6.1.7
OSPF伪连接典型配置举例
l CE 1和CE 2都属于VPN 1,它们分别接入PE 1和PE 2;
l
CE
1和CE 2在同一个OSPF区域中;
l CE 1与CE 2之间的VPN流量通过MPLS骨干网转发,不使用OSPF的区域内路由。
在CE 1、Router A、CE 2上配置普通OSPF,发布 图8
中所示各接口的网段地址。具体配置过程略。
配置完成后,CE 1和CE
2应学到到对端GigabitEthernet接口的OSPF路由。
以CE 1为例:
<CE1>
display ip routing-table
Routing
Tables: Public
Destinations : 9
Routes : 9
Destination/Mask Proto Pre Cost NextHop
Interface
20.1.1.0/24 Direct
0 0
20.1.1.1
POS2/1/2
20.1.1.1/32 Direct
0 0
127.0.0.1
InLoop0
20.1.1.2/32 Direct
0 0
20.1.1.2
POS2/1/2
30.1.1.0/24 OSPF 10 3124 20.1.1.2
POS2/1/2
100.1.1.0/24 Direct 0 0
100.1.1.1
GE4/1/1
100.1.1.1/32 Direct 0 0
127.0.0.1
InLoop0
120.1.1.0/24 OSPF 10 3125 20.1.1.2
POS2/1/2
127.0.0.0/8 Direct
0 0
127.0.0.1
InLoop0
127.0.0.1/32 Direct 0 0
127.0.0.1
InLoop0
2、在骨干网上配置MPLS
L3VPN
#
配置PE 1的MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<PE1>
system-view
[PE1]
interface loopback 0
[PE1-LoopBack0]
ip address 1.1.1.9 32
[PE1-LoopBack0]
quit
[PE1]
mpls lsr-id 1.1.1.9
[PE1]
mpls
[PE1-mpls]
lsp-trigger all
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
[PE1]
interface POS
[PE1-POS2/1/2]
clock master
[PE1-POS2/1/2]
ip address 10.1.1.1 24
[PE1-POS2/1/2]
mpls
[PE1-POS2/1/2]
mpls ldp
[PE1-POS2/1/2]
quit
#
配置PE 1的MP-IBGP对等体为PE2。
[PE1]
bgp 100
[PE1-bgp]
peer 2.2.2.9 as-number 100
[PE1-bgp]
peer 2.2.2.9 connect-interface loopback
0
[PE1-bgp]
ipv4-family vpnv4
[PE1-bgp-af-vpnv4]
peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4]
quit
[PE1-bgp]
quit
#
配置PE 1的OSPF。
[PE1]ospf
1
[PE1-ospf-1]area
0
[PE1-ospf-1-area-0.0.0.0]network
1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network
10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]quit
[PE1-ospf-1]quit
#
配置PE 2的MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<PE2>
system-view
[PE2]
interface loopback 0
[PE2-LoopBack0]
ip address 2.2.2.9 32
[PE2-LoopBack0]
quit
[PE2]
mpls lsr-id 2.2.2.9
[PE2]
mpls
[PE2-mpls]
lsp-trigger all
[PE2-mpls]
quit
[PE2]
mpls ldp
[PE2-mpls-ldp]
quit
[PE2]
interface POS
[PE2-POS2/1/2]
ip address 10.1.1.2 24
[PE2-POS2/1/2]
mpls
[PE2-POS2/1/2]
mpls ldp
[PE2-POS2/1/2]
quit
#
配置PE 2的MP-IBGP对等体为PE1。
[PE2]
bgp 100
[PE2-bgp]
peer 1.1.1.9 as-number 100
[PE2-bgp]
peer 1.1.1.9 connect-interface loopback
0
[PE2-bgp]
ipv4-family vpnv4
[PE2-bgp-af-vpnv4]
peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4]
quit
[PE2-bgp]
quit
#
配置PE 2的OSPF。
[PE2]ospf
1
[PE2-ospf-1]
area 0
[PE2-ospf-1-area-0.0.0.0]
network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]
network 10.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]
quit
[PE2-ospf-1]
quit
3、配置PE接入CE
#
配置PE 1接入CE 1。
[PE1]
ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]
route-distinguisher 100:1
[PE1-vpn-instance-vpn1]
vpn-target 1:1
[PE1-vpn-instance-vpn1]
quit
[PE1]
interface GigabitEthernet
[PE1-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE1-GigabitEthernet4/1/1]
ip address 100.1.1.2 24
[PE1-GigabitEthernet4/1/1]
quit
[PE1]
ospf 100 vpn-instance vpn1
[PE1-ospf-100]
domain-id 10
[PE1-ospf-100]
area 1
[PE1-ospf-100-area-0.0.0.1]
network 100.1.1.0 0.0.0.255
[PE1-ospf-100-area-0.0.0.1]
quit
[PE1-ospf-100]
quit
[PE1]
bgp 100
[PE1-bgp]
ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]
import-route direct
[PE1-bgp-vpn1]
quit
[PE1-bgp]
quit
#
配置PE 2接入CE 2。
[PE2]
ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]
route-distinguisher 100:2
[PE2-vpn-instance-vpn1]
vpn-target 1:1
[PE2-vpn-instance-vpn1]
quit
[PE2]
interface GigabitEthernet 4/1/1
[PE2-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE2-GigabitEthernet4/1/1]
ip address 120.1.1.2 24
[PE2-GigabitEthernet4/1/1]
quit
[PE2]
ospf 100 vpn-instance vpn1
[PE2-ospf-100]
domain-id 10
[PE2-ospf-100]
area 1
[PE2-ospf-100-area-0.0.0.1]
network 120.1.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.1]
quit
[PE2-ospf-100]
quit
[PE2]
bgp 100
[PE2-bgp]
ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]
import-route direct
[PE2-bgp-vpn1]
quit
[PE2-bgp]
quit
完成上述配置后,在PE设备上执行display ip routing-table
vpn-instance命令,可以看到去往对端CE的路由是通过用户网络的OSPF路由,不是通过骨干网的BGP路由。
以PE 1为例:
[PE1]
display ip routing-table vpn-instance
vpn1
Routing
Tables: vpn1
Destinations : 5
Routes : 5
Destination/Mask Proto Pre Cost NextHop
Interface
20.1.1.0/24 OSPF 10 1563 100.1.1.1
GE4/1/1
30.1.1.0/24 OSPF 10 3125 100.1.1.1
GE4/1/1
100.1.1.0/24 Direct 0 0
100.1.1.2
GE4/1/1
100.1.1.2/32 Direct 0 0
127.0.0.1
InLoop0
120.1.1.0/24 OSPF 10 3126 100.1.1.1
GE4/1/1
4、配置Sham-link
#
配置PE 1。
[PE1]
interface loopback 1
[PE1-LoopBack1]
ip binding vpn-instance vpn1
[PE1-LoopBack1]
ip address 3.3.3.3 32
[PE1-LoopBack1]
quit
[PE1]
ospf 100
[PE1-ospf-100]
area 1
[PE1-ospf-100-area-0.0.0.1]
sham-link 3.3.3.3 5.5.5.5 cost 10
[PE1-ospf-100-area-0.0.0.1]
quit
[PE1-ospf-100]
quit
#
配置PE 2。
[PE2]
interface loopback 1
[PE2-LoopBack1]
ip binding vpn-instance vpn1
[PE2-LoopBack1]
ip address 5.5.5.5 32
[PE2-LoopBack1]
quit
[PE2]
ospf 100
[PE2-ospf-100]
area 1
[PE2-ospf-100-area-0.0.0.1]
sham-link 5.5.5.5 3.3.3.3 cost 10
[PE2-ospf-100-area-0.0.0.1]
quit
[PE2-ospf-100]
quit
完成上述配置后,在PE设备上再次执行display ip routing-table
vpn-instance命令,可以看到去往对端CE的路由变成了通过骨干网的BGP路由,并且有去往Sham-link目的地址的路由。
以PE 1为例:
[PE1]
display ip routing-table vpn-instance vpn1
Routing
Tables: vpn1
Destinations : 6
Routes : 6
Destination/Mask Proto Pre Cost NextHop
Interface
3.3.3.3/32
Direct 0 0
127.0.0.1
InLoop0
5.5.5.5/32
BGP 255 0
2.2.2.9
NULL0
20.1.1.0/24 OSPF 10 1563 100.1.1.1
GE4/1/1
100.1.1.0/24 Direct 0 0
100.1.1.2
GE4/1/1
100.1.1.2/32 Direct 0 0
127.0.0.1
InLoop0
120.1.1.0/24 BGP 255 0
2.2.2.9
NULL0
在CE设备上执行display ip
routing-table命令,可以看到去往对端CE的OSPF路由开销变为10(为Sham-link配置的开销),下一跳变为接入PE的GigabitEthernet接口,即去往对端的VPN流量将通过骨干网转发。
以CE 1为例:
[CE1]
display ip routing-table
Routing
Tables: Public
Destinations : 9
Routes : 9
Destination/Mask Proto Pre Cost NextHop
Interface
20.1.1.0/24 Direct
0 0
20.1.1.1
POS2/1/1
20.1.1.1/32 Direct
0 0
127.0.0.1
InLoop0
20.1.1.2/32 Direct
0 0
20.1.1.2
POS2/1/1
30.1.1.0/24 OSPF 10 1574 100.1.1.2
GE4/1/1
100.1.1.0/24 Direct 0 0
100.1.1.1
GE4/1/1
100.1.1.1/32 Direct 0 0
127.0.0.1
InLoop0
120.1.1.0/24 OSPF 10 12
100.1.1.2
GE4/1/1
127.0.0.0/8 Direct
0 0
127.0.0.1
InLoop0
127.0.0.1/32 Direct 0 0
127.0.0.1
InLoop0
在PE上执行display ospf
sham-link命令可以看到Sham-link的建立情况。
以PE 1为例:
[PE1]
display ospf sham-link
OSPF Process 100 with Router ID 100.1.1.2
Sham Link:
Area
NeighborId
Source-IP
0.0.0.1 100.1.1.2 3.3.3.3
5.5.5.5
P-2-P 10
执行display ospf sham-link
area命令可以看到对端状态为Full。
[PE1]
display ospf sham-link area 1
OSPF Process 100 with Router ID 100.1.1.2
Sham-Link: 3.3.3.3 -->
5.5.5.5
Area: 0.0.0.1
Cost: 10 State: P-2-P, Type:
Sham
Timers: Hello 10 , Dead 40 , Retransmit
5 , Transmit Delay 1
1、PE
1配置
#
ip
vpn-instance vpn1
route-distinguisher
100:1
vpn-target
1:1 export-extcommunity
vpn-target
1:1 import-extcommunity
#
mpls
lsr-id 1.1.1.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
pos
clock master
link-protocol
ppp
ip
address 10.1.1.1 255.255.255.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 1.1.1.9 255.255.255.255
#
interface
loopback 1
ip
binding vpn-instance vpn1
ip
address 3.3.3.3 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 100.1.1.2 255.255.255.0
#
bgp
100
peer
2.2.2.9 as-number 100
peer
2.2.2.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
2.2.2.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#
ospf
1
area
0.0.0.0
network
10.1.1.0 0.0.0.255
network
1.1.1.9 0.0.0.0
#
ospf
100 vpn-instance vpn1
domain-id
0.0.0.10
area
0.0.0.1
network 100.1.1.0
0.0.0.255
sham-link
3.3.3.3 5.5.5.5 cost 10
#
2、PE
2配置
#
ip
vpn-instance vpn1
route-distinguisher
200:1
vpn-target
1:1 export-extcommunity
vpn-target
1:1 import-extcommunity
#
mpls
lsr-id 2.2.2S.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
pos
link-protocol
ppp
ip
address 10.1.1.2 255.255.255.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
#
interface
loopback 1
ip
binding vpn-instance vpn1
ip
address 5.5.5.5 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 120.1.1.2 255.255.255.0
#
bgp
100
peer
1.1.1.9 as-number 100
peer
1.1.1.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
1.1.1.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
#
ospf
1
area
0.0.0.0
network
10.1.1.0 0.0.0.255
network
2.2.2.9 0.0.0.0
#
ospf
100 vpn-instance vpn1
domain-id
0.0.0.10
area
0.0.0.1
network 120.1.1.0
0.0.0.255
sham-link
5.5.5.5 3.3.3.3 cost 10
#
#
interface
pos
link-protocol
ppp
ip
address 20.1.1.1 255.255.255.0
#
interface
GigabitEthernet
ip
address 100.1.1.1 255.255.255.0
#
ospf
100
area
0.0.0.1
network
100.1.1.0 0.0.0.255
network
20.1.1.0 0.0.0.255
#
3、CE1
配置
#
interface
pos
link-protocol
ppp
ip
address 30.1.1.2 255.255.255.0
#
interface
GigabitEthernet
ip
address 120.1.1.1 255.255.255.0
#
ospf
100
area
0.0.0.1
network
120.1.1.0 0.0.0.255
network
30.1.1.0 0.0.0.255
#
4、CE2
配置#
interface
pos
clock master
link-protocol
ppp
ip
address 30.1.1.1 255.255.255.0
#
interface
pos
clock master
link-protocol
ppp
ip
address 20.1.1.2 255.255.255.0
#
ospf
100
area
0.0.0.1
network
20.1.1.0 0.0.0.255
network
30.1.1.0 0.0.0.255
#