【思科VPN】BGP MPLS-VPN基本部署实例

浏览数:34 / 时间:2015年06月20日

实验拓扑:

 

实验需求:如图,R1,R2,R3为公网路由器,属于AS65001。R4,R6为A公司的总公司和子公司出口路由器,R5,R7为B公司的总公司和子公司的出口路由器。运营商为R4,R5连接R1的网段均部署为私网网段172.16.40.0/24 ,为R6,R7连接R3的网段部署为172.16.60.0/24和172.16.70.0/24 。

要求使A公司的总公司(40.1)能与子公司出口路由器的内网网段(60.1)通信,B公司的总公司(40.1)能与子公司出口路由器的内网网段(70.1)通信。

 

实验步骤:

  1. 首先进行基本配置。(R1,R3的下行口一会再配)

R1:

f0/0:12.0.0.1/24

l0:1.1.1.1/32

 

R2:

f0/0:12.0.0.2/24

f0/1:23.0.0.2/24

l0:2.2.2.2/32

 

R3

f0/0:23.0.0.3/24

l0:3.3.3.3/32

 

R4

f0/0:172.16.40.2/24

l0:192.168.40.1/24

 

R5

f0/0:172.16.40.2/24

l0:192.168.40.1/24

 

R6

f0/0:172.16.60.2/24

l0:192.168.60.1/24

 

R7

f0/0:172.16.70.2/24

l0:192.168.70.1/24

 

首先在R1,R2,R3上运行ospf协议。

R1

router ospf 1
 router-id 1.1.1.1
  network 1.1.1.1 0.0.0.0 area 0
 network 12.0.0.0 0.0.0.255 area 0
!

 

R2

router ospf 1
 router-id 2.2.2.2

 network 2.2.2.2 0.0.0.0 area 0
 network 12.0.0.0 0.0.0.255 area 0
 network 23.0.0.0 0.0.0.255 area 0
!

 

R3

router ospf 1
 router-id 3.3.3.3
 network 3.3.3.3 0.0.0.0 area 0
 network 23.0.0.0 0.0.0.255 area 0
!

 

测试下连通性

R1#p 3.3.3.3                        

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/42/64 ms

 

2.运行mpls-vpn,建立vrf路由表

建立A公司的vrf表vpna,建立B公司的vrf表vpnb

 

R1

ip vrf vpna
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!


ip vrf vpnb
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!

 

将下行口分别放入vpna,vpnb

interface FastEthernet0/1
 ip vrf forwarding vpna
 ip address 172.16.40.1 255.255.255.0

!
interface FastEthernet1/0
 ip vrf forwarding vpnb
 ip address 172.16.40.1 255.255.255.0
 !

 

在R4,R5上做默认指向R1, R1上做静态往下指

R4

ip route 0.0.0.0 0.0.0.0 172.16.40.1
!        

 

R5

ip route 0.0.0.0 0.0.0.0 172.16.40.1
!

 

R1做静态时要关联vrf表

R1

ip route vrf vpna 192.168.40.0 255.255.255.0 172.16.40.2
ip route vrf vpnb 192.168.40.0 255.255.255.0 172.16.40.2
!    

 

测试下连通性

R1#p vrf vpna 192.168.40.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

R3与R1做类似配置

R3

ip vrf vpna
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!


ip vrf vpnb
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!

     

interface FastEthernet0/1
 ip vrf forwarding vpna
 ip address 172.16.60.1 255.255.255.0
 !


interface FastEthernet1/0
 ip vrf forwarding vpnb
 ip address 172.16.70.1 255.255.255.0
!  

 

R3,R6,R7运行ripv2协议

R6

router rip
 version 2
 network 172.16.60.0
 network 192.168.60.0
 no auto-summary
!

 

R7

router rip
 version 2
 network 172.16.70.0
 network 192.168.70.0
 no auto-summary

 

R3运行ripv2时要关联vrf路由表

R3

router rip
 !       
 address-family ipv4 vrf vpnb
 network 172.16.60.0
 no auto-summary
 version 2
 exit-address-family
 !


 address-family ipv4 vrf vpna
 network 172.16.70.0
 no auto-summary
 version 2   

 

测试下连通性

R3#p vrf vpna 192.168.60.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/23/56 ms

 

现在私网网段已经搞定了。

 

3.在R1,R3上运行MP-BGP协议,建立IBGP邻居。

R1

router bgp 65001
  bgp router-id 1.1.1.1
  neighbor 3.3.3.3 remote-as 65001
 neighbor 3.3.3.3 update-source Loopback0
 !


激活MP-BGP邻居

 address-family vpnv4
 neighbor 3.3.3.3 activate
 neighbor 3.3.3.3 send-community extended
 exit-address-family
 !

  

R3

router bgp 65001
 bgp router-id 3.3.3.3
  neighbor 1.1.1.1 remote-as 65001
 neighbor 1.1.1.1 update-source Loopback0
 !

 address-family vpnv4
 neighbor 1.1.1.1 activate
 neighbor 1.1.1.1 send-community extended
 exit-address-family
 !

 

在R1的BGP上发布两条192.168.40.0/24路由,这里采用直接network 和重发布两种方法。

R1

router bgp 65001

address-family ipv4 vrf vpna
 network 192.168.60.0
 exit-address-family

 

address-family ipv4 vrf vpnb
redistribute static metric 20

 exit-address-family
 !


 

在R3的BGP上,将ripv2重发布进bgp,同时也要将bgp协议重发布进ripv2,使得回程可达。

R3

router bgp 65001

address-family ipv4 vrf vpna
 redistribute rip metric 20

 exit-address-family

 

router bgp 65001

address-family ipv4 vrf vpnb
 redistribute rip metric 20

 exit-address-family

 

router rip

address-family ipv4 vrf vpna
redistribute bgp 65001 metric 3

!

 

router rip

address-family ipv4 vrf vpnb
redistribute bgp 65001 metric 3

!

 

4.别忘记R2并没有运行BGP,并无私网路由,此时会造成路由黑洞,因此,在R1,R2,R3上可以运行ldp协议来解决。

R1

interface FastEthernet0/0
 mpls ip
!

 

R2

interface FastEthernet0/0
 mpls ip
!
interface FastEthernet0/1
 mpls ip
!

 

R3

interface FastEthernet0/0
 mpls ip
!

查看ldp邻居是否建立

R2

R2#show mpls ldp neighbor 

    Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0
        TCP connection: 1.1.1.1.646 - 2.2.2.2.21318
        State: Oper; Msgs sent/rcvd: 97/98; Downstream
        Up time: 01:18:42
        LDP discovery sources:
          FastEthernet0/0, Src IP addr: 12.0.0.1
        Addresses bound to peer LDP Ident:
          12.0.0.1        1.1.1.1

         
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
        TCP connection: 3.3.3.3.14076 - 2.2.2.2.646
        State: Oper; Msgs sent/rcvd: 99/97; Downstream
        Up time: 01:18:41
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 23.0.0.3
        Addresses bound to peer LDP Ident:
          23.0.0.3        3.3.3.3  

 

没问题,在R1,R3上查看是否学习到对方的私网路由

R1

R1#show ip bgp vpnv4 vrf vpna
BGP table version is 9, local router ID is 1.1.1.1
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vpna)
*> 192.168.40.0     172.16.40.2              0         32768 i
*>i192.168.60.0     3.3.3.3                  1    100      0 i

 

R1#show ip bgp vpnv4 vrf vpnb
BGP table version is 9, local router ID is 1.1.1.1
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf vpnb)
*> 192.168.40.0     172.16.40.2              0         32768 i
*>i192.168.70.0     3.3.3.3                  1    100      0 i

 

R3 
R3#show ip bgp vpnv4 vrf vpna
BGP table version is 9, local router ID is 3.3.3.3
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vpna)
*>i192.168.40.0     1.1.1.1                  0    100      0 i
*> 192.168.60.0     172.16.60.2              1         32768 i


R3#show ip bgp vpnv4 vrf vpnb
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf vpnb)
*>i192.168.40.0     1.1.1.1                  0    100      0 i
*> 192.168.70.0     172.16.70.2              1         32768 i

 

可以发现已经互相学习到了

 

最后进行连通性测试

R4

R4#p 192.168.60.1 source 192.168.40.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/116 ms
R4#

 

R5

R5#p 192.168.70.1 source 192.168.40.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.70.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/92/128 ms

 

可以通信了,实验结束。

      

本文出自 “NE之路” 博客,请务必保留此出处http://332162926.blog.51cto.com/8831013/1576426

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。

标签: bgp mpls-vpnbgp mpls-vpn

相关文章

随机文章

您可能还喜欢

您可能还喜欢