评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置跨域Seamless MPLS+HVPN示例
在Seamless MPLS + HVPN方案中,CSG与AGG之间部署HVPN,同时在AGG到MASG之间部署跨域Seamless MPLS,此类型组网可以同时兼具HVPN和Seamless MPLS的优势。
配置思路
采用如下的思路配置跨域Seamless MPLS+HVPN:
在各个网络层内配置IGP协议,实现各自网络层内互通。
在各个设备上配置MPLS基本能力和MPLS LDP,在各个网络层内建立MPLS LSP。
在汇聚层和核心层内分别建立IBGP邻居,并使能标签路由交换能力,用于交换标签路由。
在AGG ASBR和Core ASBR间建立EBGP邻居,并使能标签路由交换能力,用于跨域交换标签路由。
在CSG以外的设备上配置路由策略建立BGP LSP:在BGP LSP的末节点上,需要为向上游发布的路由分配MPLS标签;在BGP LSP的中间节点上,如果从下游收到带标签的IPv4路由,则需要为其重新分配MPLS标签,然后向上游发布。
在AGG和MASG间建立MP-EBGP邻居,使AGG和MASG之间可以传递VPNv4路由。
在CSG和AGG间建立MP-IBGP邻居,使CSG和AGG之间可以传递VPNv4路由。
在CSG、AGG和MASG上配置VPN实例,用于保存私网路由。
在AGG上配置缺省路由和IP地址前缀列表,使AGG仅向CSG发送一条缺省路由。
数据准备
为完成此配置例,需准备如下的数据:
接入层的OSPF进程号为1,汇聚层的ISIS进程号为1,核心层的OSPF进程号为2
各个设备的MPLS LSR ID分别为1.1.1.1、2.2.2.2、3.3.3.3、4.4.4.4,5.5.5.5
各个设备上配置的路由策略名称为policy1
操作步骤
- 配置各接口的IP地址
按照图5-9配置各接口IP地址和掩码,包括Loopback接口,并使用OSPF和ISIS协议通告各接口所连网段和LSR ID主机路由,具体配置过程略,请参考本配置举例中的配置文件。
- 在各设备上配置全局的MPLS和MPLS LDP能力
# 配置CSG。
[~CSG] mpls lsr-id 1.1.1.1[*CSG] mpls[*CSG-mpls] quit[*CSG] mpls ldp[*CSG-mpls-ldp] quit[*CSG] interface GigabitEthernet 0/1/0
[*CSG-GigabitEthernet0/1/0] mpls
[*CSG-GigabitEthernet0/1/0] mpls ldp
[*CSG-GigabitEthernet0/1/0] quit
[*CSG] commit# 配置AGG。
[~AGG] mpls lsr-id 2.2.2.2[*AGG] mpls[*AGG-mpls] quit[*AGG] mpls ldp[*AGG-mpls-ldp] quit[*AGG] interface GigabitEthernet 0/1/0
[*AGG-GigabitEthernet0/1/0] mpls
[*AGG-GigabitEthernet0/1/0] mpls ldp
[*AGG-GigabitEthernet0/1/0] quit
[*AGG] interface GigabitEthernet 0/2/0
[*AGG-GigabitEthernet0/2/0] mpls
[*AGG-GigabitEthernet0/2/0] mpls ldp
[*AGG-GigabitEthernet0/2/0] quit
[*AGG] commit# 配置AGG ASBR。
[~AGG ASBR] mpls lsr-id 3.3.3.3[*AGG ASBR] mpls[*AGG ASBR-mpls] quit[*AGG ASBR] mpls ldp[*AGG ASBR-mpls-ldp] quit[*AGG ASBR] interface GigabitEthernet 0/1/0
[*AGG ASBR-GigabitEthernet0/1/0] mpls
[*AGG ASBR-GigabitEthernet0/1/0] mpls ldp
[*AGG ASBR-GigabitEthernet0/1/0] quit
[*AGG ASBR] commit# 配置Core ASBR。
[~Core ASBR] mpls lsr-id 4.4.4.4[*Core ASBR] mpls[*Core ASBR-mpls] quit[*Core ASBR] mpls ldp[*Core ASBR-mpls-ldp] quit[*Core ASBR] interface GigabitEthernet 0/2/0
[*Core ASBR-GigabitEthernet0/2/0] mpls
[*Core ASBR-GigabitEthernet0/2/0] mpls ldp
[*Core ASBR-GigabitEthernet0/2/0] quit
[*Core ASBR] commit# 配置MASG。
[~MASG] mpls lsr-id 5.5.5.5[*MASG] mpls[*MASG-mpls] quit[*MASG] mpls ldp[*MASG-mpls-ldp] quit[*MASG] interface GigabitEthernet 0/1/0
[*MASG-GigabitEthernet0/1/0] mpls
[*MASG-GigabitEthernet0/1/0] mpls ldp
[*MASG-GigabitEthernet0/1/0] quit
[*MASG] commit - 在汇聚层和核心层内分别建立IBGP邻居,并使能标签路由交换能力
# 配置AGG。
[~AGG] bgp 100[*AGG-bgp] peer 3.3.3.3 as-number 100[*AGG-bgp] peer 3.3.3.3 connect-interface LoopBack 1[*AGG-bgp] peer 3.3.3.3 label-route-capability[*AGG-bgp] network 2.2.2.2 32[*AGG-bgp] quit[*AGG] commit# 配置AGG ASBR。
[~AGG ASBR] bgp 100[*AGG ASBR-bgp] peer 2.2.2.2 as-number 100[*AGG ASBR-bgp] peer 2.2.2.2 connect-interface LoopBack 1[*AGG ASBR-bgp] peer 2.2.2.2 label-route-capability[*AGG ASBR-bgp] quit[*AGG ASBR] commit# 配置Core ASBR。
[~Core ASBR] bgp 200[*Core ASBR-bgp] peer 5.5.5.5 as-number 200[*Core ASBR-bgp] peer 5.5.5.5 connect-interface LoopBack 1[*Core ASBR-bgp] peer 5.5.5.5 label-route-capability[*Core ASBR-bgp] quit[*Core ASBR] commit# 配置MASG。
[~MASG] bgp 200[*MASG-bgp] peer 4.4.4.4 as-number 200[*MASG-bgp] peer 4.4.4.4 connect-interface LoopBack 1[*MASG-bgp] peer 4.4.4.4 label-route-capability[*MASG-bgp] network 5.5.5.5 32[*MASG-bgp] quit[*MASG] commit - 在AGG ASBR和Core ASBR间建立EBGP邻居,并使能标签路由交换能力
# 配置AGG ASBR。
[~AGG ASBR] interface GigabitEthernet 0/2/0
[~AGG ASBR-GigabitEthernet0/2/0] ip address 10.3.1.1 24
[*AGG ASBR-GigabitEthernet0/2/0] mpls
[*AGG ASBR-GigabitEthernet0/2/0] quit
[*AGG ASBR] bgp 100[*AGG ASBR-bgp] peer 10.3.1.2 as-number 200[*AGG ASBR-bgp] peer 10.3.1.2 label-route-capability check-tunnel-reachable[*AGG ASBR-bgp] quit[*AGG ASBR] commit# 配置Core ASBR。
[~Core ASBR] interface GigabitEthernet 0/1/0
[~Core ASBR-GigabitEthernet0/1/0] ip address 10.3.1.2 24
[*Core ASBR-GigabitEthernet0/1/0] mpls
[*Core ASBR-GigabitEthernet0/1/0] quit
[*Core ASBR] bgp 200[*Core ASBR-bgp] peer 10.3.1.1 as-number 100[*Core ASBR-bgp] peer 10.3.1.1 label-route-capability check-tunnel-reachable[*Core ASBR-bgp] quit[*Core ASBR] commit - 在AGG和MASG间建立MP-EBGP邻居
# 配置AGG。
[~AGG] bgp 100[~AGG-bgp] peer 5.5.5.5 as-number 200[*AGG-bgp] peer 5.5.5.5 connect-interface LoopBack 1[*AGG-bgp] peer 5.5.5.5 ebgp-max-hop 10[*AGG-bgp] ipv4-family vpnv4[*AGG-bgp-af-vpnv4] peer 5.5.5.5 enable[*AGG-bgp-af-vpnv4] quit[*AGG-bgp] quit[*AGG] commit# 配置MASG。
[~MASG] bgp 200[~MASG-bgp] peer 2.2.2.2 as-number 100[*MASG-bgp] peer 2.2.2.2 connect-interface LoopBack 1[*MASG-bgp] peer 2.2.2.2 ebgp-max-hop 10[*MASG-bgp] ipv4-family vpnv4[*MASG-bgp-af-vpnv4] peer 2.2.2.2 enable[*MASG-bgp-af-vpnv4] quit[*MASG-bgp] quit[*MASG] commit - 配置路由策略并建立BGP LSP
# 在AGG上创建路由策略,并向对等体应用路由策略。
<AGG> system-view
[~AGG] route-policy policy1 permit node 1[*AGG-route-policy] apply mpls-label[*AGG-route-policy] quit[*AGG] bgp 100[*AGG-bgp] peer 3.3.3.3 route-policy policy1 export[*AGG-bgp] quit[*AGG] commitMASG上的配置与AGG类似,此处不再详述。
# 在AGG ASBR上创建路由策略,并向对等体应用路由策略。
[~AGG ASBR] route-policy policy1 permit node 1[*AGG ASBR-route-policy] if-match mpls-label[*AGG ASBR-route-policy] apply mpls-label[*AGG ASBR-route-policy] quit[*AGG ASBR] bgp 100[*AGG ASBR-bgp] peer 2.2.2.2 route-policy policy1 export[*AGG ASBR-bgp] peer 10.3.1.2 route-policy policy1 export[*AGG ASBR-bgp] quit[*AGG ASBR] commitCore ASBR上的配置与AGG ASBR类似,此处不再详述。
在AGG或MASG上执行ping lsp命令,可以看到AGG或MASG可以ping通彼此,证明AGG和MASG间的BGP LSP建立成功。以AGG的显示为例:<AGG> ping lsp bgp 5.5.5.5 32
LSP PING FEC: BGP LABLED IPV4 PREFIX 5.5.5.5/32/ : 100 data bytes, press CTRL_C to break Reply from 5.5.5.5: bytes=100 Sequence=1 time=870 ms Reply from 5.5.5.5: bytes=100 Sequence=2 time=40 ms Reply from 5.5.5.5: bytes=100 Sequence=3 time=110 ms Reply from 5.5.5.5: bytes=100 Sequence=4 time=80 ms Reply from 5.5.5.5: bytes=100 Sequence=5 time=110 ms --- FEC: BGP LABLED IPV4 PREFIX 5.5.5.5/32 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/242/870 ms - 在CSG和AGG间建立MP-IBGP邻居
# 配置CSG。
[~CSG] bgp 100[~CSG-bgp] peer 2.2.2.2 as-number 100[*CSG-bgp] peer 2.2.2.2 connect-interface LoopBack 1[*CSG-bgp] network 1.1.1.1 32[*CSG-bgp] ipv4-family vpnv4[*CSG-bgp-af-vpnv4] peer 2.2.2.2 enable[*CSG-bgp-af-vpnv4] quit[*CSG-bgp] quit[*CSG] commit# 配置AGG。
[~AGG] bgp 100[~AGG-bgp] peer 1.1.1.1 as-number 100[*AGG-bgp] peer 1.1.1.1 connect-interface LoopBack 1[*AGG-bgp] ipv4-family vpnv4[*AGG-bgp-af-vpnv4] peer 1.1.1.1 enable[*AGG-bgp] quit[*AGG] commit - 配置VPN实例并绑定接口
# 配置CSG。
[~CSG] ip vpn-instance vpn1[*CSG-vpn-instance-vpn1] ipv4-family[*CSG-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*CSG-vpn-instance-vpn1-af-ipv4] vpn-target 1:1[*CSG-vpn-instance-vpn1-af-ipv4] quit[*CSG-vpn-instance-vpn1] quit[*CSG] interface GigabitEthernet 0/2/0
[*CSG-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[*CSG-GigabitEthernet0/2/0] ip address 10.5.1.1 255.255.255.0
[*CSG-GigabitEthernet0/2/0] quit
[*CSG] bgp 100[*CSG-bgp] ipv4-family vpn-instance vpn1[*CSG-bgp-vpn1] import-route direct[*CSG-bgp-vpn1] quit[*CSG-bgp] quit[*CSG] commit[~CSG] quitMASG上的配置与CSG类似,此处不再详述。
# 配置AGG。
[~AGG] ip vpn-instance vpn1[*AGG-vpn-instance-vpn1] ipv4-family[*AGG-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*AGG-vpn-instance-vpn1-af-ipv4] vpn-target 1:1[*AGG-vpn-instance-vpn1-af-ipv4] quit[*AGG-vpn-instance-vpn1] quit[*AGG] commit - 在AGG上配置缺省路由和IP地址前缀列表,使AGG仅向CSG发送一条缺省路由
[~AGG] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0[*AGG] ip ip-prefix default index 10 permit 0.0.0.0 0[*AGG] bgp 100[*AGG-bgp] ipv4-family vpnv4[*AGG-bgp-af-vpnv4] peer 1.1.1.1 ip-prefix default export[*AGG-bgp-af-vpnv4] quit[*AGG-bgp] ipv4-family vpn-instance vpn1[*AGG-bgp-vpn1] network 0.0.0.0 0[*AGG-bgp-vpn1] quit[*AGG-bgp] quit[*AGG] commit - 检查配置结果
配置完成后,CSG上没有到达MME/SGW的私网路由,但有一条下一跳为AGG的缺省路由,且CSG可以Ping通到达MME/SGW的路由。
以CSG的显示为例:
<CSG> display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table : vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 IBGP 255 0 RD 2.2.2.2 GigabitEthernet0/2/0 10.5.1.0/24 Direct 0 0 D 10.5.1.1 GigabitEthernet0/2/0 10.5.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/2/0 10.5.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/2/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<CSG> ping -vpn-instance vpn1 10.6.1.1
PING 10.6.1.0: 56 data bytes, press CTRL_C to break Reply from 10.6.1.0: bytes=56 Sequence=1 ttl=252 time=6 ms Reply from 10.6.1.0: bytes=56 Sequence=2 ttl=252 time=3 ms Reply from 10.6.1.0: bytes=56 Sequence=3 ttl=252 time=3 ms Reply from 10.6.1.0: bytes=56 Sequence=4 ttl=252 time=4 ms Reply from 10.6.1.0: bytes=56 Sequence=5 ttl=252 time=2 ms --- 10.6.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/3/6 ms
配置文件
CSG的配置文件
# sysname CSG # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.1 # mpls # mpls ldp # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ip address 10.5.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label # return
AGG的配置文件
# sysname AGG # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 2.2.2.2 # mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0000.0010.00 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/2/0 undo shutdown ip address 10.2.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 peer 5.5.5.5 as-number 200 peer 5.5.5.5 ebgp-max-hop 10 peer 5.5.5.5 connect-interface LoopBack1 # ipv4-family unicast network 2.2.2.2 255.255.255.255 peer 1.1.1.1 enable peer 3.3.3.3 enable peer 3.3.3.3 route-policy policy1 export peer 3.3.3.3 label-route-capability peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 ip-prefix default export peer 5.5.5.5 enable # ipv4-family vpn-instance vpn1 network 0.0.0.0 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label # ip ip-prefix default index 10 permit 0.0.0.0 0 # ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0 # return
AGG ASBR的配置文件
# sysname AGG ASBR # mpls lsr-id 3.3.3.3 # mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0000.0020.00 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.2.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/2/0 undo shutdown ip address 10.3.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 10.3.1.2 as-number 200 # ipv4-family unicast peer 2.2.2.2 enable peer 2.2.2.2 route-policy policy1 export peer 2.2.2.2 label-route-capability peer 10.3.1.2 enable peer 10.3.1.2 route-policy policy1 export peer 10.3.1.2 label-route-capability check-tunnel-reachable # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # return
Core ASBR的配置文件
# sysname Core ASBR # mpls lsr-id 4.4.4.4 # mpls # mpls ldp # interface GigabitEthernet0/1/0 undo shutdown ip address 10.3.1.2 255.255.255.0 mpls # interface GigabitEthernet0/2/0 undo shutdown ip address 10.4.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 200 peer 5.5.5.5 as-number 200 peer 5.5.5.5 connect-interface LoopBack1 peer 10.3.1.1 as-number 100 # ipv4-family unicast peer 5.5.5.5 enable peer 5.5.5.5 route-policy policy1 export peer 5.5.5.5 label-route-capability peer 10.3.1.1 enable peer 10.3.1.1 route-policy policy1 export peer 10.3.1.1 label-route-capability check-tunnel-reachable # ospf 2 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 10.4.1.0 0.0.0.255 # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # return
MASG的配置文件
# sysname MASG # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 5.5.5.5 # mpls # mpls ldp # interface GigabitEthernet0/1/0 undo shutdown ip binding vpn-instance vpn1 ip address 10.6.1.1 255.255.255.0 # interface GigabitEthernet0/2/0 undo shutdown ip address 10.4.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # bgp 200 peer 2.2.2.2 as-number 100 peer 2.2.2.2 ebgp-max-hop 10 peer 2.2.2.2 connect-interface LoopBack1 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack1 # ipv4-family unicast network 5.5.5.5 255.255.255.255 peer 2.2.2.2 enable peer 4.4.4.4 enable peer 4.4.4.4 route-policy policy1 export peer 4.4.4.4 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 import-route direct # ospf 2 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 10.4.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label # return
