华为MPLS跨域C1方案实验配置
目录
配置接域内IGP路由协议与LDP协议
配置IPv4的BGP邻居
配置PE之间的Vpnv4邻居
配置PE与CE设备对接命令
ASBR上手工为PE地址分配标签
MPLS隧道——跨域解决方案C1、C2讲解_静下心来敲木鱼的博客-CSDN博客_route-policy rr permit node 10 if-match mpls-label
https://blog.csdn.net/m0_49864110/article/details/127634890?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522167385775316782429783183%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=167385775316782429783183&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-7-127634890-null-null.blog_rank_default&utm_term=mpls&spm=1018.2226.3001.4450
配置接域内IGP路由协议与LDP协议
以域AS100为例做配置(AS 200与AS100配置类似)
PE2配置
int g0/0/0
ip add 100.0.23.2 24
int g0/0/1
ip add 100.0.12.2 24
int loop 0
ip add 2.2.2.2 32
isis 1
net 49.0001.0000.0002.00
int g0/0/0
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 2.2.2.2
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
P3配置
int g0/0/0
ip add 100.0.23.3 24
int g0/0/1
ip add 100.0.34.3 24
int loop 0
ip add 3.3.3.3 32
isis 1
net 49.0001.0000.0003.00
int g0/0/0
isis enable 1
int g0/0/1
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 3.3.3.3
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
ASBR4配置
int g0/0/0
ip add 100.0.34.4 24
int g0/0/1
ip add 100.0.45.4 24
int loop 0
ip add 4.4.4.4 32
isis 1
net 49.0001.0000.0004.00
int g0/0/0
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 4.4.4.4
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
配置IPv4的BGP邻居
PE2与ASBR4建立IBGP邻居关系
PE2
bgp 100
peer 4.4.4.4 as 100
peer 4.4.4.4 connect-interface loop 0 更新源为Loop 0
ASBR4
bgp 100
peer 2.2.2.2 as 100
peer 2.2.2.2 connect-interface loop 0
ASBR4与ASBR5建立EBGP邻居关系
ASBR4
bgp 100
peer 100.0.45.5 as 200
ASBR5
bgp 200
peer 100.0.45.4 as 100
PE7与ASBR5建立IBGP邻居关系
PE7
bgp 200
peer 5.5.5.5 as 200
peer 5.5.5.5 connect-interface loop 0
ASBR5
bgp 200
peer 7.7.7.7 as 200
peer 7.7.7.7 connect-interface loop 0
在ASBR上宣告PE的IP地址,为PE之间建立Vpnv4邻居做准备
ASBR4
bgp 100
peer 2.2.2.2 next-hop-local 从EBGP学到的路由传递给IBGP时修改下一跳为本地更新源
net 2.2.2.2 32
ASBR5
bgp 200
peer 7.7.7.7 next-hop-local
net 7.7.7.7 32
配置PE之间的Vpnv4邻居
PE2
bgp 100
peer 7.7.7.7 as 200
peer 7.7.7.7 connect-interface LoopBack 0 配置更新源
peer 7.7.7.7 ebgp-max-hop 10 配置TTL跳数为10(ebgp默认为1)
ipv4-family unicast
undo peer 7.7.7.7 enable
ipv4-family vpnv4 配置Vpnv4邻居
peer 7.7.7.7 enable
PE7
bgp 200
peer 2.2.2.2 as 100
peer 2.2.2.2 connect-interface LoopBack 0
peer 2.2.2.2 ebgp-max-hop 10
ipv4-family unicast
undo peer 2.2.2.2 enable
ipv4-family vpnv4
peer 2.2.2.2 enable
配置PE与CE设备对接命令
PE2与CE1对接
PE2
创建实例
ip vpn-instance CE1
ipv4-family
route-distinguisher 12:1 配置RD值
vpn-target 200:1 export-extcommunity 配置入RT值
vpn-target 100:1 import-extcommunity 配置出RT值
接口绑定实例
int g0/0/1
ip bind vpn-instance CE1
ip add 100.0.12.2 24
OSPF绑定实例
ospf 1 vpn-instance CE1
area 0
net 100.0.12.2 0.0.0.0
将CE路由重发布进BGP
bgp 100
ipv4-family vpn-instance CE1
import-route ospf 1
将BGP路由重发布到CE中
ospf 1
import-route bgp
CE1
int g0/0/0
ip add 100.0.12.1 24
int g0/0/1
ip add 172.16.1.254 24
ospf 1
area 0
net 100.0.12.1 0.0.0.0
net 172.16.1.0 0.0.0.255
PE7与CE8对接
PE7
创建实例
ip vpn-instance CE8
ipv4-family
route-distinguisher 78:1
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
接口绑定实例
int g0/0/1
ip bind vpn-instance CE8
ip add 100.0.78.7 24
OSPF绑定实例
ospf 1 vpn-instance CE8
area 0
net 100.0.78.7 0.0.0.0
将CE路由重发布进BGP
bgp 200
ipv4-family vpn-instance CE8
import-route ospf 1
将BGP路由重发布到CE中
ospf 1
import-route bgp
CE8
int g0/0/0
ip add 100.0.78.8 24
int g0/0/1
ip add 192.168.1.254 24
ospf 1
area 0
net 100.0.78.8 0.0.0.0
net 192.168.1.0 0.0.0.255
此时CE已经获取到其它站点的地址,但是CE之间是无法访问的
因为将包发往PE,PE发往P之后会将数据包丢弃(因为P没有去往其它域PE的路由)
此时就需要为PE手工配置标签来完成数据转发
但是站点之间无法访问(报文到达P设备会被丢弃)
ASBR上手工为PE地址分配标签
PE2标签→PE7
ASBR4设备上匹配PE2的地址,为其分配传递给ASBR5
ASBR5设备收到带有标签的BGP路由后,为其重新分配标签发送给PE7(P设备没有对端PE的路由)
PE7标签→PE2
ASBR5设备上匹配PE7的地址,为其分配传递给ASBR4
ASBR4设备收到带有标签的BGP路由后,为其重新分配标签发送给PE2(P设备没有对端PE的路由)
ASBR4设备配置
通过ACL配置匹配条件匹配PE2地址
acl 2000
rule permit source 2.2.2.2 0.0.0.0
rule deny
配置路由策略PE2-7(此路由策略作用是传递标签到ASBR5)
route-policy PE2-7 permit node 10
if-match acl 2000
apply mpls-label
配置路由策略PE7-2(此路由策略作用是收到ASBR5的标签后重新将标签传递给PE2)
route-policy PE7-2 permit node 10
if-match mpls-label
apply mpls-label
在BGP应用
bgp 100
peer 100.0.45.5 route-policy PE2-7 export 配置向ASBR5传递2.2.2.2路由时分配标签
peer 100.0.45.5 label-route-capability 配置与ASBR5开启标签交互
peer 2.2.2.2 route-policy PE7-2 export 配置向PE2传递标签路由时重新分配标签
peer 2.2.2.2 label-route-capability 配置与PE2开启标签交互
接口开启MPLS
int g0/0/1
mpls
ASBR5设备配置
通过ACL配置匹配条件匹配PE7地址
acl 2000
rule permit source 7.7.7.7 0.0.0.0
rule deny
配置路由策略PE7-2(此路由策略作用是传递标签到ASBR4)
route-policy PE7-2 permit node 10
if-match acl 2000
apply mpls-label
配置路由策略PE2-7(此路由策略作用是收到ASBR4的标签后重新将标签传递给PE7)
route-policy PE7-2 permit node 10
if-match mpls-label
apply mpls-label
在BGP应用
bgp 100
peer 100.0.45.4 route-policy PE7-2 export 配置向ASBR4传递7.7.7.7路由时分配标签
peer 100.0.45.4 label-route-capability 配置与ASBR4开启标签交互
peer 7.7.7.7 route-policy PE2-7 export 配置向PE7传递标签路由时重新分配标签
peer 7.7.7.7 label-route-capability 配置与PE7开启标签交互
接口开启MPLS
int g0/0/1
mpls
PE2设备配置
bgp 100
peer 4.4.4.4 label-route-capability 配置与ASBR4开启标签交互
PE7设备配置
bgp 100
peer 5.5.5.5 label-route-capability 配置与ASBR5开启标签交互
