R2的配置如下:
router rip
version 2
network 2.0.0.0
network 23.0.0.0
no auto-summary
R3的配置如下:
router rip
version 2
network 3.0.0.0
network 23.0.0.0
network 34.0.0.0
no auto-summary
R4的配置如下:
router rip
version 2
passive-interface GigabitEthernet 3/1/0.45
network 4.0.0.0
network 34.0.0.0
no auto-summary
R5的配置如下:
router rip
version 2
passive-interface GigabitEthernet 0/0.45
network 5.0.0.0
network 56.0.0.0
no auto-summary
R6的配置如下:
router rip
version 2
network 6.0.0.0
network 56.0.0.0
no auto-summary
部署AS核心的MPLS
1)全局开启MPLS转发功能
R2(config)#mpls ip
2)全局开启LDP标签分发协议
R2(config)#mpls router ldp
R2(config-mpls-router)#ldp router-id interface loopback 0 forc
3)开启接口的标签交换能力
R2(config)#int gigabitEthernet 0/0.23
R2(config-GigabitEthernet 0/0.23)#label-switching
4)接口下开启LDP协议
R2(config)#int gigabitEthernet 0/0.23
R2(config-GigabitEthernet 0/0.23)#mpls ip
5)查看LDP邻居关系
R2#show mpls ldp neighbor
Default VRF:
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident: 2.2.2.2:0
TCP connection: 3.3.3.3.1025 - 2.2.2.2.646
State: OPERATIONAL; Msgs sent/recv: 5532/5529; UNSOLICITED
Up time: 22:59:50
LDP discovery sources:
Link Peer on GigabitEthernet 0/0.23, Src IP addr: 23.2.2.3
Addresses bound to peer LDP Ident:
23.2.2.334.3.3.33.3.3.3
3、部署PE-PE的MP-BGP协议
配置以AS100中的R2,R3,R4的配置为例:
R2的配置如下:
1)启用BGP进程
router bgp 100
bgp router-id 2.2.2.2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
2)进入VPNV4地址簇下激活VPNV4邻居关系
address-family vpnv4 unicast
neighbor 3.3.3.3 activate //激活vpnv4邻居关系
neighbor 3.3.3.3 send-community extended
exit-address-family
R3的配置如下:
router bgp 100
bgp router-id 3.3.3.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback 0
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback 0
!
address-family vpnv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 2.2.2.2 send-community extended
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 send-community both
exit-address-family
!
3)配置路由反射器RR
R4的配置如下:
router bgp 100
bgp router-id 4.4.4.4
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
!
address-family ipv4
no bgp redistribute-internal
exit-address-family
!
address-family vpnv4 unicast
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
4)查看MP-BGP的邻居关系:
R3#show bgp vpnv4 unicast all summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 40
1 BGP AS-PATH entries
0 BGP Community entries
10 BGP Prefix entries (Maximum-prefix:4294967295)
NeighborV AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.24 100 1363 1388 40 0 0 19:40:18 4
4.4.4.44 100 1179 1166 23 0 0 16:54:59 6
Total number of neighbors 2
4、部署PE-CE的路由协议
此处的操作以R2为例:
1)创建VRF实例
ip vrf VPN-A//VRF实例的名称只具有本地意义
rd 100:1//配置RD和RT值,RT是控制VPN路由的关键
route-target both 100:1
!
ip vrf VPN-B
rd 200:1
route-target both 200:1
2)将相关接口划入对应的VRF实例中
interface GigabitEthernet 0/0.12
encapsulation dot1Q 12
ip vrf forwarding VPN-A//将接口划入到VRF中后,该接口上的IP地址等信息会被清除。因此建议现将结构划入VRF,再配置接口IP
ip address 12.1.1.2 255.255.255.0
!
interface GigabitEthernet 0/0.21
encapsulation dot1Q 21
ip vrf forwarding VPN-B
ip address 21.1.1.2 255.255.255.0
3)配置PE-CE的路由协议
AS100中的R2与R1启用的IGP路由协议采用OSPF;
AS200中的R7与R6启用的IGP路由协议采用RIP;
此处以R2与R1的OSPF为例:
router ospf 1 vrf VPN-A-------------启用VPN-A虚拟转发的OSPF进程
router-id 2.2.2.2
network 12.1.1.2 0.0.0.0 area 0
!
router ospf 2 vrf VPN-B
router-id 22.22.22.22
network 21.1.1.2 0.0.0.0 area 0
4)查看VRF相关信息
R2#show ip vrf detail
VRF VPN-A; default RD 100:1
VRF Table ID = 1
Interfaces:
GigabitEthernet 0/0.12
Export VPN route-target communities
RT:100:1
Import VPN route-target communities
RT:100:1
No import route-map
No export route-map
Alloc-label per-vrf:1536(platform)/aggregate(VPN-A)
VRF VPN-B; default RD 200:1
VRF Table ID = 2
Interfaces:
GigabitEthernet 0/0.21
Export VPN route-target communities
RT:200:1
Import VPN route-target communities
RT:200:1
No import route-map
No export route-map
Alloc-label per-vrf:1537(platform)/aggregate(VPN-B)
5)查看PE-CE的OSPF邻居关系
R2#show ip ospf neighbor
OSPF process 1, 1 Neighbors, 1 is Full:
Neighbor IDPri State BFD State Dead Time Address Interface
1.1.1.11 Full/DR - 00:00:32 12.1.1.1GigabitEthernet 0/0.12
OSPF process 2, 1 Neighbors, 1 is Full:
Neighbor IDPri State BFD State Dead Time AddressInterface
11.11.11.11 1 Full/DR -00:00:3421.1.1.1GigabitEthernet 0/0.21
5、将CE的路由重发布进MP-BGP
以R2为例:
router bgp 100
address-family ipv4 vrf VPN-A
maximum-prefix 10000
redistribute ospf 1 match internal external
exit-address-family
!
address-family ipv4 vrf VPN-B
maximum-prefix 10000
redistribute ospf 2 match internal external
exit-address-family
6、将MP-BGP的路由重发布进CE
以R2为例:
router ospf 1 vrf VPN-A
redistribute bgp subnets
!
router ospf 2 vrf VPN-B
redistribute bgp subnets
7、跨域option A模式ASBR间的部署
option A的特点就是在域内VPN模式下,两个ASBR路由器把对端看成是自己的MCE设备。
ASBR1(R4)上的相关配置:
1)创建VRF,并将相关接口划入VRF
ip vrf A
rd 2:2
route-target both 100:1
!
ip vrf B
rd 3:3
route-target both 200:1
interface GigabitEthernet 3/1/0.45
encapsulation dot1Q 45
ip vrf forwarding A
ip address 45.4.4.4 255.255.255.0
!
interface GigabitEthernet 3/1/0.54
encapsulation dot1Q 54
ip vrf forwarding B
ip address 54.4.4.4 255.255.255.0
2)指定ASBR间的IGP协议
ASBR间的IGP路由,通常采用静态路由,配置复杂但理解和维护非常简单。
这个案例采用RIP:
router rip
version 2
passive-interface GigabitEthernet 3/1/0.45
network 4.0.0.0
network 34.0.0.0
no auto-summary
!
address-family ipv4 vrf A
network 45.0.0.0
exit-address-family
!
address-family ipv4 vrf B
network 54.0.0.0
exit-address-family
3)ASBR上将BGP路由重发布进IGP
address-family ipv4 vrf A
network 45.0.0.0
redistribute bgp metric 1
exit-address-family
!
address-family ipv4 vrf B
network 54.0.0.0
redistribute bgp metric 1
exit-address-family
4)ASBR上将IGP重发布进BGP
router bgp 100
address-family ipv4 vrf A
maximum-prefix 10000
redistribute rip
exit-address-family
!
address-family ipv4 vrf B
maximum-prefix 10000
redistribute rip
exit-address-family
ASBR2(R5)上的相关配置:
1)创建VRF,并将相关接口划入VRF
ip vrf A
rd 2:2
route-target both 100:1
!
ip vrf B
rd 3:3
route-target both 200:1
interface GigabitEthernet 0/0.45
encapsulation dot1Q 45
ip vrf forwarding A
ip address 45.4.4.5 255.255.255.0
!
interface GigabitEthernet 0/0.54
encapsulation dot1Q 54
ip vrf forwarding B
ip address 54.4.4.5 255.255.255.0
2)指定ASBR间的IGP协议
router rip
version 2
passive-interface GigabitEthernet 0/0.45
network 5.0.0.0
network 56.0.0.0
no auto-summary
!
address-family ipv4 vrf A
network 45.0.0.0
exit-address-family
!
address-family ipv4 vrf B
network 54.0.0.0
exit-address-family
3)ASBR上将BGP重发布进IGP
address-family ipv4 vrf A
network 45.0.0.0
redistribute bgp metric 1
exit-address-family
!
address-family ipv4 vrf B
network 54.0.0.0
redistribute bgp metric 1
exit-address-family
4)ASBR上将IGP重发布进BGP
router bgp 200
address-family ipv4 vrf A
maximum-prefix 10000
redistribute rip
exit-address-family
!
address-family ipv4 vrf B
maximum-prefix 10000
redistribute rip
exit-address-family