-
MPLS虚拟专用网--跨域OptionC方案
OptionC方案
前面介绍的两种方式都能够满足跨域VPN的组网需求,但这两种方式也都需要ASBR参与VPN-IPv4路由的维护和发布。当每个AS都有大量的VPN路由需要交换时,ASBR就很可能阻碍网络进一步的扩展。
解决上述问题的方案是:ASBR不维护或发布VPN-IPv4路由,PE之间直接交换VPN-IPv4路由。
ASBR通过MP-IBGP向各自AS内的PE设备发布标签IPv4路由,并将到达本AS内PE的标签IPv4路由通告给它在对端AS的ASBR对等体,过渡AS中的ASBR也通告带标签的IPv4路由。这样,在入口PE和出口PE之间建立一条LSP;
不同AS的PE之间建立Multihop方式的EBGP连接,交换VPN-IPv4路由;
ASBR上不保存VPN-IPv4路由,相互之间也不通告VPN-IPv4路由。
如图为跨域VPN-OptionC的组网图,其中,VPN LSP表示私网隧道,LSP表示公网隧道。BGP LSP主要作用是两个PE之间相互交换Loopback信息,由两部分组成,例如图中从PE1到PE3方向建立BGP LSP1,PE3到PE1方向建立BGP LSP2。
为提高可扩展性,可以在每个AS中指定一个路由反射器RR,由RR保存所有VPN-IPv4路由,与本AS内的PE交换VPN-IPv4路由信息。两个AS的RR之间建立MP-EBGP连接,通告VPN-IPv4路由。跨域OptionC路由发布
跨域VPN-OptionC关键实现是公网跨域隧道的建立。例如在CE1中有一条10.1.1.1/24的路由信息,其发布流程如图9所示。D表示目的地址,NH表示下一跳,L3表示所携带的私网标签,L9、L10表示BGP LSP的标签。
跨域OptionC报文转发
L3表示私网标签,L10和L9表示BGP LSP的标签,Lx和Ly表示域内公网外层隧道标签。
报文从PE3向PE1转发时,需要在PE3上打上三层标签,分别为VPN路由的标签、BGP LSP的标签和公网LSP的标签。到ASBR2时,只剩下两层标签,分别是VPN的路由标签和BGP LSP的标签;进入ASBR1后,BGP LSP终结,之后就是普通的MPLS VPN的转发流程。跨域VPN-OptionC的特点
VPN路由在入口PE和出口PE之间直接交换,不需要中间设备的保存和转发。
VPN的路由信息只出现在PE设备上,而P和ASBR只负责报文的转发,使得中间域的设备可以不支持MPLS VPN业务,只需支持MPLS转发,ASBR设备不再成为性能瓶颈。因此跨域VPN-OptionC更适合在跨越多个AS时使用。
更适合支持MPLS VPN的负载分担。
缺点是维护一条端到端的PE连接管理代价较大。跨域OptionC方案实验配置
配置步骤
1.IP地址配置。
[Huawei]sy AR1_CE1 [AR1_CE1]interface GigabitEthernet 0/0/0 [AR1_CE1-GigabitEthernet0/0/0]ip address 10.0.12.1 24 [AR1_CE1-GigabitEthernet0/0/0]qui [AR1_CE1]interface LoopBack 0 [AR1_CE1-LoopBack0]ip address 192.168.1.1 24 [AR1_CE1-LoopBack0]q [AR1_CE1] <Huawei>system-view [Huawei]sysname AR2_PE1 [AR2_PE1]interface g0/0/0 [AR2_PE1-GigabitEthernet0/0/0]ip address 10.0.12.2 24 [AR2_PE1-GigabitEthernet0/0/0]q [AR2_PE1]interface GigabitEthernet 0/0/1 [AR2_PE1-GigabitEthernet0/0/1]ip address 10.0.23.2 24 [AR2_PE1-GigabitEthernet0/0/1]qui [AR2_PE1]interface LoopBack 0 [AR2_PE1-LoopBack0]ip address 10.0.2.2 32 [AR2_PE1-LoopBack0]q [AR2_PE1] [Huawei]sysname AR3_P1 [AR3_P1]interface GigabitEthernet 0/0/1 [AR3_P1-GigabitEthernet0/0/1]ip address 10.0.23.3 24 [AR3_P1-GigabitEthernet0/0/1]q [AR3_P1-GigabitEthernet0/0/1]qui [AR3_P1]interface LoopBack 0 [AR3_P1-LoopBack0]ip address 10.0.3.3 32 [AR3_P1-LoopBack0]q [AR3_P1]interface GigabitEthernet 0/0/2 [AR3_P1-GigabitEthernet0/0/2]ip address 10.0.34.3 24 [AR3_P1-GigabitEthernet0/0/2]qui [AR3_P1] <Huawei>system-view [Huawei]sysname AR4_ASBR1 [AR4_ASBR1]interface LoopBack 0 [AR4_ASBR1-LoopBack0]ip address 10.0.4.4 32 [AR4_ASBR1-LoopBack0]qui [AR4_ASBR1]interface GigabitEthernet 0/0/2 [AR4_ASBR1-GigabitEthernet0/0/2]ip address 10.0.34.4 24 [AR4_ASBR1-GigabitEthernet0/0/2]qui [AR4_ASBR1]interface GigabitEthernet 0/0/0 [AR4_ASBR1-GigabitEthernet0/0/0]ip address 10.0.45.4 24 [AR4_ASBR1-GigabitEthernet0/0/0]qui [AR4_ASBR1] <AR5_ASBR2>system-view [AR5_ASBR1]sysname AR5_ASBR2 [AR5_ASBR2]interface LoopBack 0 [AR5_ASBR2-LoopBack0]ip address 10.0.5.5 32 [AR5_ASBR2-LoopBack0]qui [AR5_ASBR2]interface GigabitEthernet 0/0/0 [AR5_ASBR2-GigabitEthernet0/0/0]ip address 10.0.45.5 24 [AR5_ASBR2-GigabitEthernet0/0/0]qui [AR5_ASBR2]interface GigabitEthernet 0/0/1 [AR5_ASBR2-GigabitEthernet0/0/1]ip address 10.0.56.5 24 [AR5_ASBR2-GigabitEthernet0/0/1]qui [AR5_ASBR2] <AR6_P2>system-view [Huawei]sysname AR6_P2 [AR6_P2]interface LoopBack 0 [AR6_P2-LoopBack0]ip address 10.0.6.6 32 [AR6_P2-LoopBack0]qui [AR6_P2]interface GigabitEthernet 0/0/1 [AR6_P2-GigabitEthernet0/0/1]ip address 10.0.56.6 24 [AR6_P2-GigabitEthernet0/0/1]qui [AR6_P2]interface GigabitEthernet 0/0/0 [AR6_P2-GigabitEthernet0/0/0]ip address 10.0.67.6 24 [AR6_P2-GigabitEthernet0/0/0]qui [AR6_P2] <AR7_PE2>system-view [Huawei]sysname AR7_PE2 [AR7_PE2]interface LoopBack 0 [AR7_PE2-LoopBack0]ip address 10.0.7.7 32 [AR7_PE2-LoopBack0]qui [AR7_PE2]interface GigabitEthernet 0/0/0 [AR7_PE2-GigabitEthernet0/0/0]ip address 10.0.67.7 24 [AR7_PE2-GigabitEthernet0/0/0]qui [AR7_PE2]interface GigabitEthernet 0/0/1 [AR7_PE2-GigabitEthernet0/0/1]ip address 10.0.78.7 24 [AR7_PE2-GigabitEthernet0/0/1]qui [AR7_PE2] <Huawei>system-view [Huawei]sysname AR8_CE2. [AR8_CE2]interface LoopBack 0 [AR8_CE2-LoopBack0]ip address 192.168.2.1 24 [AR8_CE2-LoopBack0]qui [AR8_CE2]interface GigabitEthernet 0/0/1 [AR8_CE2-GigabitEthernet0/0/1]ip address 10.0.78.8 24 [AR8_CE2-GigabitEthernet0/0/1]qui [AR8_CE2]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
2.配置各AS内路由互通。
[AR2_PE1]ospf 1 router-id 2.2.2.2 [AR2_PE1-ospf-1]area 0 [AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0 [AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0 [AR2_PE1-ospf-1-area-0.0.0.0]quit [AR2_PE1-ospf-1]quit [AR2_PE1] [AR3_P1]ospf 1 router-id 3.3.3.3 [AR3_P1-ospf-1]area 0 [AR3_P1-ospf-1-area-0.0.0.0]network 10.0.23.3 0.0.0.0 [AR3_P1-ospf-1-area-0.0.0.0]network 10.0.34.3 0.0.0.0 [AR3_P1-ospf-1-area-0.0.0.0]network 10.0.3.3 0.0.0.0 [AR3_P1-ospf-1-area-0.0.0.0]quit [AR3_P1-ospf-1]quit [AR3_P1] [AR4_ASBR1]ospf 1 router-id 4.4.4.4 [AR4_ASBR1-ospf-1]area 0 [AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0 [AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.34.4 0.0.0.0 [AR4_ASBR1-ospf-1-area-0.0.0.0]qui [AR4_ASBR1-ospf-1]quit [AR4_ASBR1] =========================================================== [AR5_ASBR2]ospf 2 router-id 5.5.5.5 [AR5_ASBR2-ospf-2]area 0 [AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.56.5 0.0.0.0 [AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.5.5 0.0.0.0 [AR5_ASBR2-ospf-2-area-0.0.0.0]quit [AR5_ASBR2-ospf-2]quit [AR5_ASBR2] [AR6_P2]ospf 2 router-id 6.6.6.6 [AR6_P2-ospf-2]area 0 [AR6_P2-ospf-2-area-0.0.0.0]network 10.0.56.6 0.0.0.0 [AR6_P2-ospf-2-area-0.0.0.0]network 10.0.67.6 0.0.0.0 [AR6_P2-ospf-2-area-0.0.0.0]network 10.0.6.6 0.0.0.0 [AR6_P2-ospf-2-area-0.0.0.0]quit [AR6_P2-ospf-2]quit [AR6_P2] [AR7_PE2]ospf 2 router-id 7.7.7.7 [AR7_PE2-ospf-2]area 0 [AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.67.7 0.0.0.0 [AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.7.7 0.0.0.0 [AR7_PE2-ospf-2-area-0.0.0.0]quit [AR7_PE2-ospf-2]quit [AR7_PE2]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
3.配置各AS的公网标签分配协议MPLS LDP。
[AR2_PE1]mpls lsr-id 10.0.2.2 [AR2_PE1]mpls [AR2_PE1-mpls]mpls ldp [AR2_PE1-mpls-ldp]qui [AR2_PE1]interface GigabitEthernet 0/0/1 [AR2_PE1-GigabitEthernet0/0/1]mpls [AR2_PE1-GigabitEthernet0/0/1]mpls ldp [AR2_PE1-GigabitEthernet0/0/1]qui [AR2_PE1] [AR3_P1]mpls lsr-id 10.0.3.3 [AR3_P1]mpls [AR3_P1-mpls]mpls ldp [AR3_P1-mpls-ldp]qui [AR3_P1]interface GigabitEthernet 0/0/1 [AR3_P1-GigabitEthernet0/0/1]mpls [AR3_P1-GigabitEthernet0/0/1]mpls ldp [AR3_P1-GigabitEthernet0/0/1]quit [AR3_P1]interface GigabitEthernet 0/0/2 [AR3_P1-GigabitEthernet0/0/2]mpls [AR3_P1-GigabitEthernet0/0/2]mpls ldp [AR3_P1-GigabitEthernet0/0/2]quit [AR3_P1] [AR3_P1] [AR4_ASBR1]mpls lsr-id 10.0.4.4 [AR4_ASBR1]mpls [AR4_ASBR1-mpls]mpls ldp [AR4_ASBR1-mpls-ldp]quit [AR4_ASBR1]interface GigabitEthernet 0/0/2 [AR4_ASBR1-GigabitEthernet0/0/2]mpls [AR4_ASBR1-GigabitEthernet0/0/2]mpls ldp [AR4_ASBR1-GigabitEthernet0/0/2]quit [AR4_ASBR1] ===================================================== [AR5_ASBR2]mpls lsr-id 10.0.5.5 [AR5_ASBR2]mpls [AR5_ASBR2-mpls]mpls ldp [AR5_ASBR2-mpls-ldp]quit [AR5_ASBR2]interface GigabitEthernet 0/0/1 [AR5_ASBR2-GigabitEthernet0/0/1]mpls [AR5_ASBR2-GigabitEthernet0/0/1]mpls ldp [AR5_ASBR2-GigabitEthernet0/0/1]quit [AR5_ASBR2] [AR6_P2]mpls lsr-id 10.0.6.6 [AR6_P2]mpls [AR6_P2-mpls]mpls ldp [AR6_P2-mpls-ldp]quit [AR6_P2]interface GigabitEthernet 0/0/1 [AR6_P2-GigabitEthernet0/0/1]mpls [AR6_P2-GigabitEthernet0/0/1]mpls ldp [AR6_P2-GigabitEthernet0/0/1]quit [AR6_P2]interface GigabitEthernet 0/0/0 [AR6_P2-GigabitEthernet0/0/0]mpls [AR6_P2-GigabitEthernet0/0/0]mpls ldp [AR6_P2-GigabitEthernet0/0/0]quit [AR6_P2] [AR7_PE2]mpls lsr-id 10.0.7.7 [AR7_PE2]mpls [AR7_PE2-mpls]mpls ldp [AR7_PE2-mpls-ldp]quit [AR7_PE2]interface GigabitEthernet 0/0/0 [AR7_PE2-GigabitEthernet0/0/0]mpls [AR7_PE2-GigabitEthernet0/0/0]mpls ldp [AR7_PE2-GigabitEthernet0/0/0]quit [AR7_PE2]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
4.各AS内建立IBGP邻居关系传递路由信息。
[AR2_PE1]bgp 100 [AR2_PE1-bgp]router-id 2.2.2.2 [AR2_PE1-bgp]peer 10.0.4.4 as-number 100 [AR2_PE1-bgp]peer 10.0.4.4 connect-interface LoopBack 0 [AR2_PE1-bgp]qui [AR2_PE1] [AR4_ASBR1]bgp 100 [AR4_ASBR1-bgp]router-id 4.4.4.4 [AR4_ASBR1-bgp]peer 10.0.2.2 as-number 100 [AR4_ASBR1-bgp]peer 10.0.45.5 as-number 200 [AR4_ASBR1-bgp]quit [AR4_ASBR1] ============================================================== [AR5_ASBR2]bgp 200 [AR5_ASBR2-bgp]router-id 5.5.5.5 [AR5_ASBR2-bgp]peer 10.0.45.4 as-number 100 [AR5_ASBR2-bgp]peer 10.0.7.7 as-number 200 [AR5_ASBR2-bgp]peer 10.0.7.7 connect-interface LoopBack 0 [AR5_ASBR2-bgp- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
-
相关阅读:
OLED12864(SSD1306)驱动代码
docker的资源限制参数设置错误,导致的clickhouse性能瓶颈
计算机网络-物理层
赛轮集团SAILUN方程式赛车轮胎震撼登场,开启新篇章
【Vue】vue2上传Excel表格到后台 实战教程(接上一篇下载Excel模板表格到本地)
彻底解决SimpleDateFormat的线程不安全问题
【一篇就够】一些http知识的小总结
Facebook 惊现网络钓鱼浪潮,每周攻击 10 万个账户
java面试八股文2023完整版详解110题附带答案
「微服务」这10道Consul面试题值得一看
- 原文地址:https://blog.csdn.net/m0_62017216/article/details/133467022
