|
|
华为MPLS VPN跨域OPTION C(LDP给BGP分标签方式)
拓扑: CE1-----PE1-----ASBR1------ASBR2--------PE2---------CE3
各路由器配置:
RTA:
[RTA]dis current-configuration
#
sysname RTA
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
mpls
mpls ldp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Serial0/0/3
link-protocol ppp
#
interface Serial0/0/4
link-protocol ppp
#
interface Serial0/0/5
link-protocol ppp
#
interface Serial0/0/6
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
[RTA]
RTB:
[Quidway]dis current-configuration
#
sysname Quidway
#
ip vpn-instance BeiJing
description TestforBeijingResearchCenter
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
isis 1 vpn-instance BeiJing
network-entity 10.0000.0000.0002.00
import-route bgp
#
isis 100
network-entity 10.0000.0000.0100.00
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
mpls
mpls ldp
#
interface Serial0/0/1
link-protocol ppp
ip binding vpn-instance BeiJing
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
ip address 10.2.2.2 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface Serial0/0/4
link-protocol ppp
#
interface Serial0/0/5
link-protocol ppp
#
interface Serial0/0/6
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 100
#
bgp 100
peer 5.5.5.5 as-number 50
peer 5.5.5.5 ebgp-max-hop 5
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable
#
ipv4-family vpn-instance BeiJing
import-route isis 1
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
RTC:
[Quidway]dis current-configuration
#
sysname Quidway
#
mpls lsr-id 3.3.3.3
mpls
lsp-trigger bgp-label-route
#
mpls ldp
#
isis 100
network-entity 10.0000.0000.0300.00
import-route bgp
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
ip address 10.2.2.3 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface Serial0/0/3
link-protocol ppp
#
interface Serial0/0/4
link-protocol ppp
ip address 10.3.3.3 255.255.255.0
mpls
#
interface Serial0/0/5
link-protocol ppp
#
interface Serial0/0/6
link-protocol ppp
#
interface NULL0
#
interface Logic-Channel0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 100
#
bgp 100
peer 10.3.3.4 as-number 50
peer 10.3.3.4 ebgp-max-hop 2
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 10.3.3.4 enable
peer 10.3.3.4 route-policy OptionCLdp export
peer 10.3.3.4 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
route-policy OptionCLdp permit node 1
apply mpls-label
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
[Quidway]
RTD:
[Quidway]dis current-configuration
#
sysname Quidway
#
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
import-route bgp
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
ip address 10.3.3.4 255.255.255.0
mpls
#
interface Serial0/0/4
link-protocol ppp
#
interface Serial0/0/5
link-protocol ppp
ip address 10.4.4.4 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Serial0/0/6
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 50
peer 10.3.3.3 as-number 100
peer 10.3.3.3 ebgp-max-hop 2
#
ipv4-family unicast
undo synchronization
compare-different-as-med
network 5.5.5.5 255.255.255.255
peer 10.3.3.3 enable
peer 10.3.3.3 route-policy OptionCLdp export
peer 10.3.3.3 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
route-policy OptionCLdp permit node 1
apply mpls-label
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
[Quidway]
RTE:
[Quidway]dis current-configuration
#
sysname Quidway
#
ip vpn-instance BeiJing
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0005.00
#
isis 100 vpn-instance BeiJing
network-entity 10.0000.0000.0200.00
import-route bgp
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface Serial0/0/4
link-protocol ppp
ip address 10.4.4.5 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Serial0/0/5
link-protocol ppp
#
interface Serial0/0/6
link-protocol ppp
ip binding vpn-instance BeiJing
ip address 10.5.5.5 255.255.255.0
isis enable 100
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
bgp 50
peer 2.2.2.2 as-number 100
peer 2.2.2.2 ebgp-max-hop 5
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 50
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 4.4.4.4 enable
#
ipv4-family vpn-instance BeiJing
import-route isis 100
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
RTF:
[Quidway]dis current-configuration
#
sysname Quidway
#
isis 100
network-entity 10.0000.0000.0006.00
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface Serial0/0/4
link-protocol ppp
#
interface Serial0/0/5
link-protocol ppp
ip address 10.5.5.6 255.255.255.0
isis enable 100
#
interface Serial0/0/6
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
isis enable 100
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
[Quidway]
最后配置好后检查配置:
CE1上查看路由,ping CE2:
[RTA]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
6.6.6.6/32 ISIS 15 74 D 10.1.1.2 Serial0/0/2
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Serial0/0/2
10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Serial0/0/2
10.5.5.0/24 ISIS 15 74 D 10.1.1.2 Serial0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[RTA]
[RTA]
[RTA]ping 6.6.6.6
PING 6.6.6.6: 56 data bytes, press CTRL_C to break
Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=252 time=130 ms
Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=252 time=110 ms
Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=252 time=110 ms
Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=252 time=130 ms
Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=252 time=120 ms
--- 6.6.6.6 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 110/120/130 ms
PE1上进行公网IP Ping:
<Quidway>ping -a 2.2.2.2 5.5.5.5
PING 5.5.5.5: 56 data bytes, press CTRL_C to break
Reply from 5.5.5.5: bytes=56 Sequence=1 ttl=253 time=60 ms
Reply from 5.5.5.5: bytes=56 Sequence=2 ttl=253 time=100 ms
Reply from 5.5.5.5: bytes=56 Sequence=3 ttl=253 time=100 ms
Reply from 5.5.5.5: bytes=56 Sequence=4 ttl=253 time=80 ms
Reply from 5.5.5.5: bytes=56 Sequence=5 ttl=253 time=60 ms
--- 5.5.5.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/80/100 ms
ASBR1上查看mpls lsp:
[Quidway]disp mpls lsp verbose
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex :
RD Value : 0:0
Fec : 2.2.2.2/32
Nexthop : 10.2.2.2
In-Label : 13312
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4099
Token : 0x0
LsrType : Egress
Outgoing token : 0{:3_66:}00
Label Operation : POPGO
Mpls-Mtu : ------
TimeStamp : 1132sec
No : 2
VrfIndex :
RD Value : 0:0
Fec : 5.5.5.5/32
Nexthop : 10.3.3.4
In-Label : NULL
Out-Label : 13312
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4100
Token : 0{:3_66:}09
LsrType : Ingress
Outgoing token : 0{:3_66:}08
Label Operation : PUSH
Mpls-Mtu : ------
TimeStamp : 1128sec
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
No : 3
VrfIndex :
Fec : 3.3.3.3/32
Nexthop : 127.0.0.1
In-Label : 3
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 6144
Token : 0x0
FrrToken : 0x0
LsrType : Egress
Outgoing token : 0x0
Label Operation : POP
Mpls-Mtu : ------
TimeStamp : 1994sec
Bfd-State : ---
No : 4
VrfIndex :
Fec : 2.2.2.2/32
Nexthop : 10.2.2.2
In-Label : NULL
Out-Label : 3
In-Interface : ----------
Out-Interface : Serial0/0/2
LspIndex : 6145
Token : 0x2000
FrrToken : 0x0
LsrType : Ingress
Outgoing token : 0x0
Label Operation : PUSH
Mpls-Mtu : ------
TimeStamp : 1994sec
Bfd-State : ---
No : 5
VrfIndex :
Fec : 2.2.2.2/32
Nexthop : 10.2.2.2
In-Label : 1024
Out-Label : 3
In-Interface : ----------
Out-Interface : Serial0/0/2
LspIndex : 6146
Token : 0x2001
FrrToken : 0x0
LsrType : Transit
Outgoing token : 0x0
Label Operation : SWAP
Mpls-Mtu : ------
TimeStamp : 1994sec
Bfd-State : ---
No : 6
VrfIndex :
Fec : 5.5.5.5/32
Nexthop : 10.3.3.4
In-Label : 1025
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 6150
Token : 0x0
FrrToken : 0x0
LsrType : Egress
Outgoing token : 0x2009
Label Operation : POPGO
Mpls-Mtu : ------
TimeStamp : 1134sec
Bfd-State : ---
[Quidway]
注意事项:
1、注意配置ebgp-max-hop,否则PE间EBGP Peer可能建立失败。
2、推荐ASBR间使用直连接口IP地址建立EBGP PEER。否则路由配置很麻烦,使用loopback口建立EBGP PEER然后配置静态路由很可能LDP迭代BGP隧道失败。这个目前没有找到合适的解决方法。
该贴已经同步到 COCO999的微博 |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-8-27 12:11:27
置顶卡
喧嚣卡
变色卡
千斤顶
楼主
