MPLS跨域VPN-OptionA实验-CFANZ编程社区

一、拓扑图

MPLS跨域VPN-OptionA实验_路由协议

二、实验目的

1、黄色区域为同一公司的2个区域，通过MPLS VPN OptionA的方式实现互通。

2、红色区域为同一公司的2个区域，通过MPLS VPN OptionA的方式实现互通。

三、配置思路

1、在AS100、AS200分别配置公网的LSP隧道

2、配置AS100、AS200中的MP-IBGP邻居架构/反射器

3、PE上配置VPN实例的业务接入

VPN实例创建和CE的接口绑定，正确配置RD、RT

正确的配置PE-CE之间的路由协议

4、为每个VPN在ASBR-PE之间通过子接口实现互联，并绑定vpn实例，每个实例配置EBGP邻居关系。

5、PE上正确引入vpnv4路由，IGP引入BGP，BGP引入IGP

6、检测路由是否正常传递

7、测试联通性

8、熟悉路由传递的机制以及私网标签和公网标签的分配特点

四、配置脚本

#
sysname R1
#
ip vpn-instance a
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 100:2
  vpn-target 100:2 export-extcommunity
  vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance a
 ip address 10.1.17.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.12.1 255.255.255.0 
 ospf network-type p2p
 ospf enable 100 area 0.0.0.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
 ip binding vpn-instance b
 ip address 10.1.18.1 255.255.255.0 
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
 ospf enable 100 area 0.0.0.0
#
bgp 100
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
 #
 ipv4-family vpn-instance a 
  peer 10.1.17.7 as-number 1 
 #
 ipv4-family vpn-instance b 
  import-route ospf 1
#
ospf 1 router-id 1.1.1.1 vpn-instance b
 import-route bgp
 area 0.0.0.0 
  network 10.1.18.1 0.0.0.0 
#
ospf 100 router-id 1.1.1.1 
 area 0.0.0.0 
#
return

#
sysname R2
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
 ip address 10.1.12.2 255.255.255.0 
 ospf network-type p2p
 ospf enable 100 area 0.0.0.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
 ip address 10.1.23.2 255.255.255.0 
 ospf network-type p2p
 ospf enable 100 area 0.0.0.0
 mpls
 mpls ldp
#
interface NULL0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
 ospf enable 100 area 0.0.0.0
#
bgp 100
 peer 1.1.1.1 as-number 100 
 peer 1.1.1.1 connect-interface LoopBack0
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 3.3.3.3 enable
 # 
 ipv4-family vpnv4
  undo policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 reflect-client
  peer 3.3.3.3 enable
  peer 3.3.3.3 reflect-client
#
ospf 100 router-id 2.2.2.2 
 area 0.0.0.0 
#
return

#
sysname R3
#
ip vpn-instance a
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 100:2
  vpn-target 100:2 export-extcommunity
  vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.100
 dot1q termination vid 100
 ip binding vpn-instance a
 ip address 10.1.34.3 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/0.200
 dot1q termination vid 200
 ip binding vpn-instance b
 ip address 10.1.34.3 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 10.1.23.3 255.255.255.0 
 ospf network-type p2p
 ospf enable 100 area 0.0.0.0
 mpls
 mpls ldp
#
interface NULL0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 
 ospf enable 100 area 0.0.0.0
#
bgp 100
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
 #
 ipv4-family vpn-instance a 
  peer 10.1.34.4 as-number 200 
 #
 ipv4-family vpn-instance b 
  peer 10.1.34.4 as-number 200 
#
ospf 100 router-id 3.3.3.3 
 area 0.0.0.0 
#
return

#
sysname R4
#
ip vpn-instance a
 ipv4-family
  route-distinguisher 200:1
  vpn-target 200:1 export-extcommunity
  vpn-target 200:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 200:2
  vpn-target 200:2 export-extcommunity
  vpn-target 200:2 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.100
 dot1q termination vid 100
 ip binding vpn-instance a
 ip address 10.1.34.4 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/0.200
 dot1q termination vid 200
 ip binding vpn-instance b
 ip address 10.1.34.4 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/1
 ip address 10.1.45.4 255.255.255.0 
 ospf network-type p2p
 ospf enable 200 area 0.0.0.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
 ospf enable 200 area 0.0.0.0
#
bgp 200
 peer 5.5.5.5 as-number 200 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 5.5.5.5 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance a 
  peer 10.1.34.3 as-number 100 
 #
 ipv4-family vpn-instance b 
  peer 10.1.34.3 as-number 100 
#
ospf 200 router-id 4.4.4.4 
 area 0.0.0.0 
#
return

#
sysname R5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
 ip address 10.1.45.5 255.255.255.0 
 ospf network-type p2p
 ospf enable 200 area 0.0.0.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/2
 ip address 10.1.56.5 255.255.255.0 
 ospf network-type p2p
 ospf enable 200 area 0.0.0.0
 mpls
 mpls ldp
#
interface NULL0
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255 
 ospf enable 200 area 0.0.0.0
#
bgp 200
 peer 4.4.4.4 as-number 200 
 peer 4.4.4.4 connect-interface LoopBack0
 peer 6.6.6.6 as-number 200 
 peer 6.6.6.6 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.4 enable
  peer 6.6.6.6 enable
 # 
 ipv4-family vpnv4
  undo policy vpn-target
  peer 4.4.4.4 enable
  peer 4.4.4.4 reflect-client
  peer 6.6.6.6 enable
  peer 6.6.6.6 reflect-client
#
ospf 200 router-id 5.5.5.5 
 area 0.0.0.0 
#
return

#
sysname R6
#
ip vpn-instance a
 ipv4-family
  route-distinguisher 200:1
  vpn-target 200:1 export-extcommunity
  vpn-target 200:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 200:2
  vpn-target 200:2 export-extcommunity
  vpn-target 200:2 import-extcommunity
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
isis 1 vpn-instance b
 is-level level-2
 network-entity 49.0000.0000.0006.00
 import-route bgp 
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance a
 ip address 10.1.69.6 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance b
 ip address 10.1.61.6 255.255.255.0 
 isis enable 1
#
interface GigabitEthernet0/0/2
 ip address 10.1.56.6 255.255.255.0 
 ospf network-type p2p
 ospf enable 200 area 0.0.0.0
 mpls
 mpls ldp
#
interface NULL0
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.255 
 ospf enable 200 area 0.0.0.0
#
bgp 200
 peer 5.5.5.5 as-number 200 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 5.5.5.5 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 5.5.5.5 enable
 #
 ipv4-family vpn-instance a 
  peer 10.1.69.9 as-number 1 
  peer 10.1.69.9 substitute-as
 #
 ipv4-family vpn-instance b 
  import-route isis 1
#
ospf 200 router-id 6.6.6.6 
 area 0.0.0.0 
#
return

#
sysname R7
#
interface GigabitEthernet0/0/0
 ip address 10.1.17.7 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.0 
#
bgp 1
 peer 10.1.17.1 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 7.7.7.0 255.255.255.0 
  network 7.7.7.7 255.255.255.255 
  peer 10.1.17.1 enable
  peer 10.1.17.1 allow-as-loop
#
return

#
sysname R8
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 10.1.18.8 255.255.255.0 
#
interface NULL0
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.0 
 ospf network-type broadcast
 ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 8.8.8.8 
 area 0.0.0.0 
  network 10.1.18.8 0.0.0.0 
#
return

#
sysname R9
#
interface GigabitEthernet0/0/0
 ip address 10.1.69.9 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 9.9.9.9 255.255.255.0 
#
bgp 1
 peer 10.1.69.6 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 9.9.9.0 255.255.255.0 
  peer 10.1.69.6 enable
#
return

#
sysname R10
#
isis 1
 is-level level-2
 network-entity 49.0000.0000.0010.00
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
 ip address 10.1.61.10 255.255.255.0 
 isis enable 1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 10.10.10.10 255.255.255.0 
 isis enable 1
#
return