拓扑如下:
为CE路由器提供因特网接入的简单方法是让PE上的一个连接到CE路由器上的接口处于全局路由空间中,既PE路由器有一个指向CE路由器的VRF接口,还有一个指向CE路由器的接口但是不在VRF中。那么CE路由器就可以将××× 流量发送到×××接口,将因特网流量发送的到全局路由表接口。
这个方法的缺点是在PE和CE之间使用两条链路。可行的解决问题方法有FR或802.1Q子接口,但是有时候ISP是不允许封装第二层子接口,这时就可以使用GRE隧道穿越VRF接口。
CE路由器的缺省路由指向隧道接口,所有非精确匹配路由流量都会根据缺省路由被发送到隧道口到达全局路由表,而有精确匹配路由流量都会发送到物理接口,到达VRF。从因特网到用户的流量将根据PE路由器的静态路由转发到隧道口。isp在骨干网转发来自和去往因特网的流量。
配置如下:
R5#show run
Building configuration...
Current configuration : 891 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface Tunnel1
ip address 10.0.0.5 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 192.168.15.1
!
interface FastEthernet0/0
ip address 192.168.5.5 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.15.5 255.255.255.0
duplex auto
speed auto
!
!
router rip
version 2
network 192.168.5.0
network 192.168.15.0
no auto-summary
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Tunnel1
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
-------------------------------华丽的分割线-------------------------------------------------
R1#sh run
Building configuration...
Current configuration : 1867 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
ip vrf r1
rd 1:100
route-target export 1:100
route-target import 4:100
!
mpls label range 100 199
mpls label protocol ldp
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel1
ip address 10.0.0.1 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 192.168.15.5
tunnel vrf r1
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding r1
ip address 192.168.15.1 255.255.255.0
duplex auto
speed auto
!
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 192.168.12.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf r1
redistribute bgp 100 metric transparent
network 192.168.15.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
redistribute static
neighbor 4.4.4.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf r1
redistribute rip
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip route 192.168.5.0 255.255.255.0 Tunnel1
!
mpls ldp router-id Loopback0
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
----------------------------------华丽的分割线-----------------------------------
R2#sh run
Building configuration...
Current configuration : 980 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 200 299
mpls label protocol ldp
!
!
!
!interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
----------------------------------华丽的分割线-----------------------------------
R3#sh run
Building configuration...
Current configuration : 980 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
mpls label range 300 399
mpls label protocol ldp
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.34.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 192.168.23.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
!
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 192.168.23.0 0.0.0.255 area 0
network 192.168.34.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
----------------------------------华丽的分割线-----------------------------------
R4#sh run
Building configuration...
Current configuration : 1862 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf r4
rd 4:100
route-target export 4:100
route-target import 1:100
!
mpls label range 400 499
mpls label protocol ldp
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.34.4 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding r4
ip address 192.168.46.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.47.4 255.255.255.0
duplex auto
speed auto
!
!
router ospf 100
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 192.168.34.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf r4
redistribute bgp 100 metric transparent
network 192.168.46.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
bgp router-id 4.4.4.4
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 192.168.47.7 remote-as 200
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 192.168.47.7 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf r4
redistribute rip
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
----------------------------------华丽的分割线-----------------------------------
R6>en
R6#sh run
Building configuration...
Current configuration : 739 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
ip address 192.168.6.6 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.46.6 255.255.255.0
duplex auto
speed auto
!
!
router rip
version 2
network 192.168.6.0
network 192.168.46.0
no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
----------------------------------华丽的分割线-----------------------------------
R7#show run
Building configuration...
Current configuration : 911 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
interface Loopback0
ip address 7.7.7.7 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.47.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
router bgp 200
bgp router-id 7.7.7.7
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 192.168.47.4 remote-as 100
!
address-family ipv4
neighbor 192.168.47.4 activate
no auto-summary
no synchronization
network 7.7.7.0 mask 255.255.255.0
exit-address-family
!
ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
测试:
从上面的测试可用看出去往因特网的流量是走bgpIPV4
从上面的测试可用看出去往客户的流量是走bgp×××V4