好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



8.8跨域VPN-OptionA典型配置

【需求】

采用OptionA方式实现跨域的BGP/MPLS VPN业务的互通。

 

【组网图】

 

【配置脚本】

PE-1配置脚本

#

sysname PE1

#

router id 202.100.1.2

#

mpls lsr-id 202.100.1.2

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Serial2/0/0

link-protocol ppp

ip address 172.100.1.2 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.100.1.2 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.100.2.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.100.2.1 255.255.255.0

#

bgp 100

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.100.1.1 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

#

ipv4-family vpnv4

peer in enable

peer 202.100.1.1 group in

#

ospf 1

area 0.0.0.0

network 172.100.1.0 0.0.0.255

network 202.100.1.2 0.0.0.0

#

return

ASBR-1配置脚本

#

sysname ASBR-1

#

router id 202.100.1.1

#

mpls lsr-id 202.100.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 101:1

vpn-target 101:1 export-extcommunity

vpn-target 101:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10           /ASBR之间建立子接口,绑定到vpna/

ip binding vpn-instance vpna

ip address 192.1.1.1 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20           /ASBR之间建立子接口,绑定到vpna/

ip binding vpn-instance vpnb

ip address 193.1.1.1 255.255.255.0

vlan-type dot1q vid 20

#

interface Serial2/0/0

link-protocol ppp

ip address 172.100.1.1 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.100.1.1 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.100.1.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.100.1.1 255.255.255.0

#

bgp 100

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.100.1.2 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

group ex external

peer 192.1.1.2 group ex as-number 200    /ASBR-1ASBR-2之间建立EBGP/

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

group ex external

peer 193.1.1.2 group ex as-number 200    /ASBR-1ASBR-2之间建立EBGP/

#

ipv4-family vpnv4

peer in enable

peer 202.100.1.2 group in

#

ospf 1

area 0.0.0.0

network 172.100.1.0 0.0.0.255

network 202.100.1.1 0.0.0.0

#

return

PE-2配置脚本

#

sysname PE2

#

router id 202.200.1.2

#

mpls lsr-id 202.200.1.2

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 201:1

vpn-target 201:1 export-extcommunity

vpn-target 201:1 import-extcommunity

#

domain system

#

interface Serial2/0/0

link-protocol ppp

ip address 172.200.1.2 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.200.1.2 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.200.2.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.200.2.1 255.255.255.0

#

bgp 200

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.200.1.1 group in

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

#

ipv4-family vpnv4

peer in enable

peer 202.200.1.1 group in

#

ospf 1

area 0.0.0.0

network 172.200.1.0 0.0.0.255

network 202.200.1.2 0.0.0.0

#

return

ASBR-2配置脚本

#

sysname ASBR-2

#

router id 202.200.1.1

#

mpls lsr-id 202.200.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 201:1

vpn-target 201:1 export-extcommunity

vpn-target 201:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10             /ASBR之间建立子接口,绑定到vpna/

ip binding vpn-instance vpna

ip address 192.1.1.2 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20             /ASBR之间建立子接口,绑定到vpnb/

ip binding vpn-instance vpnb

ip address 193.1.1.2 255.255.255.0

vlan-type dot1q vid 20

#

interface Serial2/0/0

link-protocol ppp

ip address 172.200.1.1 255.255.255.0

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 202.200.1.1 255.255.255.255

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 168.200.1.1 255.255.255.0

#

interface LoopBack11

ip binding vpn-instance vpnb

ip address 169.200.1.1 255.255.255.0

#

bgp 200

undo synchronization

group in internal

peer in connect-interface LoopBack0

peer 202.200.1.2 group in

#

ipv4-family vpn-instance vpna

import-route direct

undo synchronization

group ex external

peer 192.1.1.1 group ex as-number 100    /ASBR-1ASBR-2之间建立EBGP/

#

ipv4-family vpn-instance vpnb

import-route direct

undo synchronization

group ex external

peer 193.1.1.1 group ex as-number 100    /ASBR-1ASBR-2之间建立EBGP/

#

ipv4-family vpnv4

peer in enable

peer 202.200.1.2 group in

#

ospf 1

area 0.0.0.0

network 172.200.1.0 0.0.0.255

network 202.200.1.1 0.0.0.0

#

return

 


【提示】

1 跨域OptionA又叫VRF to VRF(背靠背方式)方式

 

2 对于AS内部的实现和配置和普通MPLS/VPN没有区别

 

3 ASBR对等体间通过划分子接口方式,每个子接口分别绑定一个VRF,保证域间传播路由的私有性。

如果无法划分子接口,必需为每个vpn提供独立的物理线路

 

4 每个ASBR路由器都把对方ASBR路由器当做CE路由器看待

 

5 域间转发为IP转发                                                   

 

 

 

X Close
X Close