MPLSVPN中VPNv4RR的应用.docx

1、MPLSVPN中VPNv4RR的应用带RR环境的MPLS VPN1、实验目的：在Mpls-VPN的backbone区域应用VPN的RR来传递VPNv4的路由，两个CE（R1和R5）可以互相通信2、理论支持：默认情况下，VPNv4的路由只有在RT中的import和export吻合的情况下才会被接收，除非关闭针对RT的过滤（用于复杂VPN），另外一个就是我们今天实验的VPN的RR的情况，它也打破了VPNv4中iBGP的水平分割原则，能否接收并公告VPNv4的路由3、拓扑描述：拓扑如下图所示。老规矩老习惯，R1上s1/0位置为12.1.1.1（符合XY.1.1.X的规则，XY代表设备号），R2上s1

2、/0=12.1.1.2。同时每个设备上有一个环回口=XX.1.1.1，如R1的环回口=11.1.1.1/24图中PE1为R2，PE2为R4，R1和R5为CE4、实验步骤步骤1、Backpone区域内通过IGP，环回口互相可达，本例采用eigrp（配置不再赘述）PE1#sh ip route eiPE1#sh ip route eigrp 34.0.0.0/24 is subnetted, 1 subnetsD 34.1.1.0 90/30720 via 23.1.1.3, 00:18:30, FastEthernet1/0 33.0.0.0/24 is subnetted, 1 subnets

3、D 33.1.1.0 90/156160 via 23.1.1.3, 00:18:30, FastEthernet1/0 44.0.0.0/24 is subnetted, 1 subnetsD 44.1.1.0 90/158720 via 23.1.1.3, 00:17:14, FastEthernet1/0PE1#ping 44.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 44.1.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/

4、5), round-trip min/avg/max = 8/36/76 ms步骤2、MPLS 的LDP邻居建立-sh mpls ldp nei沿途建立LSP通道，沿途相关接口配置命令mpls ip.PE1#sh run int f1/0terface FastEthernet1/0 ip address 23.1.1.2 255.255.255.0 duplex auto speed auto mpls ipR3#sh mpls ldp neighbor Peer LDP Ident: 22.1.1.1:0; Local LDP Ident 33.1.1.1:0 TCP connection

5、: 22.1.1.1.646 - 33.1.1.1.15237 State: Oper; Msgs sent/rcvd: 29/29; Downstream Up time: 00:18:29 LDP discovery sources: FastEthernet1/0, Src IP addr: 23.1.1.2 Addresses bound to peer LDP Ident: 23.1.1.2 22.1.1.1 Peer LDP Ident: 44.1.1.1:0; Local LDP Ident 33.1.1.1:0 TCP connection: 44.1.1.1.31420 -

6、33.1.1.1.646 State: Oper; Msgs sent/rcvd: 28/29; Downstream Up time: 00:18:19 LDP discovery sources: FastEthernet1/1, Src IP addr: 34.1.1.4 Addresses bound to peer LDP Ident: 34.1.1.4 44.1.1.1当然可以通过mpls label range 100 200配置分配的标签范围，通过mpls ldp router-id loopback 0 force指定router-id，注意此环回口必须在其LDP的邻居路由可

7、达，否则将无法建立ldp邻居如在PE1增加环回口loopback1，并将其指定为LDP router-IDPE1(config)#mpls ldp router-id lo1 force而该位置在R3不可达R3#sh ip route 111.1.1.0 % Network not in table则该LDP邻居会断掉，而会选择其他接口建立LDP邻居3、建立VRF(虚拟路由转发)-sh ip vrf detail(note：连接CE的接口才能划入VRF)R1ip vrf YESLAB rd 100:1 route-target export 100:1 route-target import

8、100:1interface Serial2/0 ip vrf forwarding YESLAB ip address 12.1.1.2 255.255.255.0PE1#sh ip vrf detail VRF YESLAB; default RD 100:1; default VPNID Interfaces: Se2/0 VRF Table ID = 1 Export VPN route-target communities RT:100:1 Import VPN route-target communities RT:100:1 No import route-map No expo

9、rt route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix4、MP-BGP先建立BGP关系R1router bgp 1 no synchronization bgp router-id 22.1.1.1 bgp log-neighbor-changes neighbor 33.1.1.1 remote-as 1 neighbor 33.1.1.1 update-source Loopback0 no auto-summaryR3作为RRrouter bgp

10、1 no synchronization bgp log-neighbor-changes neighbor 22.1.1.1 remote-as 1 neighbor 22.1.1.1 update-source Loopback0 neighbor 22.1.1.1 route-reflector-client neighbor 44.1.1.1 remote-as 1 neighbor 44.1.1.1 update-source Loopback0 neighbor 44.1.1.1 route-reflector-client no auto-summaryR3#sh ip bgp

11、summary BGP router identifier 33.1.1.1, local AS number 1BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd22.1.1.1 4 1 34 34 1 0 0 00:19:07 044.1.1.1 4 1 33 32 1 0 0 00:19:10 0在BGP进程下建立MP-BGP关系R1：router bgp 1address-family vpnv4 ne

12、ighbor 33.1.1.1 activate neighbor 33.1.1.1 send-community extended exit-address-familyR3router bgp 1 address-family vpnv4 neighbor 22.1.1.1 activate neighbor 22.1.1.1 send-community extended neighbor 22.1.1.1 route-reflector-client neighbor 44.1.1.1 activate neighbor 44.1.1.1 send-community extended

13、 neighbor 44.1.1.1 route-reflector-client exit-address-familyR3#sh ip bgp vpnv4 all suBGP router identifier 33.1.1.1, local AS number 1BGP table version is 5, main routing table version 54 network entries using 624 bytes of memory4 path entries using 272 bytes of memory5/4 BGP path/bestpath attribut

14、e entries using 740 bytes of memory2 BGP extended community entries using 80 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBitfield cache entries: current 1 (at peak 1) using 32 bytes of memoryBGP using 1748 total bytes of

15、memoryBGP activity 4/0 prefixes, 4/0 paths, scan interval 15 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd22.1.1.1 4 1 37 37 5 0 0 00:21:52 244.1.1.1 4 1 36 35 5 0 0 00:21:55 2步骤5、PE与CE的邻居以及重分布CE运行标准的ospfCE1#router ospf 1 log-adjacency-changes network 11.1.1.1 0.0.0.0 area 0

16、 network 12.1.1.1 0.0.0.0 area 0PE上PE1#router ospf 1 vrf YESLAB log-adjacency-changes redistribute bgp 1 subnets network 12.1.1.2 0.0.0.0 area 0PE1#sh ip os neiNeighbor ID Pri State Dead Time Address Interface11.1.1.1 0 FULL/ - 00:00:36 12.1.1.1 Serial2/0PE1Router bgp 1address-family ipv4 vrf YESLAB

17、 redistribute ospf 1 vrf YESLAB match internal external 1 external 2 no synchronization exit-address-family -缺省情况下只重分步ospf的内部路由，诸如如果CE有外部路由，切记加上external参数PE1#sh ip bgp vpnv4 all BGP table version is 9, local router ID is 22.1.1.1Status codes: s suppressed, d damped, h history, * valid, best, i - int

18、ernal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf YESLAB)* 11.1.1.1/32 12.1.1.1 65 32768 ?* 12.1.1.0/24 0.0.0.0 0 32768 ?*i45.1.1.0/24 44.1.1.1 0 100 0 ?*i55.1.1.1/32 44.1.1.1 65 100 0 ?PE

19、1#sh ip route vrf YESLABRouting Table: YESLABCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su

20、 - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 55.0.0.0/32 is subnetted, 1 subnetsB 55.1.1.1 200/65 via 44.1.1.1, 00:48:19 11.0.0.0/32 is s

21、ubnetted, 1 subnetsO 11.1.1.1 110/65 via 12.1.1.1, 00:49:19, Serial2/0 12.0.0.0/24 is subnetted, 1 subnetsC 12.1.1.0 is directly connected, Serial2/0 45.0.0.0/24 is subnetted, 1 subnetsB 45.1.1.0 200/0 via 44.1.1.1, 00:48:19CE1#traceroute 55.1.1.1 source lo0Type escape sequence to abort.Tracing the

22、route to 55.1.1.1 1 12.1.1.2 48 msec 24 msec 4 msec 2 23.1.1.3 MPLS: Labels 17/20 Exp 0 48 msec 20 msec 32 msec 3 45.1.1.4 MPLS: Label 20 Exp 0 52 msec 8 msec 28 msec 4 45.1.1.5 36 msec * 68 msecCE1#ping 55.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 s

23、econds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/41/80 ms实验完成，欢迎继续关注Ender（安德）的技术文档，更多内容请关注：bbb:/bbb:/blog.sinaaaabbb/andrew14配置实例：PE1：hostname PE1no ip domain lookupip vrf YESLAB rd 100:1 route-target export 100:1 route-target import 100:1!no ipv6 cef!interface Loopback0 ip add

24、ress 22.1.1.1 255.255.255.0!interface FastEthernet1/0 ip address 23.1.1.2 255.255.255.0 duplex auto speed auto mpls ip!interface Serial2/0 ip vrf forwarding YESLAB ip address 12.1.1.2 255.255.255.0 serial restart-delay 0!router eigrp 1 network 22.1.1.1 0.0.0.0 network 23.1.1.2 0.0.0.0 no auto-summar

25、y!router ospf 1 vrf YESLAB log-adjacency-changes redistribute bgp 1 subnets network 12.1.1.2 0.0.0.0 area 0!router bgp 1 no synchronization bgp router-id 22.1.1.1 bgp log-neighbor-changes neighbor 33.1.1.1 remote-as 1 neighbor 33.1.1.1 update-source Loopback0 no auto-summary ! address-family vpnv4 n

26、eighbor 33.1.1.1 activate neighbor 33.1.1.1 send-community extended exit-address-family ! address-family ipv4 vrf YESLAB redistribute ospf 1 vrf YESLAB match internal external 1 external 2 no synchronization exit-address-familyhostname PE2no ip domain lookupip vrf YESLAB rd 100:1 route-target export

27、 100:1 route-target import 100:1interface Loopback0 ip address 44.1.1.1 255.255.255.0!interface FastEthernet1/0 ip address 34.1.1.4 255.255.255.0 duplex auto speed auto mpls ipinterface Serial2/0 ip vrf forwarding YESLAB ip address 45.1.1.4 255.255.255.0router eigrp 1 network 34.1.1.4 0.0.0.0 networ

28、k 44.1.1.1 0.0.0.0 no auto-summary!router ospf 1 vrf YESLAB log-adjacency-changes redistribute bgp 1 subnets network 45.1.1.4 0.0.0.0 area 0!router bgp 1 no synchronization bgp router-id 44.1.1.1 bgp log-neighbor-changes neighbor 33.1.1.1 remote-as 1 neighbor 33.1.1.1 update-source Loopback0 no auto

29、-summary ! address-family vpnv4 neighbor 33.1.1.1 activate neighbor 33.1.1.1 send-community extended exit-address-family ! address-family ipv4 vrf YESLAB redistribute ospf 1 vrf YESLAB match internal external 1 external 2 no synchronization exit-address-familyhostname R3ip cefinterface Loopback0 ip

30、address 33.1.1.1 255.255.255.0!interface FastEthernet1/0 ip address 23.1.1.3 255.255.255.0 duplex auto speed auto mpls ip!interface FastEthernet1/1 ip address 34.1.1.3 255.255.255.0 duplex auto speed auto mpls ip!router eigrp 1 network 33.1.1.1 0.0.0.0 network 34.1.1.2 0.0.0.0 network 0.0.0.0 no auto-summary!router bgp 1 no synchronization bgp log-neighbor-changes neighbor 22.1.1.1 remote-as 1 neighbor 22.1.1.1 update-source Loopback0 neighbor 22.1.1.1 route-reflector-client neighbor 44.1.1.1 remote-as 1 neighbor 44.1.1.1 update-source Loopback0 neighbor 44.1.1