所选语种没有对应资源,请选择:
企业业务网站
选择区域/语言
Huawei Global - English
技术支持 文档中心
NetEngine 8000 X V800R012C00SPC300 配置指南 - VPN 04
评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
独立标签地址族下配置运营商的运营商示例(LDP为BGP分标签方案)

独立标签地址族下配置运营商的运营商示例(LDP为BGP分标签方案)

一级运营商和二级运营商处于不同的AS中,一级运营商CE与二级运营商PE之间没有建立MP-IBGP关系时,可以通过配置LDP为BGP分标签,使得二级运营商可以提供BGP/MPLS IP VPN服务。

组网需求

图7-51,一级运营商和二级运营商在不同AS中,二级运营商向自己的客户提供BGP/MPLS IP VPN服务:

  • PE1和PE2是一级运营商骨干网的PE设备。

  • CE1和CE2是二级运营商的设备,作为CE接入一级运营商的骨干网。

  • PE3和PE4是二级运营商的设备,为二级运营商的客户提供接入。

  • CE3和CE4是二级运营商的客户。

当二级运营商从一级运营商的设备学习到带标签的公网BGP路由后,通过把这些路由引入到IGP协议之中,LDP就能够为这些路由分配标签,从而在二级运营商的PE之间触发建立完整的LDP LSP。这样就能实现运营商的运营商(跨域)的方案。本节配置举例将使用标签地址族功能配置跨域的BGP LSP,实现运营商的运营商场景下CE3和CE4间的相互通信。

图7-51 运营商的运营商(跨域)配置组网图

本例中interface1、interface2分别代表GE1/0/0、GE2/0/0


配置思路

本例配置主要思路是:

  1. 配置运营商的运营商关键在于理解两类路由的交换过程,即:

    • 二级运营商内部路由在一级运营商骨干网上的交换:一级运营商将二级运营商作为自己的CE接入。

    • 二级运营商外部路由在二级运营商PE设备间的交换:需要在二级运营商PE设备(PE3和PE4)间建立MP-EBGP对等体关系。

  2. 配置跨域运营商的运营商,由于一级运营商PE与一级运营商CE位于不同的AS,它们之间要配置Labeled MP-EBGP,为与CE交换的路由分配标签。

  3. 在一级运营商的CE上将BGP路由引入到IGP。

  4. 在一级运营商的CE上配置LDP为带标签的公网BGP路由分标签的能力。

数据准备

为完成此配置例,需准备如下的数据:

  • 一级运营商的PE和CE以及二级运营商的PE上的MPLS LSR ID
  • 配置IGP协议所需数据
  • PE上创建的VPN实例、路由标志RD及VPN-Target
  • 在一级运营商的CE上配置两个路由策略

操作步骤

  1. 配置一级运营商骨干网的BGP/MPLS IP VPN,使用IS-IS作为骨干网的IGP协议,PE1和PE2之间使能LDP,并建立MP-IBGP对等体关系

    # 配置PE1。

    <~HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] isis 1
[*PE1-isis-1] network-entity 10.0000.0000.0004.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] ip address 3.3.3.9 32
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] mpls lsr-id 3.3.3.9
[*PE1] mpls
[*PE1-mpls] quit
[*PE1] mpls ldp
[*PE1-mpls-ldp] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-Gigabitethernet2/0/0] ip address 30.1.1.1 24
[*PE1-Gigabitethernet2/0/0] isis enable 1
[*PE1-Gigabitethernet2/0/0] mpls
[*PE1-Gigabitethernet2/0/0] mpls ldp
[*PE1-Gigabitethernet2/0/0] quit
[*PE1] bgp 100
[*PE1-bgp] peer 4.4.4.9 as-number 100
[*PE1-bgp] peer 4.4.4.9 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 4.4.4.9 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit

    PE2的配置与PE1类似,配置过程省略。

    配置完成后,在PE1或PE2上执行display mpls ldp session命令可以看到LDP会话建立成功;执行display bgp peer命令可以看到BGP对等体关系已建立,并达到Established状态;执行display isis peer命令可以看到IS-IS邻居关系已建立,状态为UP。

    以PE1的显示为例:

    [~PE1] display mpls ldp session

 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 An asterisk (*) before a session means the session is being deleted.
 --------------------------------------------------------------------------
 PeerID             Status      LAM  SsnRole  SsnAge       KASent/Rcv
 --------------------------------------------------------------------------
 4.4.4.9:0          Operational DU   Passive  0000:17:04   4099/4099
 --------------------------------------------------------------------------
 TOTAL: 1 Session(s) Found.

    [~PE1] display bgp peer

 BGP local router ID : 30.1.1.1
 Local AS number : 100
 Total number of peers : 1                 Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  4.4.4.9         4         100     1186     1183     0 17:05:11 Established        0
    [~PE1] display isis peer
                              Peer information for ISIS(1)
                         
  System Id     Interface                  Circuit Id        State HoldTime Type     PRI
-----------------------------------------------------------------------------------------
0000.0000.0005  GigabitEthernet2/0/0       0000.0000.0004.01  Up   25s      L1(L1L2) 64 
0000.0000.0005  GigabitEthernet2/0/0       0000.0000.0004.01  Up   28s      L2(L1L2) 64 

Total Peer(s): 2

  2. 配置二级运营商网络:使用OSPF作为IGP协议,PE3和CE1、PE4和CE2之间分别使能LDP

    # 配置PE3。

    <~HUAWEI> system-view
[~HUAWEI] sysname PE3
[*HUAWEI] commit
[*PE3] interface loopback 1
[*PE3-LoopBack1] ip address 1.1.1.9 32
[*PE3-LoopBack1] quit
[*PE3] mpls lsr-id 1.1.1.9
[*PE3] mpls
[*PE3-mpls] quit
[*PE3] mpls ldp
[*PE3-mpls-ldp] quit
[*PE3] interface gigabitethernet 2/0/0
[*PE3-Gigabitethernet2/0/0] ip address 40.1.1.1 24
[*PE3-Gigabitethernet2/0/0] mpls
[*PE3-Gigabitethernet2/0/0] mpls ldp
[*PE3-Gigabitethernet2/0/0] commit
[~PE3-Gigabitethernet2/0/0] quit
[~PE3] ospf 1
[*PE3-ospf-1] area 0
[*PE3-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[*PE3-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[*PE3-ospf-1-area-0.0.0.0] commit
[~PE3-ospf-1-area-0.0.0.0] quit
[~PE3-ospf-1] quit

    # 配置CE1。

    <~HUAWEI> system-view
[~HUAWEI] sysname CE1
[*HUAWEI] commit
[*CE1] interface loopback 1
[*CE1-LoopBack1] ip address 2.2.2.9 32
[*CE1-LoopBack1] quit
[*CE1] mpls lsr-id 2.2.2.9
[*CE1] mpls
[*CE1-mpls] quit
[*CE1] mpls ldp
[*CE1-mpls-ldp] quit
[*CE1] interface gigabitethernet 1/0/0
[*CE1-Gigabitethernet1/0/0] ip address 40.1.1.2 24
[*CE1-Gigabitethernet1/0/0] mpls
[*CE1-Gigabitethernet1/0/0] mpls ldp
[*CE1-Gigabitethernet1/0/0] commit
[~CE1-Gigabitethernet1/0/0] quit
[~CE1] ospf 1
[*CE1-ospf-1] area 0
[*CE1-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[*CE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[*CE1-ospf-1-area-0.0.0.0] commit
[~CE1-ospf-1-area-0.0.0.0] quit
[~CE1-ospf-1] quit

    配置完成后,PE3和CE1之间应能建立LDP和OSPF邻居关系。

    PE4和CE2之间的配置与PE3和CE1之间的配置类似,配置过程省略。

  3. 配置一级运营商CE接入到一级运营商的PE,并配置它们之间能够交换标签IPv4路由

    # 配置CE1:能够与PE1交换标签IPv4路由。

    <~CE1> system-view
    [~CE1] interface gigabitethernet 2/0/0
[~CE1-Gigabitethernet2/0/0] ip address 11.1.1.1 24
[*CE1-Gigabitethernet2/0/0] mpls
[*CE1-Gigabitethernet2/0/0] quit
[*CE1] bgp 200
[*CE1-bgp] peer 11.1.1.2 as-number 100
[*CE1-bgp] import-rib public labeled-unicast
[*CE1-bgp] ipv4-family labeled-unicast
[*CE1-bgp-af-ipv4-labeled] import-route ospf 1
[*CE1-bgp-af-ipv4-labeled] peer 11.1.1.2 enable
[*CE1-bgp-af-ipv4-labeled] quit
[*CE1-bgp] commit
[~CE1-bgp] quit
[~CE1] ospf 1
[*CE1-ospf-1] area 0
[*CE1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[*CE1-ospf-1-area-0.0.0.0] commit
[~CE1-ospf-1-area-0.0.0.0] quit
[~CE1-ospf-1] quit

    # 配置PE1:能够与CE1交换标签IPv4路由。

    为了确保转发无问题,VPN实例下只能部署每路由每标签的标签分配方式。

    <~PE1> system-view
    [~PE1] ip vpn-instance vpn1
[*PE1-vpn-instance-vpn1] ipv4-family
[*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
[*PE1-vpn-instance-vpn1-af-ipv4] apply-label per-route
[*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[*PE1-vpn-instance-vpn1-af-ipv4] quit
[*PE1-vpn-instance-vpn1] quit
    [*PE1] interface gigabitethernet 1/0/0
[*PE1-Gigabitethernet1/0/0] ip binding vpn-instance vpn1
[*PE1-Gigabitethernet1/0/0] ip address 11.1.1.2 24
[*PE1-Gigabitethernet1/0/0] mpls
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] bgp 100
[*PE1-bgp] vpn-instance vpn1
[*PE1-bgp-instance-vpn1] peer 11.1.1.1 as-number 200
[*PE1-bgp-instance-vpn1] quit
[*PE1-bgp] ipv4-family vpn-instance vpn1
[*PE1-bgp-vpn1] import-rib vpn-instance vpn1 labeled-unicast
[*PE1-bgp-vpn1] quit
[*PE1-bgp] ipv4-labeled-unicast vpn-instance vpn1
[*PE1-bgp-labeled-vpn1] import-rib vpn-instance vpn1 include-label-route
[*PE1-bgp-labeled-vpn1] peer 11.1.1.1 enable
[*PE1-bgp-labeled-vpn1] quit
[*PE1-bgp] commit
[~PE1-bgp] quit
[~PE1] ospf 1
[*PE1-ospf-1] area 0
[*PE1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[*PE1-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[*PE1-ospf-1-area-0.0.0.0] commit
[~PE1-ospf-1-area-0.0.0.0] quit
[~PE1-ospf-1] quit

    配置完成后,可以看到CE1和PE1之间、CE2和PE2之间建立了BGP对等体关系。

    [~CE1] display bgp peer
     
 BGP local router ID : 30.1.1.1
 Local AS number : 100
 Total number of peers : 1                 Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  4.4.4.9         4         100     1224     1218     0 17:37:18 Established        0

    在CE1上可以查看到从PE4发来的标签路由。

    [~CE1] display bgp labeled routing-table
     
 BGP Local router ID is 40.1.1.2
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 6 
        Network            NextHop                       MED        LocPrf    PrefVal Path/Ogn

 *>     1.1.1.9/32         0.0.0.0                        10                    0       ?
 *>     2.2.2.9/32         0.0.0.0                        0                     0       ?
 *>     5.5.5.9/32         11.1.1.2                                             0      100 300?
 *>     6.6.6.9/32         11.1.1.2                                             0      100 300?
 *>     20.1.1.0/24        11.1.1.2                                             0      100 300?
 *>     40.1.1.0/24        0.0.0.0                        0                     0       ?

    CE2和PE2的配置与CE1和PE1的配置类似,配置过程省略。

  4. 在一级运营商的CE上将BGP路由引入到IGP。

    # 配置CE1

    [~CE1] ospf 1
[*CE1-ospf-1] import-route bgp
[*CE1-ospf-1] commit
[~CE1-ospf-1] quit

    # 配置CE2

    [~CE2] ospf 1
[*CE2-ospf-1] import-route bgp
[*CE2-ospf-1] commit
[~CE2-ospf-1] quit

    配置完成后,在PE3和PE4上执行display ip routing-table命令,可以看到PE3和PE4之间能够互相学习到达对方的路由。

    以PE3的显示为例:

    [~PE3] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route

------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 12       Routes : 12        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        1.1.1.9/32  Direct  0    0             D   127.0.0.1       LoopBack1
        2.2.2.9/32  OSPF    10   1             D   40.1.1.2        GigabitEthernet2/0/0
        5.5.5.9/32  O_ASE   150  1             D   40.1.1.2        GigabitEthernet2/0/0
        6.6.6.9/32  O_ASE   150  1             D   40.1.1.2        GigabitEthernet2/0/0
       20.1.1.0/24  O_ASE   150  1             D   40.1.1.2        GigabitEthernet2/0/0
       40.1.1.0/24  Direct  0    0             D   40.1.1.1        GigabitEthernet2/0/0
       40.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
     40.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

  5. 在一级运营商CE上配置LDP为带标签的公网BGP路由分标签的能力

    # 配置CE1。

    [~CE1] mpls
[*CE1-mpls] lsp-trigger bgp-label-route
[*CE1-mpls] commit
[~CE1-mpls] quit

    # 配置CE2。

    [~CE2] mpls
[*CE2-mpls] lsp-trigger bgp-label-route
[*CE2-mpls] commit
[~CE2-mpls] quit

    并且在CE1和PE4上分别执行display mpls lsp protocol ldp include dest-ip-address mask-length verbose命令,可以看到CE1和PE4上分别建立了LDP Egress LSP和LDP Ingress LSP。

    [~CE1] display mpls lsp protocol ldp include 6.6.6.9 32 verbose
-------------------------------------------------------------------------------
                 LSP Information: LDP LSP
-------------------------------------------------------------------------------
  No                  :  1
  VrfIndex            :  
  Fec                 :  6.6.6.9/32
  Nexthop             :  0.0.0.0
  In-Label            :  32976
  Out-Label           :  NULL
  In-Interface        :  ----------
  Out-Interface       :  ----------
  LspIndex            :  5000004
  Type                :  Primary
  OutSegmentIndex     :  4294967295
  LsrType             :  Egress
  Outgoing TunnelID   :  0x1310041
  Label Operation     :  SWAPPUSH
  Mpls-Mtu            :  ------
  LspAge              :  11957 sec
  Ingress-ELC         :  ------
[~PE4] display mpls lsp protocol ldp include 2.2.2.9 32 verbose
-------------------------------------------------------------------------------
                 LSP Information: LDP LSP
-------------------------------------------------------------------------------
  No                  :  1
  VrfIndex            :  
  Fec                 :  2.2.2.9/32
  Nexthop             :  20.1.1.1
  In-Label            :  NULL
  Out-Label           :  32976
  In-Interface        :  ----------
  Out-Interface       :  GigabitEthernet2/0/0
  LspIndex            :  5000004
  Type                :  Primary
  OutSegmentIndex     :  5000003
  LsrType             :  Ingress
  Outgoing TunnelID   :  0x0
  Label Operation     :  PUSH
  Mpls-Mtu            :  1500
  LspAge              :  11992 sec
  Ingress-ELC         :  Disable

  No                  :  2
  VrfIndex            :  
  Fec                 :  2.2.2.9/32
  Nexthop             :  20.1.1.1
  In-Label            :  32970
  Out-Label           :  32976
  In-Interface        :  ----------
  Out-Interface       :  GigabitEthernet2/0/0
  LspIndex            :  5000004
  Type                :  Primary
  OutSegmentIndex     :  5000003
  LsrType             :  Transit
  Outgoing TunnelID   :  0x0
  Label Operation     :  SWAP
  Mpls-Mtu            :  1500
  LspAge              :  11992 sec
  Ingress-ELC         :  ------

  6. 在二级运营商的PE之间建立MP-EBGP对等体关系,交换二级运营商的客户的VPN路由

    # 配置PE3。

    [~PE3] bgp 200
[*PE3-bgp] peer 6.6.6.9 as-number 300
[*PE3-bgp] peer 6.6.6.9 connect-interface loopback 1
[*PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10
[*PE3-bgp] ipv4-family vpnv4
[*PE3-bgp-af-vpnv4] peer 6.6.6.9 enable
[*PE3-bgp-af-vpnv4] commit
[~PE3-bgp-af-vpnv4] quit
[~PE3-bgp] quit

    # 配置PE4。

    [~PE4] bgp 300
[*PE4-bgp] peer 1.1.1.9 as-number 200
[*PE4-bgp] peer 1.1.1.9 connect-interface loopback 1
[*PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10
[*PE4-bgp] ipv4-family vpnv4
[*PE4-bgp-af-vpnv4] peer 1.1.1.9 enable
[*PE4-bgp-af-vpnv4] commit
[~PE4-bgp-af-vpnv4] quit
[~PE4-bgp] quit

    配置完成后,在PE3和PE4上执行命令,可以看到二级运营商的PE之间的BGP对等体建立成功,状态为“Established”。以PE3的显示为例:

    [~PE3] display bgp vpnv4 all peer

 BGP local router ID : 1.1.1.9
 Local AS number : 200
 Total number of peers : 2                 Peers in established state : 2

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv

  6.6.6.9         4         300        4        6     0 00:02:19 Established   2

  Peer of IPv4-family for vpn instance :
 VPN-Instance vpn1, Router ID 1.1.1.9:
  172.16.1.1      4       65410       84       79     0 01:02:32 Established   3

  7. 配置二级运营商的客户接入到二级运营商的PE

    # 配置CE3。

    [~CE3] interface gigabitethernet 1/0/0
[~CE3-GigabitEthernet1/0/0] ip address 172.16.1.1 24
[*CE3-GigabitEthernet1/0/0] quit
[*CE3] bgp 65410
[*CE3-bgp] peer 172.16.1.2 as-number 200
[*CE3-bgp] import-route direct
[*CE3-bgp] commit
[~CE3-bgp] quit

    # 配置PE3。

    [~PE3] ip vpn-instance vpn1
[*PE3-vpn-instance-vpn1] ipv4-family
[*PE3-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[*PE3-vpn-instance-vpn1-af-ipv4] apply-label per-route
[*PE3-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[*PE3-vpn-instance-vpn1-af-ipv4] quit
[*PE3-vpn-instance-vpn1] quit
    [*PE3] interface gigabitethernet 1/0/0
[*PE3-GigabitEthernet1/0/0] ip binding vpn-instance vpn1
[*PE3-GigabitEthernet1/0/0] ip address 172.16.1.2 24
[*PE3-GigabitEthernet1/0/0] quit
[*PE3] bgp 200
[*PE3-bgp] ipv4-family vpn-instance vpn1
[*PE3-bgp-vpn1] peer 172.16.1.1 as-number 65410
[*PE3-bgp-vpn1] import-route direct
[*PE3-bgp-vpn1] commit
[~PE3-bgp-vpn1] quit
[~PE3-bgp] quit

    配置完成后,CE3和PE3之间的BGP对等体建立成功,状态为“Established”。

    PE4和CE4之间的配置与PE3和CE3之间的配置类似,配置过程省略。

  8. 检查配置结果

    所有配置完成后,在PE1和PE2上执行display ip routing-table命令,可以看到PE1和PE2的公网路由表中只有一级运营商网络的路由。以PE1的显示为例:

    [~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 9        Routes : 9         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        3.3.3.9/32  Direct  0    0             D   127.0.0.1       LoopBack1
        4.4.4.9/32  ISIS-L1 15   10            D   30.1.1.2        GigabitEthernet2/0/0
       30.1.1.0/24  Direct  0    0             D   30.1.1.1        GigabitEthernet2/0/0
       30.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
     30.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

    在PE1和PE2上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有二级运营商网络的内部路由,但没有二级运营商的外部路由。以PE1的显示为例:

    [~PE1] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
         Destinations : 10       Routes : 10        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        1.1.1.9/32  EBGP    255  10            RD  11.1.1.1        GigabitEthernet1/0/0
        2.2.2.9/32  EBGP    255  0             RD  11.1.1.1        GigabitEthernet1/0/0
        5.5.5.9/32  IBGP    255  0             RD  4.4.4.9         GigabitEthernet2/0/0
        6.6.6.9/32  IBGP    255  10            RD  4.4.4.9         GigabitEthernet2/0/0
       11.1.1.0/24  Direct  0    0             D   11.1.1.2        GigabitEthernet1/0/0
       11.1.1.2/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
     11.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
       20.1.1.0/24  IBGP    255  0             RD  4.4.4.9         GigabitEthernet2/0/0
       40.1.1.0/24  EBGP    255  0             RD  11.1.1.1        GigabitEthernet1/0/0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

    在CE1和CE2上执行display ip routing-table命令,可以看到公网路由表中有二级运营商网络内部路由,但没有二级运营商的外部路由。以CE1的显示为例:

    [~CE1] display ip routing-table
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 15       Routes : 15        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        1.1.1.9/32  OSPF    10   1             D   40.1.1.1        GigabitEthernet1/0/0
        2.2.2.9/32  Direct  0    0             D   127.0.0.1       LoopBack1
        5.5.5.9/32  EBGP    255  0             RD  11.1.1.2        GigabitEthernet2/0/0
        6.6.6.9/32  EBGP    255  0             RD  11.1.1.2        GigabitEthernet2/0/0
       11.1.1.0/24  Direct  0    0             D   11.1.1.1        GigabitEthernet2/0/0
       11.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
     11.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
       20.1.1.0/24  EBGP    255  0             RD  11.1.1.2        GigabitEthernet2/0/0
       40.1.1.0/24  Direct  0    0             D   40.1.1.2        GigabitEthernet1/0/0
       40.1.1.2/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
     40.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

    在PE3和PE4上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有远端VPN客户的路由,即,有二级运营商的外部路由。以PE3的显示为例:

    [~PE3] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
         Destinations : 5        Routes : 5         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

     172.16.1.0/24  Direct  0    0             D   172.16.1.2      GigabitEthernet1/0/0
     172.16.1.2/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
   172.16.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet1/0/0
     172.16.2.0/24  EBGP    255  0             RD  6.6.6.9         GigabitEthernet2/0/0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

    PE3和PE4可以相互Ping通:

    [~PE3] ping 6.6.6.9
      PING 6.6.6.9: 56  data bytes, press CTRL_C to break
    Reply from 6.6.6.9: bytes=56 Sequence=1 ttl=251 time=6 ms
    Reply from 6.6.6.9: bytes=56 Sequence=2 ttl=251 time=4 ms
    Reply from 6.6.6.9: bytes=56 Sequence=3 ttl=251 time=4 ms
    Reply from 6.6.6.9: bytes=56 Sequence=4 ttl=251 time=4 ms
    Reply from 6.6.6.9: bytes=56 Sequence=5 ttl=251 time=4 ms

  --- 6.6.6.9 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 4/4/6 ms

    CE3和CE4可以互相Ping通。

    [~CE3] ping 172.16.2.1
  PING 172.16.2.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.2.1: bytes=56 Sequence=1 ttl=251 time=65 ms
    Reply from 172.16.2.1: bytes=56 Sequence=2 ttl=251 time=114 ms
    Reply from 172.16.2.1: bytes=56 Sequence=3 ttl=251 time=80 ms
    Reply from 172.16.2.1: bytes=56 Sequence=4 ttl=251 time=88 ms
    Reply from 172.16.2.1: bytes=56 Sequence=5 ttl=251 time=105 ms
  --- 172.16.2.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
round-trip min/avg/max = 65/90/114 ms

配置文件

  • CE3的配置文件

    #
 sysname CE3
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.1.1 255.255.255.0
#
bgp 65410
 peer 172.16.1.2 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.1.2 enable
#
Return

  • PE3的配置文件

    #
sysname PE3
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 100:1
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
#
mpls
#               
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 40.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 1.1.1.9 255.255.255.255
#
bgp 200
 peer 6.6.6.9 as-number 300
 peer 6.6.6.9 ebgp-max-hop 10
 peer 6.6.6.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 6.6.6.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 6.6.6.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 172.16.1.1 as-number 65410
#
ospf 1
 area 0.0.0.0
  network 1.1.1.9 0.0.0.0
  network 40.1.1.0 0.0.0.255
#
return

  • CE1的配置文件

    #
sysname CE1
#
mpls lsr-id 2.2.2.9
#
mpls
 lsp-trigger bgp-label-route 
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 40.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 11.1.1.1 255.255.255.0
 mpls
#
interface LoopBack1
 ip address 2.2.2.9 255.255.255.255
#
bgp 200
 peer 11.1.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-rib public labeled-unicast 
  peer 11.1.1.2 enable
 #
 ipv4-family labeled-unicast
  import-route ospf 1
  peer 11.1.1.2 enable
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 40.1.1.0 0.0.0.255
  network 11.1.1.0 0.0.0.255

#
return

  • PE1的配置文件

    #
sysname PE1
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 200:1
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
#
mpls
#               
mpls ldp
#
isis 1
 network-entity 10.0000.0000.0004.00
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 11.1.1.2 255.255.255.0
 mpls
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 30.1.1.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 3.3.3.9 255.255.255.255
 isis enable 1
#
bgp 100
 peer 4.4.4.9 as-number 100
 peer 4.4.4.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.9 enable
 #
 vpn-instance vpn1
  peer 11.1.1.1 as-number 200
 #
 ipv4-family vpn-instance vpn1
  import-rib vpn-instance vpn1 labeled-unicast 
 #
 ipv4-labeled-unicast vpn-instance vpn1
  import-rib vpn-instance vpn1 include-label-route
  peer 11.1.1.1 enable
#
ospf 1
 area 0.0.0.0
  network 3.3.3.9 0.0.0.0
  network 11.1.1.0 0.0.0.255
#
return

  • PE2的配置文件

    #
sysname PE2
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 200:2
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
#
mpls
#               
mpls ldp
#
isis 1
 network-entity 10.0000.0000.0005.00
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 30.1.1.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 21.1.1.1 255.255.255.0
 mpls
#
interface LoopBack1
 ip address 4.4.4.9 255.255.255.255
 isis enable 1  
#
bgp 100
 peer 3.3.3.9 as-number 100
 peer 3.3.3.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.9 enable
 #
 vpn-instance vpn1
  peer 21.1.1.2 as-number 300
 #              
 ipv4-family vpn-instance vpn1
  import-rib vpn-instance vpn1 labeled-unicast 
 #
 ipv4-labeled-unicast vpn-instance vpn1
  import-rib vpn-instance vpn1 include-label-route
  peer 21.1.1.2 enable
#
ospf 1
 area 0.0.0.0
  network 4.4.4.9 0.0.0.0
  network 21.1.1.0 0.0.0.255

#
return

  • CE2的配置文件

    #
sysname CE2
#
mpls lsr-id 5.5.5.9
#
mpls
 lsp-trigger bgp-label-route 
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 21.1.1.2 255.255.255.0
 mpls
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 20.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 5.5.5.9 255.255.255.255
#
bgp 300
 peer 21.1.1.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-rib public labeled-unicast 
  peer 21.1.1.1 enable
 #
 ipv4-family labeled-unicast
  import-route ospf 1
  peer 21.1.1.1 enable
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 5.5.5.9 0.0.0.0
  network 20.1.1.0 0.0.0.255
  network 21.1.1.0 0.0.0.255
#
return

  • PE4的配置文件

    #
sysname PE4
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 100:2
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 6.6.6.9
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 172.16.2.2 255.255.255.0
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 20.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 6.6.6.9 255.255.255.255
#
bgp 300
 peer 1.1.1.9 as-number 200
 peer 1.1.1.9 ebgp-max-hop 10
 peer 1.1.1.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 172.16.2.1 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 6.6.6.9 0.0.0.0
  network 20.1.1.0 0.0.0.255
#
return

  • CE4的配置文件

    #
 sysname CE4
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.2.1 255.255.255.0
#
bgp 65420
 peer 172.16.2.2 as-number 300
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.2.2 enable
#
return
翻译
English
下载文档
更新时间:2020-06-20

文档编号:EDOC1100143312

浏览量:60880

下载量:128

平均得分:
本文档适用于这些产品

相关版本

相关文档

分享
上一页 下一页
华为亿家APP下载 华为亿家APP下载

版权所有 © 华为技术有限公司 1998-2022。 保留一切权利。粤A2-20044005号

您正离开华为站点,前往: