好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.3 跨域VPN-OptionB方式典型配置

 

组网需求

l           Site 1Site 2属于同一个VPNSite 1CE 1通过AS 100PE 1接入,Site 2CE 2通过AS 600PE2接入;

l           同一自治系统内的PE设备之间运行IS-IS作为IGP

l           PE 1ASBR-PE 1间通过MP-IBGP交换标签IPv4路由;

l           PE 2ASBR-PE 2间通过MP-IBGP交换标签IPv4路由;

l           ASBR-PE 1ASBR-PE 2间通过MP-EBGP交换标签IPv4路由;

l           ASBR上不对接收的VPN-IPv4路由进行VPN Target过滤。

 

组网图

 

配置步骤

 

1、配置PE 1

# 在PE 1上运行IS-IS。

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls

[PE1-mpls] lsp-trigger all

[PE1-mpls] label advertise non-null

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

 

# 配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[PE1] interface POS 2/1/1

[PE1-POS2/1/1] ip address 1.1.1.2 255.0.0.0

[PE1-POS2/1/1] isis enable 1

[PE1-POS2/1/1] mpls

[PE1-POS2/1/1] mpls ldp

[PE1-POS2/1/1] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

 

# 创建一个VPN实例,名为vpn1,配置RD和VPN Target属性。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

 

# 将连接CE 1的接口绑定到创建的VPN实例。

[PE1] interface GigabitEthernet 4/1/1

[PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet4/1/1] ip address 30.0.0.1 8

[PE1-GigabitEthernet4/1/1] quit

 

# 在PE 1上运行BGP。

[PE1] bgp 100

 

# 配置IBGP对等体3.3.3.9为VPNv4对等体。

[PE1-bgp] peer 3.3.3.9 as-number 100

[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-af-vpnv4] quit

 

# 将直连路由引入vpn1的VPN路由表。

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1] import-route direct

[PE1-bgp-vpn1] quit

 

2、配置ASBR-PE 1

# 在ASBR-PE 1上运行IS-IS。

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls

[ASBR-PE1-mpls] lsp-trigger all

[ASBR-PE1-mpls] label advertise non-null

[ASBR-PE1-mpls] quit

[ASBR-PE1] mpls ldp

[ASBR-PE1-mpls-ldp] quit

 

# 配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[ASBR-PE1] interface POS 2/1/1

[ASBR-PE1-POS2/1/1] clock master

[ASBR-PE1-POS2/1/1] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-POS2/1/1] isis enable 1

[ASBR-PE1-POS2/1/1] mpls

[ASBR-PE1-POS2/1/1] mpls ldp

[ASBR-PE1-POS2/1/1] quit

 

# 配置接口POS2/1/2,使能MPLS。

[ASBR-PE1] interface POS 2/1/2

[ASBR-PE1-POS2/1/2] clock master

[ASBR-PE1-POS2/1/2] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-POS2/1/2] mpls

[ASBR-PE1-POS2/1/2] quit

 

# 创建Loopback0接口,并运行IS-IS。

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

 

# 在ASBR-PE 1上运行BGP。

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp] peer 11.0.0.1 connect-interface POS 2/1/2

 

# 不对接收的VPNv4路由进行Import VPN-target过滤。

[ASBR-PE1-bgp] ipv4-family vpnv4

[ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target

 

# 将IBGP对等体2.2.2.9和EBGP对等体11.0.0.1都配置为VPNv4对等体。

[ASBR-PE1-bgp-af-vpnv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-af-vpnv4] quit

 

 

3、配置ASBR-PE 2

# 在ASBR-PE 2上运行IS-IS。

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls

[ASBR-PE2-mpls] lsp-trigger all

[ASBR-PE2-mpls] label advertise non-null

[ASBR-PE2-mpls] quit

[ASBR-PE2] mpls ldp

[ASBR-PE2-mpls-ldp] quit

 

# 配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[ASBR-PE2] interface POS 2/1/1

[ASBR-PE2-POS2/1/1] clock master

[ASBR-PE2-POS2/1/1] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-POS2/1/1] isis enable 1

[ASBR-PE2-POS2/1/1] mpls

[ASBR-PE2-POS2/1/1] mpls ldp

[ASBR-PE2-POS2/1/1] quit

 

# 配置接口POS2/1/2,使能MPLS。

[ASBR-PE2] interface POS 2/1/2

[ASBR-PE2-POS2/1/2] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-POS2/1/2] mpls

[ASBR-PE2-POS2/1/2] quit

 

# 创建Loopback0接口,并运行IS-IS。

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

 

# 在ASBR-PE 2上运行BGP。

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp] peer 11.0.0.2 connect-interface POS 2/1/2

[ASBR-PE2-bgp] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0

 

# 不对接收的VPNv4路由进行Import VPN-target过滤。

[ASBR-PE2-bgp] ipv4-family vpnv4

[ASBR-PE2-bgp-af-vpnv4] undo policy vpn-target

 

# 将IBGP对等体5.5.5.9和EBGP对等体11.0.0.2都配置为VPNv4对等体。

[ASBR-PE2-bgp-af-vpnv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-af-vpnv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-af-vpnv4] quit

[ASBR-PE2-bgp] quit

 

 

4、配置PE 2

# 在PE 2上运行IS-IS。

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls

[PE2-mpls] lsp-trigger all

[PE2-mpls] label advertise non-null

[PE2-mpls] quit

[PE2] mpls ldp

[PE2-mpls-ldp] quit

 

# 配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[PE2] interface POS 2/1/1

[PE2-POS2/1/1] ip address 9.1.1.2 255.0.0.0

[PE2-POS2/1/1] isis enable 1

[PE2-POS2/1/1] mpls

[PE2-POS2/1/1] mpls ldp

[PE2-POS2/1/1] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

 

# 创建一个VPN实例,名为vpn1,配置RD和VPN Target属性。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

 

# 将连接CE 1的接口绑定到创建的VPN实例。

[PE2] interface GigabitEthernet 4/1/1

[PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet4/1/1] ip address 20.0.0.1 8

[PE2-GigabitEthernet4/1/1] quit

 

# 在PE 2上运行BGP。

[PE2] bgp 600

 

# 配置IBGP对等体4.4.4.9为VPNv4对等体。

[PE2-bgp] peer 4.4.4.9 as-number 600

[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-af-vpnv4] quit

 

# 将直连路由引入vpn1的VPN路由表。

[PE2-bgp] ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1] import-route direct

[PE2-bgp-vpn1] quit

[PE2-bgp] quit

 

 

结果检验

配置完成后,在PE2上对PE1进行Ping操作,可以Ping通:

[PE2] ping –vpn-instance vpn1 30.0.0.1

 

PE1上对PE2进行Ping操作,也可以Ping通:

[PE1] ping –vpn-instance vpn1 20.0.0.1

 

 

配置文件

 

1PE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 11:11

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

#

mpls lsr-id 2.2.2.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.111.111.111.111.00

#

interface pos 2/1/1

link-protocol ppp

ip address 1.1.1.2 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

isis enable 1

#

interface GigabitEthernet4/1/1

ip binding vpn-instance vpn1

ip address 30.0.0.1 255.0.0.0

#

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 3.3.3.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

 

2ASBR – PE 1 配置

#

mpls lsr-id 3.3.3.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.222.222.222.222.00

#

interface pos 2/1/1

clock master

link-protocol ppp

ip address 1.1.1.1 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface pos 2/1/2

clock master

link-protocol ppp

ip address 11.0.0.2 255.0.0.0

mpls

#

interface loopback 0

ip address 3.3.3.9 255.255.255.255

isis enable 1

#

bgp 100

peer 2.2.2.9 as-number 100

peer 11.0.0.1 as-number 600

peer 2.2.2.9 connect-interface loopback 0

peer 11.0.0.1 connect-interface POS 2/1/2

#

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.9 enable

peer 11.0.0.1 enable

#

 

 

3、ASBR – PE 2 配置

 

#

mpls lsr-id 4.4.4.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.222.222.222.222.00

#

interface pos 2/1/1

clock master

link-protocol ppp

isis enable 1

ip address 9.1.1.1 255.0.0.0

mpls

mpls ldp

#

interface pos 2/1/2

link-protocol ppp

ip address 11.0.0.2 255.0.0.0

mpls

#

interface loopback 0

ip address 4.4.4.9 255.255.255.255

isis enable 1

#

bgp 600

peer 5.5.5.9 as-number 600

peer 11.0.0.2 as-number 100

peer 5.5.5.9 connect-interface loopback 0

peer 11.0.0.2 connect-interface POS 2/1/2

#

ipv4-family vpnv4

 undo policy vpn-target

peer 5.5.5.9 enable

peer 11.0.0.2 enable

#

 

 

4、PE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 12:12

vpn-target 3:3 export-extcommunity

vpn-target 1:1 2:2 3:3 import-extcommunity

#

mpls lsr-id 5.5.5.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.111.111.111.111.00

#

interface pos 2/1/1

link-protocol ppp

ip address 9.1.1.2 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface loopback 0

ip address 5.5.5.9 255.255.255.255

isis enable 1

#

interface GigabitEthernet4/1/1

ip binding vpn-instance vpn1

ip address 20.0.0.1 255.0.0.0

#

bgp 600

peer 4.4.4.9 as-number 600

peer 4.4.4.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 4.4.4.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

 

 

 

X Close
X Close