6.1.5
运营商的运营商典型配置举例
二级运营商向自己的客户提供MPLS L3VPN服务。
在 图6 中:
l
PE 1和PE 2是一级运营商骨干网的PE设备;
l
CE 1和CE 2是二级运营商的设备,作为CE接入一级运营商的骨干网;
l
PE 3和PE 4是二级运营商的设备,为二级运营商的客户提供接入;
l
CE 3和CE 4是二级运营商的客户。
运营商的运营商的配置关键在于理解两类路由的交换过程,即:
l
二级运营商VPN内部路由在一级运营商骨干网上的交换:一级运营商将二级运营商作为自己的CE接入;
l
二级运营商本身客户的VPN路由在二级运营商PE设备间的交换:需要在二级运营商PE设备(PE 3和PE 4)间建立MP-IBGP对等体关系。
使用IS-IS作为骨干网的IGP协议,PE 1和PE 2之间使能LDP,并建立MP-IBGP对等体关系,配置一级运营上的MPLS
L3VPN
#
配置PE 1。
<PE1>
system-view
[PE1]
interface loopback 0
[PE1-LoopBack0]
ip address 3.3.3.9 32
[PE1-LoopBack0]
quit
[PE1]
mpls lsr-id 3.3.3.9
[PE1]
mpls
[PE1-mpls]
lsp-trigger all
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
[PE1]
[PE1-isis-1]
network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1]
quit
[PE1]
interface loopback 0
[PE1-LoopBack0]
[PE1-LoopBack0]
quit
[PE1]
interface POS 2/1/2
[PE1-POS2/1/2]
clock master
[PE1-POS2/1/2]
ip address 30.1.1.1 24
[PE1-POS2/1/2]
isis enable 1
[PE1-POS2/1/2]
mpls
[PE1-POS2/1/2]
mpls ldp
[PE1-POS2/1/2]
mpls ldp transport-address interface
[PE1-POS2/1/2]
quit
[PE1]
bgp 100
[PE1-bgp]
peer 4.4.4.9 as-number 100
[PE1-bgp]
peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp]
ipv4-family vpnv4
[PE1-bgp-af-vpnv4]
peer 4.4.4.9 enable
[PE1-bgp-af-vpnv4]
quit
[PE1-bgp]
quit
& 说明:
PE
2的配置与PE 1类似,配置过程省略。
配置完成后,在PE 1或PE 2上执行display mpls ldp session命令可以看到LDP会话建立成功;执行display bgp
peer命令可以看到BGP对等体关系已建立,并达到Established状态;执行display isis
peer命令可以看到IS-IS邻居关系已建立,状态为up。
以PE 1为例:
[PE1]
display mpls ldp session
LDP Session(s) in Public Network
----------------------------------------------------------------
Peer-ID
Status
LAM SsnRole FT MD5 KA-Sent/Rcv
----------------------------------------------------------------
4.4.4.9:0 Operational DU Active Off Off 378/378
----------------------------------------------------------------
LAM : Label Advertisement Mode
FT : Fault
Tolerance
[PE1]
display bgp peer
BGP local router ID :
3.3.3.9
Local AS number :
100
Total number of peers : 1
Peers in established state : 1
Peer
V AS MsgRcvd MsgSent OutQ PrefRcv
Up/
4.4.4.9 4 100 162 145 0
0
[PE1]
display
Peer information for
----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
0000.0000.0005
POS2/1/2 001 Up 29s L1L2 --
2、配置二级运营商网络
使用IS-IS作为IGP协议,PE 3和CE 1、PE 4和CE
2之间分别使能LDP
#
配置PE 3。
<PE3>
system-view
[PE3]
interface loopback 0
[PE3-LoopBack0]
ip address 1.1.1.9 32
[PE3-LoopBack0]
quit
[PE3]
mpls lsr-id 1.1.1.9
[PE3]
mpls
[PE3-mpls]
lsp-trigger all
[PE3-mpls]
quit
[PE3]
mpls ldp
[PE3-mpls-ldp]
quit
[PE3]
[PE3-isis-2]
network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2]
quit
[PE3]
interface loopback 0
[PE3-LoopBack0]
[PE3-LoopBack0]
quit
[PE3]
interface POS 2/1/2
[PE3-POS2/1/2]
ip address 10.1.1.1 24
[PE3-POS2/1/2]
isis enable 2
[PE3-POS2/1/2]
mpls
[PE3-POS2/1/2]
mpls ldp
[PE3-POS2/1/2]
mpls ldp transport-address interface
[PE3-POS2/1/2]
quit
#
配置CE 1。
<CE1>
system-view
[CE1]
interface loopback 0
[CE1-LoopBack0]
ip address 2.2.2.9 32
[CE1-LoopBack0]
quit
[CE1]
mpls lsr-id 2.2.2.9
[CE1]
mpls
[CE1-mpls]
lsp-trigger all
[CE1-mpls]
quit
[CE1]
mpls ldp
[CE1-mpls-ldp]
quit
[CE1]
isis 2
[CE1-isis-2]
network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2]
quit
[CE1]
interface loopback 0
[CE1-LoopBack0]
isis enable 2
[CE1-LoopBack0]
quit
[CE1]
interface POS 2/1/1
[CE1-POS2/1/1]
clock master
[CE1-POS2/1/1]
ip address 10.1.1.2 24
[CE1-POS2/1/1]
isis enable 2
[CE1-POS2/1/1]
mpls
[CE1-POS2/1/1]
mpls ldp
[CE1-POS2/1/1]
mpls ldp transport-address interface
[CE1-POS2/1/1]
quit
配置完成后,PE 3和CE 1之间应能建立LDP和IS-IS邻居关系。
& 说明:
PE
4和CE 2之间的配置与PE 3和CE 1之间的配置类似,配置过程省略。
#
配置PE1,并引入IS-IS路由。
[PE1]
ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]
route-distinguisher 200:1
[PE1-vpn-instance-vpn1]
vpn-target 1:1
[PE1-vpn-instance-vpn1]
quit
[PE1]
mpls ldp vpn-instance vpn1
[PE1-mpls-ldp-vpn-instance-vpn1]
quit
[PE1]
isis 2 vpn-instance vpn1
[PE1-isis-2]
network-entity 10.0000.0000.0000.0003.00
[PE1-isis-2]
import-route bgp
[PE1-isis-2]
quit
[PE1]
interface pos POS2/1/1
[PE1-POS2/1/1]
clock master
[PE1-POS2/1/1]
ip binding vpn-instance vpn1
[PE1-POS2/1/1]
ip address 11.1.1.2 24
[PE1-POS2/1/1]
isis enable 2
[PE1-POS2/1/1]
mpls
[PE1-POS2/1/1]
mpls ldp
[PE1-POS2/1/1]
mpls ldp transport-address interface
[PE1-POS2/1/1]
quit
[PE1]
bgp 100
[PE1-bgp]
ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]
import isis 2
[PE1-bgp-vpn1]
quit
[PE1-bgp]
quit
#
配置CE1。
[CE1]
interface POS2/1/2
[CE1-POS2/1/2]
ip address 11.1.1.1 24
[CE1-POS2/1/2]
isis enable 2
[CE1-POS2/1/2]
mpls
[CE1-POS2/1/2]
mpls ldp
[CE1-POS2/1/2]
mpls ldp transport-address interface
[CE1-POS2/1/2]
quit
配置完成后,PE 1和CE 1之间应能建立LDP和IS-IS邻居关系。
& 说明:
PE
2和CE 2之间的配置与PE 1和CE 1之间的配置类似,配置过程省略。
#
配置CE 3。
<CE3>
system-view
[CE3]
interface GigabitEthernet 4/1/1
[CE3-GigabitEthernet4/1/1]
ip address 100.1.1.1 24
[CE3-GigabitEthernet4/1/1]
quit
[CE3]
bgp 65410
[CE3-bgp]
peer 100.1.1.2 as-number 100
[CE3-bgp]
import-route direct
[CE3-bgp]
quit
#
配置PE3。
[PE3]
ip vpn-instance vpn1
[PE3-vpn-instance-vpn1]
route-distinguisher 100:1
[PE3-vpn-instance-vpn1]
vpn-target 1:1
[PE3-vpn-instance-vpn1]
quit
[PE3]
interface GigabitEthernet 4/1/1
[PE3-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE3-GigabitEthernet4/1/1]
ip address 100.1.1.2 24
[PE3-GigabitEthernet4/1/1]
quit
[PE3]
bgp 100
[PE3-bgp]
ipv4-family vpn-instance vpn1
[PE3-bgp-vpn1]
peer 100.1.1.1 as-number 65410
[PE3-bgp-vpn1]
import-route direct
[PE3-bgp-vpn1]
quit
[PE3-bgp]
quit
& 说明:
PE
4和CE 4之间的配置与PE 3和CE 3之间的配置类似,配置过程省略。
5、在二级运营商的PE之间建立MP-IBGP对等体关系,交换二级运营商的客户的VPN路由
#
配置PE 3。
[PE3]
bgp 100
[PE3-bgp]
peer 6.6.6.9 as-number 100
[PE3-bgp]
peer 6.6.6.9 connect-interface loopback 0
[PE3-bgp]
ipv4-family vpnv4
[PE3-bgp-af-vpnv4]
peer 6.6.6.9 enable
[PE3-bgp-af-vpnv4]
quit
[PE3-bgp]
quit
& 说明:
PE
4的配置与PE 3类似,配置过程省略。
所有配置完成后,在PE 1和PE 2上执行display ip routing-table命令,可以看到PE 1和PE
2的公网路由表中只有一级运营商网络的路由。以PE 1为例:
[PE1]
display ip routing-table
Routing
Tables: Public
Destinations : 7
Routes : 7
Destination/Mask Proto Pre Cost NextHop
Interface
3.3.3.9/32
Direct 0 0
127.0.0.1
InLoop0
4.4.4.9/32
ISIS 15 10 30.1.1.2
POS2/1/2
30.1.1.0/24
Direct 0 0 30.1.1.1
POS2/1/2
30.1.1.1/32
Direct 0 0
127.0.0.1
InLoop0
30.1.1.2/32
Direct 0 0
30.1.1.2
POS2/1/2
127.0.0.0/8
Direct 0 0
127.0.0.1
InLoop0
127.0.0.1/32
Direct 0 0
127.0.0.1
InLoop0
在PE 1和PE 2上执行display ip routing-table
vpn-instance命令,可以看到VPN路由表中有二级运营商网络的内部路由,但没有二级运营商维护的VPN路由。以PE
1为例:
[PE1]
display ip routing-table vpn-instance vpn1
Routing
Tables: vpn1
Destinations : 11
Routes : 11
Destination/Mask Proto Pre Cost NextHop
Interface
1.1.1.9/32
ISIS 15 20 11.1.1.1
POS2/1/1
2.2.2.9/32
ISIS 15 10 11.1.1.1
POS2/1/1
5.5.5.9/32
BGP 255 0
4.4.4.9
NULL0
6.6.6.9/32
BGP 255
0 4.4.4.9 NULL0
10.1.1.0/24
ISIS 15 20 11.1.1.1
POS2/1/1
11.1.1.0/24
Direct 0 0
11.1.1.1
POS2/1/1
11.1.1.1/32
Direct 0 0
127.0.0.1
InLoop0
11.1.1.2/32
Direct 0 0 11.1.1.2
POS2/1/1
20.1.1.0/24
BGP 255 0
4.4.4.9
NULL0
21.1.1.0/24
BGP 255
0
4.4.4.9
NULL0
21.1.1.2/32
BGP 255 0
4.4.4.9
NULL0
在CE 1和CE 2上执行display ip
routing-table命令,可以看到公网路由表中有二级运营商网络的内部路由,但没有二级运营商维护的VPN路由。以CE
1为例:
[CE1]
display ip routing-table
Routing
Tables: Public
Destinations : 16 Routes :
16
Destination/Mask Proto Pre Cost NextHop
Interface
1.1.1.9/32
ISIS 15 10 10.1.1.2 POS2/1/1
2.2.2.9/32
Direct 0 0 127.0.0.1
InLoop0
5.5.5.9/32
ISIS 15 74 11.1.1.2
POS2/1/2
6.6.6.9/32
ISIS 15 74 11.1.1.2
POS2/1/2
10.1.1.0/24
Direct 0 0 10.1.1.2 POS2/1/1
10.1.1.1/32
Direct 0 0 10.1.1.1
POS2/1/1
10.1.1.2/32
Direct 0 0 127.0.0.1
InLoop0
11.1.1.0/24
Direct 0 0 11.1.1.1
POS2/1/2
11.1.1.1/32
Direct 0 0 127.0.0.1 InLoop0
11.1.1.2/32
Direct 0 0 11.1.1.2
POS2/1/2
20.1.1.0/24
ISIS 15 74 11.1.1.2
POS2/1/2
21.1.1.0/24
ISIS 15 74 11.1.1.2
POS2/1/2
21.1.1.2/32
ISIS 15 74 11.1.1.2 POS2/1/2
127.0.0.0/8
Direct 0 0 127.0.0.1
InLoop0
127.0.0.1/32
Direct 0 0 127.0.0.1
InLoop0
在PE 3和PE 4上执行display ip routing-table命令,可以看到公网路由表中有二级运营商网络的内部路由。以PE
3为例:
[PE3]
display ip routing-table
Routing
Tables: Public
Destinations : 11 Routes :
11
Destination/Mask Proto Pre Cost NextHop
Interface
1.1.1.9/32
Direct 0 0 127.0.0.1
InLoop0
2.2.2.9/32
ISIS 15 10 10.1.1.2 POS2/1/2
5.5.5.9/32
ISIS 15 84 10.1.1.2
POS2/1/2
6.6.6.9/32
ISIS 15 84 10.1.1.2 POS2/1/2
10.1.1.0/24
Direct 0 0 10.1.1.1 POS2/1/2
10.1.1.1/32
Direct 0 0 127.0.0.1
InLoop0
10.1.1.2/32
Direct 0 0 10.1.1.2
POS2/1/2
11.1.1.0/24
ISIS 15 20 10.1.1.2
POS2/1/2
20.1.1.0/24
ISIS 15 84 10.1.1.2
POS2/1/2
21.1.1.0/24
ISIS 15 84 10.1.1.2
POS2/1/2
21.1.1.2/32
ISIS 15 84 10.1.1.2
POS2/1/2
127.0.0.0/8
Direct 0 0 127.0.0.1
InLoop0
127.0.0.1/32
Direct 0 0 127.0.0.1
InLoop0
在PE 3和PE 4上执行display ip routing-table
vpn-instance命令,可以看到VPN路由表中有远端VPN客户的路由。以PE 3为例:
[PE3]
display ip routing-table vpn-instance vpn1
Routing
Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask Proto Pre Cost NextHop
Interface
100.1.1.0/24
Direct 0 0
100.1.1.2
GE4/1/1
100.1.1.2/32
Direct 0 0
127.0.0.1
InLoop0
120.1.1.0/24
BGP 255 0
6.6.6.9
NULL0
PE
3和PE 4可以相互Ping通:
[PE3]
ping 20.1.1.2
Reply from 20.1.1.2:
bytes=56 Sequence=1 ttl=252 time=127 ms
Reply from 20.1.1.2:
bytes=56 Sequence=2 ttl=252 time=97 ms
Reply from 20.1.1.2:
bytes=56 Sequence=3 ttl=252 time=83 ms
Reply from 20.1.1.2:
bytes=56 Sequence=4 ttl=252 time=70 ms
Reply from 20.1.1.2:
bytes=56 Sequence=5 ttl=252 time=60 ms
--- 20.1.1.2 ping statistics
---
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
round-trip min/avg/max =
60/87/127 ms
CE
3和CE 4可以互相Ping通。
[CE3]
ping 120.1.1.1
Reply from 120.1.1.1:
bytes=56 Sequence=1 ttl=252 time=102 ms
Reply from 120.1.1.1:
bytes=56 Sequence=2 ttl=252 time=69 ms
Reply from 120.1.1.1:
bytes=56 Sequence=3 ttl=252 time=105 ms
Reply from 120.1.1.1:
bytes=56 Sequence=4 ttl=252 time=88 ms
Reply from 120.1.1.1:
bytes=56 Sequence=5 ttl=252 time=87 ms
--- 120.1.1.1 ping statistics
---
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
round-trip min/avg/max =
69/90/105 ms
配置文件
#
ip
vpn-instance vpn1
route-distinguisher
200:1
vpn-target
1:1 import-extcommunity
vpn-target
1:1 export-extcommunity
#
mpls
lsr-id 3.3.3.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
mpls
ldp vpn-instance vpn1
#
network-entity
10.0000.0000.0000.0004.00
#
network-entity
10.0000.0000.0000.0003.00
import-route bgp
#
interface
pos
clock
master
link-protocol
ppp
ip
binding vpn-instance vpn1
ip
address 11.1.1.2 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
pos
clock
master
link-protocol
ppp
ip
address 30.1.1.1 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 3.3.3.9 255.255.255.255
#
bgp
100
peer 4.4.4.9 as-number
100
peer
4.4.4.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
4.4.4.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
#
#
ip
vpn-instance vpn1
route-distinguisher
200:1
vpn-target
1:1 import-extcommunity
vpn-target
1:1 export-extcommunity
#
mpls
lsr-id 4.4.4.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
mpls
ldp vpn-instance vpn1
#
network-entity
10.0000.0000.0000.0005.00
#
network-entity
10.0000.0000.0000.0006.00
#
interface
pos
link-protocol
ppp
ip
address 30.1.1.2 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
pos
clock master
link-protocol
ppp
ip
binding vpn-instance vpn1
ip
address 21.1.1.1 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 4.4.4.9 255.255.255.255
#
bgp
100
peer 3.3.3.9 as-number
100
peer
3.3.3.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
3.3.3.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
#
3、PE 3 配置
#
ip
vpn-instance vpn1
route-distinguisher
100:1
vpn-target
1:1 import-extcommunity
vpn-target
1:1 export-extcommunity
#
mpls
lsr-id 1.1.1.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.0000.0000.0000.0001.00
#
interface
pos
link-protocol
ppp
ip
address 10.1.1.1 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 1.1.1.9 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 100.1.1.2 255.255.255.0
#
bgp
100
peer 6.6.6.9 as-number
100
peer
6.6.6.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
6.6.6.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
100.1.1.1 as-number 65410
#
4、PE 4 配置
#
ip
vpn-instance vpn1
route-distinguisher
100:1
vpn-target
1:1 import-extcommunity
vpn-target
1:1 export-extcommunity
#
mpls
lsr-id 6.6.6.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.0000.0000.0000.0008.00
#
interface
pos
link-protocol
ppp
ip
address 20.1.1.2 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 6.6.6.9 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 120.1.1.2 255.255.255.0
#
bgp
100
peer 1.1.1.9 as-number
100
peer
1.1.1.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
1.1.1.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
120.1.1.1 as-number 65420
#
5、CE 1
配置
#
mpls
lsr-id 2.2.2.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.0000.0000.0000.0002.00
#
interface
pos
clock
master
link-protocol
ppp
ip
address 10.1.1.2 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
pos
link-protocol
ppp
ip
address 11.1.1.1 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
#
6、CE 2
配置
#
mpls
lsr-id 5.5.5.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
network-entity
10.0000.0000.0000.0007.00
#
interface
pos
link-protocol
ppp
ip
address 21.1.1.2 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
pos
clock master
link-protocol
ppp
ip
address 20.1.1.1 255.255.255.0
mpls
mpls
ldp
mpls
ldp transport-address interface
#
interface
loopback 0
ip
address 5.5.5.9 255.255.255.255
7、CE 3
配置
#
interface
GigabitEthernet
ip
address 100.1.1.1 24
#
bgp
65410
import-route
direct
peer
100.1.1.2 as-number 100
#
#
interface
GigabitEthernet
ip
address 120.1.1.1 24
#
bgp
65420
import-route
direct
peer
120.1.1.2 as-number 100
#