L3 MPLS VPN InterAS Option A: Back-to-Back VRFs


Back-to-Back VRFs


优点:

    配置思路简单,跟普通的域内MPLS VPN没有太多区别;

缺点:

    在ASBR上需要有各个VRF,需要保存全网的VPNv4路由,ASBR之间需要多个接口分别划进每个VRF里。ASBR负担较重。

配置说明:

端口连接规律:RN E0/0 -- R(N+1)0/1

PE跟CE起OSPF协议,AS内部IGP使用EIGRP,ASBR之间使用RIP协议;


CE端R1配置案例:


hostname R1

interface Loopback0

 ip address 1.1.1.1 255.255.255.0

!

interface Ethernet0/0

 ip address 12.1.1.1 255.255.255.0


  

router ospf 1 # 普通的路由协议,跟PE起路由协议,此处以OSPF为例。

 log-adjacency-changes

 network 1.1.1.1 0.0.0.0 area 0

 network 12.1.1.0 0.0.0.255 area 0


hostname R2


ip vrf VPN_A #为CE客户建立VRF

 rd 100:1

 route-target export 100:1 (将本端CE的路由发布出去,并标记为100:1)

 route-target import 100:4  (导入的是R4发布的route-target)

 

 mpls label range 200 299  (为便于排错,对mpls标签分配进行手动分配范围)

 

 interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Ethernet0/0

 ip address 23.1.1.2 255.255.255.0

 mpls ip

!

interface Ethernet0/1

 ip vrf forwarding VPN_A

 ip address 12.1.1.2 255.255.255.0

!


router eigrp 90  # AS 100 中的IGP,此处以EIGRP为例,本博文重点演示MP-BGP的配置,此处有鲁莽之处,敬请知悉。

 network 0.0.0.0

 no auto-summary

!

# 跟用户起的路由协议

router ospf 1 vrf VPN_A

 router-id 2.2.2.2

 log-adjacency-changes

 redistribute bgp 100 subnets # 将MP-BGP学习到的路由发布到ospf中,通告给本端CE。

 network 12.1.1.0 0.0.0.255 area 0

!

router bgp 100

 no bgp default ipv4-unicast# 如果没有传递互联网路由的必要,就可以关掉ipv4的能力

 bgp log-neighbor-changes

 neighbor 4.4.4.4 remote-as 100

 neighbor 4.4.4.4 update-source Loopback0

 !

 address-family vpnv4

  neighbor 4.4.4.4 activate # 激活跟ASBR的MP-BGP

  neighbor 4.4.4.4 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

  no synchronization

 

  redistribute ospf 1 vrf VPN_A match internal external 1 external 2 nssa-external 1 nssa-external 2  #将从本端CE学到的路由发布到MP-BGP中,传出去

 exit-address-family

!

  

hostname  R3

只运行IGP和LDP进行分发标签,提供数据传输通道

R3:

mpls label range 300 399


interface Loopback0

 ip address 3.3.3.3 255.255.255.255

!

interface Ethernet0/0

 ip address 34.1.1.3 255.255.255.0

 mpls ip 

!

interface Ethernet0/1

 ip address 23.1.1.3 255.255.255.0

 mpls ip

!


router eigrp 90

 network 0.0.0.0

 no auto-summary

!


hostname R4  #R4的关键是导入RT怎么设置


ip vrf VPN_A   # ASBR上为每个用户配置一个VRF

 rd 100:1

 route-target export 100:4 (导出的是此ASBR通过路由协议(RIP)学到对端ASBR的路由,导出给本AS PE的route-target)

 route-target import 100:1 (导入本AS的PE设置的RT)

 route-target import 200:5 (导入对端ASBR的export RT,而不是对端AS PE设置的export RT)

!


router eigrp 90   (本AS的IGP)

 network 0.0.0.0

 no auto-summary

!

router rip  (跟对端ASBR 交换路由信息的路由协议)

 !

 address-family ipv4 vrf VPN_A

  redistribute bgp 100 metric 2  (将本AS内的vpnv4路由重分发进rip,宣告给对端ASBR)

  network 45.0.0.0

  no auto-summary

  version 2

 exit-address-family

!

router bgp 100

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 2.2.2.2 remote-as 100

 neighbor 2.2.2.2 update-source Loopback0

 !

 address-family vpnv4   #激活跟PE R2的MP-BGP能力

  neighbor 2.2.2.2 activate

  neighbor 2.2.2.2 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_A   # 将本AS内的vpnv4路由重分发进RIP,以便宣告给对端ASBR

  no synchronization

  redistribute rip

 exit-address-family

!


hostname R5


ip vrf VPN_A 

 rd 200:7

 route-target export 200:5 (将从对端ASBR 学来的路由导出给本端AS内的PE,和将从本端PE学到的路由导出给对端ASBR,所以对端ASBR要导入这个,本端PE也要导入这个RT)

 route-target import 200:8 (导入本端PE的路由)

 route-target import 100:4 (导入对端ASBR传来的路由)

!

mpls label range 500 599  # 下面就不做解释了,不懂就看上面的注释。

!

router eigrp 90

 network 0.0.0.0

 no auto-summary

!

router rip

 !

 address-family ipv4 vrf VPN_A

  redistribute bgp 200 metric 2

  network 45.0.0.0

  no auto-summary

  version 2

 exit-address-family

!

router bgp 200

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 7.7.7.7 remote-as 200

 neighbor 7.7.7.7 update-source Loopback0

 !

 address-family vpnv4

  neighbor 7.7.7.7 activate

  neighbor 7.7.7.7 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

  no synchronization

  redistribute rip

 exit-address-family

!


interface Loopback0

 ip address 5.5.5.5 255.255.255.255

!

interface Ethernet0/0

 ip address 56.1.1.5 255.255.255.0

 mpls ip

!

interface Ethernet0/1

 ip vrf forwarding VPN_A

 ip address 45.1.1.5 255.255.255.0

!


hostname R6


mpls label range 600 699


interface Loopback0

 ip address 6.6.6.6 255.255.255.255

!

interface Ethernet0/0

 ip address 67.1.1.6 255.255.255.0

 mpls ip

!

interface Ethernet0/1

 ip address 56.1.1.6 255.255.255.0

 mpls ip

!

router eigrp 90

 network 0.0.0.0

 no auto-summary

!


hostname R7


ip vrf VPN_A

 rd 200:7

 route-target export 200:8

 route-target import 200:5

!

mpls label range 700 799

!

!

interface Loopback0

 ip address 7.7.7.7 255.255.255.255

!

interface Ethernet0/0

 ip vrf forwarding VPN_A

 ip address 78.1.1.7 255.255.255.0

!

interface Ethernet0/1

 ip address 67.1.1.7 255.255.255.0

 mpls ip

!

!         

router eigrp 90

 network 0.0.0.0

 no auto-summary

!

router ospf 1 vrf VPN_A

 router-id 7.7.7.7

 log-adjacency-changes

 redistribute bgp 200 subnets

 network 78.1.1.0 0.0.0.255 area 0

!

router bgp 200

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 5.5.5.5 remote-as 200

 neighbor 5.5.5.5 update-source Loopback0

 !

 address-family ipv4

  no synchronization

  no auto-summary

 exit-address-family

 !

 address-family vpnv4

  neighbor 5.5.5.5 activate

  neighbor 5.5.5.5 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

  no synchronization

  redistribute ospf 1 vrf VPN_A match internal external 1 external 2 nssa-external 1 nssa-external 2

 exit-address-family

!



hostname R8


interface Loopback0

 ip address 8.8.8.8 255.255.255.255

!

interface Ethernet0/1

 ip address 78.1.1.8 255.255.255.0

!


router ospf 1

 router-id 8.8.8.8

 log-adjacency-changes

 network 8.8.8.8 0.0.0.0 area 0

 network 78.1.1.0 0.0.0.255 area 0

!



R1#sh ip route  R1 学到的路由

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route


Gateway of last resort is not set


      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        1.1.1.0/24 is directly connected, Loopback0

L        1.1.1.1/32 is directly connected, Loopback0

      8.0.0.0/32 is subnetted, 1 subnets

O E2     8.8.8.8 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0 

      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        12.1.1.0/24 is directly connected, Ethernet0/0

L        12.1.1.1/32 is directly connected, Ethernet0/0

      45.0.0.0/24 is subnetted, 1 subnets

O E2     45.1.1.0 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0

      78.0.0.0/24 is subnetted, 1 subnets

O E2     78.1.1.0 [110/1] via 12.1.1.2, 03:00:42, Ethernet0/0


R1#traceroute 8.8.8.8 source loop0  标签交换过程


Type escape sequence to abort.

Tracing the route to 8.8.8.8


  1 12.1.1.2 4 msec 0 msec 0 msec

  2 23.1.1.3 [MPLS: Labels 301/404 Exp 0] 0 msec 0 msec 0 msec

  3 45.1.1.4 [MPLS: Label 404 Exp 0] 0 msec 4 msec 8 msec

  4 45.1.1.5 4 msec 4 msec 4 msec

  5 56.1.1.6 [MPLS: Labels 601/703 Exp 0] 8 msec 4 msec 4 msec

  6 78.1.1.7 [MPLS: Label 703 Exp 0] 4 msec 8 msec 4 msec

  7 78.1.1.8 4 msec *  4 msec


R2#sh bgp vpnv4 unicast all labels  MP-BGP为vpnv4路由分的标签

   Network          Next Hop      In label/Out label

Route Distinguisher: 100:1 (VPN_A)

   1.1.1.1/32       12.1.1.1        205/nolabel

   8.8.8.8/32       4.4.4.4         nolabel/404

   12.1.1.0/24      0.0.0.0         206/nolabel(VPN_A)

   45.1.1.0/24      4.4.4.4         nolabel/403

   78.1.1.0/24      4.4.4.4         nolabel/405

R2#sh mpls forwarding-table        LDP分配的标签

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    

Label      Label      or Tunnel Id     Switched      interface              

200        Pop Label  3.3.3.3/32       0             Et0/0      23.1.1.3    

201        Pop Label  34.1.1.0/24      0             Et0/0      23.1.1.3    

202        301        4.4.4.4/32       0             Et0/0      23.1.1.3    

205        No Label   1.1.1.1/32[V]    5116          Et0/1      12.1.1.1    

206        No Label   12.1.1.0/24[V]   8508          aggregate/VPN_A 


本文出自 “每天进步1%” 博客,请务必保留此出处http://jackyan.blog.51cto.com/2589874/1570502

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。