2:CE->PE,普通IPv4报文,无标签
R2-R3:PE-P,内层标签1030,为MP-BGP分配;外层标签1024,为LDP分配
R3-R4:P-ASBR,外层标签1024根据PHP弹出,因此仅剩内层标签1030
R4-R5:ASBR-ASBR,普通IPv4报文,无标签
R5-R6:ASBR-P,内层标签1028,为MP-BGP分配;外层标签1024,为LDP分配
R6-R7:P-PE,外层标签1024根据PHP弹出,仅剩内层标签1028
R7-R8:PE-CE,普通IPv4报文,内层标签1028也弹出
BGP MPLS VPN(OPTION A)实验笔记相关推荐
- BGP MPLS VPN(OPTION B)实验笔记
1.实验说明 (1) 实验目的 配置BGP MPLS VPN OPTION A,使得总部与分公司私网互通,分公司与总部之间可互访,但分公司之间不能互访. (2) 实验拓扑 (3) 地址说明 业务地址段 ...
- BGP/MPLS IP VPF(N) 实验(ensp)
实验拓扑图 如图1所示,本次实验使用了6台路由器(R1-R6),其中R3.R4.R5作为运营商网络中的P或PE路由器,R1.R2作为VPN客户端(CE)路由器,R6作为VPN客户端要访问的目标路由器. ...
- Cisco MPLS VPN Option A
一.拓扑 二.思路 1.AS 100内运行OSPF, AS 200运行OSPF打通底层网络 2.AS 100和200运行LDP协议,分发标签 3.PE1和ASBR-PE1建立VPNV4邻居关系(可以看 ...
- 跨域BGP/MPLS IP VPN实验(OptionA方式)
目录 一.概述 二.组网需求 三.实验拓扑 四.实验目的 五.实验编址表 六.实验步骤 1.基本配置 2.配置运营商网络的OSPF路由协议 3.配置运营商网络的MPLS协议与LDP 4.配置PE与AS ...
- H3C BGP MPLS实验
实验拓扑 https://sharewh2.xuexi365.com/share/0abf6009-85d9-4e1d-8237-1c06363d9d6a?t=3 (此链接可以下载拓扑) 图 1-1 ...
- 配置mpls vpn MCE组网
实验三:配置mpls vpn MCE组网 1.实验环境: 某公司需要通过mpls vpn实现总部和分部的互访,并且要实现不同部门之间的业务隔离,为了节省开支,总公司使用MCE设备接入不同的部门.要求分 ...
- MPLS VPN常见问题
一.PE之间路由传递有问题 1.此时建议查看RT的导入和导出属性是否匹配 2.查看路由在本地是否最优,BGP只传递最优的路由 3.查看在本地路由表中下一跳是否可达,不可达也不会传递给邻居 二.undo ...
- BGP MPLS中MCE技术介绍
技术产生背景 我们都知道BGP MPLS VPN应用较为广泛,不仅被应用于运营商网络,也被应用于企业网用户内部.而企业网的网络被分为核心层.汇聚层和接入层,也就是典型网络的层次结构.我们都知道典型网络 ...
- 商业虚拟专用网络技术十三 BGP/MPLS报文转发
二.MP-BGP路由协议 1.4.RD前缀 假设VPN1和VPN2都使用了10.110.10.0/24网段的地址,并各自发布了一条去往此网段的路由.虽然本端PE通过不同的VPN实例可以区分地址空间重叠 ...
最新文章
- R语言ggplot2可视化发散型条形图、发散条形图(Diverging Bars)是一种可以同时处理负值和正值的条形图、并按照大小排序区分数据(Diverging Bars)
- 数字化转型战略中不可忽视“软因素”
- corosync+pacemaker+drbd构建mysql高可用平台的简单案例
- 网站推广专员浅析网站排名越来越差大抵离不开这些网站推广重点
- 布局技巧:使用ViewStub
- 画正圆角矩形 - HTML5 Canvas 作图
- mxonline实战3,编写首页及用户登录页面1
- java的concurrent包
- 查看linux的系统位数
- Android 功耗(22)---MTK 功耗问题分析
- 关于Bootstrap的理解
- java 开发 加固态_搭建一个完整的Java开发环境
- swift 闭包简写实际参数名$0、$1等理解
- MAC 配置svn比较工具diffmerge
- 我把ConcurrentHashMap HashTable的知识点都整理了一下
- excel联系导入到手机通讯录(小米手机)
- Python爬虫新手入门教学(十):爬取彼岸4K超清壁纸
- Mapped Statements collection already contains value for
- Boboniu Plays Chess
- 【技巧】Markdown 交叉引用