0x01 描述
MPLS VPN在运营商中有规模的部署,主要为企业提供点到点的传输专线,相比较于传统的专线接入,MPLSVPN提供灵活的接入方式,一点接入全网通点。
0x02 拓扑
本次实验模拟ISP提供2条MPLS VPN服务,R1-R6为VPN1,R2-R7为VPN2,CE和PE之间通过BGP互联。最终实现从R1可以PING通R6,R2可以Ping通R7。
0x03 配置
- 按网络拓扑配置CE、PE和P的各接口地址
(略)
- 在MPLS骨干网上配置IGP,本示例中使用OSPF
(略)
- 在MPLS骨干网上配置MPLS基本能力和LDP
配置完成后,检查LDP对等体建立情况:
| #PE2 |
| <PE1>dis mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ----------------------------------------------------------------- PeerID Status LAM SsnRole SsnAge KASent/Rcv ----------------------------------------------------------------- 4.4.4.4:0 Operational DU Passive 0000:03:56 947/947 ----------------------------------------------------------------- TOTAL: 1 session(s) Found. |
4.在PE1、PE2之间建立IBGP和VPNv4领居关系
| #PE1 |
| bgp 100 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.5 enable |
| #PE2 |
| bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable |
5.在PE1、PE2配置Ip VPN实例
| #PE1 |
| ip vpn-instance vpn1 ipv4-family route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # ip vpn-instance vpn2 ipv4-family route-distinguisher 300:1 vpn-target 300:1 export-extcommunity vpn-target 300:1 import-extcommunity |
| #PE2 |
| ip vpn-instance vpn1 ipv4-family route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # ip vpn-instance vpn2 ipv4-family route-distinguisher 300:1 vpn-target 300:1 export-extcommunity vpn-target 300:1 import-extcommunity # |
6.在PE1、PE2配置Ip VPN实例关联与CE互联的接口
| #PE1 |
| interface GigabitEthernet0/0/0 ip binding vpn-instance vpn1 ip address 192.168.13.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip binding vpn-instance vpn2 ip address 192.168.23.3 255.255.255.0 |
| #PE2 |
| interface GigabitEthernet0/0/0 ip binding vpn-instance vpn1 ip address 192.168.56.5 255.255.255.0 # interface GigabitEthernet0/0/1 ip binding vpn-instance vpn2 ip address 192.168.57.5 255.255.255.0 |
7.在PE1、PE2配置与CE的EBGP互联
| #PE1 |
| bgp 100 ipv4-family vpn-instance vpn1 peer 192.168.13.1 as-number 200 # ipv4-family vpn-instance vpn2 peer 192.168.23.2 as-number 300 |
| #PE2 |
| bgp 100 ipv4-family vpn-instance vpn1 peer 192.168.56.6 as-number 600 # ipv4-family vpn-instance vpn2 peer 192.168.57.7 as-number 700 |
8.在CE上配置与PE的EBGP互联,CE的EBGP配置基本相同,以VPN1的CE1为例:
| CE1 |
| bgp 200 peer 192.168.13.3 as-number 100 # ipv4-family unicast undo synchronization network 1.1.1.1 255.255.255.255 network 192.168.13.0 peer 192.168.13.3 enable |
8.在PE上检查VPNv4路由与MBGP领居关系
| #PE1 |
| <PE1>dis bgp vpnv4 all peer BGP local router ID : 192.168.13.3 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 5.5.5.5 4 100 255 259 0 04:04:13 Established 4 Peer of IPv4-family for vpn instance : VPN-Instance vpn1, Router ID 192.168.13.3: 192.168.13.1 4 200 163 164 0 02:39:56 Established 2 VPN-Instance vpn2, Router ID 192.168.13.3: 192.168.23.2 4 300 242 244 0 03:58:38 Established 2 |
9.在CE上检查路由表,可以看到CE1己经通过VPN学到R6的loopback口地址。
| #CE1 |
| <VPN1_CE1>dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------ Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 6.6.6.6/32 EBGP 255 0 D 192.168.13.3 GigabitEthernet0/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.13.0/24 Direct 0 0 D 192.168.13.1 GigabitEthernet0/0/0 192.168.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0 192.168.56.0/24 EBGP 255 0 D 192.168.13.3 GigabitEthernet0/0/0 2 |
10.在CE上PING测试连通性。
| #CE1 |
| <VPN1_CE1>ping 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=253 time=130 ms Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=253 time=110 ms Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=253 time=120 ms Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=253 time=90 ms文章来源:https://www.toymoban.com/news/detail-812864.html Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=253 time=130 ms文章来源地址https://www.toymoban.com/news/detail-812864.html |
到了这里,关于MPLS-IP_VPN的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
