好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.2 跨域VPN-OptionA方式典型配置举例

 

组网需求

l           CE 1CE 2属于同一个VPN

l           CE 1通过AS100PE 1接入,CE2通过AS200PE 2接入。

l           采用OptionA方式实现跨域的MPLS L3VPN,即,采用VRF-to-VRF方式管理VPN路由。

l           同一个AS内部的MPLS骨干网使用OSPF作为IGP

   

 

配置步骤

1、MPLS骨干网上配置IGP协议,实现骨干网内互通

本例中采用OSPF,具体配置步骤略。

&  说明:

需要将作为LSR ID的Loopback接口的32位地址通过OSPF发布出去。

 

配置完成后,ASBR-PE与本AS的PE之间应能建立OSPF邻居,执行display ospf peer verbose命令可以看到邻居达到FULL状态,PE之间能学习到对方的Loopback地址。

ASBR-PE与本AS的PE之间能够互相ping通。

 

2、MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP

# 配置PE 1的MPLS基本能力,并在与ASBR-PE 1相连的接口上使能LDP。

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls

[PE1-mpls] lsp-trigger all

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

[PE1] interface POS2/1/1

[PE1-POS2/1/1] mpls

[PE1-POS2/1/1] mpls ldp

[PE1-POS2/1/1] quit

 

 #配置ASBR-PE 1的MPLS基本能力,并在与PE 1相连的接口上使能LDP。

<ASBR-PE1> system-view

[ASBR-PE1] mpls lsr-id 2.2.2.9

[ASBR-PE1] mpls

[ASBR-PE1-mpls] lsp-trigger all

[ASBR-PE1-mpls] quit

[ASBR-PE1] mpls ldp

[ASBR-PE1-mpls-ldp] quit

[ASBR-PE1] interface POS2/1/1

[ASBR-PE1-POS2/1/1] clock master

[ASBR-PE1-POS2/1/1] mpls

[ASBR-PE1-POS2/1/1] mpls ldp

[ASBR-PE1-POS2/1/1] quit

 

# 配置ASBR-PE 2的MPLS基本能力,并在与PE 2相连的接口上使能LDP。

<ASBR-PE2> system-view

[ASBR-PE2] mpls lsr-id 3.3.3.9

[ASBR-PE2] mpls

[ASBR-PE2-mpls] lsp-trigger all

[ASBR-PE2-mpls] quit

[ASBR-PE2] mpls ldp

[ASBR-PE2-mpls-ldp] quit

[ASBR-PE2] interface POS2/1/1

[ASBR-PE2-POS2/1/1] clock master

[ASBR-PE2-POS2/1/1] mpls

[ASBR-PE2-POS2/1/1] mpls ldp

[ASBR-PE2-POS2/1/1] quit

 

# 配置PE 2的MPLS基本能力,并在与ASBR-PE 2相连的接口上使能LDP。

<PE2> system-view

[PE2] mpls lsr-id 4.4.4.9

[PE2] mpls

[PE2-mpls] lsp-trigger all

[PE2-mpls] quit

[PE2] mpls ldp

[PE2-mpls-ldp] quit

[PE2] interface POS 2/1/1

[PE2-POS2/1/1] mpls

[PE2-POS2/1/1] mpls ldp

[PE2-POS2/1/1] quit

 

上述配置完成后,同一AS的PE和ASBR-PE之间应该建立起LDP邻居,在各设备上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。

 

3、PE设备上配置VPN实例,将CE接入PE

&  说明:

同一AS内的ASBR-PE与PE的VPN实例的VPN Target应能匹配,不同AS的PE的VPN实例的VPN Target则不需要匹配。

 

# 配置CE 1。

<CE1> system-view

[CE1] interface GigabitEthernet 4/1/1

[CE1-GigabitEthernet4/1/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet4/1/1] quit

 

# 配置PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] quit

[PE1] interface GigabitEthernet 4/1/2

[PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn1

[PE1-GigabitEthernet4/1/2] ip address 10.1.1.2 24

[PE1-GigabitEthernet4/1/2] quit

 

# 配置CE 2。

<CE2> system-view

[CE2] interface GigabitEthernet 4/1/1

[CE2-GigabitEthernet4/1/1] ip address 10.2.1.1 24

[CE2-GigabitEthernet4/1/1] quit

 

# 配置PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 100:1 both

[PE2-vpn-instance-vpn1] quit

[PE2] interface GigabitEthernet 4/1/2

[PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet4/1/1] ip address 10.2.1.2 24

[PE2-GigabitEthernet4/1/1] quit

 

# 配置ASBR-PE 1:创建VPN实例,并将此实例绑定到连接ASBR-PE 2的接口(ASBR-PE 1认为ASBR-PE 2是自己的CE)。

[ASBR-PE1] ip vpn-instance vpn1

[ASBR-PE1-vpn-vpn1] route-distinguisher 100:1

[ASBR-PE1-vpn-vpn1] vpn-target 100:1 both

[ASBR-PE1-vpn-vpn1] quit

[ASBR-PE1] interface POS 2/1/2

[ASBR-PE1-POS2/1/2] clock master

[ASBR-PE1-POS2/1/2] ip binding vpn-instance vpn1

[ASBR-PE1-POS2/1/2] ip address 192.1.1.1 24

[ASBR-PE1-POS2/1/2] quit

 

# 配置ASBR-PE 2:创建VPN实例,并将此实例绑定到连接ASBR-PE 1的接口(ASBR-PE 2认为ASBR-PE 1是自己的CE)。

[ASBR-PE2] ip vpn-instance vpn1

[ASBR-PE2-vpn-vpn1] route-distinguisher 200:1

[ASBR-PE2-vpn-vpn1] vpn-target 100:1 both

[ASBR-PE2-vpn-vpn1] quit

[ASBR-PE2] interface POS 2/1/2

[ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1

[ASBR-PE2-POS2/1/2] ip address 192.1.1.2 24

[ASBR-PE2-POS2/1/2] quit

 

上述配置完成后,在各PE设备上执行display ip vpn-instance命令能正确显示VPN实例配置。

PE能ping通各自的CE。ASBR-PE之间也能互相ping通。

 

4、在PE与CE之间建立EBGP对等体,引入VPN路由

# 配置CE 1。

[CE1] bgp 65001

[CE1-bgp] peer 10.1.1.2 as-number 100

[CE1-bgp] import-route direct

[CE1-bgp] quit

 

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001

[PE1-bgp-vpn1] import-route direct

[PE1-bgp-vpn1] quit

[PE1-bgp] quit

 

# 配置CE 2。

[CE2] bgp 65002

[CE2-bgp] peer 10.2.1.2 as-number 200

[CE2-bgp] import-route direct

[CE2-bgp] quit

 

# 配置PE 2。

[PE2] bgp 200

[PE2-bgp] ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1] peer 10.2.1.1 as-number 65002

[PE2-bgp-vpn1] import-route direct

[PE2-bgp-vpn1] quit

[PE2-bgp] quit

 

5、PE与本AS的ASBR-PE之间建立IBGP对等体,ASBR-PE之间建立EBGP对等体

# 配置PE 1。

[PE1] bgp 100

[PE1-bgp] peer 2.2.2.9 as-number 100

[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable

[PE1-bgp-af-vpnv4] peer 2.2.2.9 next-hop-local

[PE1-bgp-af-vpnv4] quit

[PE1-bgp] quit

 

# 配置ASBR-PE 1。

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp] ipv4-family vpn-instance vpn1

[ASBR-PE1-bgp-vpn1] peer 192.1.1.2 as-number 200

[ASBR-PE1-bgp-vpn1] quit

[ASBR-PE1-bgp] peer 1.1.1.9 as-number 100

[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0

[ASBR-PE1-bgp] ipv4-family vpnv4

[ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable

[ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 next-hop-local

[ASBR-PE1-bgp-af-vpnv4] quit

[ASBR-PE1-bgp] quit

 

# 配置ASBR-PE 2。

[ASBR-PE2] bgp 200

[ASBR-PE2-bgp] ipv4-family vpn-instance vpn1

[ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100

[ASBR-PE2-bgp-vpn1] quit

[ASBR-PE2-bgp] peer 4.4.4.9 as-number 200

[ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0

[ASBR-PE2-bgp] ipv4-family vpnv4

[ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable

[ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local

[ASBR-PE2-bgp-af-vpnv4] quit

[ASBR-PE2-bgp] quit

 

# 配置PE 2。

[PE2] bgp 200

[PE2-bgp] ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1] peer 162.1.1.2 as-number 65002

[PE2-bgp-vpn1] import-route direct

[PE2-bgp-vpn1] quit

[PE2-bgp] peer 3.3.3.9 as-number 200

[PE2-bgp] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpnv4] peer 3.3.3.9 enable

[PE2-bgp-af-vpnv4] peer 3.3.3.9 next-hop-local

[PE2-bgp-af-vpnv4] quit

[PE2-bgp] quit

 

结果检验

上述配置完成后,CE之间能学习到对方的接口路由,CE 1CE 2能够相互ping通。

配置文件

1PE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

mpls lsr-id 1.1.1.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/1

link-protocol ppp

ip address 172.1.1.1 255.255.255.0

mpls

mpls ldp

#

interface loopback 0

ip address 1.1.1.9 255.255.255.255

#

interface GigabitEthernet4/1/2

ip binding vpn-instance vpn1

ip address 10.1.1.2 255.255.255.0

#

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 2.2.2.9 enable

peer 2.2.2.9 next-hop-local

#

ipv4-family vpn-instance vpn1

import-route direct

peer 10.1.1.1 as-number 65001

#

ospf 1

area 0.0.0.0

network 172.1.1.0 0.0.0.255

network 1.1.1.9 0.0.0.0

#

2ASBR – PE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

mpls lsr-id 2.2.2.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/1

clock master

link-protocol ppp

ip address 172.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface pos 2/1/2

clock master

link-protocol ppp

ip binding vpn-instance vpn1

ip address 192.1.1.1 255.255.255.0

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

#

bgp 100

peer 1.1.1.9 as-number 100

peer 1.1.1.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 1.1.1.9 enable

peer 1.1.1.9 next-hop-local

#

ipv4-family vpn-instance vpn1

peer 192.1.1.2 as-number 200

#

ospf 1

area 0.0.0.0

network 172.1.1.0 0.0.0.255

network 2.2.2.9 0.0.0.0

#

3ASBR – PE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 200:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

mpls lsr-id 3.3.3.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/1

clock master

link-protocol ppp

ip address 162.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface pos 2/1/2

link-protocol ppp

ip binding vpn-instance vpn1

ip address 192.1.1.2 255.255.255.0

#

interface loopback 0

ip address 3.3.3.9 255.255.255.255

#

bgp 200

peer 4.4.4.9 as-number 200

peer 4.4.4.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 4.4.4.9 enable

peer 4.4.4.9 next-hop-local

#

ipv4-family vpn-instance vpn1

peer 192.1.1.1 as-number 100

#

ospf 1

area 0.0.0.0

network 162.1.1.0 0.0.0.255

network 3.3.3.9 0.0.0.0

#

4、PE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 200:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

mpls lsr-id 4.4.4.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/1

link-protocol ppp

ip address 162.1.1.1 255.255.255.0

mpls

mpls ldp

#

interface loopback 0

ip address 4.4.4.9 255.255.255.255

#

interface GigabitEthernet4/1/2

ip binding vpn-instance vpn1

ip address 10.2.1.2 255.255.255.0

#

bgp 200

peer 3.3.3.9 as-number 200

peer 3.3.3.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 3.3.3.9 enable

peer 3.3.3.9 next-hop-local

#

ipv4-family vpn-instance vpn1

import-route direct

peer 10.2.1.1 as-number 65002

#

ospf 1

area 0.0.0.0

network 162.1.1.0 0.0.0.255

network 4.4.4.9 0.0.0.0

#

5、CE 1 配置

#

interface GigabitEthernet 4/1/1

ip address 10.1.1.1 255.255.255.0

#

bgp 65001

import-route direct

peer 10.1.1.2 as-number 100

#

6、CE 2 配置

#

interface GigabitEthernet 4/1/1

ip address 10.2.1.1 255.255.255.0

#

bgp 65002

import-route direct

peer 10.2.1.2 as-number 200

#

 

 

 

X Close
X Close