MPLS-VPN实验 需求概述 1.MPLS域运行EIGRP进程号88,PE路由器(R2与R5)上运行BGP,建立MP-BGP邻居 2.实现公司A北京分公司和上海分公司建立VPN连接实现相互通信,使用MPLS-VPN。 配置与实现 实现原理思想 1.在公网上运行EIGRP,进程号88,实现全网互通。 2.在PE设备上穿件vrf (配置RD和RT)并将相应的接口划进vrf。 3.在MPLS骨干区域运行LDP(在接口下配置mpls ip或tag-switching ip)为了试验方便观察现象,可以指定MPLS标签范围。 4.在PE设备和CE设备上运行路由协议,使得PE设备获得客户(公司A)的路由信息。 5.R2和R5上运行BGP,建立MP-BGP邻居,帮助客户(公司A)传递路由信息。 6.在R2上将OSPF110路由重分布进BGP100,将BGP100路由重分布进OSPF110 在R5上将EIGRP1路由重分布进BGP100,将BGP100路由重分布经EIGRP1 关键配置 R1配置 interface Loopback0 ip address 1.1.1.1 255.255.255.255 interface FastEthernet0/0 ip address 12.1.1.1 255.255.255.0 router ospf 110 //R1运行OSPF,使得PE与CE设备间互通 router-id 1.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 12.1.1.0 0.0.0.255 area 0 R2配置 ip vrf vpn1 //在R2上开启vrf虚拟路由器 rd 100:1 route-target export 100:1 route-target import 100:1 interface Loopback0 ip address 2.2.2.2 255.255.255.255 interface FastEthernet0/0 ip vrf forwarding vpn1 //将相应的接口划进vrf进程中 ip address 12.1.1.2 255.255.255.0 interface FastEthernet0/1 ip address 23.1.1.2 255.255.255.0 router eigrp 88 //MPLS域运行EIGRP实现全公网互通 network 2.2.2.2 0.0.0.0 network 23.1.1.0 0.0.0.255 no auto-summary ! router ospf 110 vrf vpn1 //R2在vrf模式下运行OSPF,实现PE有CE设备间互通 router-id 2.2.2.2 log-adjacency-changes redistribute bgp 100 subnets network 12.1.1.0 0.0.0.255 area 0 ! router bgp 100 //R2上运行BGP,与R5建立MP-BGP邻居 bgp router-id 2.2.2.2 no bgp default ipv4-unicast //关闭BGP默认的ipv4单播行为 bgp log-neighbor-changes neighbor 5.5.5.5 remote-as 100 neighbor 5.5.5.5 update-sourceLoopback0 address-family vpnv4 //在BGP进程下,进入vrf下 neighbor 5.5.5.5 activate //激活邻居 neighbor 5.5.5.5 send-communityboth // address-family ipv4 vrf vpn1 //在vrf模式下,将OSPF路由重分布进BGP redistribute ospf 110 vrf vpn1 R3配置 interface Loopback0 ip address 3.3.3.3 255.255.255.255 interface FastEthernet0/0 ip address 34.1.1.3 255.255.255.0 mpls ip interface FastEthernet0/1 ip address 23.1.1.3 255.255.255.0 mpls ip router eigrp 88 network 3.3.3.3 0.0.0.0 network 23.1.1.0 0.0.0.255 network 34.1.1.0 0.0.0.255 no auto-summary R4配置 同R3 R5配置 ip vrf vpn1 rd 100:1 route-target export 100:1 route-target import 100:1 mpls label range 500 599 interface Loopback0 ip address 5.5.5.5 255.255.255.255 interface FastEthernet0/0 ip vrf forwarding vpn1 ip address 56.1.1.5 255.255.255.0 interface FastEthernet0/1 ip address 45.1.1.5 255.255.255.0 mpls ip router eigrp 88 network 5.5.5.5 0.0.0.0 network 45.1.1.0 0.0.0.255 no auto-summary router eigrp 1 no auto-summary address-family ipv4 vrf vpn1 redistribute bgp 100 metric 1000001000 255 100 1500 network 56.1.1.0 0.0.0.255 no auto-summary autonomous-system 1 router bgp 100 bgp router-id 5.5.5.5 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-sourceLoopback0 address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-communityboth address-family ipv4 vrf vpn1 redistribute eigrp 1 metric 100 R6配置 同R1,运行EIGRP1 实验测试结果 查看PE和CE之间运行路由协议结果 R1与R2之间的连通性 R2#sho ip rou vrf vpn1 Routing Table: vpn1 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1subnets O 1.1.1.1 [110/2] via 12.1.1.1,00:31:10, FastEthernet0/0 6.0.0.0/32 is subnetted, 1subnets C 12.1.1.0 is directlyconnected, FastEthernet0/0 R2#ping vrf vpn1 1.1.1.1 //R2的vrf路由表中有1.1.1.1 的路由,在vrf模式下测试能通 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/35/52 ms R1#sh ip rou Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1subnets C 1.1.1.1 is directly connected,Loopback0 6.0.0.0/32 is subnetted, 1subnets C 12.1.1.0 is directlyconnected, FastEthernet0/0 R1#ping 12.1.1.2 //R1特权模式下有R2的路由,测试能通 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/40/60 ms R5与R6之间的连通性 R5#sh ip rou vrf vpn1 Routing Table: vpn1 Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1subnets D 6.6.6.6 [90/156160] via56.1.1.6, 00:34:33, FastEthernet0/0 56.0.0.0/24 is subnetted, 1subnets C 56.1.1.0 is directlyconnected, FastEthernet0/0 R5#ping vrf vpn1 6.6.6.6 //R5的vrf路由表中有R6lo0口的路由,vrf模式下测试能通 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/56 ms R6#ping 56.1.1.5 //R6直接能Ping通R5 ,直连路由 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 56.1.1.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/52 ms PE设备上的路由信息 R2#sho ip rou //R2全局下的路由,只有直连路由和D路由 Gateway of last resort is not set D 34.0.0.0/8 [90/30720] via23.1.1.3, 00:47:45, FastEthernet0/1 2.0.0.0/32 is subnetted, 1subnets C 2.2.2.2 is directlyconnected, Loopback0 D 3.0.0.0/8 [90/156160] via23.1.1.3, 00:47:45, FastEthernet0/1 D 4.0.0.0/8 [90/158720] via23.1.1.3, 00:47:44, FastEthernet0/1 D 5.0.0.0/8 [90/161280] via23.1.1.3, 00:47:44, FastEthernet0/1 23.0.0.0/24 is subnetted, 1subnets C 23.1.1.0 is directlyconnected, FastEthernet0/1 D 45.0.0.0/8 [90/33280] via23.1.1.3, 00:47:44, FastEthernet0/1 R2#sho ip rou vrf vpn1 //R2vrf模式下,有重分布后的O路由,B路由,直连路由 Routing Table: vpn1 B路由是通往客户的路由 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1subnets O 1.1.1.1 [110/2] via 12.1.1.1,00:43:33, FastEthernet0/0 6.0.0.0/32 is subnetted, 1subnets B 6.6.6.6 [200/100] via5.5.5.5, 00:31:17 56.0.0.0/24 is subnetted, 1subnets B 56.1.1.0 [200/0] via 5.5.5.5, 00:31:17 12.0.0.0/24 is subnetted, 1subnets C 12.1.1.0 is directlyconnected, FastEthernet0/0 R5#sho ip rou //R5全局下的路由,只有直连路由和D路由 Gateway of last resort is not set D 34.0.0.0/8 [90/30720] via45.1.1.4, 00:51:47, FastEthernet0/1 2.0.0.0/32 is subnetted, 1subnets D 2.2.2.2 [90/161280] via45.1.1.4, 00:51:44, FastEthernet0/1 D 3.0.0.0/8 [90/158720] via45.1.1.4, 00:51:44, FastEthernet0/1 D 4.0.0.0/8 [90/156160] via45.1.1.4, 00:51:47, FastEthernet0/1 5.0.0.0/8 is variably subnetted,2 subnets, 2 masks C 5.5.5.5/32 is directlyconnected, Loopback0 D 5.0.0.0/8 is a summary,00:51:50, Null0 D 23.0.0.0/8 [90/33280] via45.1.1.4, 00:51:46, FastEthernet0/1 45.0.0.0/8 is variablysubnetted, 2 subnets, 2 masks C 45.1.1.0/24 is directlyconnected, FastEthernet0/1 D 45.0.0.0/8 is a summary,00:51:52, Null0 R5#sho ip rou vrf vpn1 //R5的vrf模式下,有重分布后的D路由,B路由;直连路由 Routing Table: vpn1 B路由是通往客户的路由 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1subnets B 1.1.1.1 [200/2] via 2.2.2.2,00:37:01 6.0.0.0/32 is subnetted, 1subnets D 6.6.6.6 [90/156160] via56.1.1.6, 00:44:32, FastEthernet0/0 56.0.0.0/24 is subnetted, 1subnets C 56.1.1.0 is directly connected,FastEthernet0/0 12.0.0.0/24 is subnetted, 1subnets B 12.1.1.0 [200/0] via 2.2.2.2,00:37:01 CE设备上的路由信息 R1#sho ip rou //公司A北京分公司只有自身直连路由和VPN连接的上海分公司的O E2路由,由PE(R2)的BGP路由重分布进OSPF中的外部路由,没有公网路由 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/100] via 12.1.1.2, 00:39:41, FastEthernet0/0 56.0.0.0/24 is subnetted, 1 subnets O E2 56.1.1.0 [110/1] via 12.1.1.2, 00:39:41, FastEthernet0/0 12.0.0.0/24 is subnetted, 1 subnets C 12.1.1.0 is directly connected, FastEthernet0/0 R5#sho ip rou //公司A上海分公司只有自身直连路由和VPN连接的北京分公司的O E2路由,由PE(R5)的BGP路由重分布进OSPF中的外部路由,没有公网路由 Gateway of last resort is not set D 34.0.0.0/8 [90/30720] via 45.1.1.4, 01:00:23, FastEthernet0/1 2.0.0.0/32 is subnetted, 1 subnets D 2.2.2.2 [90/161280] via 45.1.1.4, 01:00:19, FastEthernet0/1 D 3.0.0.0/8 [90/158720] via 45.1.1.4, 01:00:19, FastEthernet0/1 D 4.0.0.0/8 [90/156160] via 45.1.1.4, 01:00:23, FastEthernet0/1 5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 5.5.5.5/32 is directly connected, Loopback0 D 5.0.0.0/8 is a summary, 01:00:25, Null0 D 23.0.0.0/8 [90/33280] via 45.1.1.4, 01:00:19, FastEthernet0/1 45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 45.1.1.0/24 is directly connected, FastEthernet0/1 D 45.0.0.0/8 is a summary, 01:00:27, Null0 公司A的北京分公司和上海分公司之间的连通性 R1#ping 6.6.6.6 //北京分公司能ping通上海分公司 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 140/154/172 ms R1#ping 6.6.6.6 sou 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 140/159/184 ms R6#ping 1.1.1.1 //上海分公司能ping通北京分公司 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 124/156/172 ms R6#ping 1.1.1.1 sou 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Packet sent with a source address of 6.6.6.6 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 136/164/200 ms 实验总结 1.R2与R5之间建立MP-BGP邻居,发现有日志弹出显示邻居建立,使用命令:sho ip bgp vpnv4 allsummary 查看BGP邻居 2.在PE设备上要做单点双向重发布(将BGP重发布进OSPF vrf,将OSPF重发布进BGP vrf;将BGP重发布进EIGRP vrf,将EIGRP重发布进BGP vrf)。在做BGP到EIGRP的重发布时,要注意metric值得转化。【重分布操作都应在vrf模式下】 3.在PE设备上,将接口划进相应的vrf后,会将原有地址移除,需要重新配置该接口的IP地址。 4.为了方便观察现象,可以再接口运行MPLS之前指定MPLS label的范围,如果在运行MPLS之后再修改label范围,只能重启后才能生效。
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2014-8-27 12:56:41
置顶卡
喧嚣卡
变色卡
千斤顶
