华为MPLS VPN Option-C跨域方案一配置(无RR环境)

拓扑如下:

说明:使用Option-C方案一,最终达到AR1的loopback接口访问AR8的loopback接口。只展示PE、ASBR的配置,其中P设备和CE配置较简单,具体各个邻居关系情况看上图

配置如下:

AR2-PE1:

#
 sysname AR2
#
ip vpn-instance PE1
 ipv4-family
  route-distinguisher 2:2
  vpn-target 100:700 export-extcommunity
  vpn-target 100:700 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp                                  
#
acl number 2000  
 rule 5 permit source 8.8.8.8 0 
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance PE1
 ip address 10.0.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.23.2 255.255.255.0 
 mpls                                     
 mpls ldp
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
bgp 100
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0
 peer 7.7.7.7 as-number 200 
 peer 7.7.7.7 ebgp-max-hop 10 
 peer 7.7.7.7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.4 enable
  peer 4.4.4.4 label-route-capability
  peer 7.7.7.7 enable
 # 
 ipv4-family vpnv4
  policy vpn-target                       
  peer 4.4.4.4 enable
  peer 7.7.7.7 enable
 #
 ipv4-family vpn-instance PE1 
  import-route ospf 2
#
ospf 1 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 10.0.23.2 0.0.0.0 
#
ospf 2 vpn-instance PE1
 import-route bgp route-policy bgp_ospf
 area 0.0.0.0 
  network 10.0.12.2 0.0.0.0 
#
route-policy bgp_ospf permit node 10 
 if-match acl 2000 
#
route-policy bgp_ospf permit node 20 
#

AR4-ASBR1:

#
 sysname AR4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.0.34.4 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.0.45.4 255.255.255.0 
 mpls
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
#                                         
bgp 100
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 connect-interface LoopBack0
 peer 10.0.45.5 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 2.2.2.2 255.255.255.255 
  peer 2.2.2.2 enable
  peer 2.2.2.2 route-policy 2 export
  peer 2.2.2.2 label-route-capability
  peer 10.0.45.5 enable
  peer 10.0.45.5 route-policy 1 export
  peer 10.0.45.5 label-route-capability
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
#
ospf 1 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 10.0.34.4 0.0.0.0 
#                                         
route-policy 1 permit node 10 
 apply mpls-label
#
route-policy 2 permit node 10 
 if-match mpls-label 
 apply mpls-label
#

AR5-ASBR2:

#
 sysname AR5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 10.0.45.5 255.255.255.0 
 mpls
#
interface GigabitEthernet0/0/1
 ip address 10.0.56.5 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255 
#                                         
bgp 200
 peer 7.7.7.7 as-number 200 
 peer 7.7.7.7 connect-interface LoopBack0
 peer 10.0.45.4 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 7.7.7.7 255.255.255.255 
  peer 7.7.7.7 enable
  peer 7.7.7.7 route-policy 2 export
  peer 7.7.7.7 label-route-capability
  peer 10.0.45.4 enable
  peer 10.0.45.4 route-policy 1 export
  peer 10.0.45.4 label-route-capability
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 7.7.7.7 enable
#
ospf 1 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 10.0.56.5 0.0.0.0 
#                                         
route-policy 1 permit node 10 
 apply mpls-label
#
route-policy 2 permit node 10 
 if-match mpls-label 
 apply mpls-label
#

AR7-PE2:

#
 sysname AR7
#
ip vpn-instance PE2
 ipv4-family
  route-distinguisher 7:7
  vpn-target 100:700 export-extcommunity
  vpn-target 100:700 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls
#
mpls ldp                                  
#
#
acl number 2000  
 rule 5 permit source 1.1.1.1 0 
#
isis 1 vpn-instance PE2
 is-level level-2
 network-entity 49.0001.0000.0000.0007.00
 import-route bgp route-policy bgp_isis 
#
interface GigabitEthernet0/0/0
 ip address 10.0.67.7 255.255.255.0       
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance PE2
 ip address 10.0.78.7 255.255.255.0 
 isis enable 1
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.255 
#
bgp 200
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 ebgp-max-hop 10 
 peer 2.2.2.2 connect-interface LoopBack0
 peer 5.5.5.5 as-number 200 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization                    
  peer 2.2.2.2 enable
  peer 5.5.5.5 enable
  peer 5.5.5.5 label-route-capability
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance PE2 
  import-route isis 1
#
ospf 1 
 area 0.0.0.0 
  network 7.7.7.7 0.0.0.0 
  network 10.0.67.7 0.0.0.0 
#
route-policy bgp_isis permit node 10 
 if-match acl 2000 
#
route-policy bgp_isis permit node 20 
#

华为MPLS VPN Option-C跨域方案一配置(无RR环境)》有2个想法

  1. option c不用在ASBR上建立VPNV4 Peer。ASBR只负责传递PE的BGP路由,以及为BGP路由分发标签。
    数据转发过程中,报文自本端PE到达本端ASBR时,最外层IGP标签被pop,露出中间的BGP标签,ASBR根据标签分发,实现对BGP标签的SWAP,将报文转发给对端ASBR;
    对端ASBR收到报文后,发现最外层标签是BGP标签,根据标签转发表,找到对应的下一跳,即指向目标PE的IGP路由下一跳,执行SWAPPUSH操作,即SWAP BGP标签,然后Push IGP标签。
    在两个ASBR对报文的处理过程中,是接触不到最底层VPNV4标签的,所以ASBR学习VPNV4路由没有任何意义。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据