mplsvpn配置案例.docx
《mplsvpn配置案例.docx》由会员分享,可在线阅读,更多相关《mplsvpn配置案例.docx(15页珍藏版)》请在冰豆网上搜索。
mplsvpn配置案例
Mplsvpn配置实例
一•建立MPLS域(配置PE与P之间的IGP和MPLS)
1.分别在R2.R3.R4.R5开启OSPF协议分配到areaO,进入各接口开启mplsip,保证R2的loopback0地址与R5的loopback0地址可以互访。
R2配置
Router#conft
Router(config)#routerospf1
Router(config-router)#router-id2.222
Router(config-router)#network2.2.2.20.0.0.0area0
Router(config-router)#network10.1.23.00.0.0.255area0
Router(config-router)#mplsIdpautoconfig
R3配置
Router#conft
Router(config)#routerospf1
Router(config-router)#router-id3.3.33
Router(config-router)#network0.0.0.00.0.0.0area0
Router(config-router)#mplsIdpautoconfig
R4配置
Router#conft
Router(config)#routerospf1
Router(config-router)#router-id4.4.4.4
Router(config-router)#network0.0.0.00.0.0.0area0
Router(config-router)#mplsIdpautoconfig
R5配置
Router#conft
Router(config)#routerospf1
Router(config-router)#router-id5.55.5
Router(config-router)#network5.55.50.0.0.0area0
Router(config-router)#network10.1.45.00.0.0.255area0
Router(config-router)#mplsIdpautoconfig
1.MPLStt本咅B書:
mplslabelrange200299//定义标围
mplslabelprotocolIdp〃定义标签协议
mplsIdprouter-idLoopbackl//定文LDPRID|
intsO/1〃接入接口
mplsip//3T启MPLS
2•常用命令
showmplsIdpneighbor〃宣看MPLS令B居
showmplsIdpbindings//童看LIBv标签数据库a
showmpls-“ble//重看LFIBv标签转发表〉
clearmplsIdpneighbor*〃刷WrLDP邻居
Showipcefdetail〃童看详细CEF
2.VS点对点VPN
前者:
运营薛只提供物理链路,不参与客户路由服笋;
后者:
运营商参与客户的路由选举过程,保证客户内网联通;
MPLSVPZ基于Peertopeer的VPN
Tag:
1.VRF-面向对繚:
解决用户安全
2.RD-面向对彖:
解决路由冲突|
3.RT-面向对象:
VPN
二・MPLSVPN部署
1配置PE与CE之间的路由协议
1•接入点使用ripv2路由协议接入
R2配置
R2(config)#ipvrfA
R2(config-vrf)#rd1:
100
R2(config-vrf)#route-target1:
100
R2#shoipvrf
Name
A
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉3不同RD)
〃定义RT(对接VPN)
DefaultRDinterfaces
x:
ioo»
R2(config)#interfacefO/1
R2(config-if)#ipvrfforwardingARouter#showIproutevrtA
〃进入PECE接口
〃把接口放入VRF虚拟环境
RoutingTable:
A
codes:
c-connected,s-static,R-rip,m-mobile,B-bgp
d-EIGRP,ex-EIGRPexternal,o-ospf.ia-ospfinterarea
N1・ospfnssaexternaltype1,N2-ospfnssaexternaltype2
El・ospfexternaltype1,E2-ospfexternaltype2
i一15-15,5u一IS-I5summary,Ll一工5・工5level-1,L2一15-15level-2■ia・IS-ISinterarea,*-candidatedefault,u-per-userstaticrouteo-ODR,p-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
C192.168.1.0/24isdirectlyconnected,FastEthernetO./l
Route厂#showipvrf
NameDefaultRDTnterfaces
A1:
100FaO/1
RQUter^pingvrfA192.1^8.1.1
Typeescapesequenewtoabort・
sending5,100-byteICMPEchosto192.168.1.1,timeoutis2seconds:
!
!
m!
successrateis100percent(5/5)fround-tripndn/avq/max=8/13/24ms
R5配置
R5(config)#ipvrfA
R5(config-vrf)#rd1:
100
R5(config-vrf)#route-target1:
100
R5(config)#interfacef0/l
R5(config-if)#ipvrfforwardingA
配置R1与R2要互相学习路由
R1配置
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉己不同RD)
〃定义RT(对接VPN)
〃进入PECE接口
〃把接口放入VRF虚拟环境
Router#shov/runrring・corrn©|sectionriprouterrip
version2
network0.0.0.0
noauto-s-ummary
R2配置
R2(config)#routerrip
R2(config-router)#version2
R2(config-router)#noauto-summary
R2(config-router)#address-familyipv4vrfA
R2(config-router-af)#network192.168.1.0
配宜完后确保R2可以学到到R1的路由
配置R5与R6要互相学习路由
R6配置
R.outer#shov/runnir)g|sectionriprouterrip
version2
network0.0.0.0
noauto-summary
R5配置
R5(config)#routerrip
R5(config-router)#version2
R5(config-router)#noauto-summary
R5(config-router)#address-familyipv4vrfA
R5(config-router-af)#network192.168.2.0
配置完后确保R5可以学到R6的路由信息
2•接入点使用静态路由接入
R2配置
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉己不同RD)
〃定义RT(对接VPN)
〃进入PECE接口
〃把接口放入VRF虚拟环境
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉3不同RD)
〃定义RT(对接VPN)
〃进入PECE接口
〃把接口放入VRF虚拟环境
R2(config)#ipvrfA
R2(config-vrf)#rd1:
200
R2(config-vrf)#route-target1:
200
R2(config)#interfacef0/l
R2(config-if)#ipvrfforwardingB
R5配置
R5(config)#ipvrfA
R5(config-vrf)#rd1:
200
R5(config-vrf)#route-target1:
200
R5(config)#interfacef0/l
R5(config-if)#ipvrfforwardingB
实用文档
R2静态路由配置
Router(config)#iproutevrfB7.7.7.7255.255.255.255192.1683.7
R5静态路由配置
Router(config)#iproutevrfB8.8.8.8255.255.255.255192.168.4.8
3•接入点使用OSPF路由协议接入(R7和R8清空静态路由)
R2配置
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉己不同RD)
〃定义RT(对接VPN)
〃进入PECE接口
〃把接口放入VRF虚拟环境
〃定义VRF(接入用户名字)
〃定义RD(区分客户路由,不同客户分酉8不同RD)
〃定义RT(对接VPN)
〃进入PECE接口
〃把接口放入VRF虚拟环境
R2(config)#ipvrfC
R2(config-vrf)#rd1:
300
R2(config-vrf)#route-target1:
300
R2(config)#interfacefO/1
R2(config-if)#ipvrfforwardingC
R5配置
R5(config)#ipvrfC
R5(config-vrf)#rd1:
300
R5(config-vrf)#route-target1:
300
R5(config)#interfacef0/l
R5(config-if)#ipvrfforwardingC
R7配置OSPF路由协议
Router(config)#routerospf2
Router(config-router)#router-id77.7.7
Router(config-router)#network0.0.0.00.0.0.0area0
在R2上输入r可以成功学到R7的路由
Router#showiproutevrfC
RoutingTable:
C
Codes:
C-connected,S・static,R・RIRM・mobile,B-BGP
D・EIGRREX-E1GRPexternal,O-OSPF,IA・OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
El-OSPFexternaltype1,E2-OSPFexternaltype2
i-IS-IS,su・IS・ISsummary,LI-IS-ISlevel-1,L2-IS-ISlevel-2ia・IS-ISinterarea,*-candidatedefault,U-per-userstaticrouteo-ODRfP-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
7.0.0.0/32issubnetted,1subnets
O7.7.77[110/2]via192.168.3.7,00:
01:
15,FastEthernetO/2
C192.168.3.0/24isdirectlyconnected,FastEthernetO/2
R8配置OSPF路由协议
Router(config)#routerospf2
Router(config-router)#router-id8.8.8.8Router(config-router)#network0.0.0.00.0.0.0area0
在R5上输入,可以成功学到R8的路由
Router#showiproutevrfC
RoutingTable:
C
Codes:
C-connected,S-static,R-RIBM・mobile,B-BGP
D-EIGRREX・EIGRPexternal,O・OSPF,IA-OSPFinterarea
N2・OSPFNSSAexternaltype1,N2・OSPFNSSAexternaltype2
El-OSPFexternaltype1,E2・OSPFexternaltype2
i-IS-IS,su・IS-ISsummary,LI-IS-ISlevel-1,L2-IS-ISlevel-2ia-IS-ISinterarea,*-candidatedefault,U-per-userstaticrouteo・ODR,P-periodicdownloadedsta廿croute
Gatewayoflastresortisnotset
8.0.0.0/32issubnetted,1subnets
O8.8.8.8[110/2]via192.168・4・&00:
03:
34,FastEthernetO/2
C192.168.4.0/24isdirectlyconnected,FastEthernetO/2
2配置PE与PE之间的MP・BGP(R2和R5要互相学习路由)
R2配置
R2(config)#routerbgp1
R2(config-router)#nosynchronization
R2(config-router)#noauto-summary
R2(config-router)#bgprouter-id2.2.2.2
R2(config-router)#neighbor5.5.5.5remote-as1
R2(config-router)#neighbor5.5.5.5update-sourceloopback0
R2(config-router)#address-familyvpnv4
R2(config-router-af)#neighbor5.5.5.5activate
R2(config-router-af)#neighbor5.5.5.5send-community
R5配置
R5(config)#routerbgpl
R5(config-router)#nosynchronization
R5(config-router)#noauto-summary
R5(config-router)#bgprouter-id5.5.5.5
R5(config-router)#neighbor2.2.2.2remote-as1
R5(config-router)#neighbor2.2.2.2update-sourceloopback0R5(config-router)#address-familyvpnv4
R5(config-router-af)#neighbor2.2.2.2activate
R5(config-router-af)#neighbor2.2.2.2send-community
3•配置PE与BGP与IGP的路由重分发
R2配置(把R1的RIP导入到R2的BGP)
Router(config)#routerbgp1
Router(config-router)#address・familyipv4vrfA
Router(config-router-af)#redistributeripmetric5
Router#showipbgpvpnv4all
BGPtableversionis5,localrouterIDis2.2.2.2
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,rRIB-failure,SStale
Origincodes:
i-IGRe・EGR?
・incomplete
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:
1:
100(defaultforvrfA)
♦>1.1.1.1/32
♦>192.168.1.0
192.168.1.1
0.0.0.0
32768?
32768?
R5配置(bgp导入rip)
Router(config)#routerrip
Router(config-router)#address・familyipv4vrfA
Router(config-router-af)#redistributebgp1metrictransparent
做完后R6可以学到R1的路由
Router#showiproute
Codes:
C-connected,S-static,R-RIBM-mobile,B-BGP
D-EIGRREX・EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1・OSPFNSSAexternaltype1,N2・OSPFNSSAexternaltype2
El-OSPFexternaltype1,E2・OSPFexternaltype2
i-IS-IS,su・ISJSsummary,LI-IS-ISlevel-1,L2-IS-ISlevel-2ia・IS-ISinterarea,*-candidatedefault,U-per-userstaticrouteo・ODR,P・periodicdownloadedstaticroute
Gatewayoflastresortisnotset
1.0.0.0/32issubnetted,1subnets
R1.1.1.1[120/6]via192.168.2.5,00:
00:
01,FastEthernetO/1
6.0.0.0/32issubnetted,1subnets
C6.6.6.6isdirectlyconnectecbLoopbackO
R192.168.1.0/24[120/1]via192.168.2.5,00:
00:
01,FastEthernetO/1
C192.168.2.0/24isdirectlyconnected,FastEthernetO/1
R5配程
Router(config)#routerbgp1
Router(config-router)#address-familyipv4vrfARouter(config-router-af)#redistributeripmetric5
R2配置
Router(config)#routerrip
Router{config-router)#address・familyipv4vrfA
Router{config-router-af)#redistributebgp1metrictransparent
完成后R1可以学习到R6的路由
Router#showiproute
Codes:
C-connected,S-static,R-RIBM・mobile,B-BGP
D・ElGRREX・EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1・OSPFNSSAexternaltype1,N2・OSPFNSSAexternaltype2
El-OSPFexternaltype1,E2・OSPFexternaltype2
i-IS-IS,su-IS-ISsummary,LI-IS-ISlevel-1,L2-IS-ISlevel-2ia・IS-ISinterarea,*・candidatedefault,U-per-userstaticrouteo・ODR,P・periodicdownloadedstaticroute
Gatewayoflastresortisnotset
1.0.0.0/32issubnetted,1subnets
C1.1.1.1isdirectlyconnected,LoopbackO
6.0.0.0/32issubnetted,1subnets
R6.6.6.6[120/6]via192.168.1.2,00:
00:
14,FastEthernetO/1
C192.168.1.0/24isdirectlyconnected,FastEthernetO/1
R192.168.2.0/24[120/1]via192.168.1.2,00:
00:
14,FastEthernetO/1
2•接入点使用静态路由接入
R2配置
Router(config)#routerbgp1
Router(config-router)#address-familyipv4vrfB
Router(config-router-af)^redistributestatic
升级会员 