好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



8.9跨域VPN-OptionB典型配置

【需求】

采用OptionB方式实现跨域的BGP/MPLS VPN业务的互通。

 

【组网图】

 

【配置脚本】

PE-1配置脚本

#

sysname PE-1

#

router id 202.100.1.2

#

mpls lsr-id 202.100.1.2

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Serial2/0/0

link-protocol ppp

ip address 172.100.1.2 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.100.1.2 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.100.2.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.100.2.1 255.255.255.0

#

bgp 100

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.100.1.1 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

#

ipv4-family vpnv4

peer in enable

peer 202.100.1.1 group in

#

ospf 1

area 0.0.0.0

network 172.100.1.0 0.0.0.255

network 202.100.1.2 0.0.0.0

#

user-interface con 0

user-interface vty 0 4

#

return

ASBR-1配置脚本

#

sysname ASBR-1

#

router id 202.100.1.1

#

mpls lsr-id 202.100.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

ip address 192.1.1.1 255.255.255.0

mpls

#

interface Serial2/0/0

link-protocol ppp

ip address 172.100.1.1 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.100.1.1 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.100.1.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.100.1.1 255.255.255.0

#

bgp 100

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.100.1.2 group in

group ex external

peer 192.1.1.2 group ex as-number 200     /ASBR-2建立EBGP/

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

group ex external

peer 193.1.1.2 group ex as-number 200

#

ipv4-family vpnv4

undo policy vpn-target    /取消对接收的路由信息进行RT扩展团体属性的过滤/

peer in enable

peer in next-hop-local    /修改下一跳为自己/

peer 202.100.1.2 group in

peer ex enable

peer 192.1.1.2 group ex

#

ospf 1

area 0.0.0.0

network 172.100.1.0 0.0.0.255

network 202.100.1.1 0.0.0.0

#

user-interface con 0

user-interface vty 0 4

#

return

ASBR-2配置脚本

#

sysname ASBR-2

#

router id 202.200.1.1

#

mpls lsr-id 202.200.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

ip address 192.1.1.2 255.255.255.0

mpls

#

interface Serial2/0/0

link-protocol ppp

ip address 172.200.1.1 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.200.1.1 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.200.1.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.200.1.1 255.255.255.0

#

bgp 200

undo synchronization

group ex external

peer 192.1.1.1 group ex as-number 100  /ASBR-1建立EBGP/

group in internal

peer in connect-interface LoopBack0

peer 202.200.1.2 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

#

ipv4-family vpnv4

undo policy vpn-target      /取消对接收的路由信息进行RT扩展团体属性的过滤/

peer ex enable

peer 192.1.1.1 group ex

peer in enable

peer in next-hop-local       /修改下一跳为自己/

peer 202.200.1.2 group in

#

ospf 1

area 0.0.0.0

network 172.200.1.0 0.0.0.255

network 202.200.1.1 0.0.0.0

#

user-interface con 0

user-interface vty 0 4

#

return

PE-2配置脚本

#

sysname PE-2

#

router id 202.200.1.2

#

mpls lsr-id 202.200.1.2

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Serial2/0/0

link-protocol ppp

ip address 172.200.1.2 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.200.1.2 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.200.2.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.200.2.1 255.255.255.0

#

bgp 200

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.200.1.1 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

#

ipv4-family vpnv4

peer in enable

peer 202.200.1.1 group in

#

ospf 1

area 0.0.0.0

network 172.200.1.0 0.0.0.255

network 202.200.1.2 0.0.0.0

#

user-interface con 0

user-interface vty 0 4

#

return

 

                                                


【提示】

1 跨域OptionB又叫单跳MP-EBGP方式(或者2.2方式)

2 ASBR上需要修改下一跳

3 不同AS中,需要互通的VPNRT要求必需一致

4 ASBR之间不需要运行LDP或是RSVP协议

 

 

X Close
X Close