MPLS VPN中VPNv4 RR的应用.docx
《MPLS VPN中VPNv4 RR的应用.docx》由会员分享,可在线阅读,更多相关《MPLS VPN中VPNv4 RR的应用.docx(13页珍藏版)》请在冰点文库上搜索。
MPLSVPN中VPNv4RR的应用
带RR环境的MPLSVPN
1、实验目的:
在Mpls-VPN的backbone区域应用VPN的RR来传递VPNv4的路由,两个CE(R1和R5)可以互相通信
2、理论支持:
默认情况下,VPNv4的路由只有在RT中的import和export吻合的情况下才会被接收,除非关闭针对RT的过滤(用于复杂VPN),另外一个就是我们今天实验的VPN的RR的情况,它也打破了VPNv4中iBGP的水平分割原则,能否接收并公告VPNv4的路由
3、拓扑描述:
拓扑如下图所示。
老规矩老习惯,R1上s1/0地址为12.1.1.1(符合XY.1.1.X的规则,XY代表设备号),R2上s1/0=12.1.1.2。
同时每个设备上有一个环回口=XX.1.1.1,如R1的环回口=11.1.1.1/24
图中PE1为R2,PE2为R4,R1和R5为CE
4、实验步骤
步骤1、Backpone区域内通过IGP,环回口互相可达,本例采用eigrp(配置不再赘述)
PE1#shiprouteei
PE1#shiprouteeigrp
34.0.0.0/24issubnetted,1subnets
D34.1.1.0[90/30720]via23.1.1.3,00:
18:
30,FastEthernet1/0
33.0.0.0/24issubnetted,1subnets
D33.1.1.0[90/156160]via23.1.1.3,00:
18:
30,FastEthernet1/0
44.0.0.0/24issubnetted,1subnets
D44.1.1.0[90/158720]via23.1.1.3,00:
17:
14,FastEthernet1/0
PE1#ping44.1.1.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto44.1.1.1,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=8/36/76ms
步骤2、MPLS的LDP邻居建立---shmplsldpnei
沿途建立LSP通道,沿途相关接口配置命令mplsip.
PE1#shrunintf1/0
terfaceFastEthernet1/0
ipaddress23.1.1.2255.255.255.0
duplexauto
speedauto
mplsip
R3#shmplsldpneighbor
PeerLDPIdent:
22.1.1.1:
0;LocalLDPIdent33.1.1.1:
0
TCPconnection:
22.1.1.1.646-33.1.1.1.15237
State:
Oper;Msgssent/rcvd:
29/29;Downstream
Uptime:
00:
18:
29
LDPdiscoverysources:
FastEthernet1/0,SrcIPaddr:
23.1.1.2
AddressesboundtopeerLDPIdent:
23.1.1.222.1.1.1
PeerLDPIdent:
44.1.1.1:
0;LocalLDPIdent33.1.1.1:
0
TCPconnection:
44.1.1.1.31420-33.1.1.1.646
State:
Oper;Msgssent/rcvd:
28/29;Downstream
Uptime:
00:
18:
19
LDPdiscoverysources:
FastEthernet1/1,SrcIPaddr:
34.1.1.4
AddressesboundtopeerLDPIdent:
34.1.1.444.1.1.1
当然可以通过mplslabelrange100200配置分配的标签范围,通过mplsldprouter-idloopback0force指定router-id,注意此环回口必须在其LDP的邻居路由可达,否则将无法建立ldp邻居
如在PE1增加环回口loopback1,并将其指定为LDProuter-ID
PE1(config)#mplsldprouter-idlo1force
而该地址在R3不可达
R3#shiproute111.1.1.0
%Networknotintable
则该LDP邻居会断掉,而会选择其他接口建立LDP邻居
3、建立VRF(虚拟路由转发)----shipvrfdetail(note:
连接CE的接口才能划入VRF)
R1
ipvrfYESLAB
rd100:
1
route-targetexport100:
1
route-targetimport100:
1
interfaceSerial2/0
ipvrfforwardingYESLAB
ipaddress12.1.1.2255.255.255.0
PE1#shipvrfdetail
VRFYESLAB;defaultRD100:
1;defaultVPNID
Interfaces:
Se2/0
VRFTableID=1
ExportVPNroute-targetcommunities
RT:
100:
1
ImportVPNroute-targetcommunities
RT:
100:
1
Noimportroute-map
Noexportroute-map
VRFlabeldistributionprotocol:
notconfigured
VRFlabelallocationmode:
per-prefix
4、MP-BGP
先建立BGP关系
R1
routerbgp1
nosynchronization
bgprouter-id22.1.1.1
bgplog-neighbor-changes
neighbor33.1.1.1remote-as1
neighbor33.1.1.1update-sourceLoopback0
noauto-summary
R3作为RR
routerbgp1
nosynchronization
bgplog-neighbor-changes
neighbor22.1.1.1remote-as1
neighbor22.1.1.1update-sourceLoopback0
neighbor22.1.1.1route-reflector-client
neighbor44.1.1.1remote-as1
neighbor44.1.1.1update-sourceLoopback0
neighbor44.1.1.1route-reflector-client
noauto-summary
R3#shipbgpsummary
BGProuteridentifier33.1.1.1,localASnumber1
BGPtableversionis1,mainroutingtableversion1
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
22.1.1.141343410000:
19:
070
44.1.1.141333210000:
19:
100
在BGP进程下建立MP-BGP关系
R1:
routerbgp1
address-familyvpnv4
neighbor33.1.1.1activate
neighbor33.1.1.1send-communityextended
exit-address-family
R3
routerbgp1
address-familyvpnv4
neighbor22.1.1.1activate
neighbor22.1.1.1send-communityextended
neighbor22.1.1.1route-reflector-client
neighbor44.1.1.1activate
neighbor44.1.1.1send-communityextended
neighbor44.1.1.1route-reflector-client
exit-address-family
R3#shipbgpvpnv4allsu
BGProuteridentifier33.1.1.1,localASnumber1
BGPtableversionis5,mainroutingtableversion5
4networkentriesusing624bytesofmemory
4pathentriesusing272bytesofmemory
5/4BGPpath/bestpathattributeentriesusing740bytesofmemory
2BGPextendedcommunityentriesusing80bytesofmemory
0BGProute-mapcacheentriesusing0bytesofmemory
0BGPfilter-listcacheentriesusing0bytesofmemory
Bitfieldcacheentries:
current1(atpeak1)using32bytesofmemory
BGPusing1748totalbytesofmemory
BGPactivity4/0prefixes,4/0paths,scaninterval15secs
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
22.1.1.141373750000:
21:
522
44.1.1.141363550000:
21:
552
步骤5、PE与CE的邻居以及重分布
CE运行标准的ospf
CE1#
routerospf1
log-adjacency-changes
network11.1.1.10.0.0.0area0
network12.1.1.10.0.0.0area0
PE上
PE1#
routerospf1vrfYESLAB
log-adjacency-changes
redistributebgp1subnets
network12.1.1.20.0.0.0area0
PE1#shiposnei
NeighborIDPriStateDeadTimeAddressInterface
11.1.1.10FULL/-00:
00:
3612.1.1.1Serial2/0
PE1
Routerbgp1
address-familyipv4vrfYESLAB
redistributeospf1vrfYESLABmatchinternalexternal1external2
nosynchronization
exit-address-family
----缺省情况下只重分步ospf的内部路由,诸如如果CE有外部路由,切记加上external参数
PE1#shipbgpvpnv4all
BGPtableversionis9,localrouterIDis22.1.1.1
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:
100:
1(defaultforvrfYESLAB)
*>11.1.1.1/3212.1.1.16532768?
*>12.1.1.0/240.0.0.0032768?
*>i45.1.1.0/2444.1.1.101000?
*>i55.1.1.1/3244.1.1.1651000?
PE1#shiproutevrfYESLAB
RoutingTable:
YESLAB
Codes:
C-connected,S-static,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2
i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-2
ia-IS-ISinterarea,*-candidatedefault,U-per-userstaticroute
o-ODR,P-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
55.0.0.0/32issubnetted,1subnets
B55.1.1.1[200/65]via44.1.1.1,00:
48:
19
11.0.0.0/32issubnetted,1subnets
O11.1.1.1[110/65]via12.1.1.1,00:
49:
19,Serial2/0
12.0.0.0/24issubnetted,1subnets
C12.1.1.0isdirectlyconnected,Serial2/0
45.0.0.0/24issubnetted,1subnets
B45.1.1.0[200/0]via44.1.1.1,00:
48:
19
CE1#traceroute55.1.1.1sourcelo0
Typeescapesequencetoabort.
Tracingtherouteto55.1.1.1
112.1.1.248msec24msec4msec
223.1.1.3[MPLS:
Labels17/20Exp0]48msec20msec32msec
345.1.1.4[MPLS:
Label20Exp0]52msec8msec28msec
445.1.1.536msec*68msec
CE1#ping55.1.1.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto55.1.1.1,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=20/41/80ms
实验完成,欢迎继续关注Ender(安德)的技术文档,更多内容请关注:
配置实例:
PE1:
hostnamePE1
noipdomainlookup
ipvrfYESLAB
rd100:
1
route-targetexport100:
1
route-targetimport100:
1
!
noipv6cef
!
interfaceLoopback0
ipaddress22.1.1.1255.255.255.0
!
interfaceFastEthernet1/0
ipaddress23.1.1.2255.255.255.0
duplexauto
speedauto
mplsip
!
interfaceSerial2/0
ipvrfforwardingYESLAB
ipaddress12.1.1.2255.255.255.0
serialrestart-delay0
!
routereigrp1
network22.1.1.10.0.0.0
network23.1.1.20.0.0.0
noauto-summary
!
routerospf1vrfYESLAB
log-adjacency-changes
redistributebgp1subnets
network12.1.1.20.0.0.0area0
!
routerbgp1
nosynchronization
bgprouter-id22.1.1.1
bgplog-neighbor-changes
neighbor33.1.1.1remote-as1
neighbor33.1.1.1update-sourceLoopback0
noauto-summary
!
address-familyvpnv4
neighbor33.1.1.1activate
neighbor33.1.1.1send-communityextended
exit-address-family
!
address-familyipv4vrfYESLAB
redistributeospf1vrfYESLABmatchinternalexternal1external2
nosynchronization
exit-address-family
hostnamePE2
noipdomainlookup
ipvrfYESLAB
rd100:
1
route-targetexport100:
1
route-targetimport100:
1
interfaceLoopback0
ipaddress44.1.1.1255.255.255.0
!
interfaceFastEthernet1/0
ipaddress34.1.1.4255.255.255.0
duplexauto
speedauto
mplsip
interfaceSerial2/0
ipvrfforwardingYESLAB
ipaddress45.1.1.4255.255.255.0
routereigrp1
network34.1.1.40.0.0.0
network44.1.1.10.0.0.0
noauto-summary
!
routerospf1vrfYESLAB
log-adjacency-changes
redistributebgp1subnets
network45.1.1.40.0.0.0area0
!
routerbgp1
nosynchronization
bgprouter-id44.1.1.1
bgplog-neighbor-changes
neighbor33.1.1.1remote-as1
neighbor33.1.1.1update-sourceLoopback0
noauto-summary
!
address-familyvpnv4
neighbor33.1.1.1activate
neighbor33.1.1.1send-communityextended
exit-address-family
!
address-familyipv4vrfYESLAB
redistributeospf1vrfYESLABmatchinternalexternal1external2
nosynchronization
exit-address-family
hostnameR3
ipcef
interfaceLoopback0
ipaddress33.1.1.1255.255.255.0
!
interfaceFastEthernet1/0
ipaddress23.1.1.3255.255.255.0
duplexauto
speedauto
mplsip
!
interfaceFastEthernet1/1
ipaddress34.1.1.3255.255.255.0
duplexauto
speedauto
mplsip
!
routereigrp1
network33.1.1.10.0.0.0
network34.1.1.20.0.0.0
network0.0.0.0
noauto-summary
!
routerbgp1
nosynchronization
bgplog-neighbor-changes
neighbor22.1.1.1remote-as1
neighbor22.1.1.1update-sourceLoopback0
neighbor22.1.1.1route-reflector-client
neighbor44.1.1.1remote-as1
neighbor44.1.1.1update-sourceLoopback0
neighbor