本文主要是介绍CCIE-15-MPLS-VPN,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
目录
- 实验条件
- 网络拓朴
- 实验目标
- 环境配置
- 开始配置
- 配置各小区域的路由协议
- 配置交换机,隔离R1、R7
- 配置VRF
- RIP协议
- OSPF协议
- EIGRP协议
- BGP协议
- 配置MPLS区域的协议
- R2~R5区域配置MPLS协议
- R2<--->R5之间配置MP-BGP协议
- 配置VRF,RT
- 重分布路由
- 验证路由
- 验证效果
- R1访问R6,R1访问R8
- R7访问R6,R7访问R1
- 关闭IP TTL复制功能,再次观察效果
实验条件
网络拓朴
实验目标
- 让A1、A2可以互相访问
- 让B1、B2可以互相访问
- A、B之间不可以互访
环境配置
在我的资源里可以下载(就在这篇文章的开头也可以下载)
开始配置
配置各小区域的路由协议
配置交换机,隔离R1、R7
SW:
vlan 12,27
interface e0/0switchport mode accessswitchport access vlan 12
interface e0/1switchport mode accessswitchport access vlan 27
interface e0/2switchport trunk encapsulation dot1qswitchport mode trunk
R2:
default interface e0/0
interface e0/0.12encapsulation dot1Q 12
interface e0/0.27encapsulation dot1Q 27
与SW的Trunk口相连的E0/0需要创建子接口,并且指定封装的VLAN_ID,否则无法通信(R2是路由器,所以e0/0口发出的包是不带VLAN,ID标识的,这样的话,到交换机之后该包就无法投递到对应的VLAN去了,所以需要指定封装的VLAN_ID)
配置VRF
配置了VRF后,ip地址会被重置需要重配,所以地址在这里配置
R2:
ip vrf Area-Ard 12345:12
ip vrf Area-Brd 12345:27
interface e0/0.12ip vrf forwarding Area-Aip address 12.1.1.2 255.255.255.0
interface e0/0.27ip vrf forwarding Area-Bip address 27.1.1.2 255.255.255.0
R5:
ip vrf Area-Ard 12345:56
ip vrf Area-Brd 12345:58
interface e0/0ip vrf forwarding Area-Aip address 56.1.1.5 255.255.255.0
interface e0/2ip vrf forwarding Area-Bip address 58.1.1.5 255.255.255.0
RIP协议
R1:
conf t
router ripnetwork 1.1.1.1network 12.0.0.0R2:
conf t
router ripaddress-family ipv4 vrf Area-Anetwork 2.2.2.2network 12.0.0.0
OSPF协议
R2:
conf t
router ospf 27 vrf Area-Brouter-id 2.2.2.22network 2.2.2.2 0.0.0.0 area 0network 27.1.1.0 0.0.0.255 area 0R7:
conf t
interface e0/1ip address 27.1.1.7 255.255.255.0no shutdown
interface lo0ip address 7.7.7.7 255.255.255.255no shutdown
router ospf 27router-id 7.7.7.7network 7.7.7.7 0.0.0.0 area 0network 27.1.1.0 0.0.0.255 area 0
EIGRP协议
R5:
conf t
router eigrp NAME_modeaddress-family ipv4 vrf Area-A autonomous-system 56network 5.5.5.5 0.0.0.0network 56.1.1.0 0.0.0.255R6:
conf t
router eigrp 56router-id 6.6.6.6network 6.6.6.6 0.0.0.0network 56.1.1.0 0.0.0.255
BGP协议
R5:
conf t
router bgp 25bgp router-id 5.5.5.5address-family ipv4 vrf Area-Bneighbor 58.1.1.8 remote-as 58neighbor 58.1.1.8 next-hop-selfneighbor 58.1.1.8 activateR8:
conf t
interface lo0ip address 8.8.8.8 255.255.255.255no shutdown
router bgp 58bgp router-id 8.8.8.8neighbor 58.1.1.5 remote-as 25neighbor 58.1.1.5 next-hop-selfnetwork 8.8.8.8 mask 255.255.255.255network 58.1.1.0 mask 255.255.255.0
配置MPLS区域的协议
R2~R5区域配置MPLS协议
MPLS区域内各个路由器分配不同的标签段,便于观察标签交换的过程。
R2:
conf t
mpls ldp router-id lo0
mpls label range 200 299
interface e0/1mpls ipR3:
mpls ldp router-id Loopback0
mpls label range 300 399
router ospf 1mpls ldp autoconfigrouter-id 3.3.3.3network 0.0.0.0 255.255.255.255 area 0R4:
mpls ldp router-id Loopback0
mpls label range 400 499
router ospf 1mpls ldp autoconfigrouter-id 4.4.4.4network 0.0.0.0 255.255.255.255 area 0R5:
conf t
mpls ldp router-id lo0
mpls label range 500 599
interface e0/1mpls ip
R2<—>R5之间配置MP-BGP协议
R2:
conf t
router bgp 25bgp router-id 2.2.2.2no bgp default ipv4-unicastneighbor 5.5.5.5 remote-as 25neighbor 5.5.5.5 update-source lo 0address-family vpnv4neighbor 5.5.5.5 activateR5:
conf t
router bgp 25no bgp default ipv4-unicastneighbor 2.2.2.2 remote-as 25neighbor 2.2.2.2 update-source lo 0address-family vpnv4neighbor 2.2.2.2 activate
验证邻居关系
R2#show ip bgp all summary
For address family: VPNv4 Unicast
BGP router identifier 2.2.2.2, local AS number 25
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
5.5.5.5 4 25 13 13 1 0 0 00:08:55 0
R2#R5#show ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 5.5.5.5, local AS number 25
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
2 path entries using 168 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 640 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
58.1.1.8 4 58 97 97 3 0 0 01:25:41 2For address family: VPNv4 Unicast
BGP router identifier 5.5.5.5, local AS number 25
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 25 13 13 1 0 0 00:09:05 0
58.1.1.8 4 58 0 0 1 0 0 never (NoNeg)
配置VRF,RT
PE之间只可以传递BGP的VPNv4路由,所以现在必须让IPv4路由带上RD值和RT属性才能成为VPNv4路由,接下来应该在PE路由器上为各VRF设置RD和RT,为了方便抓包分辨路由方向,不同方向配置不同的RT值,现在规化RT值如下:
R2:
VRF Aera-A:RD----12345:12 RT----export 12:56 import 56:12
VRF Aera-B:RD----12345:27 RT----export 27:58 import 58:27R5:
VRF Aera-A:RD----12345:56 RT----export 56:12 import 12:56
VRF Aera-B:RD----12345:58 RT----export 58:27 import 27:58
配置如下:
R2:
ip vrf Area-Ard 12345:12route-target export 12:56route-target import 56:12
ip vrf Area-Brd 12345:27route-target export 27:58route-target import 58:27R5:
ip vrf Area-Ard 12345:56route-target export 56:12route-target import 12:56
ip vrf Area-Brd 12345:58route-target export 58:27route-target import 27:58
重分布路由
On R2: RIP<->BGP 25
把RIP的路由重分布进BGP,再把BGP的路由重分布进RIP中
R2:
conf t
router bgp 25address-family ipv4 vrf Area-Aredistribute rip
router rip!address-family ipv4 vrf Area-Aredistribute bgp 25 metric 5
On R2: OSPF 27 <->BGP 25
R2:
conf t
router bgp 25address-family ipv4 vrf Area-Bredistribute ospf 27
router ospf 27 vrf Area-Bredistribute bgp 25 subnets
On R5: EIGRP <->BGP 25
R5:
conf t
router bgp 25address-family ipv4 vrf Area-Aredistribute eigrp 56
router eigrp NAME_modeaddress-family ipv4 unicast vrf Area-A autonomous-system 56topology baseredistribute bgp 25 metric 10000 10 255 1 1500exit-af-topology
验证路由
R2上的BGP路由
R2#show ip bgp vpnv4 vrf Area-A
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12 (default for vrf Area-A)*> 1.0.0.0 12.1.1.1 1 32768 ?*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?*> 12.1.1.0/24 0.0.0.0 0 32768 ?*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?R2#show ip bgp vpnv4 vrf Area-B
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:27 (default for vrf Area-B)*> 7.7.7.7/32 27.1.1.7 11 32768 ?*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i*> 27.1.1.0/24 0.0.0.0 0 32768 ?*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 iR2#show ip bgp all
For address family: IPv4 Unicast
For address family: VPNv4 Unicast
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12 (default for vrf Area-A)*> 1.0.0.0 12.1.1.1 1 32768 ?*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?*> 12.1.1.0/24 0.0.0.0 0 32768 ?*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?
Route Distinguisher: 12345:27 (default for vrf Area-B)*> 7.7.7.7/32 27.1.1.7 11 32768 ?*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i*> 27.1.1.0/24 0.0.0.0 0 32768 ?*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 i
Route Distinguisher: 12345:56*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:58*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: VPNv4 Multicast
For address family: MVPNv4 Unicast
R5的路由表信息
R5#show ip bgp vpnv4 vrf Area-A
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:56 (default for vrf Area-A)*>i 1.0.0.0 2.2.2.2 1 100 0 ?*> 6.6.6.6/32 56.1.1.6 3584000 32768 ?*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?*> 56.1.1.0/24 0.0.0.0 0 32768 ?
R5#show ip bgp vpnv4 vrf Area-B
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:58 (default for vrf Area-B)*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?*> 8.8.8.8/32 58.1.1.8 0 0 58 i*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?r> 58.1.1.0/24 58.1.1.8 0 0 58 i
R5#show ip bgp all
For address family: IPv4 Unicast
For address family: VPNv4 Unicast
......Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12*>i 1.0.0.0 2.2.2.2 1 100 0 ?*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 12345:27*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 12345:56 (default for vrf Area-A)*>i 1.0.0.0 2.2.2.2 1 100 0 ?*> 6.6.6.6/32 56.1.1.6 3584000 32768 ?*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?*> 56.1.1.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 12345:58 (default for vrf Area-B)*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?Network Next Hop Metric LocPrf Weight Path*> 8.8.8.8/32 58.1.1.8 0 0 58 i*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?r> 58.1.1.0/24 58.1.1.8 0 0 58 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: VPNv4 Multicast
For address family: MVPNv4 Unicast
Area-A区域之间的路由有了
Area-B区域之间的路由也有了,接下来验证网络
验证效果
R1访问R6,R1访问R8
R1#traceroute 6.6.6.6 source lo 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)1 12.1.1.2 1 msec 1 msec 0 msec2 23.1.1.3 [MPLS: Labels 300/506 Exp 0] 1 msec 1 msec 1 msec3 34.1.1.4 [MPLS: Labels 400/506 Exp 0] 0 msec 1 msec 0 msec4 56.1.1.5 [MPLS: Label 506 Exp 0] 1 msec 0 msec 1 msec5 56.1.1.6 0 msec * 1 msec
R1#ping 8.8.8.8 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
R1#ping 7.7.7.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
R1和R6相通,和R8、R7不通
R7访问R6,R7访问R1
R7#traceroute 8.8.8.8 source lo 0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)1 27.1.1.2 0 msec 1 msec 0 msec2 23.1.1.3 [MPLS: Labels 300/508 Exp 0] 1 msec 1 msec 1 msec3 34.1.1.4 [MPLS: Labels 400/508 Exp 0] 1 msec 0 msec 1 msec4 58.1.1.5 [MPLS: Label 508 Exp 0] 1 msec 0 msec 0 msec5 58.1.1.8 1 msec * 2 msec
R7#ping 1.1.1.1 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
.....
Success rate is 0 percent (0/5)
R7#ping 6.6.6.6 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
.....
Success rate is 0 percent (0/5)
R7和R8相通,和R1、R6不通 ,达到实验的目的。
关闭IP TTL复制功能,再次观察效果
R2:
conf t
no mpls ip propagate-ttlR5:
conf t
no mpls ip propagate-ttl
检查效果
R1#traceroute 6.6.6.6 source lo 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)1 12.1.1.2 0 msec 1 msec 0 msec2 56.1.1.5 [MPLS: Label 506 Exp 0] 1 msec 1 msec 0 msec3 56.1.1.6 1 msec * 2 msecR7#traceroute 8.8.8.8 source lo 0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)1 27.1.1.2 1 msec 0 msec 1 msec2 58.1.1.5 [MPLS: Label 508 Exp 0] 1 msec 1 msec 1 msec3 58.1.1.8 0 msec * 2 msec
这篇关于CCIE-15-MPLS-VPN的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
