评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置BGP AS号替换示例
配置思路
本例配置主要思路是:
P、PE之间配置OSPF,实现骨干网的IP连通性。
PE、P上配置MPLS基本能力和MPLS LDP,建立MPLS LSP公网隧道,传输VPN数据。
PE之间建立MP-IBGP对等体关系,发布VPNv4路由;
PE1和PE2上配置VPN实例,VPN-target属性均为1:1,以实现VPN间互通。同时,与CE相连的接口和相应的VPN实例绑定,以接入VPN用户。
PE和CE之间建立EBGP关系,将CE路由引入到PE中。
PE上配置BGP的AS号替换功能,以便能够接收AS号相同的路由,完成VPN路由的交换。
操作步骤
- 配置基本BGP/MPLS IP VPN
包括以下配置:
在MPLS骨干网上配置OSPF,PE和P之间能够学到对方Loopback接口的路由;
在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP;
PE之间建立MP-IBGP对等体关系,发布VPNv4路由;
在PE2上配置vpn1的VPN实例,接入CE2;
在PE1上配置vpn1的VPN实例,接入CE1;
PE1和CE1、PE2和CE2之间配置BGP,将CE的路由引入PE。
配置步骤请参见配置BGP/MPLS IP VPN示例,此处不再赘述。
完成上述配置后,在CE2上执行display ip routing-table命令,可以看到CE2能够学到CE1接入PE1的接口所在网段(10.1.1.0/24)的路由,但没有到达CE1内部VPN(192.168.1.0/24)的路由。CE1上也存在同样的现象。
[CE2] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 EBGP 255 0 D 10.2.1.2 Vlanif40 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40 10.2.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif40 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif60 192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif60在PE上执行display ip routing-table vpn-instance命令,可以看到PE的VPN实例中有到达对端CE内部VPN的路由。
以PE2的显示为例:
[PE2] display ip routing-table vpn-instance vpn1 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 IBGP 255 0 RD 1.1.1.9 Vlanif30 10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif40 10.2.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif40 192.168.1.0/24 IBGP 255 0 RD 1.1.1.9 Vlanif30 192.168.2.0/24 EBGP 255 0 D 10.2.1.1 Vlanif40在CE2上执行display bgp routing-table peer received-routes命令,可以看到CE2没有接收192.168.1.0/24的路由。
[CE2] display bgp routing-table peer 10.2.1.2 received-routes BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 0 100? 10.2.1.0/24 10.2.1.2 0 0 100? - 配置BGP的AS号替换功能
在PE上配置BGP的AS号替换功能。
# 以PE2上的配置为例。
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit
可以看到PE2向CE2发布的路由中,192.168.1.0/24的AS路径信息由“100 600”变为“100 100”:
Feb 22 2013 16:35:18.670.4-08:00 PE2 RM/6/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : MP_reach : AFI/SAFI 1/1 Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 192.168.1.0/24,
再次查看CE2接收的路由信息和路由表:
[CE2] display bgp routing-table peer 10.2.1.2 received-routes BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 3 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 0 100? 10.2.1.0/24 10.2.1.2 0 0 100? *> 192.168.1.0/24 10.2.1.2 0 100 100? [CE2] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 EBGP 255 0 D 10.2.1.2 Vlanif40 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40 10.2.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif40 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.1/24 EBGP 255 0 D 10.2.1.2 Vlanif40 192.168.2.0/24 Direct 0 0 D 127.0.0.1 Vlanif60 192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif60在PE1上也配置BGP的AS号替换功能后,CE1和CE2能够相互Ping通。
[CE1] ping -a 192.168.1.1 192.168.2.1 PING 192.168.2.1: 56 data bytes, press CTRL_C to break Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=253 time=70 ms --- 192.168.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 66/79/109 ms
配置文件
CE1的配置文件
# sysname CE1 # vlan batch 10 50 # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 # interface Vlanif50 ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 50 # bgp 600 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return
PE1的配置文件
# sysname PE1 # vlan batch 10 20 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface Vlanif10 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Vlanif20 ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 600 peer 10.1.1.1 substitute-as import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 20.1.1.0 0.0.0.255 # return
P的配置文件
# sysname P # vlan batch 20 30 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Vlanif20 ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Vlanif30 ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return
PE2的配置文件
# sysname PE2 # vlan batch 30 40 # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Vlanif30 ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Vlanif40 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 600 peer 10.2.1.1 substitute-as import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 30.1.1.0 0.0.0.255 # return
CE2的配置文件
# sysname CE2 # vlan batch 40 60 # interface Vlanif40 ip address 10.2.1.1 255.255.255.0 # interface Vlanif60 ip address 192.168.2.1 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 60 # bgp 600 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return
