MPLS VPN
目标:配置MPLS VPN
配置思路:
R3,R5,R6,R4为运营商网络,配置MPLS,IGP协议为ospf 110,R3和R4配置为IBGP邻居,R1和R2为位于两地的同一公司A的子公司,R7和R8同样是位于两地的同一公司B的子公司,在R3上为每个子公司R1,R7启用vrf,并将相关接口加入相应vrf(比如,vrf 1 关连R3的s1/1口),R1与R3之间静态路由,R2与R4之间静态路由,在R4上为每个子公司R2,R8启用vrf,并将相关接口加入相应vrf,R7与R3之间启用ospf 协议并相互进行重分发,R8与R4之间启动ospf 路由协议并在ospf协议与BGP协议之间想到重分发(因为CE与PE之间ospf路由需要通过BGP协议路由至对端PE,并在其PE上将BGP路由重分发进ospf进程,反之亦然)注意在重分发时所进的ospf 进程模式及BGP所对应的VRF
总体思路:控制层面-〉所用技术:ospf+BGP+vrf
数据层面-〉所用技术:mpls
网络拓扑:
详细配置:
R1:
hostname R1
!
no ip domain lookup
ip cef
no ipv6 cef
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/1
ip address 13.1.1.1 255.255.255.0
serial restart-delay 0
!
no ip http server
no ip httpsecure-server
ip route 2.2.2.2255.255.255.255 13.1.1.3
===========================
R2:
hostname R2
no ip domain lookup
ip cef
no ipv6 cef
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial1/1
ip address 24.1.1.1 255.255.255.0
serial restart-delay 0
!
no ip http server
no ip httpsecure-server
ip route 1.1.1.1255.255.255.255 24.1.1.4
========================
R3:
hostname R3
!
ip vrf 1
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf 7
rd 7:7
route-target export 7:7
route-target import 7:7
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 33.3.3.3 255.255.255.255
!
interface Serial1/0
ip address 35.1.1.3 255.255.255.0
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding 1
ip address 13.1.1.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip vrf forwarding 7
ip address 37.1.1.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
ip address 34.1.1.3 255.255.255.0
shutdown
serial restart-delay 0
!
router ospf 1 vrf 7
router-id 33.3.3.3
redistribute bgp 34 metric 10 subnets
network 37.1.1.3 0.0.0.0 area 0
!
router ospf 110
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 35.1.1.3 0.0.0.0 area 0
!
router bgp 34
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 34
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 next-hop-self
exit-address-family
!
address-family ipv4 vrf 1
network 1.1.1.1 mask 255.255.255.255
exit-address-family
!
address-family ipv4 vrf 7
redistribute ospf 1
exit-address-family
!
ip forward-protocolnd
!
!
no ip http server
no ip httpsecure-server
ip route vrf 11.1.1.1 255.255.255.255 13.1.1.1
!
mpls ldp router-idLoopback0 force
==========================
R4:
hostname R4
!
ip vrf 2
rd 2:2
route-target export 1:1
route-target import 1:1
!
ip vrf 8
rd 8:8
route-target export 7:7
route-target import 7:7
!
no ip domain lookup
ip cef
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Serial1/0
ip address 46.1.1.4 255.255.255.0
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding 2
ip address 24.1.1.4 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip vrf forwarding 8
ip address 48.1.1.4 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
ip address 34.1.1.4 255.255.255.0
shutdown
serial restart-delay 0
!
router ospf 1 vrf 8
redistribute bgp 34 subnets
network 48.1.1.4 0.0.0.0 area 0
!
router ospf 110
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 46.1.1.4 0.0.0.0 area 0
!
router bgp 34
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 34
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf 2
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
address-family ipv4 vrf 8
redistribute ospf 1 metric 10
exit-address-family
!
no ip http server
no ip httpsecure-server
ip route vrf 22.2.2.2 255.255.255.255 24.1.1.2
============================
R5:
hostname R5
no ip domain lookup
ip cef
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Serial1/0
ip address 35.1.1.5 255.255.255.0
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 56.1.1.5 255.255.255.0
mpls ip
serial restart-delay 0
!
router ospf 110
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 35.1.1.5 0.0.0.0 area 0
network 56.1.1.5 0.0.0.0 area 0
no ip http server
no ip httpsecure-server
mpls ldp router-idLoopback0 force
===========================
R6:
hostname R6
no ip domain lookup
ip cef
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Serial1/0
ip address 46.1.1.6 255.255.255.0
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 56.1.1.6 255.255.255.0
mpls ip
serial restart-delay 0
!
router ospf 110
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 46.1.1.6 0.0.0.0 area 0
network 56.1.1.6 0.0.0.0 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
=============================
R7:
hostname R7
ip cef
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Serial1/2
ip address 37.1.1.7 255.255.255.0
serial restart-delay 0
!
router ospf 110
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 37.1.1.7 0.0.0.0 area 0
line con 0
exec-timeout 0 0
logging synchronous
=========================
R8:
hostname R8
ip cef
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Serial1/2
ip address 48.1.1.8 255.255.255.0
serial restart-delay 0
!
router ospf 110
router-id 8.8.8.8
network 8.8.8.8 0.0.0.0 area 0
network 48.1.1.8 0.0.0.0 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
测试:
本文出自 “夜不静” 博客,请务必保留此出处http://25102468.blog.51cto.com/3460916/1662111
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
