單域MPLS 虛擬私有網路配置
阿新 • • 發佈:2020-08-05
1.AR1和P和AR3之間跑IGP協議
運營商裡面首選的還是ISIS協議
R1的IP地址和ISIS配置
<R1>display ip int brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 5 The number of interface that is DOWN in Physical is 0 The number of interface that is UP inProtocol is 5 The number of interface that is DOWN in Protocol is 0 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 12.1.1.1/24 up up GigabitEthernet0/0/1 192.168.14.1/24 up up GigabitEthernet0/0/2 192.168.15.1/24 up up LoopBack0 1.1.1.1/32 up up(s) NULL0 unassigned up up(s)
<R1>dis current-configuration configuration isis [V200R003C00] # isis 1 is-level level-2 network-entity 49.0123.0000.0000.0001.00 # return interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1
R2的IP地址和ISIS配置
<R2>dis current-configuration configuration isis [V200R003C00] # isis 1 is-level level-2 network-entity 49.0123.0000.0000.0002.00 # interface GigabitEthernet0/0/0 ip address 12.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 23.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp
<R2>display ip int brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 4 The number of interface that is DOWN in Physical is 1 The number of interface that is UP in Protocol is 4 The number of interface that is DOWN in Protocol is 1 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 12.1.1.2/24 up up GigabitEthernet0/0/1 23.1.1.2/24 up up GigabitEthernet0/0/2 unassigned down down LoopBack0 2.2.2.2/32 up up(s) NULL0 unassigned up up(s) <R2>
R3的IP地址和ISIS的配置
<R3>display ip int brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 5 The number of interface that is DOWN in Physical is 0 The number of interface that is UP in Protocol is 5 The number of interface that is DOWN in Protocol is 0 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 23.1.1.3/24 up up GigabitEthernet0/0/1 192.168.36.3/24 up up GigabitEthernet0/0/2 192.168.37.3/24 up up LoopBack0 3.3.3.3/32 up up(s) NULL0 unassigned up up(s) <R3> <R3>dis cu con isis [V200R003C00] # isis 1 is-level level-2 network-entity 49.0123.0000.0000.0003.00 # return interface GigabitEthernet0/0/0 ip address 23.1.1.3 255.255.255.0 isis enable 1 mpls mpls ldp
2.檢查結果
在R2上面檢查我們的結果
<R2>dis isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI ------------------------------------------------------------------------------- 0000.0000.0001 GE0/0/0 0000.0000.0002.01 Up 29s L2 64 0000.0000.0003 GE0/0/1 0000.0000.0002.02 Up 22s L2 64 Total Peer(s): 2 <R2>
在R2上面檢查是否通過ISIS學習到R1和R3釋出的路由
<R2>display ip routing-table protocol isis Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : ISIS Destinations : 2 Routes : 2 ISIS routing table status : <Active> Destinations : 2 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 ISIS-L2 15 10 D 12.1.1.1 GigabitEthernet 0/0/0 3.3.3.3/32 ISIS-L2 15 10 D 23.1.1.3 GigabitEthernet 0/0/1 ISIS routing table status : <Inactive> Destinations : 0 Routes : 0 <R2>
3.AR1和AR2和AR3之間跑MPLS協議和MPLS LDP協議
原因就是解決BGP跨裝置路由黑洞問題
R1的MPLS和MPLS LDP的配置
全域性下的配置
mpls lsr-id 1.1.1.1 mpls mpls ldp
介面下的配置interface GigabitEthernet0/0/0
mpls
mpls ldp
R2的MPLS和MPLS LDP的配置
全域性下的配置
mpls lsr-id 2.2.2.2 mpls # mpls ldp 介面下配置 interface GigabitEthernet0/0/0 mpls mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldpR3的MPLS和MPLS LDP的配置
全域性下配置
mpls lsr-id 3.3.3.3 mpls # mpls ldp 介面下配置 interface GigabitEthernet0/0/0 mpls mpls ldp
4.檢查MPLS LDP關係
在R2上面檢視於R1和R3之間的LDP關係
<R2>display mpls ldp session all LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 1.1.1.1:0 Operational DU Active 0000:00:58 234/234 3.3.3.3:0 Operational DU Passive 0000:00:58 236/236 ------------------------------------------------------------------------------ TOTAL: 2 session(s) Found.
在R3上面分別檢視是否對1.1.1.1/32分發標籤
<R3>display mpls lsp include 1.1.1.1 32 ------------------------------------------------------------------------------- LSP Information: LDP LSP ------------------------------------------------------------------------------- FEC<R2>display mpls lsp include 1.1.1.1 ^ Error:Incomplete command found at '^' position. <R2>display mpls lsp include 1.1.1.1 32 ------------------------------------------------------------------------------- LSP Information: LDP LSP ------------------------------------------------------------------------------- FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 NULL/3 -/GE0/0/0 1.1.1.1/32 1025/3 -/GE0/0/0 <R2> In/Out Label In/Out IF Vrf Name 1.1.1.1/32 NULL/1025 -/GE0/0/0 1.1.1.1/32 1025/1025 -/GE0/0/0 <R3>
在R1上面分別檢視是否對3.3.3.3/32分發標籤
<R1>display mpls lsp include 3.3.3.3 32 ------------------------------------------------------------------------------- LSP Information: LDP LSP ------------------------------------------------------------------------------- FEC In/Out Label In/Out IF Vrf Name 3.3.3.3/32 NULL/1024 -/GE0/0/0 3.3.3.3/32 1025/1024 -/GE0/0/0 <R1> <R2>display mpls lsp include 3.3.3.3 32 ------------------------------------------------------------------------------- LSP Information: LDP LSP ------------------------------------------------------------------------------- FEC In/Out Label In/Out IF Vrf Name 3.3.3.3/32 NULL/3 -/GE0/0/1 3.3.3.3/32 1024/3 -/GE0/0/1 <R2>
5.在AR1和AR2上面分別配置VRF和RD和RT
在AR1和AR2上面分別對A公司的分部和總部進行定義VRF
AR1上面定義A公司分部
ip vpn-instance 4 ipv4-family route-distinguisher 4:4 vpn-target 4:6 export-extcommunity vpn-target 6:4 import-extcommunity
AR3上面定義A公司總部
ip vpn-instance 6 ipv4-family route-distinguisher 6:6 vpn-target 6:4 export-extcommunity vpn-target 4:6 import-extcommunity
在AR11和AR2上面分別對A公司的分部和總部進行定義VRF呼叫
AR1上面定義A公司分部VRF的呼叫
interface GigabitEthernet0/0/1 ip binding vpn-instance 4 ip address 192.168.14.1 255.255.255.0
注意:呼叫VRF的時候,該介面下的配置就會消失<R1>display ip routing-table ip vpn-instance Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routes Matched by Prefix-list vpn-instance: Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 2.2.2.2/32 ISIS-L2 15 10 D 12.1.1.2 GigabitEthernet 0/0/0 3.3.3.3/32 ISIS-L2 15 20 D 12.1.1.2 GigabitEthernet 0/0/0 12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet 0/0/0 12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 23.1.1.0/24 ISIS-L2 15 20 D 12.1.1.2 GigabitEthernet 0/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
AR3上面定義A公司總部VRF的呼叫
interface GigabitEthernet0/0/1 ip binding vpn-instance 6 ip address 192.168.36.3 255.255.255.0
在AR1和AR32上面分別對B公司的分部和總部進行定義VRF
AR1上面定義B公司分部
ip vpn-instance 5 ipv4-family route-distinguisher 5:5 vpn-target 5:7 export-extcommunity vpn-target 7:5 import-extcommunity
AR3上面定義B公司分部
ip vpn-instance 7 ipv4-family route-distinguisher 7:7 vpn-target 7:5 export-extcommunity vpn-target 5:7 import-extcommunity #
在AR1和AR2上面分別對B公司的分部和總部進行定義VRF呼叫
AR1上面定義B公司分部VRF的呼叫
interface GigabitEthernet0/0/2 ip binding vpn-instance 5 ip address 192.168.15.1 255.255.255.0
AR3上面定義B公司分部VRF的呼叫
interface GigabitEthernet0/0/2 ip binding vpn-instance 7 ip address 192.168.37.3 255.255.255.0
總結:此時AR1和AR3上面有三張表
一個是FIB表(全域性路由表) 一個是vpn-instance 5表 一個是vpn-instance 7表 三張表之間的關係相互獨立,互不影響
6.AR4和AR1之間的路由協議
注意:它們之間可以啟用靜態、RIP、OSPF、ISIS、BGP協議
但是推薦啟用BGP協議
AR4的BGP的配置
bgp 65001 peer 192.168.14.1 as-number 100 # ipv4-family unicast undo synchronization network 172.16.1.0 255.255.255.0 peer 192.168.14.1 enable peer 192.168.14.1 allow-as-loop
AR1的BGP的配置
bgp 100 router-id 1.1.1.1 ipv4-family vpn-instance 4 peer 192.168.14.4 as-number 65001
<R1>display bgp vpnv4 vpn-instance 4 peer BGP local router ID : 1.1.1.1 Local AS number : 100 VPN-Instance 4, Router ID 1.1.1.1: Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 192.168.14.4 4 65001 95 95 0 01:32:46 Established 1 <R1>
<R4> display bgp peer BGP local router ID : 192.168.14.4 Local AS number : 65001 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 192.168.14.1 4 100 96 97 0 01:33:58 Established 1 <R4>
檢查在AR1上面是否學習到關於AR4裝置的172.16.1.1/24的路由
<R1>DIS BGP vpnv4 vpn-instance 4 routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete VPN-Instance 4, Router ID 1.1.1.1: Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 192.168.14.4 0 0 65001i *>i 172.16.2.0/24 3.3.3.3 0 100 0 65001i <R1>
剩下的AR6和AR3之間的BGP
AR6的BGP配置
bgp 65001 peer 192.168.36.3 as-number 100 # ipv4-family unicast undo synchronization network 172.16.2.0 255.255.255.0 peer 192.168.36.3 enable peer 192.168.36.3 allow-as-loop #
AR3的BGP配置
bgp 100 router-id 3.3.3.3 ipv4-family vpn-instance 6 peer 192.168.36.6 as-number 65001
<R6> display bgp peer BGP local router ID : 192.168.36.6 Local AS number : 65001 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 192.168.36.3 4 100 103 104 0 01:40:35 Established 1 <R6>
<R3>dis bgp vpnv4 vpn-instance 6 peer BGP local router ID : 3.3.3.3 Local AS number : 100 VPN-Instance 6, Router ID 3.3.3.3: Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 192.168.36.6 4 65001 104 104 0 01:41:24 Established 1 <R3>
<R3>dis bgp vpnv4 vpn-instance 6 routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete VPN-Instance 6, Router ID 3.3.3.3: Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 172.16.1.0/24 1.1.1.1 0 100 0 65001i *> 172.16.2.0/24 192.168.36.6 0 0 65001i <R3>
AR5和AR1之間的OSPF
AR5的OSPF配置
ospf 1 router-id 5.5.5.5 area 0.0.0.0 network 172.16.1.1 0.0.0.0 network 192.168.15.5 0.0.0.0
AR1的OSPF配置
ospf 1 router-id 1.1.1.1 vpn-instance 5 import-route bgp area 0.0.0.0 network 192.168.15.1 0.0.0.0
AR7和AR3之間的OSPF
AR7的OSPF配置
ospf 1 router-id 7.7.7.7 area 0.0.0.0 network 172.16.2.1 0.0.0.0 network 192.168.37.7 0.0.0.0
AR3的OSPF配置
ospf 1 router-id 3.3.3.3 vpn-instance 7 import-route bgp area 0.0.0.0 network 192.168.37.3 0.0.0.0
7.AR1和AR3之間建立MP-BGP的關係
AR1上的配置
bgp 100 router-id 1.1.1.1 undo default ipv4-unicast peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization undo peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance 4 peer 192.168.14.4 as-number 65001 # ipv4-family vpn-instance 5 import-route ospf 1
AR3上的配置
bgp 100 router-id 3.3.3.3 undo default ipv4-unicast peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization undo peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance 6 peer 192.168.36.6 as-number 65001 # ipv4-family vpn-instance 7 import-route ospf 1
<R1>display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 3.3.3.3 4 100 116 116 0 01:51:38 Established 3 Peer of IPv4-family for vpn instance : VPN-Instance 4, Router ID 1.1.1.1: 192.168.14.4 4 65001 115 115 0 01:52:10 Established 1 <R1>
<R3>display bgp vpnv4 all peer BGP local router ID : 3.3.3.3 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 1.1.1.1 4 100 117 118 0 01:52:57 Established 3 Peer of IPv4-family for vpn instance : VPN-Instance 6, Router ID 3.3.3.3: 192.168.36.6 4 65001 116 116 0 01:53:53 Established 1 <R3>
<R1>dis bgp vpnv4 all routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 6 Route Distinguisher: 4:4 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 192.168.14.4 0 0 65001i Route Distinguisher: 5:5 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 0.0.0.0 2 0 ? *> 192.168.15.0 0.0.0.0 0 0 ? Route Distinguisher: 6:6 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 172.16.2.0/24 3.3.3.3 0 100 0 65001i Route Distinguisher: 7:7 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 172.16.2.0/24 3.3.3.3 2 100 0 ? *>i 192.168.37.0 3.3.3.3 0 100 0 ? VPN-Instance 4, Router ID 1.1.1.1: Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 192.168.14.4 0 0 65001i *>i 172.16.2.0/24 3.3.3.3 0 100 0 65001i VPN-Instance 5, Router ID 1.1.1.1: Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 0.0.0.0 2 0 ? *>i 172.16.2.0/24 3.3.3.3 2 100 0 ? *> 192.168.15.0 0.0.0.0 0 0 ? *>i 192.168.37.0 3.3.3.3 0 100 0 ? <R1>
檢查MP-BGP的關係
<R4>display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 Direct 0 0 D 172.16.1.1 LoopBack0 172.16.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 172.16.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0 172.16.2.0/24 EBGP 255 0 D 192.168.14.1 GigabitEthernet 0/0/0 192.168.14.0/24 Direct 0 0 D 192.168.14.4 GigabitEthernet 0/0/0 192.168.14.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 192.168.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <R4>
<R4>ping -a 172.16.1.1 172.16.2.1 PING 172.16.2.1: 56 data bytes, press CTRL_C to break Reply from 172.16.2.1: bytes=56 Sequence=1 ttl=252 time=60 ms Reply from 172.16.2.1: bytes=56 Sequence=2 ttl=252 time=30 ms Reply from 172.16.2.1: bytes=56 Sequence=3 ttl=252 time=40 ms Reply from 172.16.2.1: bytes=56 Sequence=4 ttl=252 time=40 ms Reply from 172.16.2.1: bytes=56 Sequence=5 ttl=252 time=40 ms --- 172.16.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/42/60 ms