AR28/AR46系列路由器跨域VPN-OptionA典型配置
【需求】
采用OptionA方式实现跨域的BGP/MPLS VPN业务的互通。
【组网图】
【配置脚本】
PE-1配置脚本
#
sysname PE1
#
router id 202.100.1.2
#
mpls lsr-id 202.100.1.2
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.100.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.100.2.1 255.255.255.0
#
bgp 100
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.100.1.1 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.100.1.1 group in
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 202.100.1.2 0.0.0.0
#
return
ASBR-1配置脚本
#
sysname ASBR-1
#
router id 202.100.1.1
#
mpls lsr-id 202.100.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Ethernet1/0/0
#
interface Ethernet1/0/0.10 /ASBR之间建立子接口,绑定到vpna/
ip binding vpn-instance vpna
ip address 192.1.1.1 255.255.255.0
vlan-type dot1q vid 10
#
interface Ethernet1/0/0.20 /ASBR之间建立子接口,绑定到vpnb/
ip binding vpn-instance vpnb
ip address 193.1.1.1 255.255.255.0
vlan-type dot1q vid 20
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.1 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.100.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.100.1.1 255.255.255.0
#
bgp 100
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.100.1.2 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
group ex external
peer 192.1.1.2 group ex as-number 200 /ASBR-1和ASBR-2之间建立EBGP/
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
group ex external
peer 193.1.1.2 group ex as-number 200 /ASBR-1和ASBR-2之间建立EBGP/
#
ipv4-family vpnv4
peer in enable
peer 202.100.1.2 group in
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 202.100.1.1 0.0.0.0
#
return
PE-2配置脚本
#
sysname PE2
#
router id 202.200.1.2
#
mpls lsr-id 202.200.1.2
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 201:1
vpn-target 201:1 export-extcommunity
vpn-target 201:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.2.1 255.255.255.0
#
bgp 200
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.200.1.1 group in
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.200.1.1 group in
#
ospf 1
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 202.200.1.2 0.0.0.0
#
return
ASBR-2配置脚本
#
sysname ASBR-2
#
router id 202.200.1.1
#
mpls lsr-id 202.200.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 201:1
vpn-target 201:1 export-extcommunity
vpn-target 201:1 import-extcommunity
#
domain system
#
interface Ethernet1/0/0
#
interface Ethernet1/0/0.10 /ASBR之间建立子接口,绑定到vpna/
ip binding vpn-instance vpna
ip address 192.1.1.2 255.255.255.0
vlan-type dot1q vid 10
#
interface Ethernet1/0/0.20 /ASBR之间建立子接口,绑定到vpnb/
ip binding vpn-instance vpnb
ip address 193.1.1.2 255.255.255.0
vlan-type dot1q vid 20
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.1 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.1.1 255.255.255.0
#
bgp 200
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.200.1.2 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
group ex external
peer 192.1.1.1 group ex as-number 100 /ASBR-1和ASBR-2之间建立EBGP/
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
group ex external
peer 193.1.1.1 group ex as-number 100 /ASBR-1和ASBR-2之间建立EBGP/
#
ipv4-family vpnv4
peer in enable
peer 202.200.1.2 group in
#
ospf 1
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 202.200.1.1 0.0.0.0
#
return
【提示】
1、跨域OptionA又叫VRF to VRF(背靠背方式)方式。
2、对于AS内部的实现和配置与普通MPLS/VPN没有区别。
3、ASBR对等体间通过划分子接口方式,每个子接口分别绑定一个VRF,来保证域间传播
路由的私有性。如果无法划分子接口,必需为每个vpn提供独立的物理线路。
4、每个ASBR路由器都把对方ASBR路由器当做CE路由器看待。
5、域间转发为IP转发。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作