8.11 MCE典型配置
【需求】
路由器MCE通过多实例CE实现VPN互通
【组网图】
【配置脚本-OSPF多实例方式】
MCE配置脚本 |
# sysname MCE # radius scheme
system # ip vpn-instance
vpna
/创建vpna/ route-distinguisher
100:1
/配置RD,可不用配置RT/ # ip
vpn-instance
vpnb
/创建vpnb/ route-distinguisher
200:1
/配置RD,可不用配置RT/ # domain system # interface
Ethernet1/0/0 # interface
Ethernet1/0/0.10 ip binding
vpn-instance vpna ip address 192.168.15.2 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 ip binding vpn-instance
vpnb ip address 192.168.16.2 255.255.255.0 vlan-type dot1q vid 20 # interface NULL0 # interface LoopBack10 ip binding vpn-instance
vpna ip address 192.168.16.1 255.255.255.0 # interface LoopBack20 ip binding vpn-instance
vpnb ip address 192.168.26.1 255.255.255.0 # ospf 10 vpn-instance vpna
/ospf 进程10和vpna绑定/ vpn-instance-capability
simple /配置路由器成为多实例CE / import-route direct area 0.0.0.0 network 192.168.15.0 0.0.0.255 network 192.168.16.0 0.0.0.255 # ospf 20 vpn-instance vpnb
/ospf 进程20和vpnb绑定/ vpn-instance-capability
simple
/配置路由器成为多实例CE / area 0.0.0.0 network 192.168.25.0 0.0.0.255 network 192.168.26.0 0.0.0.255 # user-interface con 0 user-interface vty
0 4 # return |
RT1配置脚本 |
# sysname RT1 # router id 1.1.1.1 # mpls lsr-id 1.1.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance
vpna route-distinguisher
100:1 vpn-target
100:1 export-extcommunity vpn-target
100:1 import-extcommunity # ip vpn-instance
vpnb route-distinguisher
200:1 vpn-target 200:1
export-extcommunity vpn-target
200:1 import-extcommunity # domain system # interface Ethernet1/0/0 # interface Ethernet1/0/0.10 ip binding vpn-instance
vpna ip address 192.168.15.1 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 ip binding vpn-instance
vpnb ip address 192.168.25.1 255.255.255.0 vlan-type dot1q vid 20 # interface Serial2/0/0 link-protocol ppp ip address 10.0.0.1 255.255.255.252 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack11 ip binding vpn-instance
vpna ip address 192.168.11.1 255.255.255.0 # interface LoopBack21 ip binding vpn-instance
vpnb ip address 192.168.21.1 255.255.255.0 # bgp 100 undo synchronization group inter internal peer 2.2.2.2 group inter peer 2.2.2.2 connect-interface LoopBack0 # ipv4-family vpn-instance
vpna import-route direct import-route ospf
10
/引入ospf 10路由/ undo synchronization # ipv4-family vpn-instance
vpnb import-route direct import-route ospf
20
/引入ospf 20路由/ undo synchronization # ipv4-family vpnv4 peer inter enable peer 2.2.2.2 group inter # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.0.0.0 0.0.0.3 network 10.0.0.8 0.0.0.3 # ospf 10 vpn-instance vpna
/ospf 进程10和vpna绑定/ import-route bgp
/引入BGP私网路由/ import-route direct area 0.0.0.0 network 192.168.15.0 0.0.0.255 # ospf 20 vpn-instance vpnb
/ospf 进程20和vpnb绑定/ import-route bgp
/引入BGP私网路由/ import-route direct area 0.0.0.0 network 192.168.25.0 0.0.0.255 # user-interface
con 0 user-interface
vty 0 4 # return |
注:RT2、RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置
【配置脚本-静态路由方式】
MCE配置脚本 |
# sysname MCE # radius scheme
system # ip
vpn-instance
vpna
/创建vpna/ route-distinguisher
100:1
/配置RD,可不用配置RT/ # ip
vpn-instance vpnb
/创建vpnb/ route-distinguisher
200:1
/配置RD,可不用配置RT/ # domain system # interface Ethernet1/0/0 # interface
Ethernet1/0/0.10
/创建子接口/ ip binding vpn-instance
vpna
/绑定到vpna/ ip address 192.168.15.2 255.255.255.0 vlan-type dot1q vid 10 # interface
Ethernet1/0/0.20
/创建子接口/ ip binding vpn-instance
vpnb
/绑定到vpnb/ ip address 192.168.16.2 255.255.255.0 vlan-type dot1q vid 20 # interface NULL0 # interface LoopBack10 ip binding vpn-instance
vpna ip address 192.168.16.1 255.255.255.0 # interface LoopBack20 ip binding vpn-instance
vpnb ip address 192.168.26.1 255.255.255.0 # ip route-static vpn-instance
vpna 0.0.0.0 0.0.0.0
192.168.15.1 preference 60 /在vpna内创建缺省路由/ ip route-static vpn-instance
vpnb 0.0.0.0 0.0.0.0
192.168.25.1 preference 60 /在vpnb内创建缺省路由/ # user-interface con 0 user-interface vty
0 4 # return |
RT1配置脚本 |
# sysname RT1 # router id 1.1.1.1 # mpls lsr-id 1.1.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance
vpna route-distinguisher
100:1 vpn-target
100:1 export-extcommunity vpn-target
100:1 import-extcommunity # ip vpn-instance
vpnb route-distinguisher
200:1 vpn-target
200:1 export-extcommunity vpn-target
200:1 import-extcommunity # domain system # interface
Ethernet1/0/0 # interface
Ethernet1/0/0.10 /创建子接口/ ip binding
vpn-instance
vpna
/绑定到vpna/ ip address
192.168.15.1 255.255.255.0 vlan-type dot1q
vid 10 # interface
Ethernet1/0/0.20
/创建子接口/ ip binding
vpn-instance
vpnb
/绑定到vpnb/ ip address
192.168.25.1 255.255.255.0 vlan-type dot1q
vid 20 # interface
Serial2/0/0 link-protocol ppp ip address 10.0.0.1 255.255.255.252 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack11 ip binding vpn-instance
vpna ip address 192.168.11.1 255.255.255.0 # interface LoopBack21 ip binding vpn-instance
vpnb ip address 192.168.21.1 255.255.255.0 # bgp 100 undo synchronization group inter internal peer 2.2.2.2 group inter peer 2.2.2.2 connect-interface LoopBack0 peer 4.4.4.4 group inter peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family vpn-instance
vpna import-route direct import-route
static
/引入静态路由/ undo synchronization # ipv4-family vpn-instance
vpnb import-route direct import-route
static /引入静态路由/ undo synchronization # ipv4-family vpnv4 peer inter enable peer 2.2.2.2 group inter peer 4.4.4.4 group inter # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.0.0.0 0.0.0.3 network 10.0.0.8 0.0.0.3 # ip route-static vpn-instance vpna 192.168.16.0
255.255.255.0 192.168.15.2 pref erence
60
/在vpna内创建静态路由/ ip route-static vpn-instance vpnb 192.168.26.0
255.255.255.0 192.168.25.2 pref erence
60
/在vpnb内创建静态路由/ # user-interface con 0 user-interface
vty 0 4 # return |
注:RT2、RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置
【验证】
在MCE中vpna、vpnb都可以学习到私网路由,并可以ping通
[MCE]disp ip rout vpn-instance
vpna
vpna Route
Information
Routing Table: vpna
Route-Distinguisher:
100:1
Destination/Mask Protocol Pre
Cost
Nexthop
Interface
192.168.11.0/24 O_ASE
150 1
192.168.15.1 Ethernet1/0/0.10
192.168.12.0/24 O_ASE
150 1
192.168.15.1 Ethernet1/0/0.10
192.168.13.0/24 O_ASE 150 1 192.168.15.1 Ethernet1/0/0.10
192.168.15.0/24 DIRECT 0 0 192.168.15.2 Ethernet1/0/0.10
192.168.15.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.16.0/24 DIRECT 0 0 192.168.16.1 LoopBack10
192.168.16.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
[MCE]
【提示】
1、 使用OSPF方式,需要在PE1上进行OSPF和BGP路由的相互引入,来实现路由的互通
2、 创建vpn的VRF只是为了将接口和OSPF进程绑定到对应的vpn,因此可以不用配置RT