所选语种没有对应资源,请选择:
企业业务网站
选择区域/语言
Huawei Global - English
技术支持 文档中心
NetEngine 8000 X V800R012C00SPC300 配置指南 - VPN 04
评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置运营商的运营商方案二示例(LDP为BGP分标签方案)

配置运营商的运营商方案二示例(LDP为BGP分标签方案)

一级运营商和二级运营商处于不同的AS中,一级运营商CE与二级运营商PE之间没有建立MP-IBGP关系时,可以通过配置LDP为BGP分标签,使得二级运营商可以提供BGP/MPLS IP VPN服务。

组网需求

图7-49,一级运营商和二级运营商在不同AS中,二级运营商向自己的客户提供BGP/MPLS IP VPN服务。

当二级运营商从一级运营商的设备学习到带标签的公网BGP路由后,通过把这些路由引入到IGP协议之中,LDP就能够为这些路由分配标签,从而在二级运营商的PE之间触发建立完整的LDP LSP。这样就能实现运营商的运营商(跨域)的方案。

图7-49 配置运营商的运营商方案二配置组网图

本例中interface1、interface2分别代表GE1/0/0、GE2/0/0



配置思路

本例配置主要思路是:

  1. 配置运营商的运营商关键在于理解两类路由的交换过程,即:

    • 二级运营商内部路由在一级运营商骨干网上的交换:一级运营商将二级运营商作为自己的CE接入。

    • 二级运营商外部路由在二级运营商PE设备间的交换:需要在二级运营商PE设备(PE3和PE4)间建立MP-EBGP对等体关系。

  2. 配置跨域运营商的运营商,由于一级运营商PE与一级运营商CE位于不同的AS,它们之间要配置Labeled MP-EBGP,为与CE交换的路由分配标签。

  3. 在一级运营商的CE上将BGP路由引入到IGP。

  4. 在一级运营商的CE上配置LDP为带标签的公网BGP路由分标签的能力。

数据准备

为完成此配置例,需准备如下的数据:

  • 一级运营商的PE和CE以及二级运营商的PE上的MPLS LSR ID
  • 配置IGP协议所需数据
  • PE上创建的VPN实例、路由标志RD及VPN-Target
  • 在一级运营商的CE上配置两个路由策略

操作步骤

  1. 配置一级运营商骨干网的BGP/MPLS IP VPN,使用IS-IS作为骨干网的IGP协议,PE1和PE2之间使能LDP,并建立MP-IBGP对等体关系

    # 配置PE1。

    <~HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 3.3.3.9 32
[*PE1-LoopBack1] quit
[*PE1] mpls lsr-id 3.3.3.9
[*PE1] mpls
[*PE1-mpls] quit
[*PE1] mpls ldp
[*PE1-mpls-ldp] quit
[*PE1] isis 1
[*PE1-isis-1] network-entity 10.0000.0000.0004.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-Gigabitethernet2/0/0] ip address 30.1.1.1 24
[*PE1-Gigabitethernet2/0/0] isis enable 1
[*PE1-Gigabitethernet2/0/0] mpls
[*PE1-Gigabitethernet2/0/0] mpls ldp
[*PE1-Gigabitethernet2/0/0] quit
[*PE1] bgp 100
[*PE1-bgp] peer 4.4.4.9 as-number 100
[*PE1-bgp] peer 4.4.4.9 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 4.4.4.9 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit

    PE2的配置与PE1类似,配置过程省略。

    配置完成后,在PE1或PE2上执行display mpls ldp session命令可以看到LDP会话建立成功;执行display bgp peer命令可以看到BGP对等体关系已建立,并达到Established状态;执行display isis peer命令可以看到IS-IS邻居关系已建立,状态为UP。

    以PE1的显示为例:

    [~PE1] display mpls ldp session

 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted.
 ----------------------------------------------------------------
 PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
 ----------------------------------------------------------------
 4.4.4.9:0          Operational DU   Active   0000:00:01  8/8
 ----------------------------------------------------------------
 TOTAL: 1 session(s) Found


    [~PE1] display bgp peer

 BGP local router ID : 3.3.3.9
 Local AS number : 100
 Total number of peers : 1          Peers in established state : 1

  Peer        V   AS  MsgRcvd  MsgSent  OutQ  Up/Down    State         PrefRcv
  4.4.4.9     4   100    7        8        0  00:02:47   Established   0
    [~PE1] display isis peer
                              Peer information for ISIS(1)

  System Id     Interface          Circuit Id       State HoldTime Type     PRI
-------------------------------------------------------------------------------
0000.0000.0005  Gigabitethernet2/0/0           0000.0000.0005.01 Up   7s       L1(L1L2) 64
0000.0000.0005  Gigabitethernet2/0/0           0000.0000.0005.01 Up   7s       L2(L1L2) 64

Total Peer(s): 2

  2. 配置二级运营商网络:使用OSPF作为IGP协议,PE3和CE1、PE4和CE2之间分别使能LDP

    # 配置PE3。

    <~HUAWEI> system-view
    [~HUAWEI] sysname PE3
    [*HUAWEI] commit
    [~PE3] interface loopback 1
    [*PE3-LoopBack1] ip address 1.1.1.9 32
    [*PE3-LoopBack1] quit
    [*PE3] mpls lsr-id 1.1.1.9
    [*PE3] mpls
    [*PE3-mpls] quit
    [*PE3] mpls ldp
    [*PE3-mpls-ldp] quit
    [*PE3] interface gigabitethernet 2/0/0
    [*PE3-GigabitEthernet2/0/0] ip address 40.1.1.1 24
    [*PE3-GigabitEthernet2/0/0] mpls
    [*PE3-GigabitEthernet2/0/0] mpls ldp
    [*PE3-GigabitEthernet2/0/0] commit
    [~PE3-GigabitEthernet2/0/0] quit
    [~PE3] ospf 1
    [*PE3-ospf-1] area 0
    [*PE3-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
    [*PE3-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE3-ospf-1-area-0.0.0.0] commit
    [~PE3-ospf-1-area-0.0.0.0] quit
    [~PE3-ospf-1] quit

    # 配置CE1。

    <~HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] interface loopback 1
    [*CE1-LoopBack1] ip address 2.2.2.9 32
    [*CE1-LoopBack1] quit
    [*CE1] mpls lsr-id 2.2.2.9
    [*CE1] mpls
    [*CE1-mpls] quit
    [*CE1] mpls ldp
    [*CE1-mpls-ldp] quit
    [*CE1] interface gigabitethernet 1/0/0
    [*CE1-Gigabitethernet1/0/0] ip address 40.1.1.2 24
    [*CE1-Gigabitethernet1/0/0] mpls
    [*CE1-Gigabitethernet1/0/0] mpls ldp
    [*CE1-Gigabitethernet1/0/0] commit
    [~CE1-Gigabitethernet1/0/0] quit
    [~CE1] ospf 1
    [*CE1-ospf-1] area 0
    [*CE1-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
    [*CE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
    [*CE1-ospf-1-area-0.0.0.0] commit
    [~CE1-ospf-1-area-0.0.0.0] quit
    [~CE1-ospf-1] quit

    配置完成后,PE3和CE1之间应能建立LDP和OSPF邻居关系。

    PE4和CE2之间的配置与PE3和CE1之间的配置类似,配置过程省略。

  3. 配置一级运营商CE接入到一级运营商的PE,并配置它们之间能够交换标签IPv4路由

    # 配置CE1:能够与PE1交换标签IPv4路由。

    <~CE1> system-view
    [~CE1] interface gigabitethernet 2/0/0
[*CE1-Gigabitethernet2/0/0] ip address 11.1.1.1 24
[*CE1-Gigabitethernet2/0/0] mpls
[*CE1-Gigabitethernet2/0/0] quit
[*CE1] route-policy policy1 permit node 1
[*CE1-route-policy] apply mpls-label
[*CE1-route-policy] quit
[*CE1] bgp 200
[*CE1-bgp] peer 11.1.1.2 as-number 100
[*CE1-bgp] peer 11.1.1.2 route-policy policy1 export
[*CE1-bgp] peer 11.1.1.2 label-route-capability
[*CE1-bgp] import-route ospf 1
[*CE1-bgp] commit
[~CE1-bgp] quit
[~CE1] ospf 1
[*CE1-ospf-1] area 0
[*CE1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[*CE1-ospf-1-area-0.0.0.0] commit
[~CE1-ospf-1-area-0.0.0.0] quit
[~CE1-ospf-1] quit

    # 配置PE1:能够与CE1交换标签IPv4路由。

    为了确保转发无问题,VPN实例下只能部署每路由每标签的标签分配方式。

    <~PE1> system-view
    [~PE1] ip vpn-instance vpn1
[*PE1-vpn-instance-vpn1] ipv4-family
[*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
[*PE1-vpn-instance-vpn1-af-ipv4] apply-label per-route
[*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[*PE1-vpn-instance-vpn1-af-ipv4] quit
[*PE1-vpn-instance-vpn1] quit
    [*PE1] interface gigabitethernet 1/0/0
[*PE1-Gigabitethernet1/0/0] ip binding vpn-instance vpn1
[*PE1-Gigabitethernet1/0/0] ip address 11.1.1.2 24
[*PE1-Gigabitethernet1/0/0] mpls
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] route-policy policy1 permit node 1
[*PE1-route-policy] apply mpls-label
[*PE1-route-policy] quit
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpn-instance vpn1
[*PE1-bgp-vpn1] peer 11.1.1.1 as-number 200
[*PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export
[*PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability
[*PE1-bgp-vpn1] import-route direct
[*PE1-bgp-vpn1] commit
[~PE1-bgp-vpn1] quit
[~PE1-bgp] quit
    [~PE1] ospf 1
[*PE1-ospf-1] area 0
[*PE1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[*PE1-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[*PE1-ospf-1-area-0.0.0.0] commit
[~PE1-ospf-1-area-0.0.0.0] quit
[~PE1-ospf-1] quit

    配置完成后,可以看到CE1和PE1之间、CE2和PE2之间建立了BGP对等体关系。

    [~CE1] display bgp peer

 BGP local router ID : 2.2.2.9
 Local AS number : 200
 Total number of peers : 1                 Peers in established state : 1

  Peer         V   AS   MsgRcvd  MsgSent  OutQ  Up/Down    State        PrefRcv
  11.1.1.2     4   100     210      225     0   03:31:49   Established      7

    CE2和PE2的配置与CE1和PE1的配置类似,配置过程省略。

  4. 在一级运营商的CE上将BGP路由引入到IGP。

    # 配置CE1

    [~CE1] ospf 1
[*CE1-ospf-1] import-route bgp
[*CE1-ospf-1] commit
[~CE1-ospf-1] quit

    # 配置CE2

    [~CE2] ospf 1
[*CE2-ospf-1] import-route bgp
[*CE2-ospf-1] commit
[~CE2-ospf-1] quit

    配置完成后,在PE3和PE4上执行display ip routing-table命令,可以看到PE3和PE4之间能够互相学习到达对方的路由。

    以PE3的显示为例:

    [~PE3] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12

Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface

    1.1.1.9/32      Direct 0    0           D  127.0.0.1       LoopBack1
    2.2.2.9/32      OSPF   10   1           D   40.1.1.2       Gigabitethernet2/0/0
    5.5.5.9/32      O_ASE  150  1           D   40.1.1.2       Gigabitethernet2/0/0
    6.6.6.9/32      O_ASE  150  1           D   40.1.1.2       Gigabitethernet2/0/0
   11.1.1.0/32      OSPF   10   2           D   40.1.1.2       Gigabitethernet2/0/0
   40.1.1.0/24      Direct 0    0           D   40.1.1.1       Gigabitethernet2/0/0
   40.1.1.1/32      Direct 0    0           D  127.0.0.1       Gigabitethernet2/0/0
   40.1.1.2/32      Direct 0    0           D   40.1.1.2       Gigabitethernet2/0/0
   20.1.1.0/24      O_ASE  150  1           D   40.1.1.2       Gigabitethernet2/0/0
   21.1.1.0/24      O_ASE  150  1           D   40.1.1.2       Gigabitethernet2/0/0
   21.1.1.2/32      OSPF   10   5           D   40.1.1.2       Gigabitethernet2/0/0
  127.0.0.0/8       Direct 0    0           D  127.0.0.1       InLoopBack0
  127.0.0.1/32      Direct 0    0           D  127.0.0.1       InLoopBack0

  5. 在一级运营商CE上配置LDP为带标签的公网BGP路由分标签的能力

    # 配置CE1。

    [~CE1] mpls
[*CE1-mpls] lsp-trigger bgp-label-route
[*CE1-mpls] commit
[~CE1-mpls] quit

    # 配置CE2。

    [~CE2] mpls
[*CE2-mpls] lsp-trigger bgp-label-route
[*CE2-mpls] commit
[~CE2-mpls] quit

    配置完成后,在CE1上执行display ip routing-table dest-ip-address verbose命令,可以看到CE1到PE4的路由为带标签的公网BGP路由:Routing Table为“Public”,协议类型为“BGP”,标签值不为零。

    以CE1的显示为例:

    [~CE1] display ip routing-table 6.6.6.9 verbose
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1

Destination: 6.6.6.9/32
     Protocol: EBGP            Process ID: 0
   Preference: 255                   Cost: 0
      NextHop: 11.1.1.2         Neighbour: 11.1.1.2
        State: Active Adv             Age: 00h38m36s
          Tag: 0                 Priority: low
        Label: 3079               QoSInfo: 0x0
   IndirectID: 0x0
 RelayNextHop: 0.0.0.0          Interface: Gigabitethernet2/0/0
     TunnelID: 0x1408007            Flags:  D 

       IndirectID: 0x0  
     RelayNextHop: 0.0.0.0          Interface: Gigabitethernet2/0/0
     TunnelID: 0x6002006            Flags: D

    并且在CE1和PE4上分别执行display mpls lsp protocol ldp include dest-ip-address mask-length verbose命令,可以看到CE1和PE4上分别建立了LDP Egress LSP和LDP Ingress LSP。

    [~CE1] display mpls lsp protocol ldp include 6.6.6.9 32 verbose
----------------------------------------------------------------------
                 LSP Information: LDP LSP
----------------------------------------------------------------------
  No                  :  1
  VrfIndex            :
  Fec                 :  6.6.6.9/32
  Nexthop             :  11.1.1.2
  In-Label            :  1027
  Out-Label           :  NULL
  In-Interface        :  ----------
  Out-Interface       :  ----------
  LspIndex            :  10247
  Token               :  0x0
  FrrToken            :  0x0
  LsrType             :  Egress
  Outgoing token      :  0x6002006
  Label Operation     :  POPGO
  Mpls-Mtu            :  ------
  TimeStamp           :  6130sec
  Bfd-State           :  ---
  BGPKey              :  ---
[PE4] display mpls lsp protocol ldp include 2.2.2.9 32 verbose
-------------------------------------------------------------------------------
                 LSP Information: LDP LSP
-------------------------------------------------------------------------------
  No                  :  1
  VrfIndex            :
  Fec                 :  2.2.2.9/32
  Nexthop             :  20.1.1.1
  In-Label            :  NULL
  Out-Label           :  1024
  In-Interface        :  ----------
  Out-Interface       :  Gigabitethernet2/0/0
  LspIndex            :  123904
  Token               :  0x100800f
  FrrToken            :  0x0
  LsrType             :  Ingress
  Outgoing token      :  0x0
  Label Operation     :  PUSH
  Mpls-Mtu            :  1500
  TimeStamp           :  105sec
  Bfd-State           :  ---
  BGPKey              :  ---

  No                  :  2
  VrfIndex            :
  Fec                 :  2.2.2.9/32
  Nexthop             :  20.1.1.1
  In-Label            :  1024
  Out-Label           :  1024
  In-Interface        :  ----------
  Out-Interface       :  Gigabitethernet2/0/0
  LspIndex            :  123905
  Token               :  0x1008010
  FrrToken            :  0x0
  LsrType             :  Transit
  Outgoing token      :  0x0
  Label Operation     :  SWAP
  Mpls-Mtu            :  1500
  TimeStamp           :  105sec
  Bfd-State           :  --- 
  BGPKey              :  ---

  6. 在二级运营商的PE之间建立MP-EBGP对等体关系,交换二级运营商的客户的VPN路由

    # 配置PE3。

    [~PE3] bgp 200
[*PE3-bgp] peer 6.6.6.9 as-number 300
[*PE3-bgp] peer 6.6.6.9 connect-interface loopback 1
[*PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10
[*PE3-bgp] ipv4-family vpnv4
[*PE3-bgp-af-vpnv4] peer 6.6.6.9 enable
[*PE3-bgp-af-vpnv4] commit
[~PE3-bgp-af-vpnv4] quit
[~PE3-bgp] quit

    # 配置PE4。

    [~PE4] bgp 300
[*PE4-bgp] peer 1.1.1.9 as-number 200
[*PE4-bgp] peer 1.1.1.9 connect-interface loopback 1
[*PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10
[*PE4-bgp] ipv4-family vpnv4
[*PE4-bgp-af-vpnv4] peer 1.1.1.9 enable
[*PE4-bgp-af-vpnv4] commit
[~PE4-bgp-af-vpnv4] quit
[~PE4-bgp] quit

    配置完成后,在PE3和PE4上执行命令,可以看到二级运营商的PE之间的BGP对等体建立成功,状态为“Established”。以PE3的显示为例:

    [~PE3] display bgp vpnv4 all peer

 BGP local router ID : 1.1.1.9
 Local AS number : 200
 Total number of peers : 2                 Peers in established state : 2

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv

  6.6.6.9         4         300        4        6     0 00:02:19 Established   2

  Peer of IPv4-family for vpn instance :
 VPN-Instance vpn1, Router ID 1.1.1.9:
  172.16.1.1      4       65410       84       79     0 01:02:32 Established   3

  7. 配置二级运营商的客户接入到二级运营商的PE

    # 配置CE3。

    [~CE3] interface gigabitethernet 1/0/0
[*CE3-GigabitEthernet1/0/0] ip address 172.16.1.1 24
[*CE3-GigabitEthernet1/0/0] quit
[*CE3] bgp 65410
[*CE3-bgp] peer 172.16.1.2 as-number 200
[*CE3-bgp] import-route direct
[*CE3-bgp] commit
[~CE3-bgp] quit

    # 配置PE3。

    [~PE3] ip vpn-instance vpn1
[*PE3-vpn-instance-vpn1] ipv4-family
[*PE3-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[*PE3-vpn-instance-vpn1-af-ipv4] apply-label per-route
[*PE3-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[*PE3-vpn-instance-vpn1-af-ipv4] quit
[*PE3-vpn-instance-vpn1] quit
    [*PE3] interface gigabitethernet 1/0/0
[*PE3-GigabitEthernet1/0/0] ip binding vpn-instance vpn1
[*PE3-GigabitEthernet1/0/0] ip address 172.16.1.2 24
[*PE3-GigabitEthernet1/0/0] quit
[*PE3] bgp 200
[*PE3-bgp] ipv4-family vpn-instance vpn1
[*PE3-bgp-vpn1] peer 172.16.1.1 as-number 65410
[*PE3-bgp-vpn1] import-route direct
[*PE3-bgp-vpn1] commit
[~PE3-bgp-vpn1] quit
[~PE3-bgp] quit

    配置完成后,CE3和PE3之间的BGP对等体建立成功,状态为“Established”。

    PE4和CE4之间的配置与PE3和CE3之间的配置类似,配置过程省略。

  8. 检查配置结果

    所有配置完成后,在PE1和PE2上执行display ip routing-table命令,可以看到PE1和PE2的公网路由表中只有一级运营商网络的路由。以PE1的显示为例:

    [~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
    3.3.3.9/32      Direct 0    0           D  127.0.0.1       LoopBack1
    4.4.4.9/32      ISIS   15   10          D   30.1.1.2       Gigabitethernet2/0/0
   30.1.1.0/24      Direct 0    0           D   30.1.1.1       Gigabitethernet2/0/0
   30.1.1.1/32      Direct 0    0           D  127.0.0.1       Gigabitethernet2/0/0
   30.1.1.2/32      Direct 0    0           D   30.1.1.2       Gigabitethernet2/0/0
  127.0.0.0/8       Direct 0    0           D  127.0.0.1       InLoopBack0
  127.0.0.1/32      Direct 0    0           D  127.0.0.1       InLoopBack0

    在PE1和PE2上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有二级运营商网络的内部路由,但没有二级运营商的外部路由。以PE1的显示为例:

    [~PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Tables: vpn1
         Destinations : 11       Routes : 11
Destination/Mask    Proto  Pre  Cost     Flags  NextHop         Interface
    1.1.1.9/32      EBGP   255  10          D   11.1.1.1        Gigabitethernet1/0/0
    2.2.2.9/32      EBGP   255  0           D   11.1.1.1        Gigabitethernet1/0/0
    5.5.5.9/32      IBGP   255  0           RD   4.4.4.9        Gigabitethernet2/0/0
    6.6.6.9/32      IBGP   255  10          RD   4.4.4.9        Gigabitethernet2/0/0
   40.1.1.0/24      EBGP   255  0           D   11.1.1.1        Gigabitethernet1/0/0
   11.1.1.0/24      Direct 0    0           D   11.1.1.2        Gigabitethernet1/0/0
   11.1.1.1/32      Direct 0    0           D   11.1.1.1        Gigabitethernet1/0/0
   11.1.1.2/32      Direct 0    0           D  127.0.0.1        Gigabitethernet1/0/0
   20.1.1.0/24      IBGP   255  0           RD   4.4.4.9        Gigabitethernet2/0/0
   21.1.1.0/24      IBGP   255  0           RD   4.4.4.9        Gigabitethernet2/0/0
   21.1.1.2/32      IBGP   255  0           RD   4.4.4.9        Gigabitethernet2/0/0

    在CE1和CE2上执行display ip routing-table命令,可以看到公网路由表中有二级运营商网络内部路由,但没有二级运营商的外部路由。以CE1的显示为例:

    [~CE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 15       Routes : 15
Destination/Mask    Proto  Pre  Cost     Flags  NextHop         Interface
    1.1.1.9/32      OSPF   10   1           D   40.1.1.1        Gigabitethernet1/0/0
    2.2.2.9/32      Direct 0    0           D  127.0.0.1        LoopBack1
    5.5.5.9/32      EBGP   255  0           D   11.1.1.2        Gigabitethernet2/0/0
    6.6.6.9/32      EBGP   255  0           D   11.1.1.2        Gigabitethernet2/0/0
   40.1.1.0/24      Direct 0    0           D   40.1.1.2        Gigabitethernet1/0/0
   40.1.1.1/32      Direct 0    0           D   40.1.1.1        Gigabitethernet1/0/0
   40.1.1.2/32      Direct 0    0           D  127.0.0.1        Gigabitethernet1/0/0
   11.1.1.0/24      Direct 0    0           D   11.1.1.1        Gigabitethernet2/0/0
   11.1.1.1/32      Direct 0    0           D  127.0.0.1        Gigabitethernet2/0/0
   11.1.1.2/32      Direct 0    0           D   11.1.1.2        Gigabitethernet2/0/0
   20.1.1.0/24      EBGP   255  0           D   11.1.1.2        Gigabitethernet2/0/0
   21.1.1.0/24      EBGP   255  0           D   11.1.1.2        Gigabitethernet2/0/0
   21.1.1.2/32      EBGP   255  0           D   11.1.1.2        Gigabitethernet2/0/0
  127.0.0.0/8       Direct 0    0           D  127.0.0.1        InLoopBack0
  127.0.0.1/32      Direct 0    0           D  127.0.0.1        InLoopBack0

    在PE3和PE4上执行display ip routing-table vpn-instance命令,可以看到VPN路由表中有远端VPN客户的路由,即,有二级运营商的外部路由。以PE3的显示为例:

    [~PE3] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Tables: vpn1
         Destinations : 3        Routes : 3
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
  172.16.1.0/24     Direct 0    0           D  172.16.1.2      GigabitEthernet1/0/0
  172.16.1.2/32     Direct 0    0           D  127.0.0.1       GigabitEthernet1/0/0
  172.16.2.0/24     EBGP   255  0           RD   6.6.6.9       Gigabitethernet2/0/0

    PE3和PE4可以相互Ping通:

    [~PE3] ping 20.1.1.2
  PING 20.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=251 time=116 ms
    Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=251 time=92 ms
    Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=251 time=118 ms
    Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=251 time=103 ms
    Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=251 time=121 ms
  --- 20.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 92/110/121 ms

    CE3和CE4可以互相Ping通。

    [~CE3] ping 172.16.2.1
  PING 172.16.2.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.2.1: bytes=56 Sequence=1 ttl=251 time=65 ms
    Reply from 172.16.2.1: bytes=56 Sequence=2 ttl=251 time=114 ms
    Reply from 172.16.2.1: bytes=56 Sequence=3 ttl=251 time=80 ms
    Reply from 172.16.2.1: bytes=56 Sequence=4 ttl=251 time=88 ms
    Reply from 172.16.2.1: bytes=56 Sequence=5 ttl=251 time=105 ms
  --- 172.16.2.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
round-trip min/avg/max = 65/90/114 ms

配置文件

  • CE3的配置文件

    #
 sysname CE3
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.1.1 255.255.255.0
#
bgp 65410
 peer 172.16.1.2 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.1.2 enable
#
Return

  • PE3的配置文件

    #
 sysname PE3
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 100:1
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 172.16.1.2 255.255.255.0
#
interface Gigabitethernet2/0/0
 undo shutdown
 ip address 40.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 1.1.1.9 255.255.255.255
#
bgp 200
 peer 6.6.6.9 as-number 300
 peer 6.6.6.9 ebgp-max-hop 10
 peer 6.6.6.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 6.6.6.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 6.6.6.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 172.16.1.1 as-number 65410
#
ospf 1
 area 0.0.0.0
  network 1.1.1.9 0.0.0.0
  network 40.1.1.0 0.0.0.255
#
return

  • CE1的配置文件

    #
 sysname CE1
#
mpls lsr-id 2.2.2.9
 mpls
  lsp-trigger bgp-label-route
#
mpls ldp
#
interface Gigabitethernet1/0/0
 undo shutdown
 ip address 40.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface Gigabitethernet2/0/0
 undo shutdown
 ip address 11.1.1.1 255.255.255.0
 mpls
#
interface LoopBack1
 ip address 2.2.2.9 255.255.255.255
#
bgp 200
 peer 11.1.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route ospf 1
  peer 11.1.1.2 enable
  peer 11.1.1.2 route-policy policy1 export
  peer 11.1.1.2 label-route-capability
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 40.1.1.0 0.0.0.255
  network 11.1.1.0 0.0.0.255
#
route-policy policy1 permit node 1
 apply mpls-label
#
return

  • PE1的配置文件

    #
 sysname PE1
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 200:1
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
#
mpls
#
mpls ldp
#
isis 1
 network-entity 10.0000.0000.0004.00
#
interface Gigabitethernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 11.1.1.2 255.255.255.0
 mpls
#
interface Gigabitethernet2/0/0
 undo shutdown
 ip address 30.1.1.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 3.3.3.9 255.255.255.255
 isis enable 1
#
bgp 100
 peer 4.4.4.9 as-number 100
 peer 4.4.4.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 11.1.1.1 as-number 200
  peer 11.1.1.1 route-policy policy1 export
  peer 11.1.1.1 label-route-capability
#
ospf 1
 area 0.0.0.0
  network 3.3.3.9 0.0.0.0
  network 11.1.1.0 0.0.0.255
#
route-policy policy1 permit node 1
 apply mpls-label
#
return

  • PE2的配置文件

    #
 sysname PE2
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 200:2
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
#
mpls
#
mpls ldp
#
isis 1
 network-entity 10.0000.0000.0005.00
#
interface Gigabitethernet1/0/0
 undo shutdown
 ip address 30.1.1.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface Gigabitethernet2/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 21.1.1.1 255.255.255.0
 mpls
#
interface LoopBack1
 ip address 4.4.4.9 255.255.255.255
 isis enable 1
#
bgp 100
 peer 3.3.3.9 as-number 100
 peer 3.3.3.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 21.1.1.2 as-number 300
  peer 21.1.1.2 route-policy policy1 export
  peer 21.1.1.2 label-route-capability
#
ospf 1
 area 0.0.0.0
  network 4.4.4.9 0.0.0.0
  network 21.1.1.0 0.0.0.255
#
route-policy policy1 permit node 1
 apply mpls-label
#
return

  • CE2的配置文件

    #
 sysname CE2
#
mpls lsr-id 5.5.5.9
 mpls
  lsp-trigger bgp-label-route
#
mpls ldp
#
interface Gigabitethernet1/0/0
  undo shutdown
 ip address 21.1.1.2 255.255.255.0
 mpls
#
interface Gigabitethernet2/0/0
 undo shutdown
 ip address 20.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 5.5.5.9 255.255.255.255
#
bgp 300
 peer 21.1.1.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route ospf 1
  peer 21.1.1.1 enable
  peer 21.1.1.1 route-policy policy1 export
  peer 21.1.1.1 label-route-capability
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 5.5.5.9 0.0.0.0
  network 20.1.1.0 0.0.0.255
  network 21.1.1.0 0.0.0.255
#
route-policy policy1 permit node 1
 apply mpls-label
#
return

  • PE4的配置文件

    #
 sysname PE4
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 100:2
  apply-label per-route
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 6.6.6.9
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip binding vpn-instance vpn1
 ip address 172.16.2.2 255.255.255.0
#
interface Gigabitethernet1/0/0
 undo shutdown
 ip address 20.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 6.6.6.9 255.255.255.255
#
bgp 300
 peer 1.1.1.9 as-number 200
 peer 1.1.1.9 ebgp-max-hop 10
 peer 1.1.1.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  peer 172.16.2.1 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 6.6.6.9 0.0.0.0
  network 20.1.1.0 0.0.0.255
#
return

  • CE4的配置文件

    #
 sysname CE4
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.2.1 255.255.255.0
#
bgp 65420
 peer 172.16.2.2 as-number 300
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.2.2 enable
#
return
翻译
English
下载文档
更新时间:2020-06-20

文档编号:EDOC1100143312

浏览量:60408

下载量:128

平均得分:
本文档适用于这些产品

相关版本

相关文档

分享
上一页 下一页
华为亿家APP下载 华为亿家APP下载

版权所有 © 华为技术有限公司 1998-2022。 保留一切权利。粤A2-20044005号

您正离开华为站点,前往: