例图:
要求:
①R1和R5为同一个公司的区域,R6和R7为同一个公司的区域,公司的各个区域之间互相能访问,但是公司和公司不能互相访问
②R1与R5使用静态
③R6使用RIP,R7使用OSPF
思路:
需要先在R2-R3-R4内部运行IBGP协议,然后在IBGP协议的基础上再去运行BGP协议,并通过MPLS技术进行IBGP对等体的建邻与数据传输。
为了保证和区分不同公司做到跨越公网发送的信息需要使用MPLS-VPN协议簇技术,首先需要使用VRF虚拟空间技术将PE受到的来自不同CE的信息进行划分,然后再通过RD来区分信息来自于哪个CE,通过ML-BGP跨越公网到达对端的PE,此时需要使用RT来区分到达的区域,此时PE1的出RT需要和PE2的入RT相同,然后再将信息发送到对应的虚拟VRF区域
而为了做到直连,协议,静态在MPLS中进行导入,需要使用双向重发布技术
配置:
①R2-R3-R4配置并运行OSPF
//配置公网部分,并允许OSPF
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip address 23.0.0.1 30
[r2-GigabitEthernet0/0/1]int l 0
[r2-LoopBack0]ip address 2.2.2.2 24
[r2-LoopBack0]q
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.255
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 23.0.0.2 30
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.0.0.1 30
[r3-GigabitEthernet0/0/1]int l 0
[r3-LoopBack0]ip address 3.3.3.3 24
[r3-LoopBack0]q
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 34.0.0.2 30
[r4-GigabitEthernet0/0/0]int l 0
[r4-LoopBack0]ip address 4.4.4.4 24
[r4-LoopBack0]q
[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
#检查,查看R2的ospf路由信息
[r2]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 3
OSPF routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.3.3/32 OSPF 10 1 D 23.0.0.2 GigabitEthernet
0/0/1
4.4.4.4/32 OSPF 10 2 D 23.0.0.2 GigabitEthernet
0/0/1
34.0.0.0/30 OSPF 10 2 D 23.0.0.2 GigabitEthernet
0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
②运行BGP和MPLS LDP协议
//运行BGP协议
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[r2-bgp]peer 4.4.4.4 next-hop-local
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]peer 2.2.2.2 next-hop-local
//检查BGP的peer表
[r2]display bgp peer
BGP local router ID : 2.2.2.2
Local AS number : 1
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 1 2 3 0 00:00:48 Established 0
//R2-R3-R4运行MPLS协议
[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]q
[r2]mpls ldp
[r2-mpls-ldp]q
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp
[r3]mpls lsr-id 3.3.3.3
[r3]mpl
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]q
[r3]mpls
[r3]mpls ld
[r3]mpls ldp
[r3-mpls-ldp]q
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]q
[r4-mpls]mpls ldp
[r4-mpls-ldp]q
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
[r4-GigabitEthernet0/0/0]q
//检查MPLS LDP的邻居表
[r2]display mpls ldp peer
LDP Peer Information in Public network
A '*' before a peer means the peer is being deleted.
------------------------------------------------------------------------------
PeerID TransportAddress DiscoverySource
------------------------------------------------------------------------------
3.3.3.3:0 3.3.3.3 GigabitEthernet0/0/1
------------------------------------------------------------------------------
TOTAL: 1 Peer(s) Found.
③配置虚拟VRF
//R1的虚拟空间lxb --- RD为1:5,出RT为1:5,入RT为5:1
[r2]ip vpn-instance lxb
[r2-vpn-instance-lxb]route-distinguisher 1:5
[r2-vpn-instance-lxb-af-ipv4]vpn-target 1:5 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-lxb-af-ipv4]vpn-target 5:1 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
//R6的虚拟空间lsp --- RD为6:7,出RT为6:7,入RT为7:6
[r2]ip vpn-instance lsp
[r2-vpn-instance-lsp]route-distinguisher 6:7
[r2-vpn-instance-lsp-af-ipv4]vpn-target 6:7 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-lsp-af-ipv4]vpn-target 7:6 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
//R5的虚拟空间lxb --- RD为5:1,出RT为5:1,入RT为1:5
[r4]ip vpn-instance lxb
[r4-vpn-instance-lxb]route-distinguisher 5:1
[r4-vpn-instance-lxb-af-ipv4]vpn-target 5:1 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-lxb-af-ipv4]vpn-target 1:5 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
//R7的虚拟空间xsb --- RD为7:6,出RT为7:6,入RT为6:7
[r4]ip vpn-instance xsb
[r4-vpn-instance-xsb]route-distinguisher 7:6
[r4-vpn-instance-xsb-af-ipv4]vpn-target 7:6 export-extcommunity
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-xsb-af-ipv4]vpn-target 6:7 import-extcommunity
IVT Assignment result:
Info: VPN-Target assignment is successful.
④接口绑定(将物理端口绑定到虚拟空间内)
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance lxb
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip address 192.168.12.2 30
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip binding vpn-instance lsp
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/2]ip address 192.168.26.2 30
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance lxb
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip address 192.168.45.1 30
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance xsb
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/2]ip address 192.168.47.1 30
⑤配置R6与R7的协议
//R6的配置
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip address 192.168.26.1 30
[r6-GigabitEthernet0/0/0]int l 0
[r6-LoopBack0]ip address 192.168.6.1 24
[r6]rip 1
[r6-rip-1]version 2
[r6-rip-1]network 192.168.6.0
[r6-rip-1]network 192.168.26.0
//R2上虚拟RIP的配置
[r2]rip 1 vpn-instance lsp
[r2-rip-1]v 2
[r2-rip-1]network 192.168.26.0
//刷新R2的虚拟RIP表
[r2-rip-1]display ip routing-table vpn-instance lsp protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
lsp routing table : RIP
Destinations : 1 Routes : 1
RIP routing table status : <Active>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.6.0/24 RIP 100 1 D 192.168.26.1 GigabitEthernet
0/0/2
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
//R4的虚拟OSPF配置
[r4]ospf 2 vpn-instance xsb router-id 4.4.4.4
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.47.0 0.0.0.255
//R7上对应的配置
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip address 192.168.47.2 30
[r7-GigabitEthernet0/0/0]q
[r7]int l 0
[r7-LoopBack0]ip address 192.168.7.1 24
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]ne
[r7-ospf-1-area-0.0.0.0]network 192.168.47.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.7.0 0.0.0.255
//此时去R4上打开虚拟的ospf表
[r4]display ip routing-table vpn-instance xsb protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
xsb routing table : OSPF
Destinations : 1 Routes : 1
OSPF routing table status : <Active>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.7.1/32 OSPF 10 1 D 192.168.47.2 GigabitEthernet
0/0/2
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
⑥配置MP-BGP(R6与R7)
//R2上配置IPV4-family
[r2]bgp 1
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable
//VRF lsp的BGP内重发布RIP
[r2-bgp]ipv4-family vpn-instance lsp
[r2-bgp-lsp]import-route rip 1
//RIP重发布BGP
[r2]rip 1 vpn-instance lsp
[r2-rip-1]import-route bgp
//R4上配置IPV4-family
[r4]bgp 1
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
[r4-bgp-af-vpnv4]q
//VRF xsb的BGP内重发步OSPF
[r4-bgp]ipv4-family vpn-instance xsb
[r4-bgp-xsb]import-route ospf 2
//OSPF重发布BGP
[r4]ospf 2 vpn-instance xsb
[r4-ospf-2]import-route bgp
//测试
<r6>ping -a 192.168.6.1 192.168.7.1
PING 192.168.7.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.7.1: bytes=56 Sequence=1 ttl=252 time=40 ms
Reply from 192.168.7.1: bytes=56 Sequence=2 ttl=252 time=30 ms
Reply from 192.168.7.1: bytes=56 Sequence=3 ttl=252 time=30 ms
Reply from 192.168.7.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 192.168.7.1: bytes=56 Sequence=5 ttl=252 time=30 ms
--- 192.168.7.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/34/40 ms
<r7>ping -a 192.168.7.1 192.168.6.1
PING 192.168.6.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.6.1: bytes=56 Sequence=1 ttl=252 time=60 ms
Reply from 192.168.6.1: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from 192.168.6.1: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 192.168.6.1: bytes=56 Sequence=4 ttl=252 time=50 ms
Reply from 192.168.6.1: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 192.168.6.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
⑦配置R1与R5的直连
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip ad
[r1-GigabitEthernet0/0/0]ip address 192.168.12.1 30
[r1]int l 0
[r1-LoopBack0]ip address 192.168.1.1 24
//R1上写入到达R5的静态
[r1]ip route-static 192.168.5.0 24 192.168.12.2
[r1]ip route-static 192.168.45.0 24 192.168.12.2
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance lxb
[r2-bgp-lxb]import-route direct
[r2-bgp-lxb]import-route static
//R2写下到达R1的静态
[r2]ip route-static vpn-instance lxb 192.168.1.0 24 192.168.12.1
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance lxb
[r4-bgp-lxb]import-route direct
[r4-bgp-lxb]import-route static
//R4写下R4到达R5的静态
[r4]ip route-static vpn-instance lxb 192.168.5.0 24 192.168.45.2
[r5]interface g0/0/0
[r5-GigabitEthernet0/0/0]ip address 192.168.45.2 30
[r5-GigabitEthernet0/0/0]int l 0
[r5-LoopBack0]ip address 192.168.5.1 24
//R1上写入到达R5的静态
[r5]ip route-static 192.168.1.0 24 192.168.45.1
[r5]ip route-static 192.168.12.0 24 192.168.45.1
//测试
[r2]ping -vpn-instance lxb 192.168.5.1
PING 192.168.5.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.5.1: bytes=56 Sequence=2 ttl=253 time=80 ms
Reply from 192.168.5.1: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 192.168.5.1: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 192.168.5.1: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 192.168.5.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 30/42/80 ms
[r4]ping -vpn-instance lxb 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=253 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=253 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=253 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=253 time=40 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/38/40 ms
[r1]ping -a 192.168.1.1 192.168.5.1
PING 192.168.5.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.5.1: bytes=56 Sequence=1 ttl=252 time=130 ms
Reply from 192.168.5.1: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from 192.168.5.1: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 192.168.5.1: bytes=56 Sequence=4 ttl=252 time=30 ms
Reply from 192.168.5.1: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 192.168.5.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/58/130 ms
[r5]ping -a 192.168.5.1 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=252 time=50 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=252 time=50 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=252 time=50 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/50 ms
文章评论