bgp跨域解决方案 跨域mpls_网络

 MPLS VPN Option C1技术总结

1.IPv4 BGP路由 默认不会针对IPv4路由分发标签

2.特性:Send-label 专门针对IPv4 BGP的 特性

3.RR关闭VPNv4 RT Filter

4.RR之间建立EBGP邻居开启next-hop-unchanged

5.通知PE环回口IPV4 BGP 路由的时候send-label 携带IPV4 BGP 标签

6.ASBR之间互联链路接口需要启用MPLS

基础配置:

[AR1]int loopback 0
[AR1-Loopback0]ip add 1.1.1.1 32
[AR1]int g0/0/0 
[AR1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[AR1]int g0/0/1 
[AR1-GigabitRthernet0/0/1]ip add 13.1.1.1 24
[AR1]mpls lsr-id 1.1.1.1
[AR1]mpls
[AR1-mpls]mpls ldp
[AR1]int g0/0/1
[AR1-GigabitRthernet0/0/1]mpls
[AR1-GigabitRthernet0/0/1]mpls ldp
[AR1]isis 15
[AR1-isis-15]network-entity 49.1357.0000.0000.0001.00
[AR1-isis-15]log-peer-chenge topology
[AR1-isis-15]is-levenl levenl-2
[AR1-isis-15]cost-style wide
[AR1]int loopback 0
[AR1-Loopback0]isis enable 15
[AR1-Loopback0]int g0/0/1
[AR1-GigabitRthernet0/0/1]isis enable 15
[AR2]int loopback 0
[AR2-Loopback0]ip add 2.2.2.2 32
[AR2]int g0/0/1 
[AR2-GigabitEthernet0/0/1]ip add 12.1.1.2 24
[AR2]int g0/0/0 
[AR2-GigabitRthernet0/0/0]ip add 24.1.1.2 24
[AR2]mpls lsr-id 2.2.2.2
[AR2]mpls
[AR2-mpls]mpls ldp
[AR2]int g0/0/0
[AR2-GigabitRthernet0/0/0]mpls
[AR2-GigabitRthernet0/0/0]mpls ldp
[AR2]ospf 10 router-id 2.2.2.2
[AR2-ospf-10]area 0
[AR2-ospf-10-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[AR2-ospf-10-area-0.0.0.0]network 24.1.1.2 0.0.0.0
[AR3]int loopback 0
[AR3-Loopback0]ip add 3.3.3.3 32
[AR3]int g0/0/0 
[AR3-GigabitEthernet0/0/0]ip add 13.1.1.3 24
[AR3]int g0/0/1 
[AR3-GigabitRthernet0/0/1]ip add 35.1.1.3 24
[AR3]int g0/0/2 
[AR3-GigabitRthernet0/0/2]ip add 37.1.1.3 24
[AR3]mpls lsr-id 3.3.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]mpls 
[AR3-GigabitEthernet0/0/0]mpls ldp
[AR3]int g0/0/1
[AR3-GigabitEthernet0/0/1]mpls 
[AR3-GigabitEthernet0/0/1]mpls ldp
[AR3]int g0/0/2
[AR3-GigabitEthernet0/0/2]mpls 
[AR3-GigabitEthernet0/0/2]mpls ldp
[AR3]isis 15
[AR3-isis-15]network-entity 49.1357.0000.0000.0003.00
[AR3-isis-15]log-peer-chenge topology
[AR3-isis-15]is-levenl levenl-2
[AR3-isis-15]cost-style wide
[AR3]int loopback 0
[AR3-Loopback0]isis enable 15
[AR3-Loopback0]int g0/0/0
[AR3-GigabitRthernet0/0/0]isis enable 15
[AR3-GigabitRthernet0/0/0]int g0/0/1
[AR3-GigabitRthernet0/0/1]isis enable 15
[AR3-GigabitRthernet0/0/1]int g0/0/2
[AR3-GigabitRthernet0/0/2]isis enable 15
[AR4]int loopback 0
[AR4-Loopback0]ip add 4.4.4.4 32
[AR4]int g0/0/1 
[AR4-GigabitEthernet0/0/1]ip add 24.1.1.4 24
[AR4]int g0/0/0 
[AR4-GigabitRthernet0/0/0]ip add 46.1.1.4 24
[AR4]int g0/0/2 
[AR4-GigabitRthernet0/0/2]ip add 48.1.1.4 24
[AR4]mpls lsr-id 4.4.4.4
[AR4]mpls
[AR4-mpls]mpls ldp
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]mpls 
[AR4-GigabitEthernet0/0/0]mpls ldp
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]mpls 
[AR4-GigabitEthernet0/0/1]mpls ldp
[AR4]int g0/0/2
[AR4-GigabitEthernet0/0/2]mpls 
[AR4-GigabitEthernet0/0/2]mpls ldp
[AR4]ospf 10 router-id 4.4.4.4
[AR4-ospf-10]area 0
[AR4-ospf-10-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[AR4-ospf-10-area-0.0.0.0]network 24.1.1.4 0.0.0.0
[AR4-ospf-10-area-0.0.0.0]network 46.1.1.4 0.0.0.0
[AR4-ospf-10-area-0.0.0.0]network 48.1.1.4 0.0.0.0
[AR5]int loopback 0
[AR5-Loopback0]ip add 5.5.5.5 32
[AR5]int g0/0/0 
[AR5-GigabitEthernet0/0/0]ip add 35.1.1.5 24
[AR5]mpls lsr-id 5.5.5.5
[AR5]mpls
[AR5-mpls]mpls ldp
[AR5]int g0/0/0
[AR5-GigabitRthernet0/0/0]mpls
[AR5-GigabitRthernet0/0/0]mpls ldp
[AR5]isis 15
[AR5-isis-15]network-entity 49.1357.0000.0000.0005.00
[AR5-isis-15]log-peer-chenge topology
[AR5-isis-15]is-levenl levenl-2
[AR5-isis-15]cost-style wide
[AR5]int loopback 0
[AR5-Loopback0]isis enable 15
[AR5-Loopback0]int g0/0/1
[AR5-GigabitRthernet0/0/1]isis enable 15
[AR6]int loopback 0
[AR6-Loopback0]ip add 6.6.6.6 32
[AR6]int g0/0/0 
[AR6-GigabitEthernet0/0/0]ip add 46.1.1.6 24
[AR6]mpls lsr-id 6.6.6.6
[AR6]mpls
[AR6-mpls]mpls ldp
[AR6]int g0/0/1
[AR6-GigabitRthernet0/0/1]mpls
[AR6-GigabitRthernet0/0/1]mpls ldp
[AR6]ospf 10 router-id 6.6.6.6
[AR6-ospf-10]area 0
[AR6-ospf-10-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[AR6-ospf-10-area-0.0.0.0]network 46.1.1.6 0.0.0.0
[AR7]int loopback 0
[AR7-Loopback0]ip add 7.7.7.7 32
[AR7]int g0/0/2 
[AR7-GigabitEthernet0/0/0]ip add 37.1.1.7 24
[AR7]mpls lsr-id 7.7.7.7
[AR7]mpls
[AR7-mpls]mpls ldp
[AR7]int g0/0/2
[AR7-GigabitRthernet0/0/2]mpls
[AR7-GigabitRthernet0/0/2]mpls ldp
[AR7]isis 15
[AR7-isis-15]network-entity 49.1357.0000.0000.0007.00
[AR7-isis-15]log-peer-chenge topology
[AR7-isis-15]is-levenl levenl-2
[AR7-isis-15]cost-style wide
[AR7]int loopback 0
[AR7-Loopback0]isis enable 15
[AR7-Loopback0]int g0/0/2
[AR7-GigabitRthernet0/0/2]isis enable 15
[AR8]int loopback 0
[AR8-Loopback0]ip add 8.8.8.8 32
[AR8]int g0/0/2 
[AR8-GigabitEthernet0/0/0]ip add 48.1.1.8 24
[AR8]mpls lsr-id 8.8.8.8
[AR8]mpls
[AR8-mpls]mpls ldp
[AR8]int g0/0/2
[AR8-GigabitRthernet0/0/2]mpls
[AR8-GigabitRthernet0/0/2]mpls ldp
[AR8]ospf 10 router-id 8.8.8.8
[AR8-ospf-10]area 0
[AR8-ospf-10-area-0.0.0.0]network 8.8.8.8 0.0.0.0
[AR8-ospf-10-area-0.0.0.0]network 48.1.1.8 0.0.0.0
[AR9]int loopback 0
[AR9-Loopback0]ip add 192.168.9.9 32
[AR9]int g0/0/0 
[AR9-GigabitEthernet0/0/0]ip add 192.168.59.9 24
[AR10]int loopback 0
[AR10-Loopback0]ip add 172.16.10.10 32
[AR10]int g0/0/1 
[AR10-GigabitEthernet0/0/1]ip add 172.16.106.10 24

先配置R7和R8

[AR7]bgp 200
[AR7-bgp]router-id 7.7.7.7
[AR7-bgp]undo default ipv4-unicast
[AR7-bgp]peer 1.1.1.1 as-number 200
[AR7-bgp]peer 1.1.1.1 connect-interface loopback 0
[AR7-bgp]peer 5.5.5.5 as-number 200
[AR7-bgp]peer 5.5.5.5 connect-interface loopback 0
[AR7-bgp]peer 8.8.8.8 as-number 100
[AR7-bgp]peer 8.8.8.8 connect-interface loopback 0
[AR7-bgp]peer 8.8.8.8 ebgp-max-hop      ##开启EBGP多跳
[AR7-bgp]IPv4 unicast
[AR7-bgp-af-ipv4]peer 1.1.1.1 enable
[AR7-bgp-af-ipv4]peer 1.1.1.1 reflect-client  ##指定你为反射器的客户端
[AR7-bgp-af-ipv4]peer 1.1.1.1 label-route-capableility  ##开启发送标签的功能
[AR7-bgp-af-ipv4]peer 5.5.5.5 enable
[AR7-bgp-af-ipv4]peer 5.5.5.5 reflect-client ##指定你为反射器的客户端 
[AR7-bgp-af-ipv4]peer 5.5.5.5 label-route-capableility  ##开启发送标签的功能

[AR7-bgp]ipv4-family vpnv4 unicast
[AR7-bgp-af-vpnv4]peer 5.5.5.5 enable
[AR7-bgp-af-vpnv4]peer 5.5.5.5 refalect-client
[AR7-bgp-af-vpnv4]peer 5.5.5.5 next-hop-invariable
[AR7-bgp-af-vpnv4]peer 8.8.8.8 enable
[AR7-bgp-af-vpnv4]peer 8.8.8.8 next-hop-invariable
[AR7-bgp-af-vpnv4]undo policy vpn-target  ##进程中关闭VPNv4的RT过滤器
[AR8]bgp 100
[AR8-bgp]router-id 8.8.8.8
[AR8-bgp]undo default ipv4-unicast
[AR8-bgp]peer 2.2.2.2 as-number 100
[AR8-bgp]peer 2.2.2.2 connect-interface loopback 0
[AR8-bgp]peer 6.6.6.6 as-number 100
[AR8-bgp]peer 6.6.6.6 connect-interface loopback 0
[AR8-bgp]peer 7.7.7.7 as-number 200
[AR8-bgp]peer 7.7.7.7 connect-interface loopback 0
[AR8-bgp]peer 7.7.7.7 ebgp-max-hop      ##开启EBGP多跳

[AR8-bgp]IPv4-family unicast
[AR8-bgp-af-ipv4]peer 2.2.2.2 enable
[AR8-bgp-af-ipv4]peer 2.2.2.2 reflect-client  ##指定你为反射器的客户端
[AR8-bgp-af-ipv4]peer 2.2.2.2 label-route-capableility  ##开启发送标签的功能
[AR8-bgp-af-ipv4]peer 6.6.6.6 enable
[AR8-bgp-af-ipv4]peer 6.6.6.6 reflect-client ##指定你为反射器的客户端 
[AR8-bgp-af-ipv4]peer 6.6.6.6 label-route-capableility  ##开启发送标签的功能

[AR8-bgp]ipv4-family vpnv4 unicast
[AR8-bgp-af-vpnv4]peer 6.6.6.6 enable
[AR8-bgp-af-vpnv4]peer 6.6.6.6 refalect-client
[AR8-bgp-af-vpnv4]peer 6.6.6.6 next-hop-invariable
[AR8-bgp-af-vpnv4]peer 7.7.7.7 enable
[AR8-bgp-af-vpnv4]peer 7.7.7.7 next-hop-invariable
[AR8-bgp-af-vpnv4]undo policy vpn-target  ##进程中关闭VPNv4的RT过滤器

IPv4 R6和R5先做,然后R1和R2在做 。R1和R2比较特殊

[R5]ip vpn-instance A-SH
[R5-vpn-instance-A-SH]route-distingguisher 10:10
[R5-vpn-instance-A-SH-af-ipv4]vpn-target 10:10 both
[R5]interface GigabitEthernet 0/0/1
[R5-GigabitEthernet0/0/1]ip binding vpn-instance A-SH
[R5-GigabitEthernet0/0/1]ip add 192.168.59.5 24
[R5]bgp 200
[R5-bgp]router-id 5.5.5.5
[R5-bgp]undo default ipv4-unicast
[R5-bgp]ipv4-family vpnv4-instance A-SH
[R5-bgp-A-SH]peer 192.168.59.5 as-number 9
[R5-bgp]peer 7.7.7.7 as-number 200
[R5-bgp]peer 7.7.7.7 connect-interface loopback 0
[R5-bgp]ipv4-family vpnv4 unicast
[R5-bgp-af-vpnv4]peer 7.7.7.7 enable
[R5-bgp]ipv4-famliy unicast
[R5-bgp-af-ipv4]peer 7.7.7.7 enable
[R5-bgp-af-ipv4]peer 7.7.7.7 lebel-route-capability  ##添加发送标签的能力
[R6]ip vpn-instance A-BJ
[R6-vpn-instance-A-SH]route-distingguisher 10:10
[R6-vpn-instance-A-SH-af-ipv4]vpn-target 10:10 both
[R6]interface GigabitEthernet 0/0/0
[R6-GigabitEthernet0/0/0]ip binding vpn-instance A-BJ
[R6-GigabitEthernet0/0/0]ip add 176.16.106.6 24
[R6]bgp 100
[R6-bgp]router-id 6.6.6.6
[R6-bgp]undo default ipv4-unicast
[R6-bgp]ipv4-family vpnv4-instance A-BJ
[R6-bgp-A-SH]peer 172.16.106.10 as-number 10
[R6-bgp]peer 8.8.8.8 as-number 100
[R6-bgp]peer 8.8.8.8 connect-interface loopback 0
[R6-bgp]ipv4-family vpnv4 unicast
[R6-bgp-af-vpnv4]peer 8.8.8.8 enable             ##激活邻接关系
[R6-bgp]ipv4-famliy unicast
[R6-bgp-af-ipv4]peer 8.8.8.8 enable
[R6-bgp-af-ipv4]peer 8.8.8.8 lebel-route-capability  ##添加发送标签的能力

配置CE端

[AR9]bgp 9
[AR9-bgp]router-id 9.9.9.9
[AR9-bgp]undo default ipv4-unicast
[AR9-bgp]peer 192.168.59.5 as-number 200   ##跟R5建立邻居
[AR9-bgp]ipv4-family unicast
[AR9-bgp-af-ipv4]peer 192.168.59.5 enable
[AR9-bgp-af-ipv4]import-route direct         ##重分发直连
[AR10]bgp 10
[AR10-bgp]router-id 10.10.10.10
[AR10-bgp]undo default ipv4-unicast
[AR10-bgp]peer 172.16.106.6 as-number 200   ##跟R6建立邻居
[AR10-bgp]ipv4-family unicast
[AR10-bgp-af-ipv4]peer 172.16.106.6 enable
[AR10-bgp-af-ipv4]import-route direct         ##重分发直连

搞定R1和R2,R1和R2先跟R7和R8建立邻居

[AR1]bgp 200
[AR1-bgp]router-id 1.1.1.1
[AR1-bgp]undo default ipv4-unicast
[AR1-bgp]peer 12.1.1.2 as-number 100   ##跟R2建立邻居
[AR1-bgp]peer 7.7.7.7 as-number 200    ##跟R7建立邻居
[AR1-bgp]peer 7.7.7.7 connect-interface Loopback 0
[AR1-bgp]ipv4-family unicast
[AR1-bgp-af-ipv4]peer 7.7.7.7 enable
[AR1-bgp-af-ipv4]peer 7.7.7.7 label-route-capabilit
[AR1-bgp-af-ipv4]peer 7.7.7.7 next-hop-local
[AR1-bgp-af-ipv4]peer 12.1.1.2 enable
[AR1-bgp-af-ipv4]peer 12.1.1.2 label-route-capabilit
[AR2]bgp 100
[AR2-bgp]router-id 2.2.2.2
[AR2-bgp]undo default ipv4-unicast
[AR2-bgp]peer 12.1.1.1 as-number 200   ##跟R1建立邻居
[AR2-bgp]peer 8.8.8.8 as-number 100    ##跟R8建立邻居
[AR2-bgp]peer 8.8.8.8 connect-interface Loopback 0
[AR2-bgp]ipv4-family unicast
[AR2-bgp-af-ipv4]peer 8.8.8.8 enable
[AR2-bgp-af-ipv4]peer 8.8.8.8 label-route-capabilit
[AR2-bgp-af-ipv4]peer 8.8.8.8 next-hop-local
[AR2-bgp-af-ipv4]peer 12.1.1.1 enable
[AR2-bgp-af-ipv4]peer 12.1.1.1 label-route-capabilit

测试一下邻居有没有建立

<AR3>display isis peer
<AR3>display mpls ldp peer

<AR4>display ospf peer brief
<AR4>display mpls ldp peer

这边华为有一个问题,R1和R2互连接口启用MPLS。双方建立好邻居,但是路由是传递不过去的。华为存在一个限制,R1和R2 之间建立的是一个IPv4基于标签的这样一个邻接关系,AR2把IPv4带标签的路由发送给R1的时候,R1会默认不信任这个路由,也不信任标签。如果希望信任这个标签就要做一个route-policy 通过route-policy把路由给邻居传递走。如果没有做route-policy针对邻居做一个出项策略调用的话,那是没有办法把带标签的报文给邻居发送过去的,因为R1和R2之间是EBGP。

R1要把R5和R7的路由给通告给R2,R2要把R6和R8的路由通告给R1。需要做重分发

重分发先写一个前缀列表

[AR1]ip ip-prefix 200 index 10 permit 5.5.5.5 32  ##前缀列表
[AR1]ip ip-prefix 200 index 20 permit 7.7.7.7 32  ##前缀列表
[AR1]route-policy I-2-B permit node 10
[AR1-route-policy]if-match ip-prefix 200
[AR1]bgp 200
[AR1-bgp]ipv4 unicast
[AR1-bgp-af-ipv4]import-route isis 15 route-policy I-2-B
[AR2]ip ip-prefix 100 index 10 permit 6.6.6.6 32  ##前缀列表
[AR2]ip ip-prefix 100 index 20 permit 8.8.8.8 32  ##前缀列表
[AR2]route-policy O-2-B permit node 10
[AR2-route-policy]if-match ip-prefix 100
[AR2]bgp 100
[AR2-bgp]ipv4 unicast
[AR2-bgp-af-ipv4]import-route ospf 10 route-policy o-2-B

做完之后路由可以收到,但是标签过不来。所以我们要强制携带标签

[AR1]route-policy ASBR permit node 10
[AR1-route-policy]apply mpls-label         ##发送路由时携带标签的能力开启

[AR1]route-policy RR permit node 10
[AR1-route-policy]if-match mpls-label
[AR1-route-policy]apply mpls-label
[AR1]bgp 200
[AR1-bgp]ipv4 unicsat
[AR1-bgp-af-ipv4]peer 12.1.1.2 route-policy ASBR export
[AR1-bgp-af-ipv4]peer 7.7.7.7 route-policy RR export
[AR2]route-policy ASBR permit node 10
[AR2-route-policy]apply mpls-label   

[AR2]route-policy RR permit node 20
[AR2-route-policy]if-match mpls-label
[AR2-route-policy]apply mpls-label
[AR2]bgp 100
[AR2-bgp]ipv4 unicsat
[AR2-bgp-af-ipv4]peer 12.1.1.1 route-policy ASBR export
[AR2-bgp-af-ipv4]peer 8.8.8.8 route-policy RR export
[AR1]dis bgp routing-table             ##查看路由
[AR1]dis bgp routing-table label       ##查看标签

在R7和R8上查看

<AR7>dis bgp routing-table           ##查看是否能收到R6和R8的路由
<AR7>dis bgp routing-table label
<AR8>dis bgp routing-table           ##查看是否能收到R6和R8的路由
<AR8>dis bgp routing-table label

带标签的路由传递过去之后,R5有R6的路由,R6有R5的路由

<AR5>dis bgp routing-table           ##查看是否能收到R6和R8的路由
<AR5>dis bgp routing-table label
<AR6>dis bgp routing-table           ##查看是否能收到R5和R7的路由
<AR6>dis bgp routing-table label
<AR7>dis bgp vpnv4 all peer           ##查看
<AR7>dis bgp vpnv4 all peer routing-table
<AR8>dis bgp vpnv4 all peer           ##查看
<AR8>dis bgp vpnv4 all peer routing-table

R9会有R10的路由 R10会有R9的路由

<AR9>dis bgp routing-table 
<AR10>dis bgp routing-table
<AR10>ping -a  172.16.10.10 192.168.9.9
<AR10>tracert -v -a 172.16.10.10 192.168.9.9

华为option C1 注意事项:

1.不能在PE和RR本地通过环回口通过 (因为通告的话路由器下一跳和路由前缀一致,会导致ASBR没办法理解这个路由,没办法进一步使用)

2.RR需要针对各自彼此PE指定next-hop-inavariable (这个指定是必须的,思科也需要

,但是在华为中需要针对PE指定,如果没有指定的话下一跳不变,是没有办法生效的)

3.ASBR需要两个route-policy 一个针对对端ASBR实现发送 IPv4 BGP路由携带标签

另一个针对RR通过对端收到带有标签的路由可以进一步的传递给本域内的RR