lCE
1、CE 3属于VPN 1,CE 2、CE 4属于VPN 2;
lVPN
1使用的VPN Target属性为111:1,VPN 2使用的VPN Target属性为222:2。不同VPN用户之间不能互相访问;
lCE与PE之间配置EBGP交换VPN路由信息;
lPE与PE之间配置OSPF实现PE内部的互通、配置MP-IBGP交换VPN路由信息。
配置步骤
1、MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通
#
配置PE 1。
<PE1>
system-view
[PE1]
interface loopback 0
[PE1-LoopBack0]
ip address 1.1.1.9 32
[PE1-LoopBack0]
quit
[PE1]
interface pos
[PE1-POS2/1/1]
ip address 172.1.1.1 24
[PE1-POS2/1/1]
quit
[PE1]
ospf
[PE1-ospf-1]
area 0
[PE1-ospf-1-area-0.0.0.0]
network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]
network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]
quit
[PE1-ospf-1]
quit
#
配置P。
<P>
system-view
[P]
interface loopback 0
[P-LoopBack0]
ip address 2.2.2.9 32
[P-LoopBack0]
quit
[P]
interface pos
[P-POS2/1/1]
clock master
[P-POS2/1/1]
ip address 172.1.1.2 24
[P-POS2/1/1]
quit
[P]
interface pos
[P-POS2/1/2]
clock master
[P-POS2/1/2]
ip address 172.2.1.1 24
[P-POS2/1/2]
quit
[P]
ospf
[P-ospf-1]
area 0
[P-ospf-1-area-0.0.0.0]
network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]
network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]
network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0]
quit
[P-ospf-1]
quit
#
配置PE 2。
<PE2>
system-view
[PE2]
interface loopback 0
[PE2-LoopBack0]
ip address 3.3.3.9 32
[PE2-LoopBack0]
quit
[PE2]
interface pos
[PE2-POS2/1/1]
ip address 172.2.1.2 24
[PE2-POS2/1/1]
quit
[PE2]
ospf
[PE2-ospf-1]
area 0
[PE2-ospf-1-area-0.0.0.0]
network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]
network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]
quit
[PE2-ospf-1]
quit
配置完成后,PE 1、P、PE 2之间应能建立OSPF邻居,执行display ospf peer
verbose命令可以看到邻居达到FULL状态。执行display ip
routing-table命令可以看到PE之间学习到对方的Loopback路由。
以PE 1为例:
[PE1]
display ip routing-table
Routing
Tables: Public
Destinations : 9
Routes : 9
Destination/Mask Proto Pre Cost NextHop
Interface
1.1.1.9/32
Direct 0 0
127.0.0.1
InLoop0
2.2.2.9/32
OSPF 10 1
172.1.1.2
POS2/1/1
3.3.3.9/32
OSPF 10 2
172.1.1.2
POS2/1/1
127.0.0.0/8 Direct
0 0
127.0.0.1
InLoop0
127.0.0.1/32 Direct 0 0
127.0.0.1
InLoop0
172.1.1.0/24 Direct 0 0
172.1.1.1
POS2/1/1
172.1.1.1/32 Direct 0 0
127.0.0.1
InLoop0
172.1.1.2/32 Direct 0 0
172.1.1.2
POS2/1/1
172.2.1.0/24 OSPF 10 1
172.1.1.2
POS2/1/1
[PE1]
display ospf peer verbose
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface
172.1.1.1(POS2/1/1)'s neighbors
Router ID: 172.1.1.2
Address: 172.1.1.2 GR
State:
State: Full Mode:Nbr is Master Priority: 1
DR: None BDR: None MTU: 1500
Dead timer due in 38 sec
Neighbor is up for
Authentication Sequence: [ 0 ]
2、MPLS骨干网上配置MPLS基本能力和MPLS
LDP,建立LDP LSP
#
配置PE 1。
[PE1]
mpls lsr-id 1.1.1.9
[PE1]
mpls
[PE1-mpls]
lsp-trigger all
[PE1-mpls]
quit
[PE1]
mpls ldp
[PE1-mpls-ldp]
quit
[PE1]
interface pos 2/1/1
[PE1-POS2/1/1]
mpls
[PE1-POS2/1/1]
mpls ldp
[PE1-POS2/1/1]
quit
#
配置P。
[P]
mpls lsr-id 2.2.2.9
[P]
mpls
[P-mpls]
lsp-trigger all
[P-mpls]
quit
[P]
mpls ldp
[P-mpls-ldp]
quit
[P]
interface pos 2/1/1
[P-POS2/1/1]
mpls
[P-POS2/1/1]
mpls ldp
[P-POS2/1/1]
quit
[P]
interface pos 2/1/2
[P-POS2/1/2]
mpls
[P-POS2/1/2]
mpls ldp
[P-POS2/1/2]
quit
#
配置PE 2。
[PE2]
mpls lsr-id 3.3.3.9
[PE2]
mpls
[PE2-mpls]
lsp-trigger all
[PE2-mpls]
quit
[PE2]
mpls ldp
[PE2-mpls-ldp]
quit
[PE2]
interface pos 2/1/1
[PE2-POS2/1/1]
mpls
[PE2-POS2/1/1]
mpls ldp
[PE2-POS2/1/1]
quit
上述配置完成后,PE 1、P、PE 2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Session
State项为Operational。执行display mpls ldp lsp命令,可以看到LDP
LSP的建立情况。
以PE 1为例:
[PE1]
display mpls ldp session
LDP Session(s) in Public Network
----------------------------------------------------------------
Peer-ID
Status LAM SsnRole FT MD5 KA-Sent/Rcv
---------------------------------------------------------------
2.2.2.9:0
Operational DU Passive Off Off 5/5
---------------------------------------------------------------
LAM : Label Advertisement Mode
FT : Fault
Tolerance
[PE1]
display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------
SN
DestAddress/Mask
In/OutLabel Next-Hop
In/Out-Interface
------------------------------------------------------------------
1 1.1.1.9/32
3/NULL
127.0.0.1
POS2/1/1/InLoop0
2 2.2.2.9/32
NULL/3
172.1.1.2
-------/POS2/1/1
3 3.3.3.9/32
NULL/1024
172.1.1.2
-------/POS2/1/1
4 172.2.1.0/24
NULL/3
172.1.1.2
-------/POS2/1/1
------------------------------------------------------------------
A '*' before an LSP means the LSP is not
established
A '*' before a Label means the USCB or
DSCB is stale
#
配置PE 1。
[PE1]
ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]
route-distinguisher 100:1
[PE1-vpn-instance-vpn1]
vpn-target 111:1
[PE1-vpn-instance-vpn1]
quit
[PE1]
ip vpn-instance vpn2
[PE1-vpn-instance-vpn2]
route-distinguisher 100:2
[PE1-vpn-instance-vpn2]
vpn-target 222:2
[PE1-vpn-instance-vpn2]
quit
[PE1]
interface GigabitEthernet 4/1/1
[PE1-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE1-GigabitEthernet4/1/1]
ip address 10.1.1.2 24
[PE1-GigabitEthernet4/1/1]
quit
[PE1]
interface GigabitEthernet4/1/2
[PE1-GigabitEthernet4/1/2]
ip binding vpn-instance vpn2
[PE1-GigabitEthernet4/1/2]
ip address 10.2.1.2 24
[PE1-GigabitEthernet4/1/2]
quit
#
配置PE 2。
[PE2]
ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]
route-distinguisher 200:1
[PE2-vpn-instance-vpn1]
vpn-target 111:1
[PE2-vpn-instance-vpn1]
quit
[PE2]
ip vpn-instance vpn2
[PE2-vpn-instance-vpn2]
route-distinguisher 200:2
[PE2-vpn-instance-vpn2]
vpn-target 222:2
[PE2-vpn-instance-vpn2]
quit
[PE2]
interface GigabitEthernet 4/1/1
[PE2-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[PE2-GigabitEthernet4/1/1]
ip address 10.3.1.2 24
[PE2-GigabitEthernet4/1/1]
quit
[PE2]
interface GigabitEthernet 4/1/2
[PE2-GigabitEthernet4/1/2]
ip binding vpn-instance vpn2
[PE2-GigabitEthernet4/1/2]
ip address 10.4.1.2 24
[PE2-GigabitEthernet4/1/2]
quit
#配置各CE的接口IP地址,配置过程略。
配置完成后,在PE设备上执行display ip
vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
以PE 1和CE 1为例:
[PE1]
display ip vpn-instance
Total VPN-Instances configured :
2
vpn1
100:1
2006/08/13
vpn2
100:2
2006/08/13
[PE1]
ping -vpn-instance vpn1 10.1.1.1
Reply from 10.1.1.1:
bytes=56 Sequence=1 ttl=255 time=56 ms
Reply from 10.1.1.1:
bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 10.1.1.1:
bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 10.1.1.1:
bytes=56 Sequence=4 ttl=255 time=52 ms
Reply from 10.1.1.1:
bytes=56 Sequence=5 ttl=255 time=3 ms
--- 10.1.1.1 ping statistics
---
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
round-trip min/avg/max =
#
配置CE 1。
<CE1>
system-view
[CE1]
bgp 65410
[CE1-bgp]
peer 10.1.1.2 as-number 100
[CE1-bgp]
import-route direct
[CE1-bgp]
quit
& 说明:
另外3个CE设备(CE 2~CE 4)配置与CE 1设备配置类似,配置过程省略。
#
配置PE 1。
[PE1]
bgp 100
[PE1-bgp]
ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]
peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1]
import-route direct
[PE1-bgp-vpn1]
quit
[PE1-bgp]
ipv4-family vpn-instance vpn2
[PE1-bgp-vpn2]
peer 10.2.1.1 as-number 65420
[PE1-bgp-vpn2]
import-route direct
[PE1-bgp-vpn2]
quit
[PE1-bgp]
quit
& 说明:
PE
2的配置与PE 1类似,配置过程省略。
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance
peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE 1与CE 1的对等体关系为例:
[PE1]
display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID :
1.1.1.9
Local AS number :
100
Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.1.1.1 4 65410 11 9 0 1
#
配置PE 1。
[PE1]
bgp 100
[PE1-bgp]
peer 3.3.3.9 as-number 100
[PE1-bgp]
peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp]
ipv4-family vpnv4
[PE1-bgp-af-vpnv4]
peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4]
quit
[PE1-bgp]
quit
#
配置PE 2。
[PE2]
bgp 100
[PE2-bgp]
peer 1.1.1.9 as-number 100
[PE2-bgp]
peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp]
ipv4-family vpnv4
[PE2-bgp-af-vpnv4]
peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4]
quit
[PE2-bgp]
quit
配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all
peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[PE1]
display bgp peer
BGP local router ID :
1.1.1.9
Local AS number :
100
Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
3.3.3.9 4
100
2
6 0
0
结果检验
在PE设备上执行display ip routing-table
vpn-instance命令,可以看到去往对端CE的路由。
以PE 1为例:
[PE1]
display ip routing-table vpn-instance vpn1
Routing
Tables: vpn1
Destinations : 3
Routes : 3
Destination/Mask Proto Pre Cost NextHop
Interface
10.1.1.0/24 Direct
0 0
10.1.1.2
GE4/1/1
10.1.1.2/32 Direct
0 0
127.0.0.1
InLoop0
10.3.1.0/24 BGP 255 0
3.3.3.9
NULL0
[PE1]
display ip routing-table vpn-instance vpn2
Routing
Tables: vpn2
Destinations : 3
Routes : 3
Destination/Mask Proto Pre Cost NextHop
Interface
10.2.1.0/24 Direct
0 0
10.2.1.2
GE4/1/2
10.2.1.2/32 Direct
0 0
127.0.0.1
InLoop0
10.4.1.0/24 BGP 255 0
3.3.3.9
NULL0
同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。
例如:CE 1能够Ping通CE 3(10.3.1.1),但不能Ping通CE
4(10.4.1.1)。
[CE1]
ping 10.3.1.1
Reply from 10.3.1.1:
bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 10.3.1.1:
bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 10.3.1.1:
bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 10.3.1.1:
bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1:
bytes=56 Sequence=5 ttl=253 time=34 ms
--- 10.3.1.1 ping statistics
---
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
round-trip min/avg/max =
34/48/72 ms
[CE1] ping 10.4.1.1
Request time
out
Request time
out
Request time
out
Request time
out
Request time
out
--- 10.4.1.1 ping statistics
---
5 packet(s)
transmitted
0 packet(s)
received
100.00% packet
loss
配置文件
#
ip
vpn-instance vpn1
route-distinguisher
100:1
vpn-target
111:1 export-extcommunity
vpn-target
111:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
100:2
vpn-target
222:2 export-extcommunity
vpn-target
222:2 import-extcommunity
#
mpls
lsr-id 1.1.1.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
pos 2/1/1
link-protocol
ppp
ip
address 172.1.1.1 255.255.255.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 1.1.1.9 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 10.1.1.2 255.255.255.0
#
interface
GigabitEthernet4/1/2
ip
binding vpn-instance vpn2
ip
address 10.2.1.2 255.255.255.0
#
bgp
100
peer
3.3.3.9 as-number 100
peer
3.3.3.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
3.3.3.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
10.1.1.1 as-number 65410
#
ipv4-family
vpn-instance vpn2
import-route
direct
peer
10.2.1.1 as-number 65420
#
ospf
1
area
0.0.0.0
network
172.1.1.0 0.0.0.255
network
1.1.1.9 0.0.0.0
#
#
ip
vpn-instance vpn1
route-distinguisher
200:1
vpn-target
111:1 export-extcommunity
vpn-target
111:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
200:2
vpn-target
222:2 export-extcommunity
vpn-target
222:2 import-extcommunity
#
mpls
lsr-id 3.3.3.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
pos
link-protocol
ppp
ip
address 172.2.1.2 255.255.255.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 3.3.3.9 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 10.3.1.2 255.255.255.0
#
interface
GigabitEthernet4/1/2
ip
binding vpn-instance vpn2
ip
address 10.4.1.2 255.255.255.0
#
bgp
100
peer
1.1.1.9 as-number 100
peer
1.1.1.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
1.1.1.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
10.3.1.1 as-number 65430
#
ipv4-family
vpn-instance vpn2
import-route
direct
peer
10.4.1.1 as-number 65440
#
ospf
1
area
0.0.0.0
network
172.2.1.0 0.0.0.255
network
3.3.3.9 0.0.0.0
#
#
mpls
lsr-id 2.2.2.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
pos
clock
master
link-protocol
ppp
ip
address 172.1.1.2 255.255.255.0
mpls
mpls
ldp
#
interface
pos
clock
master
link-protocol
ppp
ip
address 172.2.1.1 255.255.255.0
mpls
mpls
ldp
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
#
ospf
1
area
0.0.0.0
network
172.1.1.0 0.0.0.255
network
172.2.1.0 0.0.0.255
network
2.2.2.9 0.0.0.0
#
#
interface
GigabitEthernet
ip
address 10.1.1.1 255.255.255.0
#
bgp
65410
import-route
direct
peer
10.1.1.2 as-number 100
#
#
interface
GigabitEthernet
ip
address 10.2.1.1 255.255.255.0
#
bgp
65420
import-route
direct
peer
10.2.1.2 as-number 100
#
#
interface
GigabitEthernet
ip
address 10.3.1.1 255.255.255.0
#
bgp
65430
import-route
direct
peer
10.3.1.2 as-number 100
#
#
interface
GigabitEthernet
ip
address 10.4.1.1 255.255.255.0
#
bgp
65440
import-route
direct
peer
10.3.1.2 as-number 100
#
