好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.5 运营商的运营商典型配置举例

 

组网需求

二级运营商向自己的客户提供MPLS L3VPN服务。

6 中:

l                            PE 1PE 2是一级运营商骨干网的PE设备;

l                            CE 1CE 2是二级运营商的设备,作为CE接入一级运营商的骨干网;

l                            PE 3PE 4是二级运营商的设备,为二级运营商的客户提供接入;

l                            CE 3CE 4是二级运营商的客户。

运营商的运营商的配置关键在于理解两类路由的交换过程,即:

l                            二级运营商VPN内部路由在一级运营商骨干网上的交换:一级运营商将二级运营商作为自己的CE接入;

l                            二级运营商本身客户的VPN路由在二级运营商PE设备间的交换:需要在二级运营商PE设备(PE 3PE 4)间建立MP-IBGP对等体关系。

组网图

 

配置步骤

 

1、配置一级运营商骨干网的MPLS L3VPN

使用IS-IS作为骨干网的IGP协议,PE 1和PE 2之间使能LDP,并建立MP-IBGP对等体关系,配置一级运营上的MPLS L3VPN

 

# 配置PE 1。

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls

[PE1-mpls] lsp-trigger all

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface POS 2/1/2

[PE1-POS2/1/2] clock master

[PE1-POS2/1/2] ip address 30.1.1.1 24

[PE1-POS2/1/2] isis enable 1

[PE1-POS2/1/2] mpls

[PE1-POS2/1/2] mpls ldp

[PE1-POS2/1/2] mpls ldp transport-address interface

[PE1-POS2/1/2] quit

[PE1] bgp 100

[PE1-bgp] peer 4.4.4.9 as-number 100

[PE1-bgp] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-af-vpnv4] quit

[PE1-bgp] quit

 

&  说明:

PE 2的配置与PE 1类似,配置过程省略。

 

配置完成后,在PE 1或PE 2上执行display mpls ldp session命令可以看到LDP会话建立成功;执行display bgp peer命令可以看到BGP对等体关系已建立,并达到Established状态;执行display isis peer命令可以看到IS-IS邻居关系已建立,状态为up。

 

PE 1为例:

[PE1] display mpls ldp session

               LDP Session(s) in Public Network

 ----------------------------------------------------------------

 Peer-ID        Status        LAM  SsnRole  FT   MD5  KA-Sent/Rcv

 ----------------------------------------------------------------

 4.4.4.9:0      Operational   DU   Active   Off  Off  378/378

 ----------------------------------------------------------------

 LAM : Label Advertisement Mode         FT  : Fault Tolerance

 

[PE1] display bgp peer

 BGP local router ID : 3.3.3.9

 Local AS number : 100

 Total number of peers : 1          Peers in established state : 1

  Peer        V  AS  MsgRcvd  MsgSent  OutQ  PrefRcv  Up/Down  State

  4.4.4.9     4 100      162      145     0        0  02:12:47 Established

[PE1] display isis peer

                          Peer information for ISIS(1)

                          ----------------------------

  System Id    Interface   Circuit Id    State HoldTime Type   PRI

0000.0000.0005 POS2/1/2           001       Up   29s      L1L2   --

 

2、配置二级运营商网络

使用IS-IS作为IGP协议,PE 3和CE 1、PE 4和CE 2之间分别使能LDP

 

# 配置PE 3。

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls

[PE3-mpls] lsp-trigger all

[PE3-mpls] quit

[PE3] mpls ldp

[PE3-mpls-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface POS 2/1/2

[PE3-POS2/1/2] ip address 10.1.1.1 24

[PE3-POS2/1/2] isis enable 2

[PE3-POS2/1/2] mpls

[PE3-POS2/1/2] mpls ldp

[PE3-POS2/1/2] mpls ldp transport-address interface

[PE3-POS2/1/2] quit

 

# 配置CE 1。

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls

[CE1-mpls] lsp-trigger all

[CE1-mpls] quit

[CE1] mpls ldp

[CE1-mpls-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface POS 2/1/1

[CE1-POS2/1/1] clock master

[CE1-POS2/1/1] ip address 10.1.1.2 24

[CE1-POS2/1/1] isis enable 2

[CE1-POS2/1/1] mpls

[CE1-POS2/1/1] mpls ldp

[CE1-POS2/1/1] mpls ldp transport-address interface

[CE1-POS2/1/1] quit

 

配置完成后,PE 3和CE 1之间应能建立LDP和IS-IS邻居关系。

 

&  说明:

PE 4和CE 2之间的配置与PE 3和CE 1之间的配置类似,配置过程省略。

 

3、配置二级运营商CE接入到一级运营商的PE

# 配置PE1,并引入IS-IS路由。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] mpls ldp vpn-instance vpn1

[PE1-mpls-ldp-vpn-instance-vpn1] quit

[PE1] isis 2 vpn-instance vpn1

[PE1-isis-2] network-entity 10.0000.0000.0000.0003.00

[PE1-isis-2] import-route bgp

[PE1-isis-2] quit

[PE1] interface pos POS2/1/1

[PE1-POS2/1/1] clock master

[PE1-POS2/1/1] ip binding vpn-instance vpn1

[PE1-POS2/1/1] ip address 11.1.1.2 24

[PE1-POS2/1/1] isis enable 2

[PE1-POS2/1/1] mpls

[PE1-POS2/1/1] mpls ldp

[PE1-POS2/1/1] mpls ldp transport-address interface

[PE1-POS2/1/1] quit

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1] import isis 2

[PE1-bgp-vpn1] quit

[PE1-bgp] quit

 

# 配置CE1。

[CE1] interface POS2/1/2

[CE1-POS2/1/2] ip address 11.1.1.1 24

[CE1-POS2/1/2] isis enable 2

[CE1-POS2/1/2] mpls

[CE1-POS2/1/2] mpls ldp

[CE1-POS2/1/2] mpls ldp transport-address interface

[CE1-POS2/1/2] quit

 

配置完成后,PE 1和CE 1之间应能建立LDP和IS-IS邻居关系。

 

&  说明:

PE 2和CE 2之间的配置与PE 1和CE 1之间的配置类似,配置过程省略。

 

4、配置二级运营商的客户接入PE

# 配置CE 3。

<CE3> system-view

[CE3] interface GigabitEthernet 4/1/1

[CE3-GigabitEthernet4/1/1] ip address 100.1.1.1 24

[CE3-GigabitEthernet4/1/1] quit

[CE3] bgp 65410

[CE3-bgp] peer 100.1.1.2 as-number 100

[CE3-bgp] import-route direct

[CE3-bgp] quit

 

# 配置PE3。

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 1:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface GigabitEthernet 4/1/1

[PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE3-GigabitEthernet4/1/1] ip address 100.1.1.2 24

[PE3-GigabitEthernet4/1/1] quit

[PE3] bgp 100

[PE3-bgp] ipv4-family vpn-instance vpn1

[PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410

[PE3-bgp-vpn1] import-route direct

[PE3-bgp-vpn1] quit

[PE3-bgp] quit

 

&  说明:

PE 4和CE 4之间的配置与PE 3和CE 3之间的配置类似,配置过程省略。

 

5、在二级运营商的PE之间建立MP-IBGP对等体关系,交换二级运营商的客户的VPN路由

# 配置PE 3。

[PE3] bgp 100

[PE3-bgp] peer 6.6.6.9 as-number 100

[PE3-bgp] peer 6.6.6.9 connect-interface loopback 0

[PE3-bgp] ipv4-family vpnv4

[PE3-bgp-af-vpnv4] peer 6.6.6.9 enable

[PE3-bgp-af-vpnv4] quit

[PE3-bgp] quit

&  说明:

PE 4的配置与PE 3类似,配置过程省略。

 

结果检验

所有配置完成后,在PE 1和PE 2上执行display ip routing-table命令,可以看到PE 1和PE 2的公网路由表中只有一级运营商网络的路由。以PE 1为例:

[PE1] display ip routing-table

Routing Tables: Public

         Destinations : 7        Routes : 7

Destination/Mask    Proto  Pre  Cost    NextHop      Interface

3.3.3.9/32          Direct 0    0       127.0.0.1    InLoop0

4.4.4.9/32          ISIS   15   10      30.1.1.2     POS2/1/2

30.1.1.0/24         Direct 0    0       30.1.1.1     POS2/1/2

30.1.1.1/32         Direct 0    0       127.0.0.1    InLoop0

30.1.1.2/32         Direct 0    0       30.1.1.2     POS2/1/2

127.0.0.0/8         Direct 0    0       127.0.0.1    InLoop0

127.0.0.1/32        Direct 0    0       127.0.0.1    InLoop0

 

PE 1和PE 2上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有二级运营商网络的内部路由,但没有二级运营商维护的VPN路由。以PE 1为例:

[PE1] display ip routing-table vpn-instance vpn1

Routing Tables: vpn1

         Destinations : 11        Routes : 11

Destination/Mask    Proto  Pre  Cost    NextHop       Interface

1.1.1.9/32          ISIS   15   20      11.1.1.1      POS2/1/1

2.2.2.9/32          ISIS   15   10      11.1.1.1      POS2/1/1

5.5.5.9/32          BGP    255  0       4.4.4.9       NULL0

6.6.6.9/32          BGP    255  0       4.4.4.9       NULL0

10.1.1.0/24         ISIS   15   20      11.1.1.1      POS2/1/1

11.1.1.0/24         Direct 0    0       11.1.1.1      POS2/1/1

11.1.1.1/32         Direct 0    0       127.0.0.1     InLoop0

11.1.1.2/32         Direct 0    0       11.1.1.2      POS2/1/1

20.1.1.0/24         BGP    255  0       4.4.4.9       NULL0

21.1.1.0/24         BGP    255  0       4.4.4.9       NULL0

21.1.1.2/32         BGP    255  0       4.4.4.9       NULL0

 

CE 1和CE 2上执行display ip routing-table命令,可以看到公网路由表中有二级运营商网络的内部路由,但没有二级运营商维护的VPN路由。以CE 1为例:

[CE1] display ip routing-table

Routing Tables: Public

         Destinations : 16       Routes : 16

Destination/Mask    Proto  Pre  Cost   NextHop         Interface

1.1.1.9/32          ISIS   15   10     10.1.1.2        POS2/1/1

2.2.2.9/32          Direct 0    0      127.0.0.1       InLoop0

5.5.5.9/32          ISIS   15   74     11.1.1.2        POS2/1/2

6.6.6.9/32          ISIS   15   74     11.1.1.2        POS2/1/2

10.1.1.0/24         Direct 0    0      10.1.1.2        POS2/1/1

10.1.1.1/32         Direct 0    0      10.1.1.1        POS2/1/1

10.1.1.2/32         Direct 0    0      127.0.0.1       InLoop0

11.1.1.0/24         Direct 0    0      11.1.1.1        POS2/1/2

11.1.1.1/32         Direct 0    0      127.0.0.1       InLoop0

11.1.1.2/32         Direct 0    0      11.1.1.2        POS2/1/2

20.1.1.0/24         ISIS   15   74     11.1.1.2        POS2/1/2

21.1.1.0/24         ISIS   15   74     11.1.1.2        POS2/1/2

21.1.1.2/32         ISIS   15   74     11.1.1.2        POS2/1/2

127.0.0.0/8         Direct 0    0      127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0      127.0.0.1       InLoop0

 

PE 3和PE 4上执行display ip routing-table命令,可以看到公网路由表中有二级运营商网络的内部路由。以PE 3为例:

[PE3] display ip routing-table

Routing Tables: Public

         Destinations : 11       Routes : 11

Destination/Mask    Proto  Pre  Cost   NextHop         Interface

1.1.1.9/32          Direct 0    0      127.0.0.1       InLoop0

2.2.2.9/32          ISIS   15   10     10.1.1.2        POS2/1/2

5.5.5.9/32          ISIS   15   84     10.1.1.2        POS2/1/2

6.6.6.9/32          ISIS   15   84     10.1.1.2        POS2/1/2

10.1.1.0/24         Direct 0    0      10.1.1.1        POS2/1/2

10.1.1.1/32         Direct 0    0      127.0.0.1       InLoop0

10.1.1.2/32         Direct 0    0      10.1.1.2        POS2/1/2

11.1.1.0/24         ISIS   15   20     10.1.1.2        POS2/1/2

20.1.1.0/24         ISIS   15   84     10.1.1.2        POS2/1/2

21.1.1.0/24         ISIS   15   84     10.1.1.2        POS2/1/2

21.1.1.2/32         ISIS   15   84     10.1.1.2        POS2/1/2

127.0.0.0/8         Direct 0    0      127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0      127.0.0.1       InLoop0

 

PE 3和PE 4上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有远端VPN客户的路由。以PE 3为例:

[PE3] display ip routing-table vpn-instance vpn1

Routing Tables: vpn1

         Destinations : 3        Routes : 3

Destination/Mask    Proto  Pre  Cost    NextHop        Interface

100.1.1.0/24        Direct 0    0       100.1.1.2      GE4/1/1

100.1.1.2/32        Direct 0    0       127.0.0.1      InLoop0

120.1.1.0/24        BGP    255  0       6.6.6.9        NULL0

 

PE 3和PE 4可以相互Ping通:

[PE3] ping 20.1.1.2

  PING 20.1.1.2: 56  data bytes, press CTRL_C to break

    Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=252 time=127 ms

    Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=252 time=97 ms

    Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=252 time=83 ms

    Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=252 time=70 ms

    Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms

 

  --- 20.1.1.2 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 60/87/127 ms

 

CE 3和CE 4可以互相Ping通。

[CE3] ping 120.1.1.1

  PING 120.1.1.1: 56  data bytes, press CTRL_C to break

    Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms

    Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms

    Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms

    Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms

    Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms

 

  --- 120.1.1.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 69/90/105 ms

 

配置文件

1、PE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 200:1

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

#

mpls lsr-id 3.3.3.9

#

mpls

lsp-trigger all

#

mpls ldp

#

mpls ldp vpn-instance vpn1

#

isis 1

 network-entity 10.0000.0000.0000.0004.00

#

isis 2 vpn-instance vpn1

 network-entity 10.0000.0000.0000.0003.00

 import-route bgp

#

interface pos 2/1/1

clock master

link-protocol ppp

ip binding vpn-instance vpn1

ip address 11.1.1.2 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface pos 2/1/2

clock master

link-protocol ppp

ip address 30.1.1.1 255.255.255.0

isis enable 1

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 3.3.3.9 255.255.255.255

isis enable 1

#

bgp 100

 peer 4.4.4.9 as-number 100

peer 4.4.4.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 4.4.4.9 enable

#

ipv4-family vpn-instance vpn1

import-route isis 2

 

#

2、PE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 200:1

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

#

mpls lsr-id 4.4.4.9

#

mpls

lsp-trigger all

#

mpls ldp

#

mpls ldp vpn-instance vpn1

#

isis 1

 network-entity 10.0000.0000.0000.0005.00

#

isis 2 vpn-instance vpn1

 network-entity 10.0000.0000.0000.0006.00

#

interface pos 2/1/1

link-protocol ppp

ip address 30.1.1.2 255.255.255.0

isis enable 1

mpls

mpls ldp

mpls ldp transport-address interface

#

interface pos 2/1/2

 clock master

link-protocol ppp

ip binding vpn-instance vpn1

ip address 21.1.1.1 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 4.4.4.9 255.255.255.255

isis enable 1

#

bgp 100

 peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 3.3.3.9 enable

#

ipv4-family vpn-instance vpn1

import-route isis 2

#

3PE 3 配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

#

mpls lsr-id 1.1.1.9

#

mpls

lsp-trigger all

#

mpls ldp

#

isis 2

 network-entity 10.0000.0000.0000.0001.00

#

interface pos 2/1/2

link-protocol ppp

ip address 10.1.1.1 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 1.1.1.9 255.255.255.255

isis enable 2

#

interface GigabitEthernet 4/1/1

ip binding vpn-instance vpn1

ip address 100.1.1.2 255.255.255.0

#

bgp 100

 peer 6.6.6.9 as-number 100

peer 6.6.6.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 6.6.6.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

peer 100.1.1.1 as-number 65410

#

4PE 4 配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

#

mpls lsr-id 6.6.6.9

#

mpls

lsp-trigger all

#

mpls ldp

#

isis 2

 network-entity 10.0000.0000.0000.0008.00

#

interface pos 2/1/2

link-protocol ppp

ip address 20.1.1.2 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 6.6.6.9 255.255.255.255

isis enable 2

#

interface GigabitEthernet 4/1/1

ip binding vpn-instance vpn1

ip address 120.1.1.2 255.255.255.0

#

bgp 100

 peer 1.1.1.9 as-number 100

peer 1.1.1.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 1.1.1.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

peer 120.1.1.1 as-number 65420

#

5CE 1 配置

#

mpls lsr-id 2.2.2.9

#

mpls

lsp-trigger all

#

mpls ldp

#

isis 2

 network-entity 10.0000.0000.0000.0002.00

#

interface pos 2/1/1

clock master

link-protocol ppp

ip address 10.1.1.2 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface pos 2/1/2

link-protocol ppp

ip address 11.1.1.1 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

isis enable 2

#

6CE 2 配置

#

mpls lsr-id 5.5.5.9

#

mpls

lsp-trigger all

#

mpls ldp

#

isis 2

 network-entity 10.0000.0000.0000.0007.00

#

interface pos 2/1/1

link-protocol ppp

ip address 21.1.1.2 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface pos 2/1/2

 clock master

link-protocol ppp

ip address 20.1.1.1 255.255.255.0

isis enable 2

mpls

mpls ldp

mpls ldp transport-address interface

#

interface loopback 0

ip address 5.5.5.9 255.255.255.255

isis enable 2

 

7CE 3 配置

#

interface GigabitEthernet 4/1/1

ip address 100.1.1.1 24

#

bgp 65410

import-route direct

peer 100.1.1.2 as-number 100

#

8、CE 4 配置

#

interface GigabitEthernet 4/1/1

ip address 120.1.1.1 24

#

bgp 65420

import-route direct

peer 120.1.1.2 as-number 100

#

 

 

 

 

 

X Close
X Close