1.实验说明
(1) 实验目的
配置BGP MPLS VPN OPTION A,使得总部与分公司私网互通,分公司与总部之间可互访,但分公司之间不能互访。
(2) 实验拓扑
(3) 地址说明
业务地址段:
私网地址段
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
网络地址段:
路由器
接口
IP
备注
R1-CE
loopback0
1.1.1.1/32
GE 0/0/1
192.168.1.2/30
Ethernet 0/0/1
10.0.1.254/24
R2-PE
loopback0
2.2.2.2/32
GE 0/0/1
192.168.1.1/30
vpn
GE 0/0/0
211.137.23.2/24
R3-P
loopback0
3.3.3.3/32
GE 0/0/0
211.137.23.3/24
GE 0/0/1
211.137.34.3/24
R4-ASBR
loopback0
4.4.4.4/32
GE 0/0/1
211.137.34.4/24
GE 0/0/2
211.137.45.4/24
R5-ASBR
loopback0
5.5.5.5/32
GE 0/0/2
211.137.45.5/24
GE 0/0/1
211.137.56.5/24
R6-P
loopback0
6.6.6.6/32
GE 0/0/1
211.137.56.6/24
GE 0/0/0
211.137.67.6/24
R7-PE
loopback0
7.7.7.7/32
GE 0/0/0
211.137.67.7/24
GE 0/0/1
192.168.2.1/30
vpn
GE 0/0/2
192.168.3.1/30
vpn
R8-CE
loopback0
8.8.8.8/32
GE 0/0/1
192.168.2.2/30
Ethernet 0/0/1
10.0.2.254/24
R9-CE
loopback0
9.9.9.9/32
GE 0/0/1
192.168.3.2/30
Ethernet 0/0/1
10.0.3.254/24
(4) 实验思路
1、为各AS的MPLS骨干网分别配置IGP,实现同一AS内骨干网的IP连通性
2、为各AS的MPLS骨干网分别配置MPLS基本能力和MPLS LDP
3、各AS内,在与CE相连的PE上配置VPN实例,并配置接口与VPN实例关联
4、各AS内,配置PE和CE间的路由交换
5、使能标签IPv4路由交换
6、配置路由策略控制标签分配
7、PE间建立MP-EBGP对等体关系
(5) OPTION C
路由层面
$$ CE \stackrel{ebgp}{\Longleftrightarrow} PE \stackrel{IBGP}{\Longleftrightarrow} ASBR \stackrel{EBGP}{\Longleftrightarrow} ASBR \stackrel{IBGP}{\Longleftrightarrow} PE \stackrel{ebgp}{\Longleftrightarrow} CE $$
$$ PE \stackrel{MP-EBGP}{\longleftrightarrow} PE $$
转发层面
$$ CE \stackrel{IP}{\Longleftrightarrow} PE \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} ASBR \stackrel{MPLS} {\Longleftrightarrow} ASBR \stackrel{MPLS}{\Longleftrightarrow} P \stackrel{MPLS}{\Longleftrightarrow} PE \stackrel{IP}{\Longleftrightarrow} CE $$
(6) ABC区别
| Option A | Option B | Option C | |
|---|---|---|---|
| ASBR间交换的路由类型 | 客户的IPv4路由 | VPNv4路由 | 公网IPv4路由 |
| AS间标签交换 | 否 | VPN标签 | IPv4路由标签(通过eBGP传递) |
| AS之间是否需要启用LDP | 否 | 否 | 否 |
| AS之间是否需要启用MP-BGP | 否 | 是 | 是 |
| VPNv4路由在哪里维护 | ASBR | ASBR | PE或RR |
| 适用场景 | 一般用于国际运营商之间 | 同一个运营商中的不同AS之间 | 同一个运营商中的不同AS之间 |
2.骨干域IGP配置(OSPF)
与OPTION A类似
OSPF配置后,PE、P、ASBR可以相互学到loopback路由,是后续MPLS/LDP标签传递等的基础
## R2-PE的ospf配置
<R2-PE>display current-configuration configuration ospf
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 211.137.23.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
## R3-P的ospf配置
<R3-P>display current-configuration configuration ospf
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 211.137.23.0 0.0.0.255
network 211.137.34.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
return
## R4-ASBR的ospf配置
<R4-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 211.137.34.0 0.0.0.255
network 4.4.4.4 0.0.0.0
#
return
## R7-PE的ospf配置
<R7-PE>display current-configuration configuration ospf
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 211.137.67.0 0.0.0.255
network 7.7.7.7 0.0.0.0
#
return
## R6-P的ospf配置
<R6-P>display current-configuration configuration ospf
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 211.137.56.0 0.0.0.255
network 211.137.67.0 0.0.0.255
network 6.6.6.6 0.0.0.0
#
return
## R5-ASBR的ospf配置
<R5-ASBR>display current-configuration configuration ospf
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 211.137.56.0 0.0.0.255
network 5.5.5.5 0.0.0.0
#
return
查看lsdb,确认PE/P/ASBR的loopback均已通过ospf发布
<R3-P>display ospf lsdb
OSPF Process 1 with Router ID 3.3.3.3
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.4 4.4.4.4 377 48 80000004 1
Router 2.2.2.2 2.2.2.2 419 48 80000006 1
Router 3.3.3.3 3.3.3.3 375 60 80000009 1
Network 211.137.23.2 2.2.2.2 420 32 80000002 0
Network 211.137.34.3 3.3.3.3 376 32 80000002 0
<R6-P>display ospf lsdb
OSPF Process 1 with Router ID 6.6.6.6
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 7.7.7.7 7.7.7.7 296 48 80000006 1
Router 6.6.6.6 6.6.6.6 262 60 80000009 1
Router 5.5.5.5 5.5.5.5 264 48 80000004 1
Network 211.137.67.7 7.7.7.7 296 32 80000002 0
Network 211.137.56.6 6.6.6.6 262 32 80000002 0
3.骨干域MPLS/LDP配置
与OPTION A类似
分别在全局和接口下启用MPLS和LDP
## R2-PE启用MPLS和LDP
[R2-PE]mpls lsr-id 2.2.2.2
[R2-PE]mpls
Info: Mpls starting, please wait... OK!
[R2-PE-mpls]mpls ldp
[R2-PE-mpls-ldp]quit
[R2-PE]interface GigabitEthernet 0/0/0
[R2-PE-GigabitEthernet0/0/0]mpls
[R2-PE-GigabitEthernet0/0/0]mpls ldp
## R3-P启用MPLS和LDP
[R3-P]mpls lsr-id 3.3.3.3
[R3-P]mpls
Info: Mpls starting, please wait... OK!
[R3-P-mpls]mpls ldp
[R3-P-mpls-ldp]quit
[R3-P]interface GigabitEthernet 0/0/0
[R3-P-GigabitEthernet0/0/0]mpls
[R3-P-GigabitEthernet0/0/0]mpls ldp
[R3-P-GigabitEthernet0/0/0]quit
[R3-P]interface GigabitEthernet 0/0/1
[R3-P-GigabitEthernet0/0/1]mpls
[R3-P-GigabitEthernet0/0/1]mpls ldp
## R4-ASBR启用MPLS和LDP
[R4-ASBR]mpls lsr-id 4.4.4.4
[R4-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R4-ASBR-mpls]mpls ldp
[R4-ASBR-mpls-ldp]quit
[R4-ASBR]interface GigabitEthernet 0/0/1
[R4-ASBR-GigabitEthernet0/0/1]mpls
[R4-ASBR-GigabitEthernet0/0/1]mpls ldp
## R7-PE启用MPLS和LDP
[R7-PE]mpls lsr-id 7.7.7.7
[R7-PE]mpls
Info: Mpls starting, please wait... OK!
[R7-PE-mpls]mpls ldp
[R7-PE-mpls-ldp]quit
[R7-PE]interface GigabitEthernet 0/0/0
[R7-PE-GigabitEthernet0/0/0]mpls
[R7-PE-GigabitEthernet0/0/0]mpls ldp
## R6-P启用MPLS和LDP
[R6-P]mpls lsr-id 6.6.6.6
[R6-P]mpls
Info: Mpls starting, please wait... OK!
[R6-P-mpls]mpls ldp
[R6-P-mpls-ldp]quit
[R6-P]interface GigabitEthernet 0/0/0
[R6-P-GigabitEthernet0/0/0]mpls
[R6-P-GigabitEthernet0/0/0]mpls ldp
[R6-P-GigabitEthernet0/0/0]quit
[R6-P]interface GigabitEthernet 0/0/1
[R6-P-GigabitEthernet0/0/1]mpls
[R6-P-GigabitEthernet0/0/1]mpls ldp
## ASBR2启用MPLS和LDP
[R5-ASBR]mpls lsr-id 5.5.5.5
[R5-ASBR]mpls
Info: Mpls starting, please wait... OK!
[R5-ASBR-mpls]mpls ldp
[R5-ASBR-mpls-ldp]quit
[R5-ASBR]interface GigabitEthernet 0/0/1
[R5-ASBR-GigabitEthernet0/0/1]mpls
[R5-ASBR-GigabitEthernet0/0/1]mpls ldp
查看LSP
<R3-P>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
3.3.3.3/32 3/NULL -/-
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1025/3 -/GE0/0/1
<R6-P>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 NULL/3 -/GE0/0/0
7.7.7.7/32 1024/3 -/GE0/0/0
6.6.6.6/32 3/NULL -/-
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1025/3 -/GE0/0/1
4.PE上VPN实例配置
(1) 分公司配置
R7-PE上创建VPN实例vpn2和vpn3,将R8-CE和R9-CE分别接入到R7-PE上
## 创建vpn实例,名称为vpn2
[R7-PE]ip vpn-instance vpn2
## 使用ipv地址
[R7-PE-vpn-instance-vpn2]ipv4-family
## RD设置为100:2
[R7-PE-vpn-instance-vpn2-af-ipv4]route-distinguisher 100:2
## 设置vpn-target
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]vpn-target 1:1 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn2-af-ipv4]quit
[R7-PE-vpn-instance-vpn2]quit
## 创建vpn实例,名称为vpn3
[R7-PE]ip vpn-instance vpn3
[R7-PE-vpn-instance-vpn3]ipv4-family
[R7-PE-vpn-instance-vpn3-af-ipv4]route-distinguisher 100:3
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 3:3 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R7-PE-vpn-instance-vpn3-af-ipv4]vpn-target 1:1 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn2的实例绑定到GigabitEthernet 0/0/1上,vpn3实例绑定到GigabitEthernet 0/0/2上
绑定后需要重新配置IP
[R7-PE]interface GigabitEthernet 0/0/1
[R7-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/1]ip address 192.168.2.1 30
[R7-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn2
ip address 192.168.2.1 255.255.255.252
#
return
[R7-PE-GigabitEthernet0/0/1]quit
[R7-PE]interface GigabitEthernet 0/0/2
[R7-PE-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R7-PE-GigabitEthernet0/0/2]ip address 192.168.3.1 30
[R7-PE-GigabitEthernet0/0/2]display this
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn3
ip address 192.168.3.1 255.255.255.252
#
return
配置R7-PE和R8-CE、R9-CE的BGP邻居及路由
## R7-PE上配置BGP,分别在vpn2和vpn3中配置到R8-CE和R9-CE的BGP邻居
[R7-PE]bgp 200
[R7-PE-bgp]ipv4-family vpn-instance vpn2
[R7-PE-bgp-vpn2]peer 192.168.2.2 as-number 10002
[R7-PE-bgp-vpn2]quit
[R7-PE-bgp]ipv4-family vpn-instance vpn3
[R7-PE-bgp-vpn3]peer 192.168.3.2 as-number 10003
## R8-CE上配置BGP
[R8-CE]bgp 10002
[R8-CE-bgp]peer 192.168.2.1 as-number 200
[R8-CE-bgp]network 10.0.2.0 255.255.255.0
## R9-CE上配置BGP
[R9-CE]bgp 10003
[R9-CE-bgp]peer 192.168.3.1 as-number 200
[R9-CE-bgp]network 10.0.3.0 255.255.255.0
在R7-PE上查看BGP收发路由情况
<R7-PE>display bgp vpnv4 vpn-instance vpn2 routing-table peer 192.168.2. receiv
ed-routes
BGP Local router ID is 7.7.7.7
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn2, Router ID 7.7.7.7:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.2.0/24 192.168.2.2 0 0 10002i
<R7-PE>display bgp vpnv4 vpn-instance vpn3 routing-table peer 192.168.3.2 receiv
ed-routes
BGP Local router ID is 7.7.7.7
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn3, Router ID 7.7.7.7:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.3.0/24 192.168.3.2 0 0 10003i
(2) 总公司配置
R2-PE上创建VPN实例vpn1,将R1-CE接入到R2-PE上
[R2-PE]ip vpn-instance vpn1
[R2-PE-vpn-instance-vpn1]ipv4-family
[R2-PE-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[R2-PE-vpn-instance-vpn1-af-ipv4]vpn-target 2:2 3:3 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
将vpn1的实例绑定到GigabitEthernet 0/0/1上
[R2-PE]interface GigabitEthernet 0/0/1
[R2-PE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R2-PE-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[R2-PE-GigabitEthernet0/0/1]display this
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 192.168.1.1 255.255.255.252
#
return
配置R2-PE和R1-CE的BGP邻居及路由
## R2-PE上配置BGP,在vpn1中配置到R1-CE的BGP邻居,并下发缺省路由
[R2-PE]bgp 100
[R2-PE-bgp]ipv4-family vpn-instance vpn1
[R2-PE-bgp-vpn1]peer 192.168.1.2 as-number 10001
## R1-CE上配置BGP
[R1-CE]bgp 10001
[R1-CE-bgp]peer 192.168.1.1 as-number 100
[R1-CE-bgp]network 10.0.1.0 255.255.255.0
在R2-PE上查看BGP收发路由情况
<R2-PE>display bgp vpnv4 vpn-instance vpn1 routing-table peer 192.168.1.2 receiv
ed-routes
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn1, Router ID 2.2.2.2:
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.1.0/24 192.168.1.2 0 0 10001i
5.跨域配置
(1) 使能标签IPv4路由交换
在OptionC方式中,需要在PE间建立一条跨域的VPN LSP,相关PE、P、ASBR之间发布公网路由时携带MPLS标签信息。
首先在ASBR之间启用mpls
## R4-ASBR接口上启用mpls
[R4-ASBR]interface GigabitEthernet 0/0/2
[R4-ASBR-GigabitEthernet0/0/2]mpls
## R5-ASBR接口上启用mpls
[R5-ASBR]interface GigabitEthernet 0/0/2
[R5-ASBR-GigabitEthernet0/0/2]mpls
携带MPLS标签的公网路由通过MP-BGP发布。根据RFC3107(Carrying Label Information in BGP-4)中的描述,一条路由的标签映射信息可以通过发布这条路由的BGP Update消息捎带(piggyback)。这种能力使用BGP的扩展属性实现,要求BGP对等体能够处理标签IPv4路由。
缺省情况下,BGP对等体不处理标签IPv4路由。
配置R2-PE与R4-ASBR、R4-ASBR与R5-ASBR、R5-ASBR与R7-PE的BGP邻居,并使能交换标签IPv4路由的能力
## R2-PE配置
[R2-PE]bgp 100
## 与R4-ASBR建立IBGP邻居,并使能交换标签IPv4路由的能力
[R2-PE-bgp]peer 4.4.4.4 as-number 100
[R2-PE-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R2-PE-bgp]peer 4.4.4.4 label-route-capability
[R2-PE-bgp]network 2.2.2.2 255.255.255.255
## R4-ASBR配置
[R4-ASBR]bgp 100
## 与R5-ASBR建立EBGP邻居,并使能交换标签IPv4路由的能力
[R4-ASBR-bgp]peer 211.137.45.5 as-number 200
[R4-ASBR-bgp]peer 211.137.45.5 label-route-capability
## 与R2-PE建立IBGP邻居,并使能交换标签IPv4路由的能力
[R4-ASBR-bgp]peer 2.2.2.2 as-number 100
[R4-ASBR-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R4-ASBR-bgp]peer 2.2.2.2 label-route-capability
## 发布R2-PE的loopback地址
[R4-ASBR-bgp]network 2.2.2.2 255.255.255.255
## R5-ASBR配置
[R5-ASBR]bgp 200
## 与R4-ASBR建立EBGP邻居,并使能交换标签IPv4路由的能力
[R5-ASBR-bgp]peer 211.137.45.4 as-number 100
[R5-ASBR-bgp]peer 211.137.45.4 label-route-capability
## 与R7-PE建立IBGP邻居,并使能交换标签IPv4路由的能力
[R5-ASBR-bgp]peer 7.7.7.7 as-number 200
[R5-ASBR-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R5-ASBR-bgp]peer 7.7.7.7 label-route-capability
## 发布R7-PE的loopback地址
[R5-ASBR-bgp]network 7.7.7.7 255.255.255.255
## R7-PE配置
[R7-PE]bgp 200
## 与R5-ASBR建立IBGP邻居,并使能交换标签IPv4路由的能力
[R7-PE-bgp]peer 5.5.5.5 as-number 200
[R7-PE-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R7-PE-bgp]peer 5.5.5.5 label-route-capability
[R7-PE-bgp]network 7.7.7.7 255.255.255.255
(2) 配置路由策略控制标签分配
跨域BGP LSP需要配置路由策略来控制标签的分配,对于向本AS的PE发布的路由,如果是带标签的IPv4路由,为其重新分配MPLS标签;对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签。
在R4-ASBR和R5-ASBR上创建路由策略
## R4-ASBR配置
## 对于从对端的ASBR接收的带标签的IPv4路由,在向本AS的PE发布时,为其重新分配MPLS标签
[R4-ASBR]route-policy policy1 permit node 1
Info: New Sequence of this List.
[R4-ASBR-route-policy]if-match mpls-label
[R4-ASBR-route-policy]apply mpls-label
[R4-ASBR-route-policy]quit
## 对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签
[R4-ASBR]route-policy policy2 permit node 1
Info: New Sequence of this List.
[R4-ASBR-route-policy]apply mpls-label
## R5-ASBR配置
## 对于从对端的ASBR接收的带标签的IPv4路由,在向本AS的PE发布时,为其重新分配MPLS标签
[R5-ASBR]route-policy policy1 permit node 1
Info: New Sequence of this List.
[R5-ASBR-route-policy]if-match mpls-label
[R5-ASBR-route-policy]apply mpls-label
[R5-ASBR-route-policy]quit
## 对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签
[R5-ASBR]route-policy policy2 permit node 1
Info: New Sequence of this List.
[R5-ASBR-route-policy]apply mpls-label
在ASBR的BGP配置中应用上述路由策略
## R4-ASBR配置
[R4-ASBR]bgp 100
[R4-ASBR-bgp]peer 2.2.2.2 route-policy policy1 export
[R4-ASBR-bgp]peer 211.137.45.5 route-policy policy2 export
## R5-ASBR配置
[R5-ASBR]bgp 200
[R5-ASBR-bgp]peer 7.7.7.7 route-policy policy1 export
[R5-ASBR-bgp]peer 211.137.45.4 route-policy policy2 export
(3) PE间建立MP-EBGP邻居
MP-EBGP通过在BGP中引入扩展团体属性,使其能够在PE设备之间传播VPNv4路由。
## R2-PE与R7-PE建立MP-EBGP邻居
[R2-PE-bgp]peer 7.7.7.7 as-number 200
[R2-PE-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R2-PE-bgp]peer 7.7.7.7 ebgp-max-hop 50
[R2-PE-bgp]ipv4-family unicast
[R2-PE-bgp-af-ipv4]undo peer 7.7.7.7 enable
[R2-PE-bgp-af-ipv4]quit
[R2-PE-bgp]ipv4-family vpnv4
[R2-PE-bgp-af-vpnv4]policy vpn-target
[R2-PE-bgp-af-vpnv4]peer 7.7.7.7 enable
## R7-PE与R2-PE建立MP-EBGP邻居
[R7-PE-bgp]peer 2.2.2.2 as-number 100
[R7-PE-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R7-PE-bgp]peer 2.2.2.2 ebgp-max-hop 50
[R7-PE-bgp]ipv4-family unicast
[R7-PE-bgp-af-ipv4]undo peer 2.2.2.2 enable
[R7-PE-bgp-af-ipv4]quit
[R7-PE-bgp]ipv4-family vpnv4
[R7-PE-bgp-af-vpnv4]policy vpn-target
[R7-PE-bgp-af-vpnv4]peer 2.2.2.2 enable
查看R2-PE和R7-PE的BGP邻居情况
<R2-PE>display bgp peer
BGP local router ID : 2.2.2.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
4.4.4.4 4 100 29 30 0 00:23:57 Established
2
7.7.7.7 4 200 9 8 0 00:01:54 Established
1
<R2-PE>display bgp vpnv4 all peer
BGP local router ID : 2.2.2.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
7.7.7.7 4 200 10 9 0 00:02:03 Established
2
Peer of IPv4-family for vpn instance :
VPN-Instance vpn1, Router ID 2.2.2.2:
192.168.1.2 4 10001 170 166 0 02:41:22 Established
1
<R7-PE>display bgp peer
BGP local router ID : 7.7.7.7
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
2.2.2.2 4 100 10 11 0 00:03:23 Established
1
5.5.5.5 4 200 579 550 0 09:07:30 Established
2
<R7-PE>display bgp vpnv4 all peer
BGP local router ID : 7.7.7.7
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
2.2.2.2 4 100 10 11 0 00:03:32 Established
1
Peer of IPv4-family for vpn instance :
VPN-Instance vpn2, Router ID 7.7.7.7:
192.168.2.2 4 10002 11 11 0 00:08:31 Established
1
VPN-Instance vpn3, Router ID 7.7.7.7:
192.168.3.2 4 10003 129 116 0 01:52:06 Established
1
6.测试
在客户端上分别进行测试,总部PC1可以连通分公司PC2和PC3,但是分公司之间PC2和PC3无法互通
## 总部PC1测试结果
PC>ping 10.0.2.1
Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
From 10.0.2.1: bytes=32 seq=1 ttl=124 time=312 ms
From 10.0.2.1: bytes=32 seq=2 ttl=124 time=328 ms
From 10.0.2.1: bytes=32 seq=3 ttl=124 time=297 ms
From 10.0.2.1: bytes=32 seq=4 ttl=124 time=297 ms
From 10.0.2.1: bytes=32 seq=5 ttl=124 time=359 ms
--- 10.0.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 297/318/359 ms
PC>ping 10.0.3.1
Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
From 10.0.3.1: bytes=32 seq=1 ttl=124 time=391 ms
From 10.0.3.1: bytes=32 seq=2 ttl=124 time=375 ms
From 10.0.3.1: bytes=32 seq=3 ttl=124 time=297 ms
From 10.0.3.1: bytes=32 seq=4 ttl=124 time=328 ms
From 10.0.3.1: bytes=32 seq=5 ttl=124 time=359 ms
--- 10.0.3.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 297/350/391 ms
## 分公司PC2测试结果
PC>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=312 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=375 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=328 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=328 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 312/334/375 ms
PC>ping 10.0.3.1
Ping 10.0.3.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 10.0.3.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
## 分公司PC3测试结果
PC>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
--- 10.0.1.1 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=124 time=297 ms
From 10.0.1.1: bytes=32 seq=2 ttl=124 time=313 ms
From 10.0.1.1: bytes=32 seq=3 ttl=124 time=313 ms
From 10.0.1.1: bytes=32 seq=4 ttl=124 time=312 ms
From 10.0.1.1: bytes=32 seq=5 ttl=124 time=313 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 297/309/313 ms
PC>ping 10.0.2.1
Ping 10.0.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 10.0.2.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
在PC1上ping测试PC2,并从各个接口上抓包分析标签变化
R1-R2:CE->PE,普通IPv4报文,无标签
R2-R3:PE-P,内层标签1071,为vpn路由标签;中间标签1061,为EBGP LSP标签;外层标签1039,为LDP分配
<R2-PE>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.0.1.0/24 1061/NULL -/- vpn1
7.7.7.7/32 NULL/1061 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/0
3.3.3.3/32 1054/3 -/GE0/0/0
4.4.4.4/32 NULL/1039 -/GE0/0/0
4.4.4.4/32 1060/1039 -/GE0/0/0
<R7-PE>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.0.2.0/24 1071/NULL -/- vpn2
10.0.3.0/24 1077/NULL -/- vpn3
2.2.2.2/32 NULL/1056 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 3/NULL -/-
5.5.5.5/32 NULL/1039 -/GE0/0/0
5.5.5.5/32 1067/1039 -/GE0/0/0
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1068/3 -/GE0/0/0
R3-R4:P-ASBR,外层标签1039根据PHP弹出,因此仅剩中间标签1061和内层标签1071
R4-R5:ASBR-ASBR,BGP交换标签,中间标签由1061变为1049
在R4-ASBR上查看LSP,确认标签交换信息相符
<R4-ASBR>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
7.7.7.7/32 1061/1049 -/-
2.2.2.2/32 1063/NULL -/-
7.7.7.7/32 NULL/1049 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/1037 -/GE0/0/1
2.2.2.2/32 1064/1037 -/GE0/0/1
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1058/3 -/GE0/0/1
4.4.4.4/32 3/NULL -/-
R5-R6:ASBR-P,中间标签由BGP完成替换,从1049变为1040;内层标签不变,仍为1071
R6-R7:P-PE,中间标签1040根据PHP弹出,仅剩内层标签1071
R7-R8:PE-CE,普通IPv4报文,内层标签1071也弹出
