华为MPLS跨域C2方案实验配置
MPLS隧道——跨域解决方案C1、C2讲解_静下心来敲木鱼的博客-CSDN博客_route-policy rr permit node 10 if-match mpls-labelhttps://blog.csdn.net/m0_49864110/article/details/127634890?csdn_share_tail=%7B%22type%22%3A%22blog%22%2C%22rType%22%3A%22article%22%2C%22rId%22%3A%22127634890%22%2C%22source%22%3A%22m0_49864110%22%7D
配置接域内IGP路由协议与LDP协议
以域AS100为例做配置(AS 200与AS100配置类似)
PE2配置
int g0/0/0
ip add 100.0.23.2 24
int g0/0/1
ip add 100.0.12.2 24
int loop 0
ip add 2.2.2.2 32
isis 1
net 49.0001.0000.0002.00
int g0/0/0
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 2.2.2.2
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
P3配置
int g0/0/0
ip add 100.0.23.3 24
int g0/0/1
ip add 100.0.34.3 24
int loop 0
ip add 3.3.3.3 32
isis 1
net 49.0001.0000.0003.00
int g0/0/0
isis enable 1
int g0/0/1
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 3.3.3.3
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
ASBR4配置
int g0/0/0
ip add 100.0.34.4 24
int g0/0/1
ip add 100.0.45.4 24
int loop 0
ip add 4.4.4.4 32
isis 1
net 49.0001.0000.0004.00
int g0/0/0
isis enable 1
int loop 0
isis enable 1
mpls lsr-id 4.4.4.4
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
配置IPv4的BGP邻居
ASBR4与ASBR5建立EBGP邻居关系
ASBR4
bgp 100
peer 100.0.45.5 as 200
ASBR5
bgp 200
peer 100.0.45.4 as 100
在ASBR上宣告PE的IP地址,为PE之间建立Vpnv4邻居做准备
ASBR4
bgp 100
net 2.2.2.2 32
isis 1
import bgp
ASBR5
bgp 200
net 7.7.7.7 32
isis 1
import bgp
配置PE之间的Vpnv4邻居
PE2
bgp 100
peer 7.7.7.7 as 200
peer 7.7.7.7 connect-interface LoopBack 0 配置更新源
peer 7.7.7.7 ebgp-max-hop 10 配置TTL跳数为10(ebgp默认为1)
ipv4-family unicast
undo peer 7.7.7.7 enable
ipv4-family vpnv4 配置Vpnv4邻居
peer 7.7.7.7 enable
PE7
bgp 200
peer 2.2.2.2 as 100
peer 2.2.2.2 connect-interface LoopBack 0
peer 2.2.2.2 ebgp-max-hop 10
ipv4-family unicast
undo peer 2.2.2.2 enable
ipv4-family vpnv4
peer 2.2.2.2 enable
配置PE与CE设备对接命令
PE2与CE1对接
PE2
创建实例
ip vpn-instance CE1
ipv4-family
route-distinguisher 12:1 配置RD值
vpn-target 200:1 export-extcommunity 配置入RT值
vpn-target 100:1 import-extcommunity 配置出RT值
接口绑定实例
int g0/0/1
ip bind vpn-instance CE1
ip add 100.0.12.2 24
OSPF绑定实例
ospf 1 vpn-instance CE1
area 0
net 100.0.12.2 0.0.0.0
将CE路由重发布进BGP
bgp 100
ipv4-family vpn-instance CE1
import-route ospf 1
将BGP路由重发布到CE中
ospf 1
import-route bgp
CE1
int g0/0/0
ip add 100.0.12.1 24
int g0/0/1
ip add 172.16.1.254 24
ospf 1
area 0
net 100.0.12.1 0.0.0.0
net 172.16.1.0 0.0.0.255
PE7与CE8对接
PE7
创建实例
ip vpn-instance CE8
ipv4-family
route-distinguisher 78:1
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
接口绑定实例
int g0/0/1
ip bind vpn-instance CE8
ip add 100.0.78.7 24
OSPF绑定实例
ospf 1 vpn-instance CE8
area 0
net 100.0.78.7 0.0.0.0
将CE路由重发布进BGP
bgp 200
ipv4-family vpn-instance CE8
import-route ospf 1
将BGP路由重发布到CE中
ospf 1
import-route bgp
CE8
int g0/0/0
ip add 100.0.78.8 24
int g0/0/1
ip add 192.168.1.254 24
ospf 1
area 0
net 100.0.78.8 0.0.0.0
net 192.168.1.0 0.0.0.255
此时CE已经获取到其它站点的地址,但是CE之间是无法访问的
因为将包发往PE,PE发往P之后会将数据包丢弃(因为P没有去往其它域PE的路由)
此时就需要为PE手工配置标签来完成数据转发
但是站点之间无法访问(报文到达P设备会被丢弃)
手工配置为PE地址分配标签
PE2标签→PE7
ASBR4设备上匹配PE2的地址,为其分配传递给ASBR5
ASBR5设备通过LDP为带标签的BGP路由产生LSP(现在域内都有PE2的路由)
PE6标签→PE1
ASBR5设备上匹配PE7的地址,为其分配传递给ASBR4
ASBR4设备通过LDP为带标签的BGP路由产生LSP(现在域内都有PE7的路由)
ASBR4设备配置
通过ACL配置匹配条件匹配PE2地址
acl 2000
rule permit source 2.2.2.2 0.0.0.0
配置路由策略PE2-7(此路由策略作用是传递标签到ASBR5)
route-policy PE2-7 permit node 10
if-match acl 2000
apply mpls-label
在BGP应用
bgp 100
Peer 100.0.45.5 route-policy PE2-7 export
Peer 100.0.45.5 label-route-capability
通过LDP生成关于PE7的标签(传给PE2)
ip ip-prefix PE7 permit 7.7.7.7 32
mpls
Lsp-trigger bgp-label-route ip-prefix PE7
接口开启MPLS
int g0/0/1
mpls
ASBR5设备配置
通过ACL配置匹配条件匹配PE7地址
acl 2000
rule permit source 7.7.7.7 0.0.0.0
配置路由策略PE7-2(此路由策略作用是传递标签到ASBR4)
route-policy PE7-2 permit node 10
if-match acl 2000
apply mpls-label
在BGP应用
bgp 200
Peer 100.0.45.4 route-policy PE7-2 export
Peer 100.0.45.4 label-route-capability
通过LDP生成关于PE2的标签(传给PE7)
ip ip-prefix PE2 permit 2.2.2.2 32
mpls
Lsp-trigger bgp-label-route ip-prefix PE2
接口开启MPLS
int g0/0/1
mpls