8.9跨域VPN-OptionB典型配置
【需求】
采用OptionB方式实现跨域的BGP/MPLS VPN业务的互通。
【组网图】
【配置脚本】
PE-1配置脚本 |
# sysname PE-1 # router id 202.100.1.2 # mpls lsr-id 202.100.1.2 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1
export-extcommunity vpn-target 101:1
import-extcommunity # domain system # interface Serial2/0/0 link-protocol ppp ip address 172.100.1.2 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.100.1.2 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.100.2.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.100.2.1 255.255.255.0 # bgp 100 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.100.1.1 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpn-instance vpnb import-route direct undo synchronization # ipv4-family vpnv4 peer in enable peer 202.100.1.1 group in # ospf 1 area 0.0.0.0 network 172.100.1.0 0.0.0.255 network 202.100.1.2 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return |
ASBR-1配置脚本 |
# sysname ASBR-1 # router id 202.100.1.1 # mpls lsr-id 202.100.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1 export-extcommunity vpn-target 101:1 import-extcommunity # domain system # interface Ethernet1/0/0 ip address 192.1.1.1 255.255.255.0 mpls # interface Serial2/0/0 link-protocol ppp ip address 172.100.1.1 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.100.1.1 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.100.1.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.100.1.1 255.255.255.0 # bgp 100 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.100.1.2 group in group ex external peer 192.1.1.2 group ex as-number 200 /同ASBR-2建立EBGP/ # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpn-instance vpnb import-route direct undo synchronization group ex external peer 193.1.1.2 group ex as-number 200 # ipv4-family vpnv4 undo policy vpn-target /取消对接收的路由信息进行RT扩展团体属性的过滤/ peer in enable peer in next-hop-local /修改下一跳为自己/ peer 202.100.1.2 group in peer ex enable peer 192.1.1.2 group ex # ospf 1 area 0.0.0.0 network 172.100.1.0 0.0.0.255 network 202.100.1.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return |
ASBR-2配置脚本 |
# sysname ASBR-2 # router id 202.200.1.1 # mpls lsr-id 202.200.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1 export-extcommunity vpn-target 101:1 import-extcommunity # domain system # interface Ethernet1/0/0 ip address 192.1.1.2 255.255.255.0 mpls # interface Serial2/0/0 link-protocol ppp ip address 172.200.1.1 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.200.1.1 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.200.1.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.200.1.1 255.255.255.0 # bgp 200 undo synchronization group ex external peer 192.1.1.1 group ex as-number 100 /同ASBR-1建立EBGP/ group in internal peer in connect-interface LoopBack0 peer 202.200.1.2 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpn-instance vpnb import-route direct undo synchronization # ipv4-family vpnv4 undo policy vpn-target /取消对接收的路由信息进行RT扩展团体属性的过滤/ peer ex enable peer 192.1.1.1 group ex peer in enable peer in next-hop-local /修改下一跳为自己/ peer 202.200.1.2 group in # ospf 1 area 0.0.0.0 network 172.200.1.0 0.0.0.255 network 202.200.1.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return |
PE-2配置脚本 |
# sysname PE-2 # router id 202.200.1.2 # mpls lsr-id 202.200.1.2 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1
export-extcommunity vpn-target 101:1
import-extcommunity # domain system # interface Serial2/0/0 link-protocol ppp ip address 172.200.1.2 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.200.1.2 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.200.2.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.200.2.1 255.255.255.0 # bgp 200 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.200.1.1 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpn-instance vpnb import-route direct undo synchronization # ipv4-family vpnv4 peer in enable peer 202.200.1.1 group in # ospf 1 area 0.0.0.0 network 172.200.1.0 0.0.0.255 network 202.200.1.2 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return |
【提示】
1、 跨域OptionB又叫单跳MP-EBGP方式(或者2.2方式)
2、 在ASBR上需要修改下一跳
3、 不同AS中,需要互通的VPN的RT要求必需一致
4、 在ASBR之间不需要运行LDP或是RSVP协议