好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.7 OSPF伪连接典型配置举例

 

组网需求

l        CE 1CE 2都属于VPN 1,它们分别接入PE 1PE 2

l        CE 1CE 2在同一个OSPF区域中;

l        CE 1CE 2之间的VPN流量通过MPLS骨干网转发,不使用OSPF的区域内路由。

 

组网图

 

配置步骤

1、配置用户网络上的OSPF

CE 1、Router A、CE 2上配置普通OSPF,发布 图8 中所示各接口的网段地址。具体配置过程略。

配置完成后,CE 1和CE 2应学到到对端GigabitEthernet接口的OSPF路由。

CE 1为例:

 

<CE1> display ip routing-table

Routing Tables: Public

         Destinations : 9        Routes : 9

Destination/Mask  Proto  Pre  Cost     NextHop         Interface

20.1.1.0/24       Direct 0    0        20.1.1.1        POS2/1/2

20.1.1.1/32       Direct 0    0        127.0.0.1       InLoop0

20.1.1.2/32       Direct 0    0        20.1.1.2        POS2/1/2

30.1.1.0/24       OSPF   10   3124     20.1.1.2        POS2/1/2

100.1.1.0/24      Direct 0    0        100.1.1.1       GE4/1/1

100.1.1.1/32      Direct 0    0        127.0.0.1       InLoop0

120.1.1.0/24      OSPF   10   3125     20.1.1.2        POS2/1/2

127.0.0.0/8       Direct 0    0        127.0.0.1       InLoop0

127.0.0.1/32      Direct 0    0        127.0.0.1       InLoop0

 

2、在骨干网上配置MPLS L3VPN

# 配置PE 1的MPLS基本能力和MPLS LDP能力,建立LDP LSP。

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls

[PE1-mpls] lsp-trigger all

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

[PE1] interface POS 2/1/2

[PE1-POS2/1/2] clock master

[PE1-POS2/1/2] ip address 10.1.1.1 24

[PE1-POS2/1/2] mpls

[PE1-POS2/1/2] mpls ldp

[PE1-POS2/1/2] quit

 

# 配置PE 1的MP-IBGP对等体为PE2。

[PE1] bgp 100

[PE1-bgp] peer 2.2.2.9 as-number 100

[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable

[PE1-bgp-af-vpnv4] quit

[PE1-bgp] quit

 

# 配置PE 1的OSPF。

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]quit

[PE1-ospf-1]quit

 

# 配置PE 2的MPLS基本能力和MPLS LDP能力,建立LDP LSP

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls

[PE2-mpls] lsp-trigger all

[PE2-mpls] quit

[PE2] mpls ldp

[PE2-mpls-ldp] quit

[PE2] interface POS 2/1/2

[PE2-POS2/1/2] ip address 10.1.1.2 24

[PE2-POS2/1/2] mpls

[PE2-POS2/1/2] mpls ldp

[PE2-POS2/1/2] quit

 

# 配置PE 2的MP-IBGP对等体为PE1。

[PE2] bgp 100

[PE2-bgp] peer 1.1.1.9 as-number 100

[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-af-vpnv4] quit

[PE2-bgp] quit

 

# 配置PE 2的OSPF。

[PE2]ospf 1

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

 

3、配置PE接入CE

# 配置PE 1接入CE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface GigabitEthernet 4/1/1

[PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet4/1/1] ip address 100.1.1.2 24

[PE1-GigabitEthernet4/1/1] quit

[PE1] ospf 100 vpn-instance vpn1

[PE1-ospf-100] domain-id 10

[PE1-ospf-100] area 1

[PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255

[PE1-ospf-100-area-0.0.0.1] quit

[PE1-ospf-100] quit

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1] import-route direct

[PE1-bgp-vpn1] quit

[PE1-bgp] quit

 

# 配置PE 2接入CE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:2

[PE2-vpn-instance-vpn1] vpn-target 1:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface GigabitEthernet 4/1/1

[PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet4/1/1] ip address 120.1.1.2 24

[PE2-GigabitEthernet4/1/1] quit

[PE2] ospf 100 vpn-instance vpn1

[PE2-ospf-100] domain-id 10

[PE2-ospf-100] area 1

[PE2-ospf-100-area-0.0.0.1] network 120.1.1.0 0.0.0.255

[PE2-ospf-100-area-0.0.0.1] quit

[PE2-ospf-100] quit

[PE2] bgp 100

[PE2-bgp] ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1] import-route direct

[PE2-bgp-vpn1] quit

[PE2-bgp] quit

 

完成上述配置后,在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由是通过用户网络的OSPF路由,不是通过骨干网的BGP路由。

PE 1为例:

 

[PE1] display ip routing-table vpn-instance vpn1

Routing Tables: vpn1

         Destinations : 5        Routes : 5

Destination/Mask  Proto  Pre  Cost     NextHop       Interface

20.1.1.0/24       OSPF   10   1563     100.1.1.1     GE4/1/1

30.1.1.0/24       OSPF   10   3125     100.1.1.1     GE4/1/1

100.1.1.0/24      Direct 0    0        100.1.1.2     GE4/1/1

100.1.1.2/32      Direct 0    0        127.0.0.1     InLoop0

120.1.1.0/24      OSPF   10   3126     100.1.1.1     GE4/1/1

 

4、配置Sham-link

# 配置PE 1。

[PE1] interface loopback 1

[PE1-LoopBack1] ip binding vpn-instance vpn1

[PE1-LoopBack1] ip address 3.3.3.3 32

[PE1-LoopBack1] quit

[PE1] ospf 100

[PE1-ospf-100] area 1

[PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5 cost 10

[PE1-ospf-100-area-0.0.0.1] quit

[PE1-ospf-100] quit

 

# 配置PE 2。

[PE2] interface loopback 1

[PE2-LoopBack1] ip binding vpn-instance vpn1

[PE2-LoopBack1] ip address 5.5.5.5 32

[PE2-LoopBack1] quit

[PE2] ospf 100

[PE2-ospf-100] area 1

[PE2-ospf-100-area-0.0.0.1] sham-link 5.5.5.5 3.3.3.3 cost 10

[PE2-ospf-100-area-0.0.0.1] quit

[PE2-ospf-100] quit

 

结果检验

完成上述配置后,在PE设备上再次执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由变成了通过骨干网的BGP路由,并且有去往Sham-link目的地址的路由。

PE 1为例:

 

[PE1] display ip routing-table vpn-instance vpn1

Routing Tables: vpn1

         Destinations : 6        Routes : 6

Destination/Mask  Proto  Pre  Cost     NextHop        Interface

3.3.3.3/32        Direct 0    0        127.0.0.1      InLoop0

5.5.5.5/32        BGP    255  0        2.2.2.9        NULL0

20.1.1.0/24       OSPF   10   1563     100.1.1.1      GE4/1/1

100.1.1.0/24      Direct 0    0        100.1.1.2      GE4/1/1

100.1.1.2/32      Direct 0    0        127.0.0.1      InLoop0

120.1.1.0/24      BGP    255  0        2.2.2.9        NULL0

 

CE设备上执行display ip routing-table命令,可以看到去往对端CE的OSPF路由开销变为10(为Sham-link配置的开销),下一跳变为接入PE的GigabitEthernet接口,即去往对端的VPN流量将通过骨干网转发。

CE 1为例:

 

[CE1] display ip routing-table

Routing Tables: Public

         Destinations : 9        Routes : 9

Destination/Mask  Proto  Pre  Cost      NextHop        Interface

20.1.1.0/24       Direct 0    0         20.1.1.1       POS2/1/1

20.1.1.1/32       Direct 0    0         127.0.0.1      InLoop0

20.1.1.2/32       Direct 0    0         20.1.1.2       POS2/1/1

30.1.1.0/24       OSPF   10   1574      100.1.1.2      GE4/1/1

100.1.1.0/24      Direct 0    0         100.1.1.1      GE4/1/1

100.1.1.1/32      Direct 0    0         127.0.0.1      InLoop0

120.1.1.0/24      OSPF   10   12        100.1.1.2      GE4/1/1

127.0.0.0/8       Direct 0    0         127.0.0.1      InLoop0

127.0.0.1/32      Direct 0    0         127.0.0.1      InLoop0

 

PE上执行display ospf sham-link命令可以看到Sham-link的建立情况。

PE 1为例:

[PE1] display ospf sham-link

           OSPF Process 100 with Router ID 100.1.1.2

 Sham Link:

 Area        NeighborId     Source-IP     Destination-IP  State Cost

 0.0.0.1     100.1.1.2    3.3.3.3       5.5.5.5         P-2-P 10

 

执行display ospf sham-link area命令可以看到对端状态为Full。

[PE1] display ospf sham-link area 1

          OSPF Process 100 with Router ID 100.1.1.2

  Sham-Link: 3.3.3.3 --> 5.5.5.5

  Neighbour State: Full

  Area: 0.0.0.1

  Cost: 10  State: P-2-P, Type: Sham

  Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1

 

配置文件

1PE 1配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

#

mpls lsr-id 1.1.1.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/2

 clock master

link-protocol ppp

ip address 10.1.1.1 255.255.255.0

mpls

mpls ldp

#

interface loopback 0

ip address 1.1.1.9 255.255.255.255

#

interface loopback 1

ip binding vpn-instance vpn1

ip address 3.3.3.3 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip binding vpn-instance vpn1

ip address 100.1.1.2 255.255.255.0

#

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 2.2.2.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

ospf 1

area 0.0.0.0

network 10.1.1.0 0.0.0.255

network 1.1.1.9 0.0.0.0

#

ospf 100 vpn-instance vpn1

domain-id 0.0.0.10

area 0.0.0.1

 network 100.1.1.0 0.0.0.255

sham-link 3.3.3.3 5.5.5.5 cost 10

#

 

2PE 2配置

#

ip vpn-instance vpn1

route-distinguisher 200:1

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

#

mpls lsr-id 2.2.2S.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface pos 2/1/1

link-protocol ppp

ip address 10.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

#

interface loopback 1

ip binding vpn-instance vpn1

ip address 5.5.5.5 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip binding vpn-instance vpn1

ip address 120.1.1.2 255.255.255.0

#

bgp 100

peer 1.1.1.9 as-number 100

peer 1.1.1.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 1.1.1.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

ospf 1

area 0.0.0.0

network 10.1.1.0 0.0.0.255

network 2.2.2.9 0.0.0.0

#

ospf 100 vpn-instance vpn1

domain-id 0.0.0.10

area 0.0.0.1

 network 120.1.1.0 0.0.0.255

sham-link 5.5.5.5 3.3.3.3 cost 10

#

CE1 配置

#

interface pos 2/1/2

link-protocol ppp

ip address 20.1.1.1 255.255.255.0

#

interface GigabitEthernet 4/1/1

ip address 100.1.1.1 255.255.255.0

#

ospf 100

area 0.0.0.1

network 100.1.1.0 0.0.0.255

network 20.1.1.0 0.0.0.255

#

3CE1 配置

#

interface pos 2/1/2

link-protocol ppp

ip address 30.1.1.2 255.255.255.0

#

interface GigabitEthernet 4/1/1

ip address 120.1.1.1 255.255.255.0

#

ospf 100

area 0.0.0.1

network 120.1.1.0 0.0.0.255

network 30.1.1.0 0.0.0.255

#

4CE2 配置#

interface pos 2/1/1

 clock master

link-protocol ppp

ip address 30.1.1.1 255.255.255.0

#

interface pos 2/1/2

 clock master

link-protocol ppp

ip address 20.1.1.2 255.255.255.0

#

ospf 100

area 0.0.0.1

network 20.1.1.0 0.0.0.255

network 30.1.1.0 0.0.0.255

#

 

 

 

X Close
X Close