|
|
为了进一步了解BGP/MPLS VPN,先搭建一个MPLS Lab。
实验步骤:
1、准备P-network
1.1配置接口和IGP
1.2定义VPN
1.3配置PE-PE的路由会话
1.4配置PE-CE的路由会话
2、配置CE路由器
1.1配置接口和IGP
router P
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
ip unnumbered Loopback0
mpls ip
!
interface Serial1/1
ip unnumbered Loopback0
mpls
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
Router PEA
!
ip cef
!
interface Loopback0
ip address 1.1.1.2 255.255.255.255
!
interface Serial1/1
ip unnumbered Loopback0
mpls ip
!
router ospf 1
log-adjacency-changes
network 1.1.1.2 0.0.0.0 area 0
Router PEB
!
ip cef
!
interface Loopback0
ip address 1.1.1.3 255.255.255.255
!
interface Serial1/0
ip unnumbered Loopback0
mpls ip
!
router ospf 1
log-adjacency-changes
network 1.1.1.3 0.0.0.0 area 0
主要完成下列任务:
在全局模式打开赛虎CEF,CEF是运行MPLS所必须的;
配置相应的IP地址和完成IGP(OSPF)的配置;
在接口启用MPLS交换。
1.2在PE定义VPN
主要完成下列任务:
定义vrf,定义不同的vpn路由选择和转发实例;
用RD(Router Distinguisher)标识VPN,为用户VPN创建路由选择和转发表;
从或者向vpn扩展公用体导入导出路由选择信息;
把VRF和接口或子接口关联起来。
Router PEA
!
ip vrf vpn-a
rd 65001:1
route-target export 65001:1
route-target import 65001:1
!
ip vrf vpn-b
rd 65001:2
route-target export 65001:2
route-target import 65001:2
interface Serial1/0
ip vrf forwarding vpn-a
ip address 172.16.3.1 255.255.255.0
!
interface Serial1/2
ip vrf forwarding vpn-b
ip address 172.16.5.1 255.255.255.252
Router PEB
!
ip vrf vpn-a
rd 65001:1
route-target export 65001:1
route-target import 65001:1
!
ip vrf vpn-b
rd 65001:2
route-target export 65001:2
route-target import 65001:2
!
interface Serial1/1
ip vrf forwarding vpn-a
ip address 172.16.4.1 255.255.255.0
!
interface Serial1/2
ip vrf forwarding vpn-b
ip address 172.16.5.5 255.255.255.252
!
1.3配置PE-PE的路由会话
配置PE-PE的路由主要完成下列任务:
启用BGP;
关闭ipv4单播前缀的通告;
配置PE的邻居PE;
激活IPv4到邻居的通告。
Router PEA
!
router bgp 4837
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.3 remote-as 4837
neighbor 1.1.1.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.3 activate
neighbor 1.1.1.3 send-community extended
exit-address-family
!
Router PEB
!
router bgp 4837
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 4837
neighbor 1.1.1.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
exit-address-family
!
1.4配置BGP4的PE-CE的路由选择会话
Router PEA
!
router bgp 4837
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.3 remote-as 4837
neighbor 1.1.1.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.3 activate
neighbor 1.1.1.3 send-community extended
exit-address-family
!
address-family ipv4 vrf vpn-b
neighbor 172.16.5.2 remote-as 65003
neighbor 172.16.5.2 activate
no synchronization
network 172.16.5.0 mask 255.255.255.252
exit-address-family
!
address-family ipv4 vrf vpn-a
neighbor 172.16.3.2 remote-as 65001
neighbor 172.16.3.2 activate
no synchronization
network 172.16.3.0 mask 255.255.255.0
exit-address-family
Router PEB
router bgp 4837
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 4837
neighbor 1.1.1.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf vpn-b
neighbor 172.16.5.6 remote-as 65004
neighbor 172.16.5.6 activate
no synchronization
network 172.16.5.4 mask 255.255.255.252
exit-address-family
!
address-family ipv4 vrf vpn-a
neighbor 172.16.4.2 remote-as 65002
neighbor 172.16.4.2 activate
no synchronization
network 172.16.4.0 mask 255.255.255.0
exit-address-family
!
2、配置CE路由器
Router CED
!
interface Loopback0
ip address 192.168.100.1 255.255.255.0
!
interface Serial1/0
ip address 172.16.5.6 255.255.255.252
!
router bgp 65004
bgp log-neighbor-changes
neighbor 172.16.5.5 remote-as 4837
!
address-family ipv4
neighbor 172.16.5.5 activate
no auto-summary
no synchronization
network 192.168.100.0
exit-address-family
!
Router CEC
!
interface Loopback0
ip address 192.168.10.1 255.255.255.0
!
interface Serial1/1
ip address 172.16.5.2 255.255.255.252
!
router bgp 65003
bgp log-neighbor-changes
neighbor 172.16.5.1 remote-as 4837
!
address-family ipv4
neighbor 172.16.5.1 activate
no auto-summary
no synchronization
network 192.168.10.0
exit-address-family
!
Router CEA
!
interface Loopback0
ip address 10.10.0.1 255.255.0.0
!
interface Serial1/1
ip address 172.16.3.2 255.255.255.0
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 10.10.0.0 mask 255.255.0.0
neighbor 172.16.3.1 remote-as 4837
no auto-summary
!
Router CEB
!
interface Loopback0
ip address 10.20.0.1 255.255.0.0
!
interface Loopback1
ip address 10.40.0.1 255.255.0.0
!
interface Serial1/0
ip address 172.16.4.2 255.255.255.0
!
router bgp 65002
no synchronization
bgp log-neighbor-changes
network 10.20.0.0 mask 255.255.0.0
network 10.40.0.0 mask 255.255.0.0
neighbor 172.16.4.1 remote-as 4837
no auto-summary
!
结果验证:
CEA# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
B 172.16.4.0 [20/0] via 172.16.3.1, 00:06:50
C 172.16.3.0 is directly connected, Serial1/1
10.0.0.0/16 is subnetted, 3 subnets
C 10.10.0.0 is directly connected, Loopback0
B 10.20.0.0 [20/0] via 172.16.3.1, 00:06:50
B 10.40.0.0 [20/0] via 172.16.3.1, 00:06:50
CEA#
CEA#ping ip
Target IP address: 10.40.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]: 10
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.0.1, timeout is 10 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1400/2528/4192 ms
CEA#
CEC# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-
ia - IS-IS inter area, * - candidate default, U - per-user static ro
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Loopback0
172.16.0.0/30 is subnetted, 2 subnets
C 172.16.5.0 is directly connected, Serial1/1
B 172.16.5.4 [20/0] via 172.16.5.1, 00:09:20
B 192.168.100.0/24 [20/0] via 172.16.5.1, 00:09:20
CEC#
CEC#ping ip
Target IP address: 192.168.100.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]: 10
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 10 seconds:
!!!!.
Success rate is 80 percent (4/5), round-trip min/avg/max = 1256/1972/3144 ms
CEC#
Comment: |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2009-12-17 11:10:52
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 64675
