L3 MPLS VPN InterAS Option A: Back-to-Back VRFs
Back-to-Back VRFs
优点:
配置思路简单,跟普通的域内MPLS VPN没有太多区别;
缺点:
在ASBR上需要有各个VRF,需要保存全网的VPNv4路由,ASBR之间需要多个接口分别划进每个VRF里。ASBR负担较重。
配置说明:
端口连接规律:RN E0/0 -- R(N+1)0/1
PE跟CE起OSPF协议,AS内部IGP使用EIGRP,ASBR之间使用RIP协议;
CE端R1配置案例:
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
router ospf 1 # 普通的路由协议,跟PE起路由协议,此处以OSPF为例。
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.0 0.0.0.255 area 0
hostname R2
ip vrf VPN_A #为CE客户建立VRF
rd 100:1
route-target export 100:1 (将本端CE的路由发布出去,并标记为100:1)
route-target import 100:4 (导入的是R4发布的route-target)
mpls label range 200 299 (为便于排错,对mpls标签分配进行手动分配范围)
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 23.1.1.2 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip vrf forwarding VPN_A
ip address 12.1.1.2 255.255.255.0
!
router eigrp 90 # AS 100 中的IGP,此处以EIGRP为例,本博文重点演示MP-BGP的配置,此处有鲁莽之处,敬请知悉。
network 0.0.0.0
no auto-summary
!
# 跟用户起的路由协议
router ospf 1 vrf VPN_A
router-id 2.2.2.2
log-adjacency-changes
redistribute bgp 100 subnets # 将MP-BGP学习到的路由发布到ospf中,通告给本端CE。
network 12.1.1.0 0.0.0.255 area 0
!
router bgp 100
no bgp default ipv4-unicast# 如果没有传递互联网路由的必要,就可以关掉ipv4的能力
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate # 激活跟ASBR的MP-BGP
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A
no synchronization
redistribute ospf 1 vrf VPN_A match internal external 1 external 2 nssa-external 1 nssa-external 2 #将从本端CE学到的路由发布到MP-BGP中,传出去
exit-address-family
!
hostname R3
只运行IGP和LDP进行分发标签,提供数据传输通道
R3:
mpls label range 300 399
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 34.1.1.3 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 23.1.1.3 255.255.255.0
mpls ip
!
router eigrp 90
network 0.0.0.0
no auto-summary
!
hostname R4 #R4的关键是导入RT怎么设置
ip vrf VPN_A # ASBR上为每个用户配置一个VRF
rd 100:1
route-target export 100:4 (导出的是此ASBR通过路由协议(RIP)学到对端ASBR的路由,导出给本AS PE的route-target)
route-target import 100:1 (导入本AS的PE设置的RT)
route-target import 200:5 (导入对端ASBR的export RT,而不是对端AS PE设置的export RT)
!
router eigrp 90 (本AS的IGP)
network 0.0.0.0
no auto-summary
!
router rip (跟对端ASBR 交换路由信息的路由协议)
!
address-family ipv4 vrf VPN_A
redistribute bgp 100 metric 2 (将本AS内的vpnv4路由重分发进rip,宣告给对端ASBR)
network 45.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4 #激活跟PE R2的MP-BGP能力
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A # 将本AS内的vpnv4路由重分发进RIP,以便宣告给对端ASBR
no synchronization
redistribute rip
exit-address-family
!
hostname R5
ip vrf VPN_A
rd 200:7
route-target export 200:5 (将从对端ASBR 学来的路由导出给本端AS内的PE,和将从本端PE学到的路由导出给对端ASBR,所以对端ASBR要导入这个,本端PE也要导入这个RT)
route-target import 200:8 (导入本端PE的路由)
route-target import 100:4 (导入对端ASBR传来的路由)
!
mpls label range 500 599 # 下面就不做解释了,不懂就看上面的注释。
!
router eigrp 90
network 0.0.0.0
no auto-summary
!
router rip
!
address-family ipv4 vrf VPN_A
redistribute bgp 200 metric 2
network 45.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 200
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 200
neighbor 7.7.7.7 update-source Loopback0
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A
no synchronization
redistribute rip
exit-address-family
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
ip address 56.1.1.5 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip vrf forwarding VPN_A
ip address 45.1.1.5 255.255.255.0
!
hostname R6
mpls label range 600 699
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
ip address 67.1.1.6 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 56.1.1.6 255.255.255.0
mpls ip
!
router eigrp 90
network 0.0.0.0
no auto-summary
!
hostname R7
ip vrf VPN_A
rd 200:7
route-target export 200:8
route-target import 200:5
!
mpls label range 700 799
!
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/0
ip vrf forwarding VPN_A
ip address 78.1.1.7 255.255.255.0
!
interface Ethernet0/1
ip address 67.1.1.7 255.255.255.0
mpls ip
!
!
router eigrp 90
network 0.0.0.0
no auto-summary
!
router ospf 1 vrf VPN_A
router-id 7.7.7.7
log-adjacency-changes
redistribute bgp 200 subnets
network 78.1.1.0 0.0.0.255 area 0
!
router bgp 200
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A
no synchronization
redistribute ospf 1 vrf VPN_A match internal external 1 external 2 nssa-external 1 nssa-external 2
exit-address-family
!
hostname R8
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/1
ip address 78.1.1.8 255.255.255.0
!
router ospf 1
router-id 8.8.8.8
log-adjacency-changes
network 8.8.8.8 0.0.0.0 area 0
network 78.1.1.0 0.0.0.255 area 0
!
R1#sh ip route R1 学到的路由
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
L 1.1.1.1/32 is directly connected, Loopback0
8.0.0.0/32 is subnetted, 1 subnets
O E2 8.8.8.8 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.1.1.0/24 is directly connected, Ethernet0/0
L 12.1.1.1/32 is directly connected, Ethernet0/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.1.1.0 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0
78.0.0.0/24 is subnetted, 1 subnets
O E2 78.1.1.0 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0
R1#traceroute 8.8.8.8 source loop0 标签交换过程
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 12.1.1.2 4 msec 0 msec 0 msec
2 23.1.1.3 [MPLS: Labels 301/404 Exp 0] 0 msec 0 msec 0 msec
3 45.1.1.4 [MPLS: Label 404 Exp 0] 0 msec 4 msec 8 msec
4 45.1.1.5 4 msec 4 msec 4 msec
5 56.1.1.6 [MPLS: Labels 601/703 Exp 0] 8 msec 4 msec 4 msec
6 78.1.1.7 [MPLS: Label 703 Exp 0] 4 msec 8 msec 4 msec
7 78.1.1.8 4 msec * 4 msec
R2#sh bgp vpnv4 unicast all labels MP-BGP为vpnv4路由分的标签
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (VPN_A)
1.1.1.1/32 12.1.1.1 205/nolabel
8.8.8.8/32 4.4.4.4 nolabel/404
12.1.1.0/24 0.0.0.0 206/nolabel(VPN_A)
45.1.1.0/24 4.4.4.4 nolabel/403
78.1.1.0/24 4.4.4.4 nolabel/405
R2#sh mpls forwarding-table LDP分配的标签
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
200 Pop Label 3.3.3.3/32 0 Et0/0 23.1.1.3
201 Pop Label 34.1.1.0/24 0 Et0/0 23.1.1.3
202 301 4.4.4.4/32 0 Et0/0 23.1.1.3
205 No Label 1.1.1.1/32[V] 5116 Et0/1 12.1.1.1
206 No Label 12.1.1.0/24[V] 8508 aggregate/VPN_A
本文出自 “每天进步1%” 博客,请务必保留此出处http://jackyan.blog.51cto.com/2589874/1570502
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。