MPLS VPN跨域C1方案 RR反射器

拓扑图如下

配置两个RR之间建立MP-EBGP邻居

R9配置

bgp 100

peer 10.10.10.10 as-number 200

peer 10.10.10.10 ebgp-max-hop 255

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family vpnv4

peer 10.10.10.10 enable

peer 10.10.10.10 next-hop-invariable

R10配置

bgp 200

peer 9.9.9.9 as-number 100

peer 9.9.9.9 ebgp-max-hop 255

peer 9.9.9.9 connect-interface LoopBack0

ipv4-family vpnv4

peer 9.9.9.9 enable

peer 9.9.9.9 next-hop-invariable

现在虽然配置了建立邻居的BGP进程，但是因为双方是没有对方的路由的，所以无法建立。

R3与R4建立EBGP邻居，各自宣告9.9.9.9与10.10.10.10

R3配置

bgp 100

peer 34.1.1.4 as-number 200

peer 34.1.1.4 enable

peer 34.1.1.4 route-policy 1 export

peer 34.1.1.4 label-route-capability

network 9.9.9.9 255.255.255.255

R4配置

bgp 200

peer 34.1.1.3 as-number 100

peer 34.1.1.3 enable

peer 34.1.1.3 route-policy 1 export

peer 34.1.1.3 label-route-capability

network 10.10.10.10 255.255.255.255

R3与R9建立邻居，R4与R10建立邻居（IBGP邻居关系）

AS 100

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

peer 3.3.3.3 label-route-capability

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

bgp 100

peer 9.9.9.9 as-number 100

peer 9.9.9.9 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

network 9.9.9.9 255.255.255.255

peer 9.9.9.9 enable

peer 9.9.9.9 route-policy 2 export

peer 9.9.9.9 label-route-capability

AS 200

R10
bgp 200

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

peer 4.4.4.4 label-route-capability

R4
bgp 200

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

network 6.6.6.6 255.255.255.255

network 10.10.10.10 255.255.255.255

peer 10.10.10.10 enable

peer 10.10.10.10 route-policy 2 export

peer 10.10.10.10 label-route-capability

配置策略路由

R3配置，应用策略已在上一步配置

route-policy 1 permit node 10

apply mpls-label

route-policy 2 permit node 10

if-match mpls-label

apply mpls-label

R4配置

route-policy 1 permit node 10

apply mpls-label

route-policy 2 permit node 10

if-match mpls-label

apply mpls-label

此时，两个RR之间的路由可达，RR之间可以正常建立MP-EGBP邻居。

下一步需要R1与R9建立MP-IBGP邻居关系，R1把VPNV4路由传给R9

R6与R10建立MP-IBGP邻居关系，R6把VPNVR路由传给R10

之后R9与R10互相传递VPNVR路由，他们就能收到了。

R1与R9，R6与R10建立MP-IBGP邻居

AS 100

R1
bgp 100

peer 9.9.9.9 as-number 100

peer 9.9.9.9 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 9.9.9.9 enable

peer 9.9.9.9 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 9.9.9.9 enable

ipv4-family vpn-instance vpn1

import-route ospf 1

R9
bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 1.1.1.1 label-route-capability#

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

AS 200

R9
bgp 100

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 10.10.10.10 enable

peer 10.10.10.10 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 10.10.10.10 enable

ipv4-family vpn-instance vpn1

import-route ospf 1

R9
bgp 100

peer 6.6.6.6 as-number 100

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

peer 1.1.1.1 reflect-client

peer 1.1.1.1 label-route-capability#

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

现在路由就可以正常传递了，但是对于两边的PE设备来说，1.1.1.1和6.6.6.6都不是可达的。所以需要在中间设备R3与R4上面分别network 1.1.1.1和 6.6.6.6.

数据配置

dis cu

[V200R003C00]

sysname R1

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn1

ipv4-family

route-distinguisher 1:1

vpn-target 1:6 export-extcommunity

vpn-target 6:1 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 49.0000.0000.0001.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn1

ip address 17.1.1.1 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/1

ip address 12.1.1.1 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

bgp 100

peer 9.9.9.9 as-number 100

peer 9.9.9.9 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 9.9.9.9 enable

peer 9.9.9.9 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 9.9.9.9 enable

ipv4-family vpn-instance vpn1

import-route ospf 1

ospf 1 vpn-instance vpn1

import-route bgp

area 0.0.0.0

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

mpls lsr-id 3.3.3.3

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 49.0000.0000.0003.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 23.1.1.3 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 34.1.1.3 255.255.255.0

mpls

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

bgp 100

peer 9.9.9.9 as-number 100

peer 9.9.9.9 connect-interface LoopBack0

peer 34.1.1.4 as-number 200

ipv4-family unicast

undo synchronization

network 1.1.1.1 255.255.255.255

network 9.0.0.0

network 9.9.9.9 255.255.255.255

peer 9.9.9.9 enable

peer 9.9.9.9 route-policy 2 export

peer 9.9.9.9 label-route-capability

peer 34.1.1.4 enable

peer 34.1.1.4 route-policy 1 export

peer 34.1.1.4 label-route-capability

route-policy 1 permit node 10

apply mpls-label

route-policy 2 permit node 10

if-match mpls-label

apply mpls-label

mpls lsr-id 9.9.9.9

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 49.0000.0000.0009.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 29.1.1.9 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 9.9.9.9 255.255.255.255

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 10.10.10.10 as-number 200

peer 10.10.10.10 ebgp-max-hop 255

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 1.1.1.1 label-route-capability

peer 3.3.3.3 enable

peer 3.3.3.3 label-route-capability

peer 10.10.10.10 enable

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 10.10.10.10 enable

peer 10.1

mpls lsr-id 4.4.4.4

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 50.0000.0000.0004.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 34.1.1.4 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 45.1.1.4 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

bgp 200

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

peer 34.1.1.3 as-number 100

ipv4-family unicast

undo synchronization

network 6.6.6.6 255.255.255.255

network 10.10.10.10 255.255.255.255

peer 10.10.10.10 enable

peer 10.10.10.10 route-policy 2 export

peer 10.10.10.10 label-route-capability

peer 34.1.1.3 enable

peer 34.1.1.3 route-policy 1 export

peer 34.1.1.3 label-route-capability

route-policy 2 permit node 10

if-match mpls-label

apply mpls-label

route-policy 1 permit node 10

apply mpls-label

ip vpn-instance vpn1

ipv4-family

route-distinguisher 6:6

vpn-target 6:1 export-extcommunity

vpn-target 1:6 import-extcommunity

mpls lsr-id 6.6.6.6

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 50.0000.0000.0006.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 56.1.1.6 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn1

ip address 68.1.1.6 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

isis enable 1

bgp 200

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 10.10.10.10 enable

peer 10.10.10.10 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 10.10.10.10 enable

ipv4-family vpn-instance vpn1

import-route ospf 1

ospf 1 vpn-instance vpn1

import-route bgp

area 0.0.0.0

R10

mpls lsr-id 10.10.10.10

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

isis 1

is-level level-2

cost-style wide

network-entity 50.0000.0000.0010.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 15.1.1.1 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 10.10.10.10 255.255.255.255

isis enable 1

interface LoopBack9

bgp 200

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

peer 9.9.9.9 as-number 100

peer 9.9.9.9 ebgp-max-hop 255

peer 9.9.9.9 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

peer 4.4.4.4 label-route-capability

peer 6.6.6.6 enable

peer 6.6.6.6 reflect-client

peer 6.6.6.6 label-route-capability

peer 9.9.9.9 enable

ipv4-family vpnv4

undo policy vpn-target

peer 6.6.6.6 enable

peer 6.6.6.6 reflect-client

peer 9.9.9.9 enable

peer 9.9.9.9 next-hop-invariable

相关阅读:
MySQL 事务的底层原理和 MVCC（二）
Hudi（1.0、2.0）简介
 mysql包select结果无法同步的问题
 2024022701-信息安全（二）——密码学
 ⭐️【实用】Mybatis入门&使用
 十年老程序员的职场教训，很受用
 ES性能优化最佳实践- 检索性能提升30倍！
基于javaweb的医院门诊查询系统（前端+后端）
leetcode876 链表的中间节点
 【雷达通信】雷达探测项目仿真附Matlab代码
原文地址：https://blog.csdn.net/weixin_45988710/article/details/133235396