拓扑图和IP地址规划如图:
配置思路
1、配置IP地址
2、核心网的IGP
3、PE之间的MP-BGP
4、PE上的vrf为和CE之间建立联系做准备
5、CE-PE的路由
6、PE设备上双向引入
7、控制路由更新PE之间更新的路由,以及注入哪个VRF(RT值控制)
8、完善数据转发层面(核心网的LDP)
PE与CE之间采用静态路由
R6配置(R7配置类似)
R6#show running-config
!
hostname R6 //改名
!
ip route 7.7.7.7 255.255.255.255 Ethernet0/0 //配置到达对端PE设备的静态路由
!
line con 0
exec-timeout 0 0 //设置配置永不超时
!
R1配置(R4配置类似)
R1#show running-config
!
hostname R1
!
ip vrf A //配置vrf
rd 100:200 //置RD值,区分重叠路由
route-target export 16:16 //设置出口RT值,注意与对端PE设备的入口RT值匹配
route-target import 47:47 //设置入口RT值,注意与对端PE设备的出口RT值匹配
!
ip cef
!
mpls label range 100 199 //设备标签分发范围
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf network point-to-point
ip ospf 100 area 0 //启用OSPF
!
interface Ethernet0/0
ip vrf forwarding A //与对端CE设备相连的端口绑定vrf
ip address 16.0.0.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 13.0.0.1 255.255.255.0
ip ospf network point-to-point
ip ospf 100 area 0 //启用OSPF
duplex auto
mpls ip //启用MPLS转发
!
router ospf 100
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100 //与对端PE设备建立VPNV4邻居
neighbor 4.4.4.4 update-source Loopback0 //修改更新源
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate //激活对端PE邻居
neighbor 4.4.4.4 send-community extended //自动生成,可以删除
exit-address-family
!
address-family ipv4 vrf A //为每个vrf创建一个地址族
redistribute static //在地址族下为每个VRF引入路由
exit-address-family
!
ip route vrf A 6.6.6.6 255.255.255.255 16.0.0.6 //配置到达对端CE设备的静态路由
!
line con 0
exec-timeout 0 0
R3配置
R3#show running-config
!
hostname R3
!
ip cef //开启快速转发
!
mpls label range 300 399 //设备标签分发范围
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf network point-to-point
ip ospf 100 area 0 //启用OSPF
!
interface Ethernet0/0
ip address 13.0.0.3 255.255.255.0
ip ospf network point-to-point
ip ospf 100 area 0 //启用OSPF
duplex auto
mpls ip //启用MPLS转发
!
interface Ethernet0/1
ip address 23.0.0.3 255.255.255.0
ip ospf network point-to-point
ip ospf 100 area 0
duplex auto
mpls ip
!
interface Ethernet0/2
ip address 34.0.0.3 255.255.255.0
ip ospf network point-to-point
ip ospf 100 area 0
duplex auto
mpls ip
!
interface Ethernet0/3
ip address 35.0.0.3 255.255.255.0
ip ospf network point-to-point
ip ospf 100 area 0
duplex auto
mpls ip
!
检查
查看R1的VPNV4路由
查看R1的MP-BGP 邻居
验证R6与R7通信:
追踪路由
PE与CE之间采用动态路由协议
注意:需要与VRF进行关联才能与CE建立联系!
RIPv2
R6配置
R6#show run | se r r
router rip
version 2
network 6.0.0.0
network 16.0.0.0
no auto-summary
!
R7配置
R7#show run | se r r
router rip
version 2
network 7.0.0.0
network 47.0.0.0
no auto-summary
!
R1配置(R4配置类似,做双向重分布)
R1#show running-config | se r r
router rip
!
address-family ipv4 vrf A //关联vrf
redistribute bgp 100 metric 1 //引入BGP路由,并设置cost
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
R1#show running-config | se r b
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip //引入rip路由
exit-address-family
!
R3配置与静态路由相同
检查
验证通信:
EIGRP
R6配置
R6#show run | se r e
router eigrp 90
network 6.6.6.6 0.0.0.0 //宣告接口
network 16.0.0.6 0.0.0.0 //宣告接口
!
R7配置
R7#show run | se r e
router eigrp 90
network 7.7.7.7 0.0.0.0
network 47.0.0.7 0.0.0.0
!
R1配置
R1#show run | se r e
router eigrp A //命名的EIGRP
!
address-family ipv4 unicast vrf A autonomous-system 90 //关联VRF
!
topology base //在topology base 下进行重分发
redistribute bgp 100 metric 100000 100 255 1 1500
exit-af-topology
network 16.0.0.1 0.0.0.0 //宣告接口
exit-address-family
!
R4配置
R4#show run | se r e
router eigrp A
!
address-family ipv4 unicast vrf A autonomous-system 90
!
topology base
redistribute bgp 100 metric 100000 100 255 1 1500
exit-af-topology
network 47.0.0.4 0.0.0.0
exit-address-family
!
查看R6的路由表
验证通信:
MP-BGP
as-override放环
R6与R7自治系统号相同,在PE设备上针对CE邻居调用 as-override 破坏放环机制
R6配置
R6#show run | se r b
router bgp 200 //R7与R6自治系统号相同
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255 //宣告回环口地址
neighbor 16.0.0.1 remote-as 100 //宣告邻居
!
R7配置
R7#show run | se r b
router bgp 200 //R7与R6自治系统号相同
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255 //宣告回环口地址
neighbor 47.0.0.4 remote-as 100 //宣告邻居
!
R1配置
R1#show run | se r b
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf A
neighbor 16.0.0.6 remote-as 200
neighbor 16.0.0.6 activate
neighbor 16.0.0.6 as-override //破话BGP的ASPATH放环机制
exit-address-family
!
R4配置
R4#show run | se r b
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf A
neighbor 47.0.0.7 remote-as 200
neighbor 47.0.0.7 activate
neighbor 47.0.0.7 as-override //破话BGP的ASPATH放环机制
exit-address-family
!
验证:
7.7.7.7/32路由的path被修改为100
R6与R7通信
allowas-in放环
在CE设备上针对PE邻居调用 allowas-in 破坏放环机制
R6配置
R6#show run | se r b
router bgp 200
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 16.0.0.1 remote-as 100
neighbor 16.0.0.1 allowas-in 1 //针对PE邻居调用 allowas-in ,允许携带本自治系统号1次的路由进来
!
检查:
SOO 放环
R1、R4、R5 互相建立VPNV4邻居
R4配置
R4#show run | se route-m
neighbor 47.0.0.7 route-map SOO in
route-map SOO permit 10 //创建路由策略
set extcommunity soo 78:78 //设置扩展团体属性SOO
R4#show run | se r b
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf A
neighbor 47.0.0.7 remote-as 200
neighbor 47.0.0.7 activate
neighbor 47.0.0.7 as-override
neighbor 47.0.0.7 route-map SOO in //针对CE邻居调用SOO策略
exit-address-family
!
R4#show run | se vrf de
vrf definition A
rd 100:200
!
address-family ipv4
route-target export 47:47
route-target import 16:16
route-target import 58:58
exit-address-family
!
R5配置
R5#show run | se route-map
neighbor 58.0.0.8 route-map SOO in
route-map SOO permit 10 //创建路由策略
set extcommunity soo 78:78 //设置扩展团体属性SOO
R5#show run | se r b
router bgp 100
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf A
neighbor 58.0.0.8 remote-as 200
neighbor 58.0.0.8 activate
neighbor 58.0.0.8 as-override
neighbor 58.0.0.8 route-map SOO in //针对CE邻居调用SOO策略
exit-address-family
!
R5#show run | se ip vrf
ip vrf A
rd 5:5
route-target export 58:58
route-target import 47:47
route-target import 16:16
ip vrf forwarding A
!
R1配置
R1#show run | se ip vrf
ip vrf A
rd 100:200
route-target export 16:16
route-target import 47:47
route-target import 58:58
ip vrf forwarding A
R1#show run | se r b
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf A
neighbor 16.0.0.6 remote-as 200
neighbor 16.0.0.6 activate
neighbor 16.0.0.6 route-map A out
exit-address-family
!
检查:
R7收不到R8的路由
反之,R8收不到R7的路由