MPLS VPN

目标:配置MPLS VPN

配置思路:

R3R5R6R4为运营商网络,配置MPLSIGP协议为ospf 110R3R4配置为IBGP邻居,R1R2为位于两地的同一公司A的子公司,R7R8同样是位于两地的同一公司B的子公司,在R3上为每个子公司R1R7启用vrf,并将相关接口加入相应vrf(比如,vrf 1 关连R3s1/1口),R1R3之间静态路由,R2R4之间静态路由,在R4上为每个子公司R2R8启用vrf,并将相关接口加入相应vrf,R7R3之间启用ospf 协议并相互进行重分发,R8R4之间启动ospf 路由协议并在ospf协议与BGP协议之间想到重分发(因为CEPE之间ospf路由需要通过BGP协议路由至对端PE,并在其PE上将BGP路由重分发进ospf进程,反之亦然)注意在重分发时所进的ospf 进程模式及BGP所对应的VRF

总体思路:控制层面-〉所用技术:ospf+BGP+vrf

数据层面-〉所用技术:mpls

网络拓扑:

技术分享

详细配置:

R1

hostname R1

!

no ip domain lookup

ip cef

no ipv6 cef

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

!

interface Serial1/1

 ip address 13.1.1.1 255.255.255.0

 serial restart-delay 0

!

no ip http server

no ip httpsecure-server

ip route 2.2.2.2255.255.255.255 13.1.1.3

===========================

R2

hostname R2

no ip domain lookup

ip cef

no ipv6 cef

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Serial1/1

 ip address 24.1.1.1 255.255.255.0

 serial restart-delay 0

!

no ip http server

no ip httpsecure-server

ip route 1.1.1.1255.255.255.255 24.1.1.4

========================

R3

hostname R3

!

ip vrf 1

 rd 1:1

 route-target export 1:1

 route-target import 1:1

!

ip vrf 7

 rd 7:7

 route-target export 7:7

 route-target import 7:7

!

no ip domain lookup

ip cef

no ipv6 cef

!

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

!        

interface Loopback1

 ip address 33.3.3.3 255.255.255.255

!

interface Serial1/0

 ip address 35.1.1.3 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip vrf forwarding 1

 ip address 13.1.1.3 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 ip vrf forwarding 7

 ip address 37.1.1.3 255.255.255.0

 serial restart-delay 0

!

interface Serial1/3

 ip address 34.1.1.3 255.255.255.0

 shutdown

 serial restart-delay 0

!

router ospf 1 vrf 7

 router-id 33.3.3.3

 redistribute bgp 34 metric 10 subnets

 network 37.1.1.3 0.0.0.0 area 0

!

router ospf 110

 router-id 3.3.3.3

 network 3.3.3.3 0.0.0.0 area 0

 network 35.1.1.3 0.0.0.0 area 0

!

router bgp 34

 bgp log-neighbor-changes

 neighbor 4.4.4.4 remote-as 34

 neighbor 4.4.4.4 update-source Loopback0

 !

 address-family vpnv4

  neighbor 4.4.4.4 activate

  neighbor 4.4.4.4 send-community extended

  neighbor 4.4.4.4 next-hop-self

 exit-address-family

 !

 address-family ipv4 vrf 1

  network 1.1.1.1 mask 255.255.255.255

 exit-address-family

 !

 address-family ipv4 vrf 7

  redistribute ospf 1

 exit-address-family

!

ip forward-protocolnd

!

!

no ip http server

no ip httpsecure-server

ip route vrf 11.1.1.1 255.255.255.255 13.1.1.1

!

mpls ldp router-idLoopback0 force

==========================

R4

hostname R4

!

ip vrf 2

 rd 2:2

 route-target export 1:1

 route-target import 1:1

!

ip vrf 8

 rd 8:8

 route-target export 7:7

 route-target import 7:7

!

no ip domain lookup

ip cef

interface Loopback0

 ip address 4.4.4.4 255.255.255.255

!        

interface Serial1/0

 ip address 46.1.1.4 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip vrf forwarding 2

 ip address 24.1.1.4 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 ip vrf forwarding 8

 ip address 48.1.1.4 255.255.255.0

 serial restart-delay 0

!

interface Serial1/3

 ip address 34.1.1.4 255.255.255.0

 shutdown

 serial restart-delay 0

!

router ospf 1 vrf 8

 redistribute bgp 34 subnets

 network 48.1.1.4 0.0.0.0 area 0

!

router ospf 110

 router-id 4.4.4.4

 network 4.4.4.4 0.0.0.0 area 0

 network 46.1.1.4 0.0.0.0 area 0

!

router bgp 34

 bgp log-neighbor-changes

 neighbor 3.3.3.3 remote-as 34

 neighbor 3.3.3.3 update-source Loopback0

 !

 address-family vpnv4

  neighbor 3.3.3.3 activate

  neighbor 3.3.3.3 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf 2

  network 2.2.2.2 mask 255.255.255.255

 exit-address-family

 !

 address-family ipv4 vrf 8

  redistribute ospf 1 metric 10

 exit-address-family

!

no ip http server

no ip httpsecure-server

ip route vrf 22.2.2.2 255.255.255.255 24.1.1.2

============================

R5

hostname R5

no ip domain lookup

ip cef

interface Loopback0

 ip address 5.5.5.5 255.255.255.255

!

interface Serial1/0

 ip address 35.1.1.5 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip address 56.1.1.5 255.255.255.0

 mpls ip

 serial restart-delay 0

!

router ospf 110

 router-id 5.5.5.5

 network 5.5.5.5 0.0.0.0 area 0

 network 35.1.1.5 0.0.0.0 area 0

 network 56.1.1.5 0.0.0.0 area 0

no ip http server

no ip httpsecure-server

mpls ldp router-idLoopback0 force

===========================

R6

hostname R6

no ip domain lookup

ip cef

interface Loopback0

 ip address 6.6.6.6 255.255.255.255

!

interface Serial1/0

 ip address 46.1.1.6 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip address 56.1.1.6 255.255.255.0

 mpls ip

 serial restart-delay 0

!

router ospf 110

 router-id 6.6.6.6

 network 6.6.6.6 0.0.0.0 area 0

 network 46.1.1.6 0.0.0.0 area 0

 network 56.1.1.6 0.0.0.0 area 0

!

line con 0

 exec-timeout 0 0

 logging synchronous

=============================

R7

hostname R7

ip cef

interface Loopback0

 ip address 7.7.7.7 255.255.255.255

!

interface Serial1/2

 ip address 37.1.1.7 255.255.255.0

 serial restart-delay 0

!

router ospf 110

 router-id 7.7.7.7

 network 7.7.7.7 0.0.0.0 area 0

 network 37.1.1.7 0.0.0.0 area 0

        

line con 0

 exec-timeout 0 0

 logging synchronous

=========================

R8

hostname R8

ip cef

interface Loopback0

 ip address 8.8.8.8 255.255.255.255

!

interface Serial1/2

 ip address 48.1.1.8 255.255.255.0

 serial restart-delay 0

!

router ospf 110

 router-id 8.8.8.8

 network 8.8.8.8 0.0.0.0 area 0

 network 48.1.1.8 0.0.0.0 area 0

!

line con 0

 exec-timeout 0 0

 logging synchronous


测试:

技术分享

技术分享



本文出自 “夜不静” 博客,请务必保留此出处http://25102468.blog.51cto.com/3460916/1662111

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。