6.1.4
跨域VPN-OptionC方式典型配置举例
l
Site 1和Site 2属于同一个VPN,Site 1通过AS 100的PE 1接入,Site 2通过AS 600的PE 2接入;
l
同一自治系统内的PE设备之间运行IS-IS作为IGP;
l
PE 1与ASBR-PE 1间通过MP-IBGP交换标签IPv4路由;
l
PE 2与ASBR-PE 2间通过MP-IBGP交换标签IPv4路由;
l
PE 1与PE 2建立MP-EBGP对等体;
l
ASBR-PE
1和ASBR-PE 2上分别配置路由策略,对从对方接收的路由压入标签;
l
ASBR-PE
1与ASBR-PE 2间通过MP-EBGP交换标签IPv4路由。
#
在PE 1上运行IS-IS。
<PE1>
system-view
[PE1]
[PE1-isis-1]
network-entity 10.111.111.111.111.00
[PE1-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[PE1]
mpls lsr-id 2.2.2.9
[PE1]
mpls
[PE1-mpls]
lsp-trigger all
[PE1-mpls]
label advertise non-null
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
#
配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[PE1]
interface POS 4/1/1
[PE1-POS4/1/1]
ip address 1.1.1.2 255.0.0.0
[PE1-POS4/1/1]
isis enable 1
[PE1-POS4/1/1]
mpls
[PE1-POS4/1/1]
mpls ldp
[PE1-POS4/1/1]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[PE1]
interface loopback 0
[PE1-LoopBack0]
ip address 2.2.2.9 32
[PE1-LoopBack0]
isis enable 1
[PE1-LoopBack0]
quit
#
创建VPN实例,名称为vpn1,为其配置RD和VPN Target属性。
[PE1]
ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]
route-distinguisher 11:11
[PE1-vpn-instance-vpn1]
vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1]
vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1]
quit
#
创建Loopback1接口,并将此接口绑定到vpn1。
[PE1]
interface loopback 1
[PE1-LoopBack1]
ip binding vpn-instance vpn1
[PE1-LoopBack1]
ip address 30.0.0.1 32
[PE1-LoopBack1]
quit
#
在PE 1上运行BGP。
[PE1]
bgp 100
#
配置PE 1向IBGP对等体3.3.3.9发布标签路由及从3.3.3.9接收标签路由的能力。
[PE1-bgp]
peer 3.3.3.9 as-number 100
[PE1-bgp]
peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp]
peer 3.3.3.9 label-route-capability
#
配置PE 1到EBGP对等体5.5.5.9的最大跳数为10。
[PE1-bgp]
peer 5.5.5.9 as-number 600
[PE1-bgp]
peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp]
peer 5.5.5.9 ebgp-max-hop 10
#
配置对等体5.5.5.9作为VPNv4对等体。
[PE1-bgp]
ipv4-family vpnv4
[PE1-bgp-af-vpnv4]
peer 5.5.5.9 enable
[PE1-bgp-af-vpnv4]
quit
#
将直连路由引入到vpn1的路由表。
[PE1-bgp]
ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]
import-route direct
[PE1-bgp-vpn1]
quit
[PE1-bgp]
quit
#
在ASBR-PE1上运行IS-IS。
<ASBR-PE1>
system-view
[ASBR-PE1]
[ASBR-PE1-isis-1]
network-entity 10.222.222.222.222.00
[ASBR-PE1-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[ASBR-PE1]
mpls lsr-id 3.3.3.9
[ASBR-PE1]
mpls
[ASBR-PE1-mpls]
lsp-trigger all
[ASBR-PE1-mpls]
label advertise non-null
[ASBR-PE1-mpls]
quit
[ASBR-PE1]
mpls ldp
[ASBR-PE1-mpls-ldp]
quit
#
配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[ASBR-PE1]
interface POS
[ASBR-PE1-POS4/1/1]
clock master
[ASBR-PE1-POS4/1/1]
ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-POS4/1/1]
isis enable 1
[ASBR-PE1-POS4/1/1]
mpls
[ASBR-PE1-POS4/1/1]
mpls ldp
[ASBR-PE1-POS4/1/1]
quit
#
配置接口POS4/1/2,并在接口上使能MPLS。
[ASBR-PE1]
interface POS
[ASBR-PE1-POS4/1/2]
clock master
[ASBR-PE1-POS4/1/2]
ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-POS4/1/2]
mpls
[ASBR-PE1-POS4/1/2]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[ASBR-PE1]
interface loopback 0
[ASBR-PE1-LoopBack0]
ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0]
[ASBR-PE1-LoopBack0]
quit
#
创建路由策略。
[ASBR-PE1]
route-policy policy1 permit node 1
[ASBR-PE1-route-policy1]
apply mpls-label
[ASBR-PE1-route-policy1]
quit
[ASBR-PE1]
route-policy policy2 permit node 1
[ASBR-PE1-route-policy2]
if-match mpls-label
[ASBR-PE1-route-policy2]
apply mpls-label
[ASBR-PE1-route-policy2]
quit
#
在ASBR-PE 1上运行BGP,引入IS-IS进程1的路由。
[ASBR-PE1]
bgp 100
[ASBR-PE1-bgp]
import-route
#
对IBGP对等体2.2.2.9发布来的路由应用已配置的路由策略policy2。
[ASBR-PE1-bgp]
peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp]
peer 2.2.2.9 route-policy policy2 export
#
向IBGP对等体2.2.2.9发布标签路由及从2.2.2.9接收标签路由的能力。
[ASBR-PE1-bgp]
peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp]
peer 2.2.2.9 label-route-capability
#
对EBGP对等体11.0.0.1发布来的路由应用已配置的路由策略policy1。
[ASBR-PE1-bgp]
peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp]
peer 11.0.0.1 route-policy policy1 export
#
向EBGP对等体11.0.0.1发布标签路由及从11.0.0.1接收标签路由的能力。
[ASBR-PE1-bgp]
peer 11.0.0.1 label-route-capability
[ASBR-PE1-bgp]
quit
#
在ASBR-PE 2上运行IS-IS。
<ASBR-PE2>
system-view
[ASBR-PE2]
[ASBR-PE2-isis-1]
network-entity 10.222.222.222.222.00
[ASBR-PE2-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[ASBR-PE2]
mpls lsr-id 4.4.4.9
[ASBR-PE2]
mpls
[ASBR-PE2-mpls]
lsp-trigger all
[ASBR-PE2-mpls]
label advertise non-null
[ASBR-PE2-mpls]
quit
[ASBR-PE2]
mpls ldp
[ASBR-PE2-mpls-ldp]
quit
#
配置接口POS4/1/1,在接口上运行IS-IS,并在接口上使能MPLS和LDP。
[ASBR-PE2]
interface POS
[ASBR-PE2-POS4/1/1]
clock master
[ASBR-PE2-POS4/1/1]
ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-POS4/1/1]
isis enable 1
[ASBR-PE2-POS4/1/1]
mpls
[ASBR-PE2-POS4/1/1]
mpls ldp
[ASBR-PE2-POS4/1/1]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[ASBR-PE2]
interface loopback 0
[ASBR-PE2-LoopBack0]
ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0]
[ASBR-PE2-LoopBack0]
quit
#
配置接口POS4/1/2,在接口上使能MPLS。
[ASBR-PE2]
interface POS
[ASBR-PE2-POS4/1/2]
ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-POS4/1/2]
mpls
[ASBR-PE2-POS4/1/2]
quit
#
创建路由策略。
[ASBR-PE2]
route-policy policy1 permit node 1
[ASBR-PE2-route-policy1]
apply mpls-label
[ASBR-PE2-route-policy1]
quit
[ASBR-PE2]
route-policy policy2 permit node 1
[ASBR-PE2-route-policy2]
if-match mpls-label
[ASBR-PE2-route-policy2]
apply mpls-label
[ASBR-PE2-route-policy2]
quit
#
在ASBR-PE 2上运行BGP,引入IS-IS进程1的路由。
[ASBR-PE2]
bgp 600
[ASBR-PE2-bgp]
import-route
#
向IBGP对等体5.5.5.9发布标签路由及从5.5.5.9接收标签路由的能力。
[ASBR-PE2-bgp]
peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp]
peer 5.5.5.9 connect-interface loopback 0
[ASBR-PE2-bgp]
peer 5.5.5.9 label-route-capability
#
对IBGP对等体5.5.5.9发布来的路由应用已配置的路由策略policy2。
[ASBR-PE2-bgp]
peer 5.5.5.9 route-policy policy2 export
#
对EBGP对等体11.0.0.2发布来的路由应用已配置的路由策略policy1。
[ASBR-PE2-bgp]
peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp]
peer 11.0.0.2 route-policy policy1 export
#
向EBGP对等体11.0.0.2发布标签路由及从11.0.0.2接收标签路由的能力。
[ASBR-PE2-bgp]
peer 11.0.0.2 label-route-capability
[ASBR-PE2-bgp]
quit
#
在PE 2上运行IS-IS。
<PE2>
system-view
[PE2]
[PE2-isis-1]
network-entity 10.111.111.111.111.00
[PE2-isis-1]
quit
#
配置LSR ID,使能MPLS和LDP。
[PE2]
mpls lsr-id 5.5.5.9
[PE2]
mpls
[PE2-mpls]
lsp-trigger all
[PE2-mpls]
label advertise non-null
[PE2-mpls]
quit
[PE2]
mpls ldp
[PE2-mpls-ldp]
quit
#
配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。
[PE2]
interface POS
[PE2-POS4/1/1]
ip address 9.1.1.2 255.0.0.0
[PE2-POS4/1/1]
isis enable 1
[PE2-POS4/1/1]
mpls
[PE2-POS4/1/1]
mpls ldp
[PE2-POS4/1/1]
quit
#
创建Loopback0接口,在接口上运行IS-IS。
[PE2]
interface loopback 0
[PE2-LoopBack0]
ip address 5.5.5.9 32
[PE2-LoopBack0]
isis enable 1
[PE2-LoopBack0]
quit
#
创建VPN实例,名称为vpn1,为其配置RD和VPN Target属性。
[PE2]
ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]
route-distinguisher 11:11
[PE2-vpn-instance-vpn1]
vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1]
vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1]
quit
#
创建Loopback1接口,并将此接口绑定到vpn1。
[PE2]
interface loopback 1
[PE2-LoopBack1]
ip binding vpn-instance vpn1
[PE2-LoopBack1]
ip address 20.0.0.1 32
[PE2-LoopBack1]
quit
#
在PE 2上运行BGP。
[PE2]
bgp 600
#
配置PE 2向IBGP对等体4.4.4.9发布标签路由及从4.4.4.9接收标签路由的能力。
[PE2-bgp]
peer 4.4.4.9 as-number 600
[PE2-bgp]
peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp]
peer 4.4.4.9 label-route-capability
#
配置PE 2到EBGP对等体2.2.2.9的最大跳数为10。
[PE2-bgp]
peer 2.2.2.9 as-number 100
[PE2-bgp]
peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp]
peer 2.2.2.9 ebgp-max-hop 10
#
配置对等体2.2.2.9作为VPNv4对等体。
[PE2-bgp]
ipv4-family vpnv4
[PE2-bgp-af-vpnv4]
peer 2.2.2.9 enable
[PE2-bgp-af-vpnv4]
quit
#
将直连路由引入vpn1的路由表。
[PE2-bgp]
ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]
import-route direct
[PE2-bgp-vpn1]
quit
[PE2-bgp]
quit
配置完成后,在PE2上对PE1进行Ping操作,可以Ping通:
[PE2]
ping –vpn-instance vpn1 30.0.0.1
在PE1上对PE2进行Ping操作,也可以Ping通:
[PE1]
ping –vpn-instance vpn1 20.0.0.1
1、PE
1 配置
#
ip
vpn-instance vpn1
route-distinguisher
11:11
vpn-target
1:1 2:2 3:3 import-extcommunity
vpn-target
3:3 export-extcommunity
#
mpls
lsr-id 2.2.2.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
isis
1
network-entity
10.111.111.111.111.00
#
interface
pos 2/1/1
link-protocol
ppp
ip
address 1.1.1.2 255.0.0.0
isis
enable 1
mpls
mpls
ldp
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
isis
enable 1
#
interface
loopback 1
ip
binding vpn-instance vpn1
ip
address 30.0.0.1 255.255.255.255
#
bgp
100
peer 3.3.3.9 as-number
100
peer
3.3.3.9 connect-interface loopback 0
peer
3.3.3.9 label-route-capability
peer
5.5.5.9 as-number 600
peer
5.5.5.9 connect-interface loopback 0
peer
5.5.5.9 ebgp-max-hop 10
#
ipv4-family
vpnv4
peer
5.5.5.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#
2、ASBR
– PE 1 配置
#
mpls
lsr-id 3.3.3.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
isis
1
network-entity
10.222.222.222.222.00
#
interface
pos 2/1/1
clock
master
link-protocol
ppp
ip
address 1.1.1.1 255.0.0.0
isis
enable 1
mpls
mpls
ldp
#
interface
pos 2/1/2
clock
master
link-protocol
ppp
ip
address 11.0.0.2 255.0.0.0
mpls
#
interface
loopback 0
ip
address 3.3.3.9 255.255.255.255
isis
enable 1
#
bgp
100
import-route
isis 1
peer
2.2.2.9 as-number 100
peer
2.2.2.9 route-policy policy2 export
peer
2.2.2.9 connect-interface loopback 0
peer
2.2.2.9 label-route-capability
peer
11.0.0.1 as-number 600
peer
11.0.0.1 route-policy policy1 export
peer
11.0.0.1 label-route-capability
#
route-policy
policy1 permit node 1
apply
mpls-label
#
route-policy
policy2 permit node 1
if-match
mpls-label
apply
mpls-label
#
3、ASBR
– PE 2 配置
#
mpls
lsr-id 4.4.4.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.222.222.222.222.00
#
interface
pos
clock
master
link-protocol
ppp
ip
address 9.1.1.1 255.0.0.0
mpls
mpls
ldp
#
interface
pos
link-protocol
ppp
ip
address 11.0.0.2 255.0.0.0
mpls
#
interface
loopback 0
ip
address 4.4.4.9 255.255.255.255
#
bgp
600
import-route
peer
5.5.5.9 as-number 600
peer
5.5.5.9 connect-interface loopback 0
peer
5.5.5.9 label-route-capability
peer
5.5.5.9 route-policy policy2 export
peer
11.0.0.2 as-number 100
peer
11.0.0.2 route-policy policy1 export
peer
11.0.0.2 label-route-capability
#
route-policy
policy1 permit node 1
apply
mpls-label
#
route-policy
policy2 permit node 1
if-match
mpls-label
apply
mpls-label
#
#
ip
vpn-instance vpn1
route-distinguisher
12:12
vpn-target
3:3 export-extcommunity
vpn-target
1:1 2:2 3:3 import-extcommunity
#
mpls
lsr-id 5.5.5.9
#
mpls
label
advertise non-null
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.111.111.111.111.00
#
interface
pos
link-protocol
ppp
ip
address 9.1.1.2 255.0.0.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 5.5.5.9 255.255.255.255
#
interface
loopback 1
ip
binding vpn-instance vpn1
ip
address 20.0.0.1 255.255.255.255
#
bgp
600
peer
4.4.4.9 as-number 600
peer
4.4.4.9 connect-interface loopback 0
peer
4.4.4.9 label-route-capability
peer
2.2.2.9 as-number 100
peer
2.2.2.9 connect-interface loopback 0
peer
2.2.2.9 ebgp-max-hop 10
#
ipv4-family
vpnv4
peer
2.2.2.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#