MPLS VPN

目标：配置MPLS VPN

配置思路：

R3，R5，R6，R4为运营商网络，配置MPLS，IGP协议为ospf 110，R3和R4配置为IBGP邻居，R1和R2为位于两地的同一公司A的子公司，R7和R8同样是位于两地的同一公司B的子公司，在R3上为每个子公司R1，R7启用vrf,并将相关接口加入相应vrf(比如，vrf 1 关连R3的s1/1口），R1与R3之间静态路由，R2与R4之间静态路由，在R4上为每个子公司R2，R8启用vrf,并将相关接口加入相应vrf,R7与R3之间启用ospf 协议并相互进行重分发，R8与R4之间启动ospf 路由协议并在ospf协议与BGP协议之间想到重分发（因为CE与PE之间ospf路由需要通过BGP协议路由至对端PE，并在其PE上将BGP路由重分发进ospf进程，反之亦然）注意在重分发时所进的ospf 进程模式及BGP所对应的VRF

总体思路：控制层面－〉所用技术：ospf+BGP+vrf

数据层面－〉所用技术：mpls

网络拓扑：

详细配置：

R1：

hostname R1

!

no ip domain lookup

ip cef

no ipv6 cef

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

!

interface Serial1/1

 ip address 13.1.1.1 255.255.255.0

 serial restart-delay 0

!

no ip http server

no ip httpsecure-server

ip route 2.2.2.2255.255.255.255 13.1.1.3

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R2：

hostname R2

no ip domain lookup

ip cef

no ipv6 cef

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Serial1/1

 ip address 24.1.1.1 255.255.255.0

 serial restart-delay 0

!

no ip http server

no ip httpsecure-server

ip route 1.1.1.1255.255.255.255 24.1.1.4

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R3：

hostname R3

!

ip vrf 1

 rd 1:1

 route-target export 1:1

 route-target import 1:1

!

ip vrf 7

 rd 7:7

 route-target export 7:7

 route-target import 7:7

!

no ip domain lookup

ip cef

no ipv6 cef

!

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

!        

interface Loopback1

 ip address 33.3.3.3 255.255.255.255

!

interface Serial1/0

 ip address 35.1.1.3 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip vrf forwarding 1

 ip address 13.1.1.3 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 ip vrf forwarding 7

 ip address 37.1.1.3 255.255.255.0

 serial restart-delay 0

!

interface Serial1/3

 ip address 34.1.1.3 255.255.255.0

 shutdown

 serial restart-delay 0

!

router ospf 1 vrf 7

 router-id 33.3.3.3

 redistribute bgp 34 metric 10 subnets

 network 37.1.1.3 0.0.0.0 area 0

!

router ospf 110

 router-id 3.3.3.3

 network 3.3.3.3 0.0.0.0 area 0

 network 35.1.1.3 0.0.0.0 area 0

!

router bgp 34

 bgp log-neighbor-changes

 neighbor 4.4.4.4 remote-as 34

 neighbor 4.4.4.4 update-source Loopback0

 !

 address-family vpnv4

  neighbor 4.4.4.4 activate

  neighbor 4.4.4.4 send-community extended

  neighbor 4.4.4.4 next-hop-self

 exit-address-family

 !

 address-family ipv4 vrf 1

  network 1.1.1.1 mask 255.255.255.255

 exit-address-family

 !

 address-family ipv4 vrf 7

  redistribute ospf 1

 exit-address-family

!

ip forward-protocolnd

!

!

no ip http server

no ip httpsecure-server

ip route vrf 11.1.1.1 255.255.255.255 13.1.1.1

!

mpls ldp router-idLoopback0 force

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R4：

hostname R4

!

ip vrf 2

 rd 2:2

 route-target export 1:1

 route-target import 1:1

!

ip vrf 8

 rd 8:8

 route-target export 7:7

 route-target import 7:7

!

no ip domain lookup

ip cef

interface Loopback0

 ip address 4.4.4.4 255.255.255.255

!        

interface Serial1/0

 ip address 46.1.1.4 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip vrf forwarding 2

 ip address 24.1.1.4 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 ip vrf forwarding 8

 ip address 48.1.1.4 255.255.255.0

 serial restart-delay 0

!

interface Serial1/3

 ip address 34.1.1.4 255.255.255.0

 shutdown

 serial restart-delay 0

!

router ospf 1 vrf 8

 redistribute bgp 34 subnets

 network 48.1.1.4 0.0.0.0 area 0

!

router ospf 110

 router-id 4.4.4.4

 network 4.4.4.4 0.0.0.0 area 0

 network 46.1.1.4 0.0.0.0 area 0

!

router bgp 34

 bgp log-neighbor-changes

 neighbor 3.3.3.3 remote-as 34

 neighbor 3.3.3.3 update-source Loopback0

 !

 address-family vpnv4

  neighbor 3.3.3.3 activate

  neighbor 3.3.3.3 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf 2

  network 2.2.2.2 mask 255.255.255.255

 exit-address-family

 !

 address-family ipv4 vrf 8

  redistribute ospf 1 metric 10

 exit-address-family

!

no ip http server

no ip httpsecure-server

ip route vrf 22.2.2.2 255.255.255.255 24.1.1.2

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R5：

hostname R5

no ip domain lookup

ip cef

interface Loopback0

 ip address 5.5.5.5 255.255.255.255

!

interface Serial1/0

 ip address 35.1.1.5 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip address 56.1.1.5 255.255.255.0

 mpls ip

 serial restart-delay 0

!

router ospf 110

 router-id 5.5.5.5

 network 5.5.5.5 0.0.0.0 area 0

 network 35.1.1.5 0.0.0.0 area 0

 network 56.1.1.5 0.0.0.0 area 0

no ip http server

no ip httpsecure-server

mpls ldp router-idLoopback0 force

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R6：

hostname R6

no ip domain lookup

ip cef

interface Loopback0

 ip address 6.6.6.6 255.255.255.255

!

interface Serial1/0

 ip address 46.1.1.6 255.255.255.0

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip address 56.1.1.6 255.255.255.0

 mpls ip

 serial restart-delay 0

!

router ospf 110

 router-id 6.6.6.6

 network 6.6.6.6 0.0.0.0 area 0

 network 46.1.1.6 0.0.0.0 area 0

 network 56.1.1.6 0.0.0.0 area 0

!

line con 0

 exec-timeout 0 0

 logging synchronous

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R7：

hostname R7

ip cef

interface Loopback0

 ip address 7.7.7.7 255.255.255.255

!

interface Serial1/2

 ip address 37.1.1.7 255.255.255.0

 serial restart-delay 0

!

router ospf 110

 router-id 7.7.7.7

 network 7.7.7.7 0.0.0.0 area 0

 network 37.1.1.7 0.0.0.0 area 0

line con 0

 exec-timeout 0 0

 logging synchronous

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

R8：

hostname R8

ip cef

interface Loopback0

 ip address 8.8.8.8 255.255.255.255

!

interface Serial1/2

 ip address 48.1.1.8 255.255.255.0

 serial restart-delay 0

!

router ospf 110

 router-id 8.8.8.8

 network 8.8.8.8 0.0.0.0 area 0

 network 48.1.1.8 0.0.0.0 area 0

!

line con 0

 exec-timeout 0 0

 logging synchronous

测试：

本文出自 “夜不静” 博客，请务必保留此出处http://25102468.blog.51cto.com/3460916/1662111