MPLS-VPN

Angel炳

给位老师伙伴们，有个问题想请教下，在做MPLS-VPN实验的时候私网站点之间有相互的路由，但是ping不通是怎么回事？
拓扑图是这个样子 每个 路由器的配置是，可能配置有点杂，看起来比较费劲


**************************************************************  
                                          R1
**************************************************************  
R1#show run
Building configuration...

Current configuration : 983 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
!         
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!         
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end






**************************************************************
                                                          R2
**************************************************************

R2#show run
Building configuration...

Current configuration : 1745 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
!         
ip vrf cisco
rd 234:2
route-target export 234:2
route-target import 234:4
!
!
mpls label range 200 299
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding cisco
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.23.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
router ospf 1 vrf cisco
log-adjacency-changes
no auto-cost
redistribute bgp 234 subnets
network 10.1.12.0 0.0.0.255 area 0
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.1.23.0 0.0.0.255 area 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community both
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 1 vrf cisco match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!         
!         
!         
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end




*************************************************
                                          R3
*************************************************
R3# show run  
Building configuration...

Current configuration : 1102 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
!         
!
mpls label range 300 399
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.34.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 10.1.23.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.1.34.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end




**************************************************
                                         R 4
**************************************************

R4#show run
Building configuration...

Current configuration : 1723 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
!         
ip vrf cisco
rd 234:4
route-target export 234:4
route-target import 234:2
!
!
mpls label range 400 499
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.34.4 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding cisco
ip address 10.1.45.4 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf cisco
log-adjacency-changes
no auto-cost
redistribute bgp 234 subnets
network 10.1.45.0 0.0.0.255 area 0
!
router ospf 100
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 10.1.34.0 0.0.0.255 area 0
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 234
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 1 vrf cisco match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!         
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end




**********************************************************
                                             R5
**********************************************************

R5#show run
Building configuration...

Current configuration : 983 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
!         
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.45.5 255.255.255.0
duplex auto
speed auto
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.1.45.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!         
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end







配置大概就是这样子！非常谢谢各位帮忙解决一下！

qsy112233

学会看提示
你配置的时候绝对会提示你环回口不是32位
标签转发是查看LFIB，show mpls forwardingtable
你现在的标签根本就是no label，怎么转发

vaio

看起来配置没问题啊。我随便做了一个mpls vpn，地址和你也许不一样，八九不离十。
当中有两层标签，内层是mpbgp分配的，外层是ldp分配的。完全没问题。

R1#traceroute 5.5.5.5 source lo0

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 12.1.1.2 36 msec 72 msec 76 msec
  2 23.1.1.3 [MPLS: Labels 17/20 Exp 0] 180 msec 140 msec 76 msec
  3 45.1.1.4 [MPLS: Label 20 Exp 0] 60 msec 72 msec 124 msec
  4 45.1.1.5 152 msec 84 msec 120 msec
R1#ping 5.5.5.5 so lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/124/148 ms
R1#

asd379762019

111

962456310@qq.co

PE和P设备的LDP配置呢？

qsy112233

学会看提示
你配置的时候绝对会提示你环回口不是32位
标签转发是查看LFIB，show mpls forwardingtable
你现在的标签根本就是no label，怎么转发

worm1943

R2和R4上关于vrf cisco的RD值需要一致。

gole_huang

楼上说得对，有路由ping不通就是转发层面的事，而mpls ldp router-id Loopback0这条命令要求loopback0必须是32位的。估计是因为你的R2没法运行LDP

Angel炳

worm1943 发表于 2016-5-11 23:58
R2和R4上关于vrf cisco的RD值需要一致。

RD不需要一至吧！RD值用于识别的VRF的

Angel炳

qsy112233 发表于 2016-5-11 23:53
学会看提示
你配置的时候绝对会提示你环回口不是32位
标签转发是查看LFIB，show mpls forwardingtable

好像是有提示，在R2上会提示
*Mar  1 00:01:40.111: %BGP-4-VPNV4NH_MASK: Nexthop 2.2.2.2 may not be reachable from neigbor 4.4.4.4 - not /32 mask。请问这是什么错误呀

Angel炳

qsy112233 发表于 2016-5-11 23:53
学会看提示
你配置的时候绝对会提示你环回口不是32位
标签转发是查看LFIB，show mpls forwardingtable

确实是这样提示的

Angel炳

962456310@qq.co 发表于 2016-5-11 23:50
PE和P设备的LDP配置呢？

有配置的哦

Angel炳

vaio 发表于 2016-5-11 22:34
看起来配置没问题啊。我随便做了一个mpls vpn，地址和你也许不一样，八九不离十。
当中有两层标签，内层是 ...

嗯，，谢谢，楼下估计给找出问题所在了

Angel炳

gole_huang 发表于 2016-5-12 10:11
楼上说得对，有路由ping不通就是转发层面的事，而mpls ldp router-id Loopback0这条命令要求loopback0必须 ...

搜嘎，我在看看配置，还有就是换回接口必须配置为32的mask ?

Angel炳

Angel炳 发表于 2016-5-12 15:30
搜嘎，我在看看配置，还有就是换回接口必须配置为32的mask ?

嗯，。谢谢。，就是R2上的换回接口没有把掩码配置为32的