一、MPLS V3PN跨域OptionB
1.配置思路
1)基础配置(IGP,PE与ASBR-PE建立BGP-vpnv4邻居)
2)在PE创建vpn实例,配置RT、RD绑定接口,配置双向重分布
3)在公网起MPLS LDP
4)在ASBR-PE之间建立BGP-VPNv4邻居关系(关闭RT识别&通告内部的CE路由)
2.配置
②======接着建立PE-ASBR的vpnv4的邻居关系===========
[R1]bgp 1
[R1-bgp]undo default ipv4-unicast
[R1-bgp]peer 3.3.3.3 as-number 1
[R1-bgp]peer 3.3.3.3 connect-interface LoopBack 1
[R1-bgp]ipv4-family vpnv4 unicast
[R1-bgp-af-vpnv4]peer 3.3.3.3 enable
[R3]bgp 1
[R3-bgp]undo default ipv4-unicast
[R3-bgp]peer 1.1.1.1 as-number 1
[R3-bgp]peer 1.1.1.1 connect-interface lo1
[R3-bgp]ipv4-family vpnv4 unicast
[R3-bgp-af-vpnv4]peer 1.1.1.1 enable
(右边的ISP同理)
③============创建vpn实例(RT、RD绑定进接口)========
[R1]ip vpn-instance A
[R1-vpn-instance-A]route-distinguisher 1:1
[R1-vpn-instance-A-af-ipv4]vpn-target 1:1
[R1-vpn-instance-A-af-ipv4]int g0/0/0
[R1-GigabitEthernet0/0/0]ip binding vpn-instance A
[R1-GigabitEthernet0/0/0]ip add 1.1.17.1 24
[R1]ip vpn-instance B
[R1-vpn-instance-B]route-distinguisher 2:2
[R1-vpn-instance-B-af-ipv4]vpn-target 2:2
[R1-vpn-instance-B-af-ipv4]int g0/0/1
[R1-GigabitEthernet0/0/1]ip binding vpn-instance B
[R1-GigabitEthernet0/0/1]ip add 1.1.18.1 24
(右边PE同理)
④=====再PE和CE之间创建路由可达,实现CE与PE互通=======
(IGP(双向重分布),EBGP)
左边(OSPF-重分布)
[R1-ospf-2-area-0.0.0.0]int g0/0/0
[R1-GigabitEthernet0/0/0]ospf enable 2 area 0
[R1]ospf 2 vpn-instance A
[R1-ospf-2]area 0
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ospf enable 3 area 0
[R1]ospf 3 vpn-instance B
[R1-ospf-3]area 0
[R7]int g0/0/0
[R7-GigabitEthernet0/0/0]ospf enable 2 area 0
[R7]int lo1
[R7-LoopBack1]ospf enable 2 area 0
[R7-ospf-2]area 0
[R8]int g0/0/0
[R8-GigabitEthernet0/0/0]ospf enable 3 area 0
[R8]int g0/0/1
[R8-GigabitEthernet0/0/1]ospf enable 3 area 0
[R8]ospf 3
[R8-ospf-3]area 0
重分布:
[R1]bgp 1
[R1-bgp]ipv4-family vpn-instance A
[R1-bgp-A]import-route ospf 2
[R1-bgp]ipv4-family vpn-instance B
[R1-bgp-B]import-route ospf 3
[R1]ospf 2 vpn-instance A
[R1-ospf-2]import-route bgp
[R1]ospf 3 vpn-instance B
[R1-ospf-3]import-route bgp
右边(EBGP)
[R6]bgp 2
[R6-bgp]ipv4-family vpn-instance A
[R6-bgp-A]peer 1.1.69.9 as-number 9
[R6-bgp]ipv4-family vpn-instance B
[R6-bgp-B]peer 1.1.106.10 as-number 10
[R9]bgp 9
[R9-bgp]peer 1.1.69.6 as-number 2
[R9-bgp]network 9.9.9.9 32
[R9-bgp]network 1.1.69.0 24
[R10]bgp 10
[R10-bgp]peer 1.1.106.6 as-number 2
[R10-bgp]network 1.1.106.0 24
[R10-bgp]network 10.10.10.10 32
⑤===============在ISP环境中启用MPLS LDP===========
⑥=======再ASBR上互相建立EBGPvpnv4邻居关系==========
[R3-bgp] ipv4-family vpnv4
[R3-bgp-af-vpnv4]undo policy vpn-target-------关闭RT的识别接收传送过来的CE
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 1.1.34.3 24
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 1.1.34.4 24
[R3]bgp 1
[R3-bgp]undo default ipv4-unicast
[R3-bgp]peer 1.1.34.4 as-number 2
[R3-bgp]ipv4-family vpnv4 unicast
[R3-bgp-af-vpnv4]peer 1.1.34.4 enable
[R4]bgp 2
[R4-bgp]undo default ipv4-unicast
[R4-bgp]peer 1.1.34.3 as-number 1
[R4-bgp]ipv4-family vpnv4 unicast
[R4-bgp-af-vpnv4]peer 1.1.34.3 enable
虽然有路由信息但仍然无法ping通(查看PE无对端CE的路由信息)
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]mpls
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]mpls ---------------开启是为了传递路由信息
若没有开启mpls功能,则无法识别带有vpnv4标签的路由信息若没有开启mpls功能,则无法识别带有vpnv4标签的路由信息
3.数据包转发分析
标签分发流程
①首先CE1传送IPv4路由给PE1,转为VPNv4路由打上vpn标签发送给ASBR-PE1,下一跳为PE1
②ASBR-PE1接着将VPNv4的路由转发给ASBR-PE2,下一跳为ASBR-PE1
③ASBR-PE2将VPNv4路由转给PE2,下一跳为ASBR-PE2
④P1,ASBR-PE1指向下一跳为PE1为此分配MPLS LDP,P2,PE2指向下一跳为ASBR-PE2为此分配MPLS LDP
抓包分析
