MSR系列路由器MPLS 多角色主机功能的配置
关键词:MSR;MPLS;BGP;policy-based-route
一、组网需求:
PEA和PEB是VPN站点接入路由器。PEA和PEB建立MP-IBGP连接,互相为VPN路由分发标签。PC为多角色主机,可以访问vpna和vpnb。
设备清单:MSR系列路由器2台,主机一台
二、组网图:
三、配置步骤:
设备和版本:MSR系列、Version 5.20, Release 1509
PEA配置
#
router
id
#
ip
vpn-instance vpna
route-distinguisher
1:1
vpn-target
1:1 export-extcommunity
vpn-target
1:1 import-extcommunity
#
ip
vpn-instance vpnb
route-distinguisher
1:2
vpn-target
1:2 export-extcommunity
vpn-target
1:2 import-extcommunity
#
mpls
lsr-id
#
mpls
#
mpls
ldp
#
acl
number 2000 //多角色主机的ACL
rule 0 permit vpn-instance vpna source 192.168.0.2 0
#
interface
Ethernet0/0
port link-mode route
ip address
mpls
mpls ldp
#
interface Ethernet0/1
port link-mode route
ip
binding vpn-instance vpna
ip
address 192.168.0.1 255.255.255.0
ip policy-based-route multirole //绑定多角色策略路由
#
interface
Ethernet1/0
port
link-mode route
ip
binding vpn-instance vpna
ip
address 192.168.1.1 255.255.255.0
#
interface
Ethernet1/1
port
link-mode route
ip
binding vpn-instance vpnb
ip
address 172.32.0.1 255.255.255.0
#
interface
LoopBack0
ip
address
#
bgp
1
undo
synchronization
peer
peer
#
ipv4-family
vpnv4
peer
#
ipv4-family
vpn-instance vpna
import-route
direct
#
ipv4-family
vpn-instance vpnb
import-route
direct
import-route static //引入vpnb的静态路由
#
ospf
1
are
network
network
#
policy-based-route
multirole permit node 0 //多角色策略路由
if-match acl 2000
apply access-vpn vpn-instance vpna vpnb
#
ip route-static vpn-instance vpnb 192.168.0.2 255.255.255.255
vpn-instance vpna 192.168.0.2 //vpnb的静态路由
#
PEB配置:
#
router
id
#
ip
vpn-instance vpnb
route-distinguisher
2:2
vpn-target
1:2 export-extcommunity
vpn-target
1:2 import-extcommunity
#
mpls
lsr-id
#
mpls
#
mpls
ldp
#
interface Ethernet0/0
port link-mode route
ip
address
mpls
mpls
ldp
#
interface Ethernet0/1
port link-mode route
ip
binding vpn-instance vpnb
ip
address 172.32.1.1 255.255.255.0
#
interface
LoopBack0
ip
address
#
bgp
1
undo
synchronization
peer
peer
#
ipv4-family
vpnv4
peer
#
ipv4-family
vpn-instance vpnb
import-route
direct
#
ospf
1
are
network
network
#
四、配置关键点:
在MPLS L3VPN正确的基础上:
1. PEA上的ACL与普通的ACL不同,需要指定vpn实例;
2. 需要定义策略路由;
3. 需要定义vpnb静态访问多角色主机的静态路由;
4. BGP还要引入静态路由。
五、实验分析