好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.4 跨域VPN-OptionC方式典型配置举例

 

组网需求

l           Site 1Site 2属于同一个VPNSite 1通过AS 100PE 1接入,Site 2通过AS 600PE 2接入;

l           同一自治系统内的PE设备之间运行IS-IS作为IGP

l           PE 1ASBR-PE 1间通过MP-IBGP交换标签IPv4路由;

l           PE 2ASBR-PE 2间通过MP-IBGP交换标签IPv4路由;

l           PE 1PE 2建立MP-EBGP对等体;

l           ASBR-PE 1ASBR-PE 2上分别配置路由策略,对从对方接收的路由压入标签;

l           ASBR-PE 1ASBR-PE 2间通过MP-EBGP交换标签IPv4路由。

 

组网图

 

配置步骤

 

1、配置PE 1

# 在PE 1上运行IS-IS。

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls

[PE1-mpls] lsp-trigger all

[PE1-mpls] label advertise non-null

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

 

# 配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[PE1] interface POS 4/1/1

[PE1-POS4/1/1] ip address 1.1.1.2 255.0.0.0

[PE1-POS4/1/1] isis enable 1

[PE1-POS4/1/1] mpls

[PE1-POS4/1/1] mpls ldp

[PE1-POS4/1/1] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

 

# 创建VPN实例,名称为vpn1,为其配置RD和VPN Target属性。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

 

# 创建Loopback1接口,并将此接口绑定到vpn1。

[PE1] interface loopback 1

[PE1-LoopBack1] ip binding vpn-instance vpn1

[PE1-LoopBack1] ip address 30.0.0.1 32

[PE1-LoopBack1] quit

 

# 在PE 1上运行BGP。

[PE1] bgp 100

 

# 配置PE 1向IBGP对等体3.3.3.9发布标签路由及从3.3.3.9接收标签路由的能力。

[PE1-bgp] peer 3.3.3.9 as-number 100

[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp] peer 3.3.3.9 label-route-capability

 

# 配置PE 1到EBGP对等体5.5.5.9的最大跳数为10。

[PE1-bgp] peer 5.5.5.9 as-number 600

[PE1-bgp] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp] peer 5.5.5.9 ebgp-max-hop 10

 

# 配置对等体5.5.5.9作为VPNv4对等体。

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-af-vpnv4] quit

 

# 将直连路由引入到vpn1的路由表。

[PE1-bgp] ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1] import-route direct

[PE1-bgp-vpn1] quit

[PE1-bgp] quit

 

 

2、配置ASBR-PE1

# 在ASBR-PE1上运行IS-IS。

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls

[ASBR-PE1-mpls] lsp-trigger all

[ASBR-PE1-mpls] label advertise non-null

[ASBR-PE1-mpls] quit

[ASBR-PE1] mpls ldp

[ASBR-PE1-mpls-ldp] quit

 

# 配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[ASBR-PE1] interface POS 4/1/1

[ASBR-PE1-POS4/1/1] clock master

[ASBR-PE1-POS4/1/1] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-POS4/1/1] isis enable 1

[ASBR-PE1-POS4/1/1] mpls

[ASBR-PE1-POS4/1/1] mpls ldp

[ASBR-PE1-POS4/1/1] quit

 

# 配置接口POS4/1/2,并在接口上使能MPLS。

[ASBR-PE1] interface POS 4/1/2

[ASBR-PE1-POS4/1/2] clock master

[ASBR-PE1-POS4/1/2] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-POS4/1/2] mpls

[ASBR-PE1-POS4/1/2] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

 

# 创建路由策略。

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy1] apply mpls-label

[ASBR-PE1-route-policy1] quit

[ASBR-PE1] route-policy policy2 permit node 1

[ASBR-PE1-route-policy2] if-match mpls-label

[ASBR-PE1-route-policy2] apply mpls-label

[ASBR-PE1-route-policy2] quit

 

# 在ASBR-PE 1上运行BGP,引入IS-IS进程1的路由。

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp] import-route isis 1

 

# 对IBGP对等体2.2.2.9发布来的路由应用已配置的路由策略policy2。

[ASBR-PE1-bgp] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp] peer 2.2.2.9 route-policy policy2 export

 

# 向IBGP对等体2.2.2.9发布标签路由及从2.2.2.9接收标签路由的能力。

[ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp] peer 2.2.2.9 label-route-capability

 

# 对EBGP对等体11.0.0.1发布来的路由应用已配置的路由策略policy1。

[ASBR-PE1-bgp] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp] peer 11.0.0.1 route-policy policy1 export

 

# 向EBGP对等体11.0.0.1发布标签路由及从11.0.0.1接收标签路由的能力

[ASBR-PE1-bgp] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp] quit

 

3、配置ASBR-PE 2

# 在ASBR-PE 2上运行IS-IS。

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls

[ASBR-PE2-mpls] lsp-trigger all

[ASBR-PE2-mpls] label advertise non-null

[ASBR-PE2-mpls] quit

[ASBR-PE2] mpls ldp

[ASBR-PE2-mpls-ldp] quit

 

# 配置接口POS4/1/1,在接口上运行IS-IS,并在接口上使能MPLS和LDP。

[ASBR-PE2] interface POS 4/1/1

[ASBR-PE2-POS4/1/1] clock master

[ASBR-PE2-POS4/1/1] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-POS4/1/1] isis enable 1

[ASBR-PE2-POS4/1/1] mpls

[ASBR-PE2-POS4/1/1] mpls ldp

[ASBR-PE2-POS4/1/1] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

 

# 配置接口POS4/1/2,在接口上使能MPLS。

[ASBR-PE2] interface POS 4/1/2

[ASBR-PE2-POS4/1/2] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-POS4/1/2] mpls

[ASBR-PE2-POS4/1/2] quit

 

# 创建路由策略。

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy1] apply mpls-label

[ASBR-PE2-route-policy1] quit

[ASBR-PE2] route-policy policy2 permit node 1

[ASBR-PE2-route-policy2] if-match mpls-label

[ASBR-PE2-route-policy2] apply mpls-label

[ASBR-PE2-route-policy2] quit

 

# 在ASBR-PE 2上运行BGP,引入IS-IS进程1的路由。

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp] import-route isis 1

 

# 向IBGP对等体5.5.5.9发布标签路由及从5.5.5.9接收标签路由的能力

[ASBR-PE2-bgp] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0

[ASBR-PE2-bgp] peer 5.5.5.9 label-route-capability

 

# 对IBGP对等体5.5.5.9发布来的路由应用已配置的路由策略policy2。

[ASBR-PE2-bgp] peer 5.5.5.9 route-policy policy2 export

 

# 对EBGP对等体11.0.0.2发布来的路由应用已配置的路由策略policy1。

[ASBR-PE2-bgp] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export

 

# 向EBGP对等体11.0.0.2发布标签路由及从11.0.0.2接收标签路由的能力。

[ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp] quit

 

 

4、配置PE 2

# 在PE 2上运行IS-IS。

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

 

# 配置LSR ID,使能MPLS和LDP。

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls

[PE2-mpls] lsp-trigger all

[PE2-mpls] label advertise non-null

[PE2-mpls] quit

[PE2] mpls ldp

[PE2-mpls-ldp] quit

 

# 配置接口POS4/1/1,在接口上运行IS-IS,并使能MPLS和LDP。

[PE2] interface POS 4/1/1

[PE2-POS4/1/1] ip address 9.1.1.2 255.0.0.0

[PE2-POS4/1/1] isis enable 1

[PE2-POS4/1/1] mpls

[PE2-POS4/1/1] mpls ldp

[PE2-POS4/1/1] quit

 

# 创建Loopback0接口,在接口上运行IS-IS。

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

 

# 创建VPN实例,名称为vpn1,为其配置RD和VPN Target属性。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

 

# 创建Loopback1接口,并将此接口绑定到vpn1。

[PE2] interface loopback 1

[PE2-LoopBack1] ip binding vpn-instance vpn1

[PE2-LoopBack1] ip address 20.0.0.1 32

[PE2-LoopBack1] quit

 

# 在PE 2上运行BGP。

[PE2] bgp 600

 

# 配置PE 2向IBGP对等体4.4.4.9发布标签路由及从4.4.4.9接收标签路由的能力。

[PE2-bgp] peer 4.4.4.9 as-number 600

[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp] peer 4.4.4.9 label-route-capability

 

# 配置PE 2到EBGP对等体2.2.2.9的最大跳数为10。

[PE2-bgp] peer 2.2.2.9 as-number 100

[PE2-bgp] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10

 

# 配置对等体2.2.2.9作为VPNv4对等体。

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-af-vpnv4] quit

 

# 将直连路由引入vpn1的路由表。

[PE2-bgp] ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1] import-route direct

[PE2-bgp-vpn1] quit

[PE2-bgp] quit

 

 

结果检验

配置完成后,在PE2上对PE1进行Ping操作,可以Ping通:

[PE2] ping –vpn-instance vpn1 30.0.0.1

 

PE1上对PE2进行Ping操作,也可以Ping通:

[PE1] ping –vpn-instance vpn1 20.0.0.1

 

 

配置文件

1PE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 11:11

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

#

mpls lsr-id 2.2.2.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.111.111.111.111.00

#

interface pos 2/1/1

link-protocol ppp

ip address 1.1.1.2 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

isis enable 1

#

interface loopback 1

ip binding vpn-instance vpn1

ip address 30.0.0.1 255.255.255.255

#

bgp 100

 peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface loopback 0

peer 3.3.3.9 label-route-capability

peer 5.5.5.9 as-number 600

peer 5.5.5.9 connect-interface loopback 0

peer 5.5.5.9 ebgp-max-hop 10

#

ipv4-family vpnv4

peer 5.5.5.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

2ASBR – PE 1 配置

#

mpls lsr-id 3.3.3.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.222.222.222.222.00

#

interface pos 2/1/1

clock master

link-protocol ppp

ip address 1.1.1.1 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface pos 2/1/2

clock master

link-protocol ppp

ip address 11.0.0.2 255.0.0.0

mpls

#

interface loopback 0

ip address 3.3.3.9 255.255.255.255

isis enable 1

#

bgp 100

import-route isis 1

peer 2.2.2.9 as-number 100

peer 2.2.2.9 route-policy policy2 export

peer 2.2.2.9 connect-interface loopback 0

peer 2.2.2.9 label-route-capability

peer 11.0.0.1 as-number 600

peer 11.0.0.1 route-policy policy1 export

peer 11.0.0.1 label-route-capability

#

route-policy policy1 permit node 1

apply mpls-label

#

route-policy policy2 permit node 1

if-match mpls-label

apply mpls-label

#

3ASBR – PE 2 配置

 

#

mpls lsr-id 4.4.4.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.222.222.222.222.00

#

interface pos 2/1/1

clock master

link-protocol ppp

isis enable 1

ip address 9.1.1.1 255.0.0.0

mpls

mpls ldp

#

interface pos 2/1/2

link-protocol ppp

ip address 11.0.0.2 255.0.0.0

mpls

#

interface loopback 0

ip address 4.4.4.9 255.255.255.255

isis enable 1

#

bgp 600

import-route isis 1

peer 5.5.5.9 as-number 600

peer 5.5.5.9 connect-interface loopback 0

peer 5.5.5.9 label-route-capability

peer 5.5.5.9 route-policy policy2 export

peer 11.0.0.2 as-number 100

peer 11.0.0.2 route-policy policy1 export

peer 11.0.0.2 label-route-capability

#

route-policy policy1 permit node 1

apply mpls-label

#

route-policy policy2 permit node 1

if-match mpls-label

apply mpls-label

#

 

4、PE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 12:12

vpn-target 3:3 export-extcommunity

vpn-target 1:1 2:2 3:3 import-extcommunity

#

mpls lsr-id 5.5.5.9

#

mpls

label advertise non-null

lsp-trigger all

#

mpls ldp

#

isis 1

 network-entity 10.111.111.111.111.00

#

interface pos 2/1/1

link-protocol ppp

ip address 9.1.1.2 255.0.0.0

isis enable 1

mpls

mpls ldp

#

interface loopback 0

ip address 5.5.5.9 255.255.255.255

isis enable 1

#

interface loopback 1

ip binding vpn-instance vpn1

ip address 20.0.0.1 255.255.255.255

#

bgp 600

peer 4.4.4.9 as-number 600

peer 4.4.4.9 connect-interface loopback 0

peer 4.4.4.9 label-route-capability

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface loopback 0

peer 2.2.2.9 ebgp-max-hop 10

#

ipv4-family vpnv4

peer 2.2.2.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

#

 

 

 

 

 

X Close
X Close