mplsvpn
 r1#show run
Building configuration...n ! hostname r1 ! ip cef ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! ! interface Serial1/1 ip address 192.168.1.1 255.255.255.0 serial restart-delay 0 ! ! router rip network 1.0.0.0 network 192.168.1.0 ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r2#show run
Building configuration... hostname r2
! ip vrf comA rd 100:200 route-target export 100:2000 route-target import 100:2000 ! ip vrf comB rd 200:400 route-target export 200:4000 route-target import 200:4000 ! ip cef ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 ip router isis ! interface Serial1/0 ip address 23.1.1.2 255.255.255.0 ip router isis tag-switching ip serial restart-delay 0 ! interface Serial1/1 ip vrf forwarding comA ip address 192.168.1.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip vrf forwarding comB ip address 192.168.1.2 255.255.255.0 serial restart-delay 0 ! router isis net 49.0001.0000.0000.0002.00 ! router rip ! address-family ipv4 vrf comB redistribute bgp 100 metric 2 network 192.168.1.0 no auto-summary exit-address-family ! address-family ipv4 vrf comA redistribute bgp 100 metric 1 network 192.168.1.0 no auto-summary exit-address-family ! router bgp 100 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 100 neighbor 4.4.4.4 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both exit-address-family ! address-family ipv4 vrf comB redistribute rip no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf comA redistribute rip no auto-summary no synchronization exit-address-family ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r3#show run
Building configuration... hostname r3
! ! ip cef ! ! interface Serial1/0 ip address 23.1.1.3 255.255.255.0 ip router isis tag-switching ip serial restart-delay 0 ! interface Serial1/1 ip address 34.1.1.3 255.255.255.0 ip router isis tag-switching ip serial restart-delay 0 ! router isis net 49.0001.0000.0000.0003.00 ! ! end ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r4#show run
Building configuration... ! hostname r4 ! ! ip vrf comA rd 100:200 route-target export 100:2000 route-target import 100:2000 ! ip vrf comB rd 200:200 route-target export 200:4000 route-target import 200:4000 ! ip cef ! ! interface Loopback0 ip address 4.4.4.4 255.255.255.0 ip router isis ! interface Serial1/0 ip address 34.1.1.4 255.255.255.0 ip router isis tag-switching ip serial restart-delay 0 ! interface Serial1/1 ip vrf forwarding comA ip address 192.168.2.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip vrf forwarding comB ip address 192.168.2.2 255.255.255.0 serial restart-delay 0 ! router isis net 49.0001.0000.0000.0004.00 ! router rip ! address-family ipv4 vrf comB redistribute bgp 100 metric 2 network 192.168.2.0 no auto-summary exit-address-family ! address-family ipv4 vrf comA redistribute bgp 100 metric 1 network 192.168.2.0 no auto-summary exit-address-family ! router bgp 100 no synchronization bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both exit-address-family ! address-family ipv4 vrf comB redistribute rip no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf comA redistribute rip no auto-summary no synchronization exit-address-family ! ! end ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r5#show run
Building configuration... hostname r5
! ! ip cef ! ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ! interface Serial1/1 ip address 192.168.2.1 255.255.255.0 serial restart-delay 0 ! router rip network 5.0.0.0 network 192.168.2.0 ! ! end ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r6#show run
Building configuration... ! hostname r6 ! ip cef ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Serial1/1 ip address 192.168.1.1 255.255.255.0 serial restart-delay 0 ! router rip network 1.0.0.0 network 192.168.1.0 ! ! end ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r7#show run
Building configuration... ! hostname r7 ! ip cef ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ! interface Serial1/1 ip address 192.168.2.1 255.255.255.0 serial restart-delay 0 ! router rip network 5.0.0.0 network 192.168.2.0 ! ! end ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
配置步骤:
运营商骨干网准备工作
首先说说运营商骨干网准备工作,配置主要分以下几个部分: 1、在PE和P上配置IGP,使骨干网连通。 2、在PE和P上配置MPLS,启动标签交换。 1、在PE和P上配置IGP。
在此选择EIGRP/OSPF/RIP/ISIS中任意一款路由协议均可,此例中使用EIGRP。 R3: R3(config)# router eigrp 100 R3(config-router)# network 3.3.3.3 0.0.0.0 !R3的loopback 0为3.3.3.3/32 R3(config-router)# network 10.1.1.0 0.0.0.3 R4:
R4(config)# router eigrp 100 R4(config-router)# network 10.1.1.0 0.0.0.3 R4(config-router)# network 10.1.1.4 0.0.0.3 R5:
R3(config)# router eigrp 100 R3(config-router)# network 5.5.5.5 0.0.0.0 !R5的loopback 0为5.5.5.5/32 R3(config-router)# network 10.1.1.4 0.0.0.3 2、在PE和P上配置MPLS
R3: R3(config)# interface s1/2.1 point-to-point R3(config-if)# description connect to R4 R3(config-if)# mpls ip R4:
R4(config)# interface s1/2.1 point-to-point R4(config-if)# description connect to R3 R4(config-if)# mpls ip R4(config)# interface s1/2.2 point-to-point
R4(config-if)# description connect to R5 R4(config-if)# mpls ip R5:
R5(config)# interface s1/2.1 point-to-point R5(config-if)# description connect to R4 R5(config-if)# mpls ip 骨干网准备工作配置完毕!
客户端(CE)配置 接着来谈谈CE的配置,CE需要将客户的网络接入运营商,同时将自己的路由通告给PE,然后由PE通过骨干网将路由通告给该客户的其他CE。 在此例中,有两个客户:Customer_A和Customer_B,在通过MPLSVPN时,它们彼此的路由信息不会互相干扰。 CE和PE之间可以采用RIP/EIGRP/OSPF/静态路由等方式互相通告路由,CE上的配置也很简单,只需要按照以往一样启动路由协议就够了。例如:R1和R3之间运行RIPv2,那么R1的配置如下:
R1(config)# router rip R1(config-router)# version 2 R1(config-router)# no auto-summary R1(config-router)# nework 172.16.0.0 R1(config-router)# nework 10.0.0.0 CE的配置在此不再敷述了。
在后面的示例中,我将在两种情况下讲述PE的配置:
1、CE和PE之间运行RIPv2 2、CE和PE之间运行OSPF 其他的情况大家就自己举一反三吧。
PE的配置(CE与PE之间运行RIPv2)
PE的配置主要分为以下几个步骤:(以R3配置为例,R5配置不再敷述) 1、创建VRF。 2、在相应的将接口加入VRF。 3、配置与CE间的路由协议。 4、配置与其他PE之间的MP-BGP。 5、配置重发布。 1、创建VRF。
R3(config)# ip vrf comA R3(config-vrf)# rd 1:27 R3(config-vrf)# route-target export 100:27 R3(config-vrf)# route-target import 100:27 R3(config)# ip vrf comB R3(config-vrf)# rd 1:37 R3(config-vrf)# route-target export 100:37 R3(config-vrf)# route-target import 100:37 2、在相应的将接口加入VRF。
R3(config)# interface Serial1/2.2 point-to-point R3(config-if)# ip vrf forwarding comA R3(config)# interface Serial1/2.3 point-to-point
R3(config-if)# ip vrf forwarding comB 3、配置与CE间的路由协议。
R3(config)# router rip R3(config-router)# version 2 ! R3(config-router)# address-family ipv4 vrf comB R3(config-router-af)# network 10.0.0.0 R3(config-router-af)# no auto-summary R3(config-router-af)# version 2 R3(config-router-af)# exit-address-family ! R3(config-router)# address-family ipv4 vrf comA R3(config-router-af)# network 10.0.0.0 R3(config-router-af)# no auto-summary R3(config-router-af)# version 2 R3(config-router-af)# exit-address-family 此时可以使用show ip route vrf XXX查看虚拟路由表是否学习到客户的路由。 4、配置与R5之间的MP-BGP。
R3(config)# router bgp 100 R3(config-router)# no synchronization R3(config-router)# neighbor 5.5.5.5 remote-as 100 R3(config-router)# neighbor 5.5.5.5 update-source Loopback0 R3(config-router)# no auto-summary ! R3(config-router)# address-family vpnv4 R3(config-router-af)# neighbor 5.5.5.5 activate R3(config-router-af)# neighbor 5.5.5.5 send-community both R3(config-router-af)# exit-address-family ! R3(config-router)# address-family ipv4 vrf comB R3(config-router-af)# no auto-summary R3(config-router-af)# no synchronization R3(config-router-af)# exit-address-family ! R3(config-router)# address-family ipv4 vrf comA R3(config-router-af)# no auto-summary R3(config-router-af)# no synchronization R3(config-router-af)# exit-address-family 5、配置重发布。
R3(config)# router rip R3(config-router)# address-family ipv4 vrf comB R3(config-router-af)# redistribute bgp 100 metric 5 ! R3(config-router)# address-family ipv4 vrf comA R3(config-router-af)# redistribute bgp 100 metric 5 ! R3(config)# router bgp 100 R3(config-router)# address-family ipv4 vrf comB R3(config-router-af)# redistribute rip ! R3(config-router)# address-family ipv4 vrf comA R3(config-router-af)# redistribute rip 所有配置完毕。
PE的配置(CE与PE之间运行OSPF) 基本配置思想与楼上相同,这里就简单说说PE的OSPF配置和MP-BGP配置的不同点吧。 R3的OSPF与MP-BGP配置如下:
R3(config)# router ospf 1 vrf comA
R3(config-router-af)# redistribute bgp 100 subnets R3(config-router-af)# network 10.1.1.8 0.0.0.3 area 0 ! R3(config)# router ospf 1 vrf comB R3(config-router-af)# redistribute bgp 100 subnets R3(config-router-af)# network 10.1.1.12 0.0.0.3 area 0 R3(config)# router bgp 100 R3(config-router)# no synchronization R3(config-router)# neighbor 5.5.5.5 remote-as 100 R3(config-router)# neighbor 5.5.5.5 update-source Loopback0 R3(config-router)# no auto-summary ! R3(config-router)# address-family vpnv4 R3(config-router-af)# neighbor 5.5.5.5 activate R3(config-router-af)# neighbor 5.5.5.5 send-community both R3(config-router-af)# exit-address-family ! R3(config-router)# address-family ipv4 vrf comA R3(config-router-af)# redistribute ospf 1 R3(config-router-af)# no auto-summary R3(config-router-af)# no synchronization R3(config-router-af)# exit-address-family ! R3(config-router)# address-family ipv4 vrf comB R3(config-router-af)# redistribute ospf 1 R3(config-router-af)# no auto-summary R3(config-router-af)# no synchronization R3(config-router-af)# exit-address-family ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
测试:
r1# SHOW IP RO Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0 R 5.0.0.0/8 [120/1] via 192.168.1.2, 00:00:14, Serial1/1 C 192.168.1.0/24 is directly connected, Serial1/1 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:14, Serial1/1 r1#ping 192. % Unrecognized host or address, or protocol not running. r1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 288/344/432 ms r1#deb r1#debug ip pa r1#debug ip packet IP packet debugging is on r2#traceroute vrf comA 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1 1 23.1.1.3 [MPLS: Labels 17/19 Exp 0] 112 msec 116 msec 120 msec
2 192.168.2.2 120 msec 116 msec 120 msec 3 192.168.2.1 192 msec * 168 msec r2#traceroute vrf comB 192.168.2.1 Type escape sequence to abort.
Tracing the route to 192.168.2.1 1 23.1.1.3 [MPLS: Labels 17/21 Exp 0] 100 msec 116 msec 120 msec
2 192.168.2.2 120 msec 116 msec 120 msec 3 192.168.2.1 192 msec * 288 msec r2#show ip ro r2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
34.0.0.0/24 is subnetted, 1 subnets
i L1 34.1.1.0 [115/20] via 23.1.1.3, Serial1/0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 4.0.0.0/24 is subnetted, 1 subnets i L1 4.4.4.0 [115/30] via 23.1.1.3, Serial1/0 23.0.0.0/24 is subnetted, 1 subnets C 23.1.1.0 is directly connected, Serial1/0 r2#show ip ro vrf r2#show ip ro vrf comA Routing Table: comA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 192.168.1.1, 00:00:13, Serial1/1
B 5.0.0.0/8 [200/1] via 4.4.4.4, 00:03:25 C 192.168.1.0/24 is directly connected, Serial1/1 B 192.168.2.0/24 [200/0] via 4.4.4.4, 00:03:25 r2#show ip ro vrf comB Routing Table: comB
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 192.168.1.1, 00:00:18, Serial1/2
B 5.0.0.0/8 [200/1] via 4.4.4.4, 00:03:28 C 192.168.1.0/24 is directly connected, Serial1/2 B 192.168.2.0/24 [200/0] via 4.4.4.4, 00:03:28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
czywf
博客统计信息
热门文章
最新评论
友情链接