域间MPLS ×××解决方案OPTION-C集成INTERNET访问
组网拓扑如下:
共有8台路由器,其中所有设备均为Cisco 3640,IOS12.4(10)。
CE-R6模拟CE与PE-R1之间运行EBGP协议;
VRR-R2为AS123中×××V4路由反射器,并与AS456中VRR-R5通过loopback 0建立多跳MP-EBGP邻居;
ASBR-R3为AS123的ASBR,除需与VRR-R2建立×××V4邻居外,还必须与AS456内的ASBR-R4建立IPV4的邻居,并将VRR-R2和ASBR-R3的loopback 0接口地址传递到AS456,使得两台VRR之间的loopback 0 IPV4可达。值得注意的是,在两台ASBR间互相传递lo0前缀时必须通过route-map给这些接口地址配置并发送标签。
AS456的路由器功能与AS123相同,不赘述。
配置思路:
1、 所有设备接口地址和LOOPBACK地址。
2、 AS123和AS456域内IGP协议(建议使用OSPF或ISIS)。
3、 AS123和AS456域内MPLS LDP。
4、 AS123与AS456域中PE设备配置×××实例即VRF,并赋予RD和RT值。
5、 域内×××V4的VRR部署。
6、 CE-PE间EBGP部署,在PE-SW1上启用loopback1模拟×××A路由。
7、 两台ASBR间通过直连接口建立IPV4邻居,并使用route-map去设置label,并互相send-label。
8、 建立两台VRR之间MP-EBGP间多跳邻居。
MPLS ×××配置完成,至此在CE-R6上应该可以ping通SW1-PE的loopback1。
ACCESS INTERNET
配置思路:
1、 CE-R6上只存在从PE-R1学习到的×××路由,也就是PE-SW1的loopback1地址,想要访问internet,就必须要有路由,否则在本地由于没有路由,所有流量都会被丢弃。
2、 既然CE没有路由,就需要靠近internet(或者具有internet访问权)的PE路由器下发路由,此时就存在一个路由泄漏的问题。在SW1-PE上需要将×××路由泄漏到全局路有空间当中。具体配置命令为:ip route vrf vpna 0.0.0.0 0.0.0.0 76.76.76.7 f0/0 global,同时将这条路由在BGP IPV4 VRF ×××A地址簇中下发给远端PE-R1,在由PE-R1传递给CE-R6,此时在CE-R6上应当看到一条缺省路由,指向PE-R的VRF接口。
3、 NAT配置应当在SW1-PE上进行,首先需要对所有CE路由条目进行access-list匹配以作为NAT的源地址,同时指定运行LDP的接口为IP NAT INSIDE,连接INTERNET的接口为OUTSIDE,并配置ip nat source list 1 interface f0/0 vrf ×××A overload即可。
4、 验证此时在CE-R6上使用lo 0的ip 192.168.100.1可以PING 通 Internet路由器SW2的loopback0 222.80.1.1/24,在SW1-PE上使用show ip nat translation可以看到NAT转发表项。
整个配置如下:
R1-PE#sh run
Building configuration...
Current configuration : 2222 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-PE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf vpna
rd 100:1
route-target export 100:100
route-target import 100:100
!
mpls label range 100 199
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip vrf forwarding vpna
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 12.12.12.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 12.12.12.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip vrf forwarding vpna
ip address 16.16.16.1 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 16.16.16.6 116 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
passive-interface Loopback0
network 1.1.1.0 0.0.0.255 area 0
network 12.12.12.0 0.0.0.255 area 0
!
router bgp 123
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback0
neighbor 16.16.16.6 remote-as 4809
!
address-family ipv4
no neighbor 2.2.2.2 activate
no neighbor 16.16.16.6 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf vpna
redistribute connected
neighbor 16.16.16.6 remote-as 4809
neighbor 16.16.16.6 activate
no synchronization
exit-address-family
!
no ip http server
!
!
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
R1-PE#
VRR-R2#sh run
Building configuration...
Current configuration : 2308 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VRR-R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 200 299
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 12.12.12.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 12.12.12.1 201 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 23.23.23.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 23.23.23.3 213 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
passive-interface Loopback0
network 2.2.2.0 0.0.0.255 area 0
network 12.12.12.0 0.0.0.255 area 0
network 23.23.23.0 0.0.0.255 area 0
!
router bgp 123
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 123
neighbor 1.1.1.1 update-source Loopback0
neighbor 3.3.3.3 remote-as 123
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 456
neighbor 5.5.5.5 ebgp-multihop 5
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
no neighbor 1.1.1.1 activate
no neighbor 3.3.3.3 activate
no neighbor 5.5.5.5 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 route-reflector-client
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 route-reflector-client
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
ip http server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
VRR-R2#
ASBR-R3#sh run
Building configuration...
Current configuration : 2361 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASBR-R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 300 399
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 34.34.34.3 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 34.34.34.4 304 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 23.23.23.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 23.23.23.2 312 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
redistribute bgp 123 subnets
passive-interface Loopback0
network 3.3.3.0 0.0.0.255 area 0
network 23.23.23.0 0.0.0.255 area 0
!
router bgp 123
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback0
neighbor 34.34.34.4 remote-as 456
!
address-family ipv4
redistribute ospf 100 match internal route-map to_as456
no neighbor 2.2.2.2 activate
neighbor 34.34.34.4 activate
neighbor 34.34.34.4 next-hop-self
neighbor 34.34.34.4 route-map set-label out
neighbor 34.34.34.4 send-label
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 next-hop-self
exit-address-family
!
no ip http server
!
!
!
!
ip prefix-list 1 seq 5 permit 2.2.2.2/32
ip prefix-list 1 seq 10 permit 3.3.3.3/32
!
route-map set-label permit 10
match ip address prefix-list 1
set mpls-label
!
route-map to_as456 permit 10
match ip address prefix-list 1
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
ASBR-R3#
ASBR-R4#sh run
Building configuration...
Current configuration : 2285 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASBR-R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 400 499
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 34.34.34.4 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 34.34.34.3 403 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 45.45.45.4 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 45.45.45.5 415 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
redistribute bgp 456 subnets
passive-interface Loopback0
network 4.4.4.0 0.0.0.255 area 0
network 45.45.45.0 0.0.0.255 area 0
!
router bgp 456
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 456
neighbor 5.5.5.5 update-source Loopback0
neighbor 34.34.34.3 remote-as 123
!
address-family ipv4
no neighbor 5.5.5.5 activate
neighbor 34.34.34.3 activate
neighbor 34.34.34.3 next-hop-self
neighbor 34.34.34.3 route-map set-label out
neighbor 34.34.34.3 send-label
no auto-summary
no synchronization
network 4.4.4.4 mask 255.255.255.255
network 5.5.5.5 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 next-hop-self
exit-address-family
!
ip http server
!
!
!
!
ip prefix-list 1 seq 5 permit 4.4.4.4/32
ip prefix-list 1 seq 10 permit 5.5.5.5/32
!
route-map set-label permit 10
match ip address prefix-list 1
set mpls-label
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
ASBR-R4#
R5-VRR#sh run
Building configuration...
Current configuration : 2175 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5-VRR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 500 599
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 56.56.56.5 255.255.255.0
speed 100
full-duplex
mpls ip
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 45.45.45.5 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
serial restart-delay 0
frame-relay map ip 45.45.45.4 514 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
passive-interface Loopback0
network 5.5.5.0 0.0.0.255 area 0
network 45.45.45.0 0.0.0.255 area 0
network 56.56.56.0 0.0.0.255 area 0
!
router bgp 456
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 ebgp-multihop 5
neighbor 2.2.2.2 update-source Loopback0
neighbor 4.4.4.4 remote-as 456
neighbor 4.4.4.4 update-source Loopback0
neighbor 6.6.6.6 remote-as 456
neighbor 6.6.6.6 update-source Loopback0
!
address-family ipv4
no neighbor 2.2.2.2 activate
no neighbor 4.4.4.4 activate
no neighbor 6.6.6.6 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 route-reflector-client
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-reflector-client
exit-address-family
!
ip http server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
R5-VRR#
CE-R6#show run
Building configuration...
Current configuration : 1239 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE-R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip cef
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 16.16.16.6 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 16.16.16.1 611 broadcast
no frame-relay inverse-arp
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
interface ATM3/0
no ip address
shutdown
no atm ilmi-keepalive
!
router bgp 4809
no synchronization
bgp log-neighbor-changes
network 192.168.100.0
neighbor 16.16.16.1 remote-as 123
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
!
!
end
CE-R6#
SW1#show run
Building configuration...
Current configuration : 2447 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf vpna
rd 100:1
route-target export 100:100
route-target import 100:100
!
mpls label range 600 699
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip vrf forwarding vpna
ip address 192.168.6.1 255.255.255.0
!
interface Loopback10
ip address 218.1.1.1 255.255.255.128
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
no switchport
ip address 56.56.56.6 255.255.255.0
ip nat inside
ip virtual-reassembly
mpls ip
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
no switchport
ip address 76.76.76.6 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
interface Vlan1
no ip address
!
router ospf 100
log-adjacency-changes
passive-interface Loopback0
network 6.6.6.0 0.0.0.255 area 0
network 56.56.56.0 0.0.0.255 area 0
!
router bgp 456
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 456
neighbor 5.5.5.5 update-source Loopback0
neighbor 76.76.76.7 remote-as 4134
!
address-family ipv4
no neighbor 5.5.5.5 activate
neighbor 76.76.76.7 activate
no auto-summary
no synchronization
network 218.1.1.0 mask 255.255.255.128
exit-address-family
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf vpna
redistribute connected
no synchronization
network 0.0.0.0
exit-address-family
!
ip http server
ip route vrf vpna 0.0.0.0 0.0.0.0 76.76.76.7 global
!
!
ip nat pool test 218.1.1.1 218.1.1.100 prefix-length 25
ip nat inside source list 1 pool test vrf vpna overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
SW1#
Ineternet#show run
Building configuration...
Current configuration : 1115 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ineternet
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 222.80.1.1 255.255.255.0
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
no switchport
ip address 76.76.76.7 255.255.255.0
speed 100
!
interface Vlan1
no ip address
!
router bgp 4134
no synchronization
bgp log-neighbor-changes
network 222.80.1.0
neighbor 76.76.76.6 remote-as 456
no auto-summary
!
ip http server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
Ineternet#
