AR28/AR46系列路由器跨域VPN-OptionB典型配置
【需求】
采用OptionB方式实现跨域的BGP/MPLS VPN业务的互通。
【组网图】
【配置脚本】
PE-1配置脚本
#
sysname PE-1
#
router id 202.100.1.2
#
mpls lsr-id 202.100.1.2
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.100.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.100.2.1 255.255.255.0
#
bgp 100
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.100.1.1 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.100.1.1 group in
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 202.100.1.2 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
ASBR-1配置脚本
#
sysname ASBR-1
#
router id 202.100.1.1
#
mpls lsr-id 202.100.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Ethernet1/0/0
ip address 192.1.1.1 255.255.255.0
mpls
#
interface Serial2/0/0
link-protocol ppp
ip address 172.100.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.100.1.1 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.100.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.100.1.1 255.255.255.0
#
bgp 100
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.100.1.2 group in
group ex external
peer 192.1.1.2 group ex as-number 200 /同ASBR-1建立EBGP/
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
group ex external
peer 193.1.1.2 group ex as-number 200
#
ipv4-family vpnv4
undo policy vpn-target /取消对接收的路由信息进行RT扩展团体属性的过滤/
peer in enable
peer in next-hop-local /修改下一跳为自己/
peer 202.100.1.2 group in
peer ex enable
peer 192.1.1.2 group ex
#
ospf 1
area 0.0.0.0
network 172.100.1.0 0.0.0.255
network 202.100.1.1 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
ASBR-2配置脚本
#
sysname ASBR-2
#
router id 202.200.1.1
#
mpls lsr-id 202.200.1.1
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Ethernet1/0/0
ip address 192.1.1.2 255.255.255.0
mpls
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.1 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.1 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.1.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.1.1 255.255.255.0
#
bgp 200
undo synchronization
group ex external
peer 192.1.1.1 group ex as-number 100 /同ASBR-1建立EBGP/
group in internal
peer in connect-interface LoopBack0
peer 202.200.1.2 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
undo policy vpn-target
/取消对接收的路由信息进行RT扩展团体属性的过滤/
peer ex enable
peer 192.1.1.1 group ex
peer in enable
peer in next-hop-local /修改下一跳为自己/
peer 202.200.1.2 group in
#
ospf 1
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 202.200.1.1 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
PE-2配置脚本
#
sysname PE-2
#
router id 202.200.1.2
#
mpls lsr-id 202.200.1.2
#
radius scheme system
#
mpls
#
mpls ldp
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 101:1
vpn-target 101:1 export-extcommunity
vpn-target 101:1 import-extcommunity
#
domain system
#
interface Serial2/0/0
link-protocol ppp
ip address 172.200.1.2 255.255.255.0
mpls
mpls ldp enable
#
interface NULL0
#
interface LoopBack0
ip address 202.200.1.2 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpna
ip address 168.200.2.1 255.255.255.0
#
interface LoopBack11
ip binding vpn-instance vpnb
ip address 169.200.2.1 255.255.255.0
#
bgp 200
undo synchronization
group in internal
peer in connect-interface LoopBack0
peer 202.200.1.1 group in
#
ipv4-family vpn-instance vpna
import-route direct
undo synchronization
#
ipv4-family vpn-instance vpnb
import-route direct
undo synchronization
#
ipv4-family vpnv4
peer in enable
peer 202.200.1.1 group in
#
ospf 1
area 0.0.0.0
network 172.200.1.0 0.0.0.255
network 202.200.1.2 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
return
【提示】
1、 跨域OptionB又叫单跳MP-EBGP方式(或者2.2方式)。
2、 在ASBR上需要修改下一跳。
3、 不同AS中,需要互通的VPN的RT要求必需一致。
4、 在ASBR之间不需要运行LDP或是RSVP协议。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作