8.8跨域VPN-OptionA典型配置
【需求】
采用OptionA方式实现跨域的BGP/MPLS VPN业务的互通。
【组网图】
【配置脚本】
PE-1配置脚本 |
# sysname PE1 # router id 202.100.1.2 # mpls lsr-id 202.100.1.2 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1
export-extcommunity vpn-target 100:1
import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1
export-extcommunity vpn-target 101:1
import-extcommunity # domain system # interface Serial2/0/0 link-protocol ppp ip address 172.100.1.2 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.100.1.2 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.100.2.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.100.2.1 255.255.255.0 # bgp 100 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.100.1.1 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpn-instance vpnb import-route direct undo synchronization # ipv4-family vpnv4 peer in enable peer 202.100.1.1 group in # ospf 1 area 0.0.0.0 network 172.100.1.0 0.0.0.255 network 202.100.1.2 0.0.0.0 # return |
ASBR-1配置脚本 |
# sysname ASBR-1 # router id 202.100.1.1 # mpls lsr-id 202.100.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 101:1 vpn-target 101:1 export-extcommunity vpn-target 101:1 import-extcommunity # domain system # interface Ethernet1/0/0 # interface
Ethernet1/0/0.10 /ASBR之间建立子接口,绑定到vpna/ ip binding vpn-instance vpna ip address 192.1.1.1 255.255.255.0 vlan-type dot1q vid 10 # interface
Ethernet1/0/0.20 /ASBR之间建立子接口,绑定到vpna/ ip binding vpn-instance vpnb ip address 193.1.1.1 255.255.255.0 vlan-type dot1q vid 20 # interface Serial2/0/0 link-protocol ppp ip address 172.100.1.1 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.100.1.1 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.100.1.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.100.1.1 255.255.255.0 # bgp 100 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.100.1.2 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization group ex external peer 192.1.1.2 group ex as-number
200 /ASBR-1和ASBR-2之间建立EBGP/ # ipv4-family vpn-instance vpnb import-route direct undo synchronization group ex external peer 193.1.1.2 group ex as-number 200 /ASBR-1和ASBR-2之间建立EBGP/ # ipv4-family vpnv4 peer in enable peer 202.100.1.2 group in # ospf 1 area 0.0.0.0 network 172.100.1.0 0.0.0.255 network 202.100.1.1 0.0.0.0 # return |
PE-2配置脚本 |
# sysname PE2 # router id 202.200.1.2 # mpls lsr-id 202.200.1.2 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 200:1
export-extcommunity vpn-target 200:1
import-extcommunity # ip vpn-instance vpnb route-distinguisher 201:1 vpn-target 201:1
export-extcommunity vpn-target 201:1
import-extcommunity # domain system # interface Serial2/0/0 link-protocol ppp ip address 172.200.1.2 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.200.1.2 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.200.2.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.200.2.1 255.255.255.0 # bgp 200 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.200.1.1 group in # ipv4-family vpn-instance vpnb import-route direct undo synchronization # ipv4-family vpn-instance vpna import-route direct undo synchronization # ipv4-family vpnv4 peer in enable peer 202.200.1.1 group in # ospf 1 area 0.0.0.0 network 172.200.1.0 0.0.0.255 network 202.200.1.2 0.0.0.0 # return |
ASBR-2配置脚本 |
# sysname ASBR-2 # router id 202.200.1.1 # mpls lsr-id 202.200.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 201:1 vpn-target 201:1 export-extcommunity vpn-target 201:1 import-extcommunity # domain system # interface Ethernet1/0/0 # interface
Ethernet1/0/0.10
/ASBR之间建立子接口,绑定到vpna/ ip binding vpn-instance vpna ip address 192.1.1.2 255.255.255.0 vlan-type dot1q vid 10 # interface
Ethernet1/0/0.20
/ASBR之间建立子接口,绑定到vpnb/ ip binding vpn-instance vpnb ip address 193.1.1.2 255.255.255.0 vlan-type dot1q vid 20 # interface Serial2/0/0 link-protocol ppp ip address 172.200.1.1 255.255.255.0 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 202.200.1.1 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpna ip address 168.200.1.1 255.255.255.0 # interface LoopBack11 ip binding vpn-instance vpnb ip address 169.200.1.1 255.255.255.0 # bgp 200 undo synchronization group in internal peer in connect-interface LoopBack0 peer 202.200.1.2 group in # ipv4-family vpn-instance vpna import-route direct undo synchronization group ex external peer 192.1.1.1 group ex as-number 100 /ASBR-1和ASBR-2之间建立EBGP/ # ipv4-family vpn-instance vpnb import-route direct undo synchronization group ex external peer 193.1.1.1 group ex as-number
100 /ASBR-1和ASBR-2之间建立EBGP/ # ipv4-family vpnv4 peer in enable peer 202.200.1.2 group in # ospf 1 area 0.0.0.0 network 172.200.1.0 0.0.0.255 network 202.200.1.1 0.0.0.0 # return |
【提示】
1、 跨域OptionA又叫VRF to VRF(背靠背方式)方式
2、 对于AS内部的实现和配置和普通MPLS/VPN没有区别
3、 ASBR对等体间通过划分子接口方式,每个子接口分别绑定一个VRF,保证域间传播路由的私有性。
如果无法划分子接口,必需为每个vpn提供独立的物理线路
4、 每个ASBR路由器都把对方ASBR路由器当做CE路由器看待
5、 域间转发为IP转发