MPLS-MCE

原创

dfsshan 2019-08-01 07:44:52 ©著作权

©著作权归作者所有：来自51CTO博客作者dfsshan的原创作品，请联系作者获取转载授权，否则将追究法律责任

配置MCE示例组网需求：某公司需要通过MPLS ×××实现总部和分支间的互通，同时需要隔离两种不同的业务。为节省开支，希望分支通过一台CE设备接入PE。如图1所示，按如下组网： CE1、CE2连接企业总部，CE1属于vpna，CE2属于vpnb MCE连接企业分支，通过CE3和CE4分别连接vpna和vpnb 要求属于相同×××的用户之间能互相访问，但不同×××的用户之间不能互相访问，从而实现不同业务间隔离。图１　配置Muti-×××-Instance CE组网图

配置思路本例配置主要思路是： 1.PE与PE间配置OSPF协议，实现PE之间的互通；配置MP-IBGP交换×××路由信息。 2.PE上配置MPLS基本能力和MPLS LDP，建立LDP LSP。 3.PE和MCE上创建不同的×××实例（vpna和vpnb），实现不同×××间的业务隔离。 4.PE1与相连的CE之间建立EBGP对等体，引入×××路由表中。 5.MCE与Site、MCE与PE2之间配置路由，引入×××路由信息。操作步骤： 1.在骨干网的PE上配置OSPF协议，实现PE之间的互通

配置PE1。

<Huawei> system-view [Huawei] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24 [PE1-GigabitEthernet3/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit PE2的配置过程与PE1类似，不再赘述（略）。完成此步配置后，PE之间应能互相学习到对方的Loopback1的地址。以PE2为例： [PE2] display ip routing-table Route Flags: R - relay, D - download to fib

Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 1 D 172.1.1.1 GigabitEthernet1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 LoopBack1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.2 GigabitEthernet1/0/0 172.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 172.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.在骨干网的PE上配置MPLS基本能力和MPLS LDP，PE之间建立LDP LSP

配置PE1。

[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] mpls [PE1-GigabitEthernet3/0/0] mpls ldp [PE1-GigabitEthernet3/0/0] quit PE2的配置过程与PE1类似，不再赘述（略）。完成此步配置后，在PE上执行命令display mpls ldp session，应能看见PE之间的MPLS LDP会话状态为“Operational”。以PE2为例： [PE2] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted.

PeerID Status LAM SsnRole SsnAge KASent/Rcv

1.1.1.9:0 Operational DU Active 0000:00:04 17/17

TOTAL: 1 session(s) Found. 3.在PE设备上配置×××实例，将CE1、CE2接入PE1，将MCE接入PE2

配置PE1。

[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] ipv4-family [PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE1-vpn-instance-vpna-af-ipv4] quit [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] ipv4-family [PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2 [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE1-vpn-instance-vpnb-af-ipv4] quit [PE1-vpn-instance-vpnb] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb [PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/0/0] quit

配置PE2。

[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] ipv4-family [PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE2-vpn-instance-vpna-af-ipv4] quit [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] ipv4-family [PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE2-vpn-instance-vpnb-af-ipv4] quit [PE2-vpn-instance-vpnb] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10 [PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpna [PE2-GigabitEthernet2/0/0.1] ip address 192.1.1.1 24 [PE2-GigabitEthernet2/0/0.1] quit [PE2] interface gigabitethernet 2/0/0.2 [PE2-GigabitEthernet2/0/0.2] dot1q termination vid 20 [PE2-GigabitEthernet2/0/0.2] ip binding vpn-instance vpnb [PE2-GigabitEthernet2/0/0.2] ip address 192.2.1.1 24 [PE2-GigabitEthernet2/0/0.2] quit

4.在MCE设备上配置×××实例，将CE3、CE4及PE2接入MCE <Huawei> system-view [Huawei] sysname MCE [MCE] ip vpn-instance vpna [MCE-vpn-instance-vpna] ipv4-family [MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 300:1 [MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [MCE-vpn-instance-vpna-af-ipv4] quit [MCE-vpn-instance-vpna] quit [MCE] ip vpn-instance vpnb [MCE-vpn-instance-vpnb] ipv4-family [MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 300:2 [MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [MCE-vpn-instance-vpnb-af-ipv4] quit [MCE-vpn-instance-vpnb] quit [MCE] interface gigabitethernet 3/0/0 [MCE-GigabitEthernet3/0/0] ip binding vpn-instance vpna [MCE-GigabitEthernet3/0/0] ip address 10.3.1.2 24 [MCE-GigabitEthernet3/0/0] quit [MCE] interface gigabitethernet 4/0/0 [MCE-GigabitEthernet4/0/0] ip binding vpn-instance vpnb [MCE-GigabitEthernet4/0/0] ip address 10.4.1.2 24 [MCE-GigabitEthernet4/0/0] quit [MCE] interface gigabitethernet 1/0/0.1 [MCE-GigabitEthernet1/0/0.1] dot1q termination vid 10 [MCE-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna [MCE-GigabitEthernet1/0/0.1] ip address 192.1.1.2 24 [MCE-GigabitEthernet1/0/0.1] quit [MCE] interface gigabitethernet 1/0/0.2 [MCE-GigabitEthernet1/0/0.2] dot1q termination vid 20 [MCE-GigabitEthernet1/0/0.2] ip binding vpn-instance vpnb [MCE-GigabitEthernet1/0/0.2] ip address 192.2.1.2 24 [MCE-GigabitEthernet1/0/0.2] quit 5.在PE之间建立MP-IBGP对等体，在PE1与CE1、CE2之间建立EBGP对等体

配置CE1。

<Huawei> system-view [Huawei] sysname CE1 [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] ipv4-family unicast [CE1-bgp-af-ipv4] import-route direct [CE1-bgp-af-ipv4] quit [CE1-bgp] quit PE1和CE2的配置与CE1类似，不再赘述（略）。完成此步配置后，在PE1上执行命令display bgp vpnv4 all peer可以看见PE1与PE2的IBGP对等体关系及PE1与CE1、CE2之间建立EBGP对等体关系均为“Established”。

[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 288 287 0 01:19:16 Established 4 Peer of IPv4-family for vpn instance : ×××-Instance vpna, router ID 1.1.1.9: 10.1.1.1 4 65410 9 11 0 00:04:14 Established 4 ×××-Instance vpnb, router ID 1.1.1.9: 10.2.1.1 4 65420 9 12 0 00:04:09 Established 3 6. 在PE2和MCE之间配置OSPF多实例

配置PE2。

[PE2] ospf 100 vpn-instance vpna [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.0] quit [PE2-ospf-100] import-route bgp [PE2-ospf-100] quit [PE2] ospf 200 vpn-instance vpnb [PE2-ospf-200] area 0 [PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255 [PE2-ospf-200-area-0.0.0.0] quit [PE2-ospf-200] import-route bgp [PE2-ospf-200] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route ospf 100 [PE2-bgp-vpna] quit [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-vpnb] import-route ospf 200 [PE2-bgp-vpnb] quit [PE2-bgp] quit

配置MCE。

[MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] area 0 [MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [MCE-ospf-100-area-0.0.0.0] quit [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] area 0 [MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255 [MCE-ospf-200-area-0.0.0.0] quit [MCE-ospf-200] quit 7.在MCE和CE3、CE4之间配置RIP-2

配置MCE。

[MCE] rip 100 vpn-instance vpna [MCE-rip-100] version 2 [MCE-rip-100] network 10.0.0.0 [MCE-rip-100] import-route ospf 100 [MCE-rip-100] quit [MCE] rip 200 vpn-instance vpnb [MCE-rip-200] version 2 [MCE-rip-200] network 10.0.0.0 [MCE-rip-200] import-route ospf 200 [MCE-rip-200] quit

配置CE3。

<Huawei> system-view [Huawei] sysname CE3 [CE3] rip 100 [CE3-rip-100] version 2 [CE3-rip-100] network 10.0.0.0 [CE3-rip-100] import-route direct

配置CE4。

<Huawei> system-view [Huawei] sysname CE4 [CE4] rip 200 [CE4-rip-200] version 2 [CE4-rip-200] network 10.0.0.0 [CE4-rip-200] import-route direct

8.在MCE上配置不进行环路检查，并引入RIP路由 [MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] vpn-instance-capability simple [MCE-ospf-100] import-route rip 100 [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] vpn-instance-capability simple [MCE-ospf-200] import-route rip 200 [MCE-ospf-200] quit

9.检查配置结果完成上述配置后，在MCE设备上执行命令display ip routing-table vpn-instance命令，可以看到去往对端CE的路由。以vpna为例： [MCE] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib

Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 O_ASE 150 1 D 192.1.1.1 GigabitEthernet1/0/0.1 10.3.1.0/24 Direct 0 0 D 10.3.1.2 GigabitEthernet3/0/0 10.3.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 10.3.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 192.1.1.0/24 Direct 0 0 D 192.1.1.2 GigabitEthernet1/0/0.1 192.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0.1 192.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0.1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在PE上执行display ip routing-table vpn-instance命令，可以看到去往对端CE的路由。以PE1上的vpna为例： [PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib

Routing Tables: vpna Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.3.1.0/24 IBGP 255 2 RD 2.2.2.9 GigabitEthernet3/0/0 192.1.1.0/24 IBGP 255 0 RD 2.2.2.9 GigabitEthernet3/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CE1、CE3之间可以互通，CE2、CE4之间可以互通。以CE1为例： [CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=125 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=125 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=125 ms Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=125 ms Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=125 ms --- 10.3.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 125/125/125 ms CE1不能与CE2和CE4互通，CE3也不能与CE2和CE4互通。以CE1上ping CE4的显示为例。 [CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out

--- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss