l
Site 1和Site 2属于同一个VPN,Site 1的CE 1通过AS 100的PE 1接入,Site 2的CE 2通过AS 600的PE2接入;
l
同一自治系统内的PE设备之间运行IS-IS作为IGP;
l
PE 1与ASBR-PE 1间通过MP-IBGP交换标签IPv4路由;
l
PE 2与ASBR-PE 2间通过MP-IBGP交换标签IPv4路由;
l
ASBR-PE
1与ASBR-PE 2间通过MP-EBGP交换标签IPv4路由;
l
ASBR上不对接收的VPN-IPv4路由进行VPN Target过滤。
#
在PE 1上运行IS-IS。
<PE1>
system-view
[PE1]
[PE1-isis-1]
network-entity 10.111.111.111.111.00
[PE1-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[PE1]
mpls lsr-id 2.2.2.9
[PE1]
mpls
[PE1-mpls]
lsp-trigger all
[PE1-mpls]
label advertise non-null
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
#
配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[PE1]
interface POS
[PE1-POS2/1/1]
ip address 1.1.1.2 255.0.0.0
[PE1-POS2/1/1]
isis enable 1
[PE1-POS2/1/1]
mpls
[PE1-POS2/1/1]
mpls ldp
[PE1-POS2/1/1]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[PE1]
interface loopback 0
[PE1-LoopBack0]
ip address 2.2.2.9 32
[PE1-LoopBack0]
isis enable 1
[PE1-LoopBack0]
quit
#
创建一个VPN实例,名为vpn1,配置RD和VPN Target属性。
[PE1]
ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]
route-distinguisher 11:11
[PE1-vpn-instance-vpn1]
vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1]
vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1]
quit
#
将连接CE 1的接口绑定到创建的VPN实例。
[PE1]
interface GigabitEthernet
[PE1-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE1-GigabitEthernet4/1/1]
ip address 30.0.0.1 8
[PE1-GigabitEthernet4/1/1]
quit
#
在PE 1上运行BGP。
[PE1]
bgp 100
#
配置IBGP对等体3.3.3.9为VPNv4对等体。
[PE1-bgp]
peer 3.3.3.9 as-number 100
[PE1-bgp]
peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp]
ipv4-family vpnv4
[PE1-bgp-af-vpnv4]
peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4]
quit
#
将直连路由引入vpn1的VPN路由表。
[PE1]
bgp 100
[PE1-bgp]
ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]
import-route direct
[PE1-bgp-vpn1]
quit
2、配置ASBR-PE
1
#
在ASBR-PE 1上运行IS-IS。
<ASBR-PE1>
system-view
[ASBR-PE1]
isis 1
[ASBR-PE1-isis-1]
network-entity 10.222.222.222.222.00
[ASBR-PE1-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[ASBR-PE1]
mpls lsr-id 3.3.3.9
[ASBR-PE1]
mpls
[ASBR-PE1-mpls]
lsp-trigger all
[ASBR-PE1-mpls]
label advertise non-null
[ASBR-PE1-mpls]
quit
[ASBR-PE1]
mpls ldp
[ASBR-PE1-mpls-ldp]
quit
#
配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[ASBR-PE1]
interface POS
[ASBR-PE1-POS2/1/1]
clock master
[ASBR-PE1-POS2/1/1]
ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-POS2/1/1]
isis enable 1
[ASBR-PE1-POS2/1/1]
mpls
[ASBR-PE1-POS2/1/1]
mpls ldp
[ASBR-PE1-POS2/1/1]
quit
#
配置接口POS2/1/2,使能MPLS。
[ASBR-PE1]
interface POS
[ASBR-PE1-POS2/1/2]
clock master
[ASBR-PE1-POS2/1/2]
ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-POS2/1/2]
mpls
[ASBR-PE1-POS2/1/2]
quit
#
创建Loopback0接口,并运行IS-IS。
[ASBR-PE1]
interface loopback 0
[ASBR-PE1-LoopBack0]
ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0]
isis enable 1
[ASBR-PE1-LoopBack0]
quit
#
在ASBR-PE 1上运行BGP。
[ASBR-PE1]
bgp 100
[ASBR-PE1-bgp]
peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp]
peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp]
peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp]
peer 11.0.0.1 connect-interface POS
#
不对接收的VPNv4路由进行Import VPN-target过滤。
[ASBR-PE1-bgp]
ipv4-family vpnv4
[ASBR-PE1-bgp-af-vpnv4]
undo policy vpn-target
#
将IBGP对等体2.2.2.9和EBGP对等体11.0.0.1都配置为VPNv4对等体。
[ASBR-PE1-bgp-af-vpnv4]
peer 11.0.0.1 enable
[ASBR-PE1-bgp-af-vpnv4]
peer 2.2.2.9 enable
[ASBR-PE1-bgp-af-vpnv4]
quit
3、配置ASBR-PE 2
#
在ASBR-PE 2上运行IS-IS。
<ASBR-PE2>
system-view
[ASBR-PE2]
[ASBR-PE2-isis-1]
network-entity 10.222.222.222.222.00
[ASBR-PE2-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[ASBR-PE2]
mpls lsr-id 4.4.4.9
[ASBR-PE2]
mpls
[ASBR-PE2-mpls]
lsp-trigger all
[ASBR-PE2-mpls]
label advertise non-null
[ASBR-PE2-mpls]
quit
[ASBR-PE2]
mpls ldp
[ASBR-PE2-mpls-ldp]
quit
#
配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[ASBR-PE2]
interface POS
[ASBR-PE2-POS2/1/1]
clock master
[ASBR-PE2-POS2/1/1]
ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-POS2/1/1]
isis enable 1
[ASBR-PE2-POS2/1/1]
mpls
[ASBR-PE2-POS2/1/1]
mpls ldp
[ASBR-PE2-POS2/1/1]
quit
#
配置接口POS2/1/2,使能MPLS。
[ASBR-PE2]
interface POS
[ASBR-PE2-POS2/1/2]
ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-POS2/1/2]
mpls
[ASBR-PE2-POS2/1/2]
quit
#
创建Loopback0接口,并运行IS-IS。
[ASBR-PE2]
interface loopback 0
[ASBR-PE2-LoopBack0]
ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0]
[ASBR-PE2-LoopBack0]
quit
#
在ASBR-PE 2上运行BGP。
[ASBR-PE2]
bgp 600
[ASBR-PE2-bgp]
peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp]
peer 11.0.0.2 connect-interface POS
[ASBR-PE2-bgp]
peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp]
peer 5.5.5.9 connect-interface loopback 0
#
不对接收的VPNv4路由进行Import VPN-target过滤。
[ASBR-PE2-bgp]
ipv4-family vpnv4
[ASBR-PE2-bgp-af-vpnv4]
undo policy vpn-target
#
将IBGP对等体5.5.5.9和EBGP对等体11.0.0.2都配置为VPNv4对等体。
[ASBR-PE2-bgp-af-vpnv4]
peer 11.0.0.2 enable
[ASBR-PE2-bgp-af-vpnv4]
peer 5.5.5.9 enable
[ASBR-PE2-bgp-af-vpnv4]
quit
[ASBR-PE2-bgp]
quit
4、配置PE
2
#
在PE 2上运行IS-IS。
<PE2>
system-view
[PE2]
isis 1
[PE2-isis-1]
network-entity 10.111.111.111.111.00
[PE2-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[PE2]
mpls lsr-id 5.5.5.9
[PE2]
mpls
[PE2-mpls]
lsp-trigger all
[PE2-mpls]
label advertise non-null
[PE2-mpls]
quit
[PE2]
mpls ldp
[PE2-mpls-ldp]
quit
#
配置接口POS2/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[PE2]
interface POS
[PE2-POS2/1/1]
ip address 9.1.1.2 255.0.0.0
[PE2-POS2/1/1]
isis enable 1
[PE2-POS2/1/1]
mpls
[PE2-POS2/1/1]
mpls ldp
[PE2-POS2/1/1]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[PE2]
interface loopback 0
[PE2-LoopBack0]
ip address 5.5.5.9 32
[PE2-LoopBack0]
isis enable 1
[PE2-LoopBack0]
quit
#
创建一个VPN实例,名为vpn1,配置RD和VPN Target属性。
[PE2]
ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]
route-distinguisher 12:12
[PE2-vpn-instance-vpn1]
vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1]
vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1]
quit
#
将连接CE 1的接口绑定到创建的VPN实例。
[PE2]
interface GigabitEthernet
[PE2-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE2-GigabitEthernet4/1/1]
ip address 20.0.0.1 8
[PE2-GigabitEthernet4/1/1]
quit
#
在PE 2上运行BGP。
[PE2]
bgp 600
#
配置IBGP对等体4.4.4.9为VPNv4对等体。
[PE2-bgp]
peer 4.4.4.9 as-number 600
[PE2-bgp]
peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp]
ipv4-family vpnv4
[PE2-bgp-af-vpnv4]
peer 4.4.4.9 enable
[PE2-bgp-af-vpnv4]
quit
#
将直连路由引入vpn1的VPN路由表。
[PE2-bgp]
ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]
import-route direct
[PE2-bgp-vpn1]
quit
[PE2-bgp]
quit
配置完成后,在PE2上对PE1进行Ping操作,可以Ping通:
[PE2]
ping –vpn-instance vpn1 30.0.0.1
在PE1上对PE2进行Ping操作,也可以Ping通:
[PE1]
ping –vpn-instance vpn1 20.0.0.1
1、PE 1
配置
#
ip
vpn-instance vpn1
route-distinguisher
11:11
vpn-target
1:1 2:2 3:3 import-extcommunity
vpn-target
3:3 export-extcommunity
#
mpls
lsr-id 2.2.2.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.111.111.111.111.00
#
interface
pos
link-protocol
ppp
ip
address 1.1.1.2 255.0.0.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
#
interface
GigabitEthernet4/1/1
ip
binding vpn-instance vpn1
ip
address 30.0.0.1 255.0.0.0
#
bgp
100
peer
3.3.3.9 as-number 100
peer
3.3.3.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
3.3.3.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#
2、ASBR
– PE 1 配置
#
mpls
lsr-id 3.3.3.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.222.222.222.222.00
#
interface
pos
clock
master
link-protocol
ppp
ip
address 1.1.1.1 255.0.0.0
mpls
mpls
ldp
#
interface
pos
clock
master
link-protocol
ppp
ip
address 11.0.0.2 255.0.0.0
mpls
#
interface
loopback 0
ip
address 3.3.3.9 255.255.255.255
#
bgp
100
peer
2.2.2.9 as-number 100
peer
11.0.0.1 as-number 600
peer
2.2.2.9 connect-interface loopback 0
peer
11.0.0.1 connect-interface POS
#
ipv4-family
vpnv4
undo
policy vpn-target
peer
2.2.2.9 enable
peer
11.0.0.1 enable
#
#
mpls
lsr-id 4.4.4.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.222.222.222.222.00
#
interface
pos
clock
master
link-protocol
ppp
ip
address 9.1.1.1 255.0.0.0
mpls
mpls
ldp
#
interface
pos
link-protocol
ppp
ip
address 11.0.0.2 255.0.0.0
mpls
#
interface
loopback 0
ip
address 4.4.4.9 255.255.255.255
#
bgp
600
peer
5.5.5.9 as-number 600
peer
11.0.0.2 as-number 100
peer
5.5.5.9 connect-interface loopback 0
peer
11.0.0.2 connect-interface POS
#
ipv4-family
vpnv4
undo policy
vpn-target
peer
5.5.5.9 enable
peer
11.0.0.2 enable
#
#
ip
vpn-instance vpn1
route-distinguisher
12:12
vpn-target
3:3 export-extcommunity
vpn-target
1:1 2:2 3:3 import-extcommunity
#
mpls
lsr-id 5.5.5.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.111.111.111.111.00
#
interface
pos
link-protocol
ppp
ip
address 9.1.1.2 255.0.0.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 5.5.5.9 255.255.255.255
#
interface
GigabitEthernet4/1/1
ip
binding vpn-instance vpn1
ip
address 20.0.0.1 255.0.0.0
#
bgp
600
peer
4.4.4.9 as-number 600
peer
4.4.4.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
4.4.4.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#