8.10跨域VPN-OptionC典型配置
【需求】
采用OptionC方式实现跨域的BGP/MPLS VPN业务的互通。
【组网图】
【配置脚本】
PE-1配置脚本
|
#
sysname PE-1
#
router id 202.100.1.3
#
mpls lsr-id 202.100.1.3
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance
vpna
route-distinguisher
100:1
vpn-target
100:1 export-extcommunity
vpn-target
100:1 import-extcommunity
#
ip vpn-instance
vpnb
route-distinguisher
101:1
vpn-target
101:1 export-extcommunity
vpn-target
101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.2.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.3 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance
vpna
ip address 168.100.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance
vpnb
ip address 169.100.2.1 255.255.255.0
#
bgp 100
undo synchronization
group in internal
peer in label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer in connect-interface LoopBack0
peer 202.100.1.2 group
in
/和asbr-1建立iBGP/
#
ipv4-family vpn-instance
vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance
vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.100.1.2 group in
#
ospf 1
area 0.0.0.0
network 172.100.2.0 0.0.0.255
network 202.100.1.3 0.0.0.0
#
user-interface con 0
user-interface vty
0 4
#
return
|
asbr-1配置脚本
|
#
sysname asbr-1
#
router id 202.100.1.2
#
mpls lsr-id 202.100.1.2
#
radius scheme
system
#
mpls
#
mpls ldp
#
ip vpn-instance
vpna
route-distinguisher
100:1
vpn-target
100:1 export-extcommunity
vpn-target 100:1
import-extcommunity
#
ip vpn-instance
vpnb
route-distinguisher
101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface Serial2/0/1
link-protocol ppp
ip address 172.100.2.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance
vpna
ip address 168.100.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance
vpnb
ip address 169.100.1.1 255.255.255.0
#
bgp 100
undo synchronization
group ASBR1 internal
peer ASBR1
label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer ASBR1 connect-interface LoopBack0
peer 202.100.1.1 group
ASBR1
/和ASBR-1建立iBGP/
group PE1 internal
peer PE1
label-route-capability /使能对等体组处理带标签的IPv4路由的能力/
peer PE1 reflect-client
peer PE1
advertise-community
/将团体属性传给对等体组/
peer PE1 connect-interface LoopBack0
peer 202.100.1.3 group
PE1
/和PE-1建立iBGP/
group ex external
peer ex ebgp-max-hop
peer ex connect-interface LoopBack0
peer 202.200.1.2 group ex as-number
200
/和asbr-2建立多跳eBGP/
#
ipv4-family vpn-instance
vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance
vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer PE1 enable
peer PE1 reflect-client
peer 202.100.1.3 group PE1
peer ex enable
peer ex
next-hop-invariable
/向EBGP对等体发送路由时,不改变路由的下一跳/
peer 202.200.1.2 group ex
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 172.100.2.0 0.0.0.255
network 202.100.1.2 0.0.0.0
#
user-interface con 0
user-interface vty
0 4
#
return
|
ASBR-1配置脚本
|
#
sysname ASBR-1
#
router id 202.100.1.1
#
mpls lsr-id 202.100.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
domain system
#
acl number 2000
rule 0 permit source 202.100.1.3 0
#
interface Ethernet1/0/0
ip address 192.1.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.1 255.255.255.255
#
bgp 100
network 202.100.1.2 255.255.255.255
network 202.100.1.3 255.255.255.255
network 202.100.1.1 255.255.255.255
undo synchronization
group in internal
peer in label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer in
next-hop-local
/指定下一跳为自己/
peer in route-policy rr
export
/应用rr策略/
peer in connect-interface LoopBack0
peer 202.100.1.2 group
in
/和asbr-2建立iBGP/
group ex external
peer ex as-number 200
peer ex label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer ex route-policy asbr
export /应用asbr策略/
peer 192.1.1.2 group
ex /和ASBR-2建立eBGP/
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 202.100.1.1 0.0.0.0
#
route-policy asbr permit
node 10
if-match acl 2000
apply mpls-label
route-policy asbr permit
node 20
route-policy rr permit node
10
if-match mpls-label
apply mpls-label
route-policy rr permit node
20
#
user-interface con 0
user-interface vty 0 4
#
return
|
ASBR-2配置脚本
|
#
sysname ASBR-2
#
router id 202.200.1.1
#
mpls lsr-id 202.200.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
domain system
#
acl number 2000
rule 0 permit source 202.200.1.3 0
#
interface Ethernet1/0/0
ip address 192.1.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.1 255.255.255.255
#
bgp 200
network 202.200.1.2 255.255.255.255
network 202.200.1.3 255.255.255.255
network 202.200.1.1 255.255.255.255
undo synchronization
group ex external
peer ex as-number 100
peer ex label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer ex route-policy asbr
export /应用asbr策略/
peer 192.1.1.1 group
ex
/和ASBR-1建立eBGP/
group in internal
peer in label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer in
next-hop-local /指定下一跳为自己/
peer in route-policy rr
export /应用rr策略/
peer in connect-interface LoopBack0
peer 202.200.1.2 group
in /和asbr-2建立eBGP/
#
ospf 1
import-route direct
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 202.200.1.1 0.0.0.0
#
route-policy asbr permit
node 10
if-match acl 2000
apply mpls-label
route-policy asbr permit
node 20
route-policy rr permit node
10
if-match mpls-label
apply mpls-label
route-policy rr permit node
20
#
user-interface con 0
user-interface vty 0 4
#
return
|
asbr-2配置脚本
|
#
sysname asbr-2
#
router id 202.200.1.2
#
mpls lsr-id 202.200.1.2
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1
export-extcommunity
vpn-target 100:1
import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface Serial2/0/1
link-protocol ppp
ip address 172.200.2.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.1.1 255.255.255.0
#
bgp 200
undo synchronization
group ex external
peer ex ebgp-max-hop
peer ex connect-interface LoopBack0
peer 202.100.1.2 group ex as-number 100 /和asbr-1建立多跳eBGP/
group ASBR2 internal
peer ASBR2 label-route-capability /使能对等体组处理带标签的IPv4路由的能力/
peer ASBR2 connect-interface LoopBack0
peer 202.200.1.1 group ASBR2
group PE2 internal
peer PE2 label-route-capability
/使能对等体组处理带标签的IPv4路由的能力/
peer PE2 reflect-client
peer PE2
advertise-community /将团体属性传给对等体组/
peer PE2 connect-interface LoopBack0
peer 202.200.1.3 group
PE2
/和PE-2建立iBGP/
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer ex enable
peer ex next-hop-invariable
/向EBGP对等体发送路由时,不改变路由的下一跳/
peer 202.100.1.2 group ex
peer PE2 enable
peer PE2 reflect-client
peer 202.200.1.3 group PE2
#
ospf 1
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 172.200.2.0 0.0.0.255
network 202.200.1.2 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
|
PE-2配置脚本
|
#
sysname PE-2
#
router id 202.200.1.3
#
mpls lsr-id 202.200.1.3
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1
export-extcommunity
vpn-target 100:1
import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1
export-extcommunity
vpn-target 101:1
import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.2.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.3 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.2.1 255.255.255.0
#
bgp 200
undo synchronization
group in internal
peer in label-route-capability /使能对等体组处理带标签的IPv4路由的能力/
peer in connect-interface LoopBack0
peer 202.200.1.2 group
in /和asbr-2建立iBGP/
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.200.1.2 group in
#
ospf 1
area 0.0.0.0
network 172.200.2.0 0.0.0.255
network 202.200.1.3 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
|
【验证】
asbr-1分别和PE1、ASBR-1建立MP-iBGP连接,和asbr-2建立MP-eBGP连接
<asbr-1>disp bgp peer
Peer
AS-num Ver Queued-Tx
Msg-Rx Msg-Tx
Up/Down State
--------------------------------------------------------------------------------
202.200.1.2
200 4
0 422
424 06:58:21 Established
202.100.1.1
100 4
0
429 421 06:59:07 Established
202.100.1.3
100 4
0
420 425 06:59:14 Established
PE-1私网路由:
<PE-1>disp ip routing-table vpn-instance
vpna
vpna Route Information
Routing
Table: vpna
Route-Distinguisher: 100:1
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
168.100.1.0/24
BGP 256 0
202.100.1.2 InLoopBack0
168.100.2.0/24
DIRECT 0 0
168.100.2.1 LoopBack10
168.100.2.1/32
DIRECT 0
0
127.0.0.1 InLoopBack0
168.200.1.0/24
BGP 256 0
202.200.1.2 InLoopBack0
168.200.2.0/24
BGP 256 0
202.200.1.3 InLoopBack0
PE-1私网标签:
<PE-1>disp mpls l3vpn-lsp vpn-instance vpna
-----------------------------------------------------------------------
LSP
Information: L3vpn Ingress Lsp
-----------------------------------------------------------------------
TOTAL:
3 Record(s) Found.
Vpn-instance Name: vpna Route Distinguisher: 100:1
NO
FEC
NEXTHOP OUTER-LABEL
OUT-INTERFACE
1
168.100.1.0/24
172.100.2.1 3(vpn)
S2/0/0
2
168.200.2.0/24
172.100.2.1 1030(vpn)
S2/0/0
3
168.200.1.0/24
172.100.2.1 1031(vpn)
S2/0/0
-----------------------------------------------------------------------
LSP
Information: L3vpn Egress Lsp
-----------------------------------------------------------------------
TOTAL:
1 Record(s) Found.
NO
VRFNAME
INNER-LABEL NEXTHOP
OUT-INTERFACE
1
vpna
1024
0.0.0.0 InLoop0
-----------------------------------------------------------------------
LSP
Information: L3vpn Transit Lsp
-----------------------------------------------------------------------
TOTAL:
0 Record(s) Found.
【提示】
1、以上配置为“不改变私网PE下一跳”的配置