知

Mpls 跨域 option C2实验（带RR）

王英凯

3小时前发表

组网及说明

配置思路，

1、起底层IGP与MPLS传输，RR的接口和环回口需要起IGP用于起BGP邻居。

2、PE上起VPN实例，控制VPNV4路由收发，AR1/AR10与PE上VPN实例起EBGP邻居，PE与RR间起VPNV4邻居通过RR与对端交互VPNV4路由条目。

3、RR与对端RR间起VPNV4的EBGP邻居，向对端RR传输路由时不更改下一跳；RR与PE起VPNV4的IBGP邻居，需要undo掉VPN TAG 属性，且向PE传输路由时不更改下一跳。

4、ASBR之间起IPV4的EBGP邻居，且需要使能MPLS BGP标签能力；宣告本地MPLS域内的PE与RR环回口，接口下启用MPLS，MPLS视图下启用为BGP分配标签功能，配置route-police在BGP下调用，最后在IGP下引入BGP路由。

配置步骤

PE1配置*************************************************************************************************

isis 1

network-entity 10.0000.0000.0000.0001.00

mpls lsr-id 1.1.1.1

mpls ldp

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

interface GigabitEthernet0/0

ip binding vpn-instance vpn1

ip address 200.1.1.1 255.255.255.0

interface GigabitEthernet0/1

ip address 10.1.1.1 255.255.255.0

isis enable 1

mpls enable

mpls ldp enable

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

address-family vpnv4

peer 3.3.3.3 enable

ip vpn-instance vpn1

address-family ipv4 unicast

import-route direct

P1配置*************************************************************************************************

isis 1

network-entity 10.0000.0000.0000.0002.00

mpls lsr-id 2.2.2.2

mpls ldp

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

interface GigabitEthernet0/0

ip address 20.1.1.2 255.255.255.0

isis enable 1

interface GigabitEthernet0/1

ip address 10.1.1.2 255.255.255.0

isis enable 1

mpls enable

mpls ldp enable

interface GigabitEthernet0/2

ip address 30.1.1.2 255.255.255.0

isis enable 1

mpls enable

mpls ldp enable

RR1配置：*************************************************************************************************

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

interface GigabitEthernet0/0

ip address 20.1.1.1 255.255.255.0

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

peer 7.7.7.7 ebgp-max-hop 10

address-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 next-hop-invariable

peer 1.1.1.1 reflect-client

peer 7.7.7.7 enable

peer 7.7.7.7 next-hop-invariable

asbr-pe1：*************************************************************************************************

isis 1

network-entity 10.0000.0000.0000.0004.00

address-family ipv4 unicast

import-route bgp

mpls lsr-id 4.4.4.4

mpls ldp

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

interface GigabitEthernet0/0

ip address 40.1.1.1 255.255.255.0

mpls enable

interface GigabitEthernet0/2

ip address 30.1.1.1 255.255.255.0

isis enable 1

mpls enable

mpls ldp enable

bgp 100

peer 40.1.1.2 as-number 200

address-family ipv4 unicast

network 1.1.1.1 255.255.255.255

network 3.3.3.3 255.255.255.255

peer 40.1.1.2 enable

peer 40.1.1.2 route-policy policy1 export

peer 40.1.1.2 label-route-capability

route-policy policy1 permit node 1

apply mpls-label

ASBR-PE2：*************************************************************************************************

isis 2

network-entity 20.0000.0000.0000.0004.00

address-family ipv4 unicast

import-route bgp

mpls lsr-id 5.5.5.5

mpls ldp

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

isis enable 2

interface GigabitEthernet0/0

port link-mode route

combo enable copper

ip address 40.1.1.2 255.255.255.0

mpls enable

interface GigabitEthernet0/2

port link-mode route

combo enable copper

ip address 50.1.1.1 255.255.255.0

isis enable 2

mpls enable

mpls ldp enable

bgp 200

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

peer 40.1.1.1 as-number 100

address-family ipv4 unicast

import-route isis 2

peer 7.7.7.7 enable

peer 7.7.7.7 route-policy policy2 export

peer 7.7.7.7 label-route-capability

peer 40.1.1.1 enable

peer 40.1.1.1 route-policy policy1 export

peer 40.1.1.1 label-route-capability

route-policy policy1 permit node 1

apply mpls-label

RR2：*************************************************************************************************

isis 2

network-entity 20.0000.0000.0002.00

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

isis enable 2

interface GigabitEthernet0/0

ip address 60.1.1.1 255.255.255.0

isis enable 2

bgp 200

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 3.3.3.3 ebgp-max-hop 10

peer 8.8.8.8 as-number 200

peer 8.8.8.8 connect-interface LoopBack0

address-family vpnv4

undo policy vpn-target

peer 3.3.3.3 enable

peer 3.3.3.3 next-hop-invariable

peer 8.8.8.8 enable

peer 8.8.8.8 next-hop-invariable

peer 8.8.8.8 reflect-client

P2：*************************************************************************************************

isis 2

network-entity 20.0000.0000.0000.0003.00

mpls lsr-id 6.6.6.6

mpls ldp

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

isis enable 2

interface GigabitEthernet0/0

ip address 60.1.1.2 255.255.255.0

isis enable 2

interface GigabitEthernet0/1

ip address 70.1.1.2 255.255.255.0

isis enable 2

mpls enable

mpls ldp enable

interface GigabitEthernet0/2

ip address 50.1.1.2 255.255.255.0

isis enable 2

mpls enable

mpls ldp enable

PE2：*************************************************************************************************

isis 2

network-entity 20.0000.0000.0000.0001.00

mpls lsr-id 8.8.8.8

vlan 1

mpls ldp

interface LoopBack0

ip address 8.8.8.8 255.255.255.255

isis enable 2

interface GigabitEthernet0/0

ip binding vpn-instance vpn1

ip address 200.2.1.1 255.255.255.0

interface GigabitEthernet0/1

ip address 70.1.1.1 255.255.255.0

isis enable 2

mpls enable

mpls ldp enable

bgp 200

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

address-family vpnv4

peer 7.7.7.7 enable

ip vpn-instance vpn1

address-family ipv4 unicast

import-route direct

[pe1]dis ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.0/24 Direct 0 0 200.1.1.1 GE0/0

200.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.255/32 Direct 0 0 200.1.1.1 GE0/0

200.2.1.0/24 BGP 255 0 8.8.8.8 GE0/1

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[pe1]dis bgp routing-table vpnv4 200.2.1.0 24

BGP local router ID: 1.1.1.1

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 200.2.1.0/24:

From : 3.3.3.3 (3.3.3.3)

Rely nexthop : 10.1.1.2

Original nexthop: 8.8.8.8

OutLabel : 24256

Ext-Community : <RT: 200:1>

AS-path : 200

Origin : incomplete

Attribute value : localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

VPN-Peer UserID : N/A

DSCP : N/A

EXP : N/A

Tunnel policy : NULL

Rely tunnel IDs : 6

<H3C>ping -c 2 200.2.1.2 //pingCE2可以通，转发正常

Ping 200.2.1.2 (200.2.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 200.2.1.2: icmp_seq=0 ttl=253 time=5.000 ms

56 bytes from 200.2.1.2: icmp_seq=1 ttl=253 time=6.000 ms

在P1下行抓包查看标签，如下C2方式理论有两层标签，如下，可以看到第一层和第二层封装的标签，第一层是私网路由标签24256，第二层是ldp分配的标签24125

配置关键点

无