hub&spoke mpls vpn
- 0关注
- 0收藏,261浏览
问题描述:
对spoke-pe和spoke-ce之间用bgp,spoke-pe会收到来自spoke-ce的源路由,以及经过hub-pe回发的不带AS号的相同前缀的路由,对此不理解,请大神解惑一下,谢谢!
- 2024-10-04提问
- 举报
-
(0)
您好,请知:
建议看下手册和案例:
2.18.2 配置Hub&Spoke组网示例
1. 组网需求
· Spoke-CE之间不能直接通信,只能通过Hub-CE转发Spoke-CE之间的流量。
· Spoke-CE与Spoke-PE之间、Hub-CE与Hub-PE之间配置EBGP交换VPN路由信息。
· Spoke-PE与Hub-PE之间配置OSPF实现PE内部的互通、配置MP-IBGP交换VPN路由信息。
2. 组网图
图2-4 Hub&Spoke组网图
设备 | 接口 | IP地址 | 设备 | 接口 | IP地址 |
Spoke-CE 1 | Vlan-int2 | 11::1/64 | Hub-CE | Vlan-int6 | 13::1/64 |
Spoke-PE 1 | Loop0 | 1.1.1.9/32 |
| Vlan-int7 | 14::1/64 |
| Vlan-int2 | 11::2/64 | Hub-PE | Loop0 | 2.2.2.9/32 |
| Vlan-int4 | 172.1.1.1/24 |
| Vlan-int4 | 172.1.1.2/24 |
Spoke-CE 2 | Vlan-int3 | 12::1/64 |
| Vlan-int5 | 172.2.1.2/24 |
Spoke-PE 2 | Loop0 | 3.3.3.9/32 |
| Vlan-int6 | 13::2/64 |
| Vlan-int3 | 12::2/64 |
| Vlan-int7 | 14::2/64 |
| Vlan-int5 | 172.2.1.1/24 |
|
|
|
3. 配置步骤
(1) 在MPLS骨干网上配置IGP协议,实现骨干网Spoke-PE、Hub-PE之间的互通
# 配置Spoke-PE 1。
<Spoke-PE1> system-view
[Spoke-PE1] interface loopback 0
[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32
[Spoke-PE1-LoopBack0] quit
[Spoke-PE1] interface vlan-interface 4
[Spoke-PE1-Vlan-interface4] ip address 172.1.1.1 24
[Spoke-PE1-Vlan-interface4] quit
[Spoke-PE1] ospf
[Spoke-PE1-ospf-1] area 0
[Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[Spoke-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[Spoke-PE1-ospf-1-area-0.0.0.0] quit
[Spoke-PE1-ospf-1] quit
# 配置Spoke-PE 2。
<Spoke-PE2> system-view
[Spoke-PE2] interface loopback 0
[Spoke-PE2-LoopBack0] ip address 3.3.3.9 32
[Spoke-PE2-LoopBack0] quit
[Spoke-PE2] interface vlan-interface 5
[Spoke-PE2-Vlan-interface5] ip address 172.2.1.1 24
[Spoke-PE2-Vlan-interface5] quit
[Spoke-PE2] ospf
[Spoke-PE2-ospf-1] area 0
[Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[Spoke-PE2-ospf-1-area-0.0.0.0] quit
[Spoke-PE2-ospf-1] quit
# 配置Hub-PE。
<Hub-PE> system-view
[Hub-PE] interface loopback 0
[Hub-PE-LoopBack0] ip address 2.2.2.9 32
[Hub-PE-LoopBack0] quit
[Hub-PE] interface vlan-interface 4
[Hub-PE-Vlan-interface4] ip address 172.1.1.2 24
[Hub-PE-Vlan-interface4] quit
[Hub-PE] interface vlan-interface 5
[Hub-PE-Vlan-interface5] ip address 172.2.1.2 24
[Hub-PE-Vlan-interface5] quit
[Hub-PE] ospf
[Hub-PE-ospf-1] area 0
[Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[Hub-PE-ospf-1-area-0.0.0.0] quit
[Hub-PE-ospf-1] quit
配置完成后,Spoke-PE 1、Spoke-PE 2、Hub-PE之间应能建立OSPF邻居,执行display ospf peer命令可以看到邻居达到Full状态。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。
(2) 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置Spoke-PE 1。
[Spoke-PE1] mpls lsr-id 1.1.1.9
[Spoke-PE1] mpls ldp
[Spoke-PE1-ldp] quit
[Spoke-PE1] interface vlan-interface 4
[Spoke-PE1-Vlan-interface4] mpls enable
[Spoke-PE1-Vlan-interface4] mpls ldp enable
[Spoke-PE1-Vlan-interface4] quit
# 配置Spoke-PE 2。
[Spoke-PE2] mpls lsr-id 3.3.3.9
[Spoke-PE2] mpls ldp
[Spoke-PE2-ldp] quit
[Spoke-PE2] interface vlan-interface 5
[Spoke-PE2-Vlan-interface5] mpls enable
[Spoke-PE2-Vlan-interface5] mpls ldp enable
[Spoke-PE2-Vlan-interface5] quit
# 配置Hub-PE。
[Hub-PE] mpls lsr-id 2.2.2.9
[Hub-PE] mpls ldp
[Hub-PE-ldp] quit
[Hub-PE] interface vlan-interface 4
[Hub-PE-Vlan-interface4] mpls enable
[Hub-PE-Vlan-interface4] mpls ldp enable
[Hub-PE-Vlan-interface4] quit
[Hub-PE] interface vlan-interface 5
[Hub-PE-Vlan-interface5] mpls enable
[Hub-PE-Vlan-interface5] mpls ldp enable
[Hub-PE-Vlan-interface5] quit
上述配置完成后,Spoke-PE 1、Spoke-PE 2、Hub-PE之间应能建立LDP会话,执行display mpls ldp peer命令可以看到LDP会话的状态为Operational。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
(3) 在Spoke-PE和Hub-PE设备上配置VPN实例,将CE接入PE
# 配置Spoke-PE 1。
[Spoke-PE1] ip vpn-instance vpn1
[Spoke-PE1-vpn-instance-vpn1] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity
[Spoke-PE1-vpn-instance-vpn1] quit
[Spoke-PE1] interface vlan-interface 2
[Spoke-PE1-Vlan-interface2] ip binding vpn-instance vpn1
[Spoke-PE1-Vlan-interface2] ip address 11::2 24
[Spoke-PE1-Vlan-interface2] quit
# 配置Spoke-PE 2。
[Spoke-PE2] ip vpn-instance vpn1
[Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2
[Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity
[Spoke-PE2-vpn-instance-vpn1] quit
[Spoke-PE2] interface vlan-interface 3
[Spoke-PE2-Vlan-interface3] ip binding vpn-instance vpn1
[Spoke-PE2-Vlan-interface3] ip address 12::2 24
[Spoke-PE2-Vlan-interface3] quit
# 配置Hub-PE。
[Hub-PE] ip vpn-instance vpn1-in
[Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3
[Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity
[Hub-PE-vpn-instance-vpn1-in] quit
[Hub-PE] ip vpn-instance vpn1-out
[Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4
[Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity
[Hub-PE-vpn-instance-vpn1-out] quit
[Hub-PE] interface vlan-interface 6
[Hub-PE-Vlan-interface6] ip binding vpn-instance vpn1-in
[Hub-PE-Vlan-interface6] ip address 13::2 24
[Hub-PE-Vlan-interface6] quit
[Hub-PE] interface vlan-interface 7
[Hub-PE-Vlan-interface7] ip binding vpn-instance vpn1-out
[Hub-PE-Vlan-interface7] ip address 14::2 24
[Hub-PE-Vlan-interface7] quit
# 配置各CE的接口IP地址,配置过程略。
配置完成后,在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
(4) 在PE与CE之间建立EBGP对等体,引入VPN路由
# 配置Spoke-CE 1。
<Spoke-CE1> system-view
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp-default] peer 11::2 as-number 100
[Spoke-CE1-bgp-default] address-family ipv6
[Spoke-CE1-bgp-default-ipv6] peer 11::2 enable
[Spoke-CE1-bgp-default-ipv6] import-route direct
[Spoke-CE1-bgp-default-ipv6] quit
[Spoke-CE1-bgp-default] quit
# 配置Spoke-CE 2。
<Spoke-CE2> system-view
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp-default] peer 12::2 as-number 100
[Spoke-CE2-bgp-default] address-family ipv6
[Spoke-CE2-bgp-default-ipv6] peer 12::2 enable
[Spoke-CE2-bgp-default-ipv6] import-route direct
[Spoke-CE2-bgp-default-ipv6] quit
[Spoke-CE2-bgp-default] quit
# 配置Hub-CE。
<Hub-CE> system-view
[Hub-CE] bgp 65430
[Hub-CE-bgp-default] peer 13::2 as-number 100
[Hub-CE-bgp-default] peer 14::2 as-number 100
[Hub-CE-bgp-default] address-family ipv6
[Hub-CE-bgp-default-ipv6] peer 13::2 enable
[Hub-CE-bgp-default-ipv6] peer 14::2 enable
[Hub-CE-bgp-default-ipv6] import-route direct
[Hub-CE-bgp-default-ipv6] quit
[Hub-CE-bgp-default] quit
# 配置Spoke-PE 1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp-default] ip vpn-instance vpn1
[Spoke-PE1-bgp-default-vpn1] peer 11::1 as-number 65410
[Spoke-PE1-bgp-default-vpn1] address-family ipv6
[Spoke-PE1-bgp-default-ipv6-vpn1] peer 11::1 enable
[Spoke-PE1-bgp-default-ipv6-vpn1] quit
[Spoke-PE1-bgp-default-vpn1] quit
[Spoke-PE1-bgp-default] quit
# 配置Spoke-PE 2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp-default] ip vpn-instance vpn1
[Spoke-PE2-bgp-default-vpn1] peer 12::1 as-number 65420
[Spoke-PE2-bgp-default-vpn1] address-family ipv6
[Spoke-PE2-bgp-default-ipv6-vpn1] peer 12::1 enable
[Spoke-PE2-bgp-default-ipv6-vpn1] quit
[Spoke-PE2-bgp-default-vpn1] quit
[Spoke-PE2-bgp-default] quit
# 配置Hub-PE。
[Hub-PE] bgp 100
[Hub-PE-bgp-default] ip vpn-instance vpn1-in
[Hub-PE-bgp-default-vpn1-in] peer 13::1 as-number 65430
[Hub-PE-bgp-default-vpn1-in] address-family ipv6
[Hub-PE-bgp-default-ipv6-vpn1-in] peer 13::1 enable
[Hub-PE-bgp-default-ipv6-vpn1-in] quit
[Hub-PE-bgp-default-vpn1-in] quit
[Hub-PE-bgp-default] ip vpn-instance vpn1-out
[Hub-PE-bgp-default-vpn1-out] peer 14::1 as-number 65430
[Hub-PE-bgp-default-vpn1-out] address-family ipv6
[Hub-PE-bgp-default-ipv6-vpn1-out] peer 14::1 enable
[Hub-PE-bgp-default-ipv6-vpn1-out] peer 14::1 allow-as-loop 2
[Hub-PE-bgp-default-ipv6-vpn1-out] quit
[Hub-PE-bgp-default-vpn1-out] quit
[Hub-PE-bgp-default] quit
配置完成后,在PE设备上执行display bgp peer ipv6 vpn-instance命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
(5) 在Spoke-PE和Hub-PE之间建立MP-IBGP对等体
# 配置Spoke-PE 1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp-default] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[Spoke-PE1-bgp-default] address-family vpnv6
[Spoke-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable
[Spoke-PE1-bgp-default-vpnv6] quit
[Spoke-PE1-bgp-default] quit
# 配置Spoke-PE 2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp-default] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[Spoke-PE2-bgp-default] address-family vpnv6
[Spoke-PE2-bgp-default-vpnv6] peer 2.2.2.9 enable
[Spoke-PE2-bgp-default-vpnv6] quit
[Spoke-PE2-bgp-default] quit
# 配置Hub-PE。
[Hub-PE] bgp 100
[Hub-PE-bgp-default] peer 1.1.1.9 as-number 100
[Hub-PE-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[Hub-PE-bgp-default] peer 3.3.3.9 as-number 100
[Hub-PE-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[Hub-PE-bgp-default] address-family vpnv6
[Hub-PE-bgp-default-vpnv6] peer 1.1.1.9 enable
[Hub-PE-bgp-default-vpnv6] peer 3.3.3.9 enable
[Hub-PE-bgp-default-vpnv6] quit
[Hub-PE-bgp-default] quit
配置完成后,在PE设备上执行display bgp peer vpnv6命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
4. 验证配置
# Spoke-CE 1和Spoke-CE 2之间可以ping通。从TTL值可以推算出Spoke-CE 1到Spoke-CE 2经过6跳(64-59+1),即Spoke-CE 1和Spoke-CE 2之间的流量需要通过Hub-CE转发。以Spoke-CE 1为例:
[Spoke-CE1] ping ipv6 12::1
Ping6(56 bytes) 11::1 --> 12::1, press CTRL+C to break
56 bytes from 12::1, icmp_seq=0 hlim=59 time=0.000 ms
56 bytes from 12::1, icmp_seq=1 hlim=59 time=1.000 ms
56 bytes from 12::1, icmp_seq=2 hlim=59 time=0.000 ms
56 bytes from 12::1, icmp_seq=3 hlim=59 time=1.000 ms
56 bytes from 12::1, icmp_seq=4 hlim=59 time=0.000 ms
--- Ping6 statistics for 12::1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms
- 2024-10-04回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论