MPLS ×××跨域实现之OPTION B配置讲解

推荐原创

kingtang 2009-02-27 00:51:57 ©著作权

文章标签 职场 VPN 休闲 MPLS OPTION 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者kingtang的原创作品，请联系作者获取转载授权，否则将追究法律责任

MPLS ××× OPTION B配置讲解

一般资料介绍跨域MPLS/××× OPTION_B时，采用两个AS，为加深理解，本例采用三个AS，其中中间AS300为传送AS，不启MPLS标签交换，只通过MP—EBGP传送×××V4的私网路由。实验中模拟路由器均采用Cisco 7206。

数据规划：

1、设备互联：

Router1 S1/0 <----> Router2 S1/0

Router2 F0/0 <----> Router3 F0/0

Router3 S1/1 <----> Router4 S1/1

Router4 F0/0 <----> Router5 F0/0

Router5 S1/1 <----> Router6 S1/1

2、地址规划：设备互连地址10.10.XY.X/24（R1中X=1,R1与R2互联Y=2，其余类推）。

Loopback 0 地址为：X.X.X.X/32

×××地址：

R1中Vpna：172.16.1.1/24

Vpnb: 192.168.1.1/24

R6中Vpna：172.16.2.1/24

Vpnb: 192.168.2.1/24

3、 ×××规划：在R1和R6中采用loopback 11 /loopback22模拟×××A和×××B,简化了PE—CE间配置。

×××A: RD 100:10

ROUTE-TARGET 100:10

×××B: RD 100:20

ROUTE-TARGET 100:20

4、 IGP路由协议：AS120采用OSPF，AS456采用ISIS。

配置基本思路：

1、在完成IGP等基本配置后，在所有PE设备和P设备上启用IP CEF。

2、在所有PE设备和P设备上启用MPLS IP。

3、 AS120/AS456中PE和ASBR建立BGP邻居关系。

4、 PE中创建×××，并在PE—CE间接口使能VRF FORWARDING。

5、PE中BGP IPV4 VRF 地址族中发布×××路由。

6、AS120/AS456中PE和ASBR建立BGP ×××V4邻居关系，交换×××路由信息。

7、AS120/AS456中ASBR分别和传送区域AS300中ASBR建立×××V4邻居关系，传送×××V4路由。（注意：AS300中的R3与R1或R6之间并没有IPV4的路由，在由R2和R4向R3发送×××路由时，必须把收到的R1和R6 的×××路由的下一跳强制指向自己，使用next-hop self命令，否则R3会认为该路由不可达，从而丢弃。）

8、要允许的ASBR接受所有的×××V4前缀，必须禁用缺省的ARF。可以通过在所有的×××V4 ASBR上配置no bgp default route-target filter来完成。

配置脚本如下：

R1#show run
Building configuration...

Current configuration : 1985 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
ip vrf vpna
rd 100:10
route-target export 100:10
route-target import 100:10
!
ip vrf vpnb
rd 100:20
route-target export 100:20
route-target import 100:20
!
mpls label range 100 199
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
no ip directed-broadcast
!
interface Loopback11
ip vrf forwarding vpna
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback22
ip vrf forwarding vpnb
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
ip address 10.10.12.1 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface Loopback0
network 1.1.1.1 0.0.0.0 area 0
network 10.10.12.0 0.0.0.255 area 0
!
router bgp 120
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 120
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 send-label explicit-null
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf vpnb
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vpna
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R1#

R2>en
R2#show run
Building configuration...

Current configuration : 1540 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
mpls label range 200 299
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 10.10.23.2 255.255.255.0
no ip directed-broadcast
mpls bgp forwarding
!
interface Serial1/0
ip address 10.10.12.2 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface Loopback0
network 2.2.2.2 0.0.0.0 area 0
network 10.10.12.0 0.0.0.255 area 0
!
router bgp 120
no synchronization
bgp router-id 2.2.2.2
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 120
neighbor 1.1.1.1 update-source Loopback0
neighbor 10.10.23.3 remote-as 300
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 next-hop-self
neighbor 10.10.23.3 activate
neighbor 10.10.23.3 send-community extended
exit-address-family
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R2#

R3#show run
Building configuration...

Current configuration : 1245 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
no tag-switching ip
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 10.10.23.3 255.255.255.0
no ip directed-broadcast
mpls bgp forwarding
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
ip address 10.10.34.3 255.255.255.0
no ip directed-broadcast
mpls bgp forwarding
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router bgp 300
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.10.23.2 remote-as 120
neighbor 10.10.34.4 remote-as 456
no auto-summary
!
address-family vpnv4
neighbor 10.10.23.2 activate
neighbor 10.10.23.2 send-community extended
neighbor 10.10.34.4 activate
neighbor 10.10.34.4 send-community extended
exit-address-family
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R3#

R4#show run
Building configuration...

Current configuration : 1517 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
mpls label range 400 499
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 10.10.45.4 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
ip address 10.10.34.4 255.255.255.0
no ip directed-broadcast
mpls bgp forwarding
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface Loopback0
network 4.4.4.4 0.0.0.0 area 0
network 10.10.45.0 0.0.0.255 area 0
!
router bgp 456
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 456
neighbor 6.6.6.6 update-source Loopback0
neighbor 10.10.34.3 remote-as 300
no auto-summary
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 next-hop-self
neighbor 10.10.34.3 activate
neighbor 10.10.34.3 send-community extended
exit-address-family
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R4#
R5#show run
Building configuration...

Current configuration : 1098 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
mpls label range 500 599
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 10.10.45.5 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
ip address 10.10.56.5 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface Loopback0
network 5.5.5.5 0.0.0.0 area 0
network 10.10.45.0 0.0.0.255 area 0
network 10.10.56.0 0.0.0.255 area 0
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R5#

R6#show run
Building configuration...

Current configuration : 1962 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
ip vrf vpna
rd 100:10
route-target export 100:10
route-target import 100:10
!
ip vrf vpnb
rd 100:20
route-target export 100:20
route-target import 100:20
!
mpls label range 600 699
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
no ip directed-broadcast
!
interface Loopback11
ip vrf forwarding vpna
ip address 172.16.2.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback22
ip vrf forwarding vpnb
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
ip address 10.10.56.6 255.255.255.0
no ip directed-broadcast
tag-switching ip
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface Loopback0
network 6.6.6.6 0.0.0.0 area 0
network 10.10.56.0 0.0.0.255 area 0
!
router bgp 456
no synchronization
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 456
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 send-label explicit-null
no auto-summary
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf vpnb
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vpna
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
no cns aaa enable
end

R6# show run
Building configuration...