拓扑如下:
说明:使用Option-C方案一,最终达到AR1的loopback接口访问AR8的loopback接口。只展示PE、ASBR的配置,其中P设备和CE配置较简单,具体各个邻居关系情况看上图
配置如下:
AR2-PE1:
#
sysname AR2
#
ip vpn-instance PE1
ipv4-family
route-distinguisher 2:2
vpn-target 100:700 export-extcommunity
vpn-target 100:700 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
acl number 2000
rule 5 permit source 8.8.8.8 0
#
interface GigabitEthernet0/0/0
ip binding vpn-instance PE1
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 7.7.7.7 as-number 200
peer 7.7.7.7 ebgp-max-hop 10
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
peer 4.4.4.4 label-route-capability
peer 7.7.7.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
peer 7.7.7.7 enable
#
ipv4-family vpn-instance PE1
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.23.2 0.0.0.0
#
ospf 2 vpn-instance PE1
import-route bgp route-policy bgp_ospf
area 0.0.0.0
network 10.0.12.2 0.0.0.0
#
route-policy bgp_ospf permit node 10
if-match acl 2000
#
route-policy bgp_ospf permit node 20
#
AR4-ASBR1:
#
sysname AR4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 10.0.45.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 2.2.2.2 enable
peer 2.2.2.2 route-policy 2 export
peer 2.2.2.2 label-route-capability
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy 1 export
peer 10.0.45.5 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
route-policy 1 permit node 10
apply mpls-label
#
route-policy 2 permit node 10
if-match mpls-label
apply mpls-label
#
AR5-ASBR2:
#
sysname AR5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.0.56.5 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 7.7.7.7 as-number 200
peer 7.7.7.7 connect-interface LoopBack0
peer 10.0.45.4 as-number 100
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255
peer 7.7.7.7 enable
peer 7.7.7.7 route-policy 2 export
peer 7.7.7.7 label-route-capability
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy 1 export
peer 10.0.45.4 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 7.7.7.7 enable
#
ospf 1
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.56.5 0.0.0.0
#
route-policy 1 permit node 10
apply mpls-label
#
route-policy 2 permit node 10
if-match mpls-label
apply mpls-label
#
AR7-PE2:
#
sysname AR7
#
ip vpn-instance PE2
ipv4-family
route-distinguisher 7:7
vpn-target 100:700 export-extcommunity
vpn-target 100:700 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls
#
mpls ldp
#
#
acl number 2000
rule 5 permit source 1.1.1.1 0
#
isis 1 vpn-instance PE2
is-level level-2
network-entity 49.0001.0000.0000.0007.00
import-route bgp route-policy bgp_isis
#
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance PE2
ip address 10.0.78.7 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 100
peer 2.2.2.2 ebgp-max-hop 10
peer 2.2.2.2 connect-interface LoopBack0
peer 5.5.5.5 as-number 200
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 5.5.5.5 enable
peer 5.5.5.5 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 5.5.5.5 enable
#
ipv4-family vpn-instance PE2
import-route isis 1
#
ospf 1
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 10.0.67.7 0.0.0.0
#
route-policy bgp_isis permit node 10
if-match acl 2000
#
route-policy bgp_isis permit node 20
#
option c不用在ASBR上建立VPNV4 Peer。ASBR只负责传递PE的BGP路由,以及为BGP路由分发标签。
数据转发过程中,报文自本端PE到达本端ASBR时,最外层IGP标签被pop,露出中间的BGP标签,ASBR根据标签分发,实现对BGP标签的SWAP,将报文转发给对端ASBR;
对端ASBR收到报文后,发现最外层标签是BGP标签,根据标签转发表,找到对应的下一跳,即指向目标PE的IGP路由下一跳,执行SWAPPUSH操作,即SWAP BGP标签,然后Push IGP标签。
在两个ASBR对报文的处理过程中,是接触不到最底层VPNV4标签的,所以ASBR学习VPNV4路由没有任何意义。
非常感谢,学习了,我也是刚刚开始学习,MPLS 跨域的VPN还不是很明白