-
跨域的MPLS VXN Option C
实验目的
理解Option C工作机制。
熟练的掌握Option C的配置流程和校验方式。
实验拓扑
接口ip配置:
- R1(config)#interface e0/1
- R1(config-if)#ip address 17.17.17.1 255.255.255.0
- R1(config-if)#no shutdown
- R1(config-if)#interface e0/0
- R1(config-if)#ip address 12.12.12.1 255.255.255.0
- R1(config-if)#no shutdown
- R1(config)#interface loopback 0
- R1(config-if)#ip address 1.1.1.1 255.255.255.0
- R2(config)#interface e0/0
- R2(config-if)#ip address 12.12.12.2 255.255.255.0
- R2(config-if)#no shutdown
- R2(config-if)#interface e0/1
- R2(config-if)#ip address 23.23.23.2 255.255.255.0
- R2(config-if)#no shutdown
- R2(config)#interface loopback 0
- R2(config-if)#ip address 2.2.2.2 255.255.255.0
- R3(config)#interface e0/1
- R3(config-if)#ip address 23.23.23.3 255.255.255.0
- R3(config-if)#no shutdown
- R3(config-if)#interface e0/0
- R3(config-if)#ip address 34.34.34.3 255.255.255.0
- R3(config-if)#no shutdown
- R3(config)#interface loopback 0
- R3(config-if)#ip address 3.3.3.3 255.255.255.0
- R4(config)#interface e0/0
- R4(config-if)#ip address 34.34.34.4 255.255.255.0
- R4(config-if)#no shutdown
- R4(config-if)#interface e0/1
- R4(config-if)#ip address 45.45.45.4 255.255.255.0
- R4(config-if)#no shutdown
- R4(config)#interface loopback 0
- R4(config-if)#ip address 4.4.4.4 255.255.255.0
- R5(config)#interface e0/1
- R5(config-if)#ip address 45.45.45.5 255.255.255.0
- R5(config-if)#no shutdown
- R5(config-if)#interface e0/0
- R5(config-if)#ip address 56.56.56.5 255.255.255.0
- R5(config-if)#no shutdown
- R5(config)#interface loopback 0
- R5(config-if)#ip address 5.5.5.5 255.255.255.0
- R6(config)#interface e0/0
- R6(config-if)#ip address 56.56.56.6 255.255.255.0
- R6(config-if)#no shutdown
- R6(config-if)#interface e0/1
- R6(config-if)#ip address 68.68.68.6 255.255.255.0
- R6(config-if)#no shutdown
- R6(config)#interface loopback 0
- R6(config-if)#ip address 6.6.6.6 255.255.255.0
- R7(config)#interface e0/1
- R7(config-if)#ip address 17.17.17.7 255.255.255.0
- R7(config-if)#no shutdown
- R7(config)#interface loopback 0
- R7(config-if)#ip address 7.7.7.7 255.255.255.0
- R8(config)#interface e0/1
- R8(config-if)#ip address 68.68.68.8 255.255.255.0
- R8(config-if)#no shutdown
- R8(config)#interface loopback 0
- R8(config-if)#ip address 8.8.8.8 255.255.255.0
完成AS1内及AS2内P-NETWORK及PE、CE间协议配置
- R7(config)#router ospf 1
- R7(config-router)#router-id 7.7.7.7
- R7(config-router)#network 7.7.7.7 0.0.0.0 area 0
- R7(config-router)#network 17.17.17.7 0.0.0.0 area 0
- R8(config)#router ospf 1
- R8(config-router)#router-id 8.8.8.8
- R8(config-router)#network 8.8.8.8 0.0.0.0 area 0
- R8(config-router)#network 68.68.68.8 0.0.0.0 area 0
- R1(config)#ip vrf vpn
- R1(config-vrf)#rd 100:100
- R1(config-vrf)#route-target 100:100
- R1(config)#mpls label protocol ldp
- R1(config)#mpls label range 100 199
- R1(config)#mpls ldp router-id loopback 0
- R1(config-if)#router isis
- R1(config-router)#net 49.0001.0000.0000.0001.00
- R1(config)#interface loopback 0
- R1(config-if)#ip router isis
- R1(config)#interface e0/0
- R1(config-if)#ip router isis
- R1(config-if)#mpls ip
- R1(config-if)#interface e0/1
- R1(config-if)#ip vrf forwarding vpn
- R1(config-if)#ip address 17.17.17.1 255.255.255.0
- R1(config)#router ospf 1 vrf vpn
- R1(config-router)#router-id 1.1.1.1
- R1(config-router)#redistribute bgp 1 subnets
- R1(config-router)#network 17.17.17.1 0.0.0.0 area 0
- R1(config-router)#router bgp 1
- R1(config-router)#bgp router-id 1.1.1.1
- R1(config-router)#neighbor 2.2.2.2 remote-as 1
- R1(config-router)#neighbor 2.2.2.2 update-source loopback 0
- R1(config-router)#address-family vpnv4
- R1(config-router-af)#neighbor 2.2.2.2 activate
- R1(config-router-af)#neighbor 2.2.2.2 send-community extended
- R1(config-router)#address-family ipv4 vrf vpn
- R1(config-router-af)#redistribute ospf 1
- R2(config)#router isis
- R2(config-router)#net 49.0001.0000.0000.0002.00
- R2(config)#mpls label protocol ldp
- R2(config)#mpls label range 200 299
- R2(config)#mpls ldp router-id loopback 0
- R2(config)#interface loopback 0
- R2(config-if)#ip add 2.2.2.2 255.255.255.0
- R2(config-if)#ip router isis
- R2(config-if)#interface e0/0
- R2(config-if)#ip router isis
- R2(config-if)#mpls ip
- R2(config-if)#interface e0/1
- R2(config-if)#ip router isis
- R2(config-if)#mpls ip
- R2(config-if)#router bgp 1
- R2(config-router)#bgp router-id 2.2.2.2
- R2(config-router)#neighbor 1.1.1.1 remote-as 1
- R2(config-router)#neighbor 1.1.1.1 update-source loopback 0
- R2(config-router)#neighbor 3.3.3.3 remote-as 1
- R2(config-router)#neighbor 3.3.3.3 update-source loopback 0
- R2(config-router)#address-family vpnv4
- R2(config-router-af)#neighbor 1.1.1.1 activate
- R2(config-router-af)#neighbor 1.1.1.1 route-reflector-client
- R2(config-router-af)#neighbor 3.3.3.3 activate
- R2(config-router-af)#neighbor 3.3.3.3 route-reflector-client
- R3(config)#router isis
- R3(config-router)#net 49.0001.0000.0000.0003.00
- R3(config)#mpls label protocol ldp
- R3(config)#mpls label range 300 399
- R3(config)#mpls ldp router-id loopback 0
- R3(config)#interface e0/1
- R3(config-if)#ip router isis
- R3(config-if)#mpls ip
- R3(config)#interface loopback 0
- R3(config-if)#ip router isis
- R3(config-if)#router bgp 1
- R3(config-router)#bgp router-id 3.3.3.3
- R3(config-router)#neighbor 2.2.2.2 remote-as 1
- R3(config-router)#neighbor 2.2.2.2 update-source loopback 0
- R3(config-router)#address-family vpnv4 unicast
- R3(config-router-af)#neighbor 2.2.2.2 activate
- R4(config)#router isis
- R4(config-router)#net 49.0002.0000.0000.0004.00
- R4(config)#mpls label protocol ldp
- R4(config)#mpls label range 400 499
- R4(config)#mpls ldp router-id loopback 0
- R4(config)#interface loopback 0
- R4(config-if)#ip router isis
- R4(config-if)#interface e0/1
- R4(config-if)#ip router isis
- R4(config-if)#mpls ip
- R4(config-if)#router bgp 2
- R4(config-router)#bgp router-id 4.4.4.4
- R4(config-router)#neighbor 5.5.5.5 remote-as 2
- R4(config-router)#neighbor 5.5.5.5 update-source loopback 0
- R4(config-router)#address-family vpnv4 unicast
- R4(config-router-af)#neighbor 5.5.5.5 activate
- R5(config)#router isis
- R5(config-router)#net 49.0002.0000.0000.0005.00
- R5(config)#mpls label protocol ldp
- R5(config)#mpls label range 500 599
- R5(config)#mpls ldp router-id loopback 0
- R5(config)#interface loopback 0
- R5(config-if)#ip router isis
- R5(config-if)#interface e0/1
- R5(config-if)#ip router isis
- R5(config-if)#mpls ip
- R5(config-if)#interface e0/0
- R5(config-if)#ip router isis
- R5(config-if)#mpls ip
- R5(config-if)#router bgp 2
- R5(config-router)#bgp router-id 5.5.5.5
- R5(config-router)#neighbor 4.4.4.4 remote-as 2
- R5(config-router)#neighbor 4.4.4.4 update-source loopback 0
- R5(config-router)#neighbor 6.6.6.6 remote-as 2
- R5(config-router)#neighbor 6.6.6.6 update-source loopback 0
- R5(config-router)#address-family vpnv4 unicast
- R5(config-router-af)#neighbor 4.4.4.4 activate
- R5(config-router-af)#neighbor 4.4.4.4 route-reflector-client
- R5(config-router-af)#neighbor 6.6.6.6 activate
- R5(config-router-af)#neighbor 6.6.6.6 route-reflector-client
- R6(config)#ip vrf vpn
- R6(config-vrf)#rd 100:100
- R6(config-vrf)#route-target 100:100
- R6(config)#router isis
- R6(config-router)#net 49.0002.0000.0000.0006.00
- R6(config)#mpls label protocol ldp
- R6(config)#mpls label range 600 699
- R6(config)#mpls ldp router-id loopback 0
- R6(config)#interface loopback 0
- R6(config-if)#ip router isis
- R6(config-if)#interface e0/0
- R6(config-if)#ip router isis
- R6(config-if)#mpls ip
- R6(config-if)#interface e0/1
- R6(config-if)#ip vrf forwarding vpn
- R6(config-if)#router ospf 1 vrf vpn
- R6(config-router)#router-id 6.6.6.6
- R6(config-router)#redistribute bgp 2 subnets
- R6(config-router)#net 68.68.68.6 0.0.0.0 area 0
- R6(config-router)#router bgp 2
- R6(config-router)#bgp router-id 6.6.6.6
- R6(config-router)#neighbor 5.5.5.5 remote-as 2
- R6(config-router)#neighbor 5.5.5.5 update-source loopback 0
- R6(config-router)#address-family vpnv4
- R6(config-router-af)#neighbor 5.5.5.5 activate
- R6(config-router-af)#neighbor 5.5.5.5 send-community extended
- R6(config-router)#address-family ipv4 vrf vpn
- R6(config-router-af)#redistribute ospf 1
完成R3 R4的BGP EBGP PEER,并且发送标签信息抵达对等体。
- R3(config)#router bgp 1
- R3(config-router)#neighbor 34.34.34.4 remote-as 2
- R3(config-router)#neighbor 34.34.34.4 send-label
- R3(config-router)#neighbor 34.34.34.4 weight 1
- R4(config)#router bgp 2
- R4(config-router)#neighbor 34.34.34.3 remote-as 1
- R4(config-router)#neighbor 34.34.34.3 send-label
- R4(config-router)#neighbor 34.34.34.3 weight 1
确认BGP PEER 关系建立。
- R3#show ip bgp all summary
- For address family: IPv4 Unicast
- BGP router identifier 3.3.3.3, local AS number 1
- BGP table version is 1, main routing table version 1
- Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
- 2.2.2.2 4 1 46 43 1 0 0 00:35:12 0
- 34.34.34.4 4 2 28 27 1 0 0 00:17:55 0
- For address family: VPNv4 Unicast
- BGP router identifier 3.3.3.3, local AS number 1
- BGP table version is 1, main routing table version 1
- Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
- 2.2.2.2 4 1 46 43 1 0 0 00:35:12 0
R3 R4 将各自AS的PE和RR loopback 0网络宣告进BGP。
- R3(config)#router bgp 1
- R3(config-router)#network 1.1.1.0 mask 255.255.255.0
- R3(config-router)#network 2.2.2.0 mask 255.255.255.0
- R3(config-router)#neighbor 2.2.2.2 next-hop-self
- R4(config)#router bgp 2
- R4(config-router)#network 5.5.5.0 mask 255.255.255.0
- R4(config-router)#network 6.6.6.0 mask 255.255.255.0
- R4(config-router)#neighbor 5.5.5.5 next-hop-self
确认R3 R4 交换各自AS RR PE 路由信息。
- R3#show ip bgp all
- Network Next Hop Metric LocPrf Weight Path
- *> 1.1.1.0/24 23.23.23.2 30 32768 i
- *> 2.2.2.0/24 23.23.23.2 20 32768 i
- *> 5.5.5.0/24 34.34.34.4 20 1 2 i
- *> 6.6.6.0/24 34.34.34.4 30 1 2 i
- R4#show ip bgp all
- Network Next Hop Metric LocPrf Weight Path
- *> 1.1.1.0/24 34.34.34.3 30 1 1 i
- *> 2.2.2.0/24 34.34.34.3 20 1 1 i
- *> 5.5.5.0/24 45.45.45.5 20 32768 i
- *> 6.6.6.0/24 45.45.45.5 30 32768 i
R2 与R5 利用loopback 0口建立MP-BGP EBGP PEER,并且保障共享路由信息下一跳不变。
- R2(config)#router bgp 1
- R2(config-router)#neighbor 5.5.5.5 remote-as 2
- R2(config-router)#neighbor 5.5.5.5 update-source loopback 0
- R2(config-router)#neighbor 5.5.5.5 ebgp-multihop 255
- R2(config-router)#address-family vpnv4
- R2(config-router-af)#neighbor 5.5.5.5 activate
- R2(config-router-af)#neighbor 5.5.5.5 next-hop-unchanged
- R5(config)#router bgp 2
- R5(config-router)#neighbor 2.2.2.2 remote-as 1
- R5(config-router)#neighbor 2.2.2.2 update-source loopback 0
- R5(config-router)#neighbor 2.2.2.2 ebgp-multihop 255
- R5(config-router)#address-family vpnv4
- R5(config-router-af)#neighbor 2.2.2.2 activate
- R5(config-router-af)#neighbor 2.2.2.2 next-hop-unchanged
确认R2 R5 建立BGP PEER 关系,且交换PE C-network路由。
- R2#show ip bgp vpnv4 all summary
- Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
- 1.1.1.1 4 1 78 86 9 0 0 01:06:05 2
- 3.3.3.3 4 1 9 16 9 0 0 00:01:48 0
- 5.5.5.5 4 2 11 11 1 0 0 00:00:44 2
- R5#show ip bgp vpnv4 all summary
- Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
- 2.2.2.2 4 1 11 12 1 0 0 00:01:04 2
- 4.4.4.4 4 2 10 16 9 0 0 00:02:00 0
- 6.6.6.6 4 2 68 70 9 0 0 00:55:05 2
- R2#show ip bgp vpnv4 all
- Network Next Hop Metric LocPrf Weight Path
- Route Distinguisher: 100:100
- *>i 7.7.7.7/32 1.1.1.1 11 100 0 ?
- *> 8.8.8.8/32 6.6.6.6 0 2 ?
- *>i 17.17.17.0/24 1.1.1.1 0 100 0 ?
- *> 68.68.68.0/24 6.6.6.6 0 2 ?
- R5#show ip bgp vpnv4 all
- Network Next Hop Metric LocPrf Weight Path
- Route Distinguisher: 100:100
- *> 7.7.7.7/32 1.1.1.1 0 1 ?
- *>i 8.8.8.8/32 6.6.6.6 11 100 0 ?
- *> 17.17.17.0/24 1.1.1.1 0 1 ?
- *>i 68.68.68.0/24 6.6.6.6 0 100 0 ?
R3 R4上将学习到的对端AS PE RR 路由重分发进底层协议:
- R3(config)#access-list 56 permit 5.5.5.0 0.0.0.255
- R3(config)#access-list 56 permit 6.6.6.0 0.0.0.255
- R3(config)#route-map as2 permit 10
- R3(config-route-map)#match ip address 56
- R3(config-route-map)#router isis
- R3(config-router)#redistribute bgp 1 route-map as2
- R4(config)#access-list 12 permit 1.1.1.0 0.0.0.255
- R4(config)#access-list 12 permit 2.2.2.0 0.0.0.255
- R4(config)#route-map as1 permit 10
- R4(config-route-map)#match ip address 12
- R4(config-route-map)#router isis
- R4(config-router)#redistribute bgp 2 route-map as2
验证R7 R8 是否学习对端路由,且是否可以PING 通。
- R7#show ip route ospf
- Gateway of last resort is not set
- 8.0.0.0/32 is subnetted, 1 subnets
- O IA 8.8.8.8 [110/11] via 17.17.17.1, 00:00:41, Ethernet0/1
- 68.0.0.0/24 is subnetted, 1 subnets
- O IA 68.68.68.0 [110/11] via 17.17.17.1, 00:00:41, Ethernet0/1
如上现象表明R7 R8已经通过MPLS VPN 交换路由信息。
- R8#ping 7.7.7.7 source 8.8.8.8
- Type escape sequence to abort.
- Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
- Packet sent with a source address of 8.8.8.8
- !!!!!
- Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-
相关阅读:
麒麟信安携手河南IT联盟召开 《麒麟信安信创应用解决方案》线上分享会
Linux 中查看本机的子网掩码和网关
【大体思路】rv1126 跑通 yolov5
Android音乐播放器(三)轮播图
Python1-Pillow库简单使用
Flutter笔记:关于Flutter中的大文件上传(上)
oracle查询历史SQL记录
人类历史上第一个人工神经元模型为mp模型有何不提出
CentOS 安装MySQL 详细教程
我有 7种 实现web实时消息推送的方案,7种!
- 原文地址:https://blog.csdn.net/qq_43210022/article/details/125784248
