【实验】域间MPLS L3VPN实验 —— Inter-AS option A/option 1(back to back VRF)

实验环境:

操作系统:Mac OS X 10.11.4(当时最新正式版),模拟器:GNS3 IOU for Mac 1.4.5(当时最新版本)
注:当然,只要有思科模拟器都可以做这个实验

实验需求:

  • IOU1/2/3 是一个运营商,BGP AS 号是 123;
  • IOU4/5/6 是另一个运营商,BGP AS 号是 456;
  • IOU7/8/9/10 都是 CE,IOU8 可以访问 IOU9,IOU7 可以访问 IOU10。

跨域的 MPLS L3VPN 和单域的 MPLS L3VPN 在配置上的区别主要是在运营商和运营商之间的 ASBR(这里的 ASBR 是指 IOU3 和 IOU4)上。换句话说,跨域的 MPLS L3VPN 主要考虑的地方是运营商和运营商之间如何把彼此的 MPLS L3VPN 给连接起来。

而 back to back(背靠背)的方式其实很好理解,就是 IOU3 把 IOU4 当做是自己的 CE,IOU4 把 IOU3 当做是自己的 CE 。同时,IOU3 和 IOU4 之间的 MPLS L3VPN 连接用 VRF 虚拟子接口来做,这样可以为多家企业提供跨域的 MPLS L3VPN 服务。

其他相关文章:

1、以下是 L2VPN 和 L3VPN 的单域的实验:

2、以下是 MPLS L2VPN 的跨域的实验:

实验步骤:

1、IP 地址规划

IOU1:

conf t
int l 0
ip add 1.1.1.1 255.255.255.255

int e 0/0
ip add 12.1.1.1 255.255.255.0
no sh

int e 0/1
ip add 18.1.1.1 255.255.255.0
no sh

int e 0/2
ip add 17.1.1.1 255.255.255.0
no sh

IOU2:

conf t
int l 0
ip add 2.2.2.2 255.255.255.255

int e 0/0
ip add 12.1.1.2 255.255.255.0
no sh

int e 0/1
ip add 23.1.1.2 255.255.255.0
no sh

IOU3:

conf t
int l 0
ip add 3.3.3.3 255.255.255.255

int e 0/1
ip add 23.1.1.3 255.255.255.0
no sh

int e 0/2
no sh

IOU4:

conf t
int l 0
ip add 4.4.4.4 255.255.255.255

int e 0/2
no sh

int e 0/0
ip add 45.1.1.4 255.255.255.0
no sh

IOU5:

conf t
int l 0
ip add 5.5.5.5 255.255.255.255

int e 0/0
ip add 45.1.1.5 255.255.255.0
no sh

int e 0/1
ip add 56.1.1.5 255.255.255.0
no sh

IOU6:

conf t
int l 0
ip add 6.6.6.6 255.255.255.255

int e 0/0
ip add 69.1.1.6 255.255.255.0
no sh

int e 0/1
ip add 56.1.1.6 255.255.255.0
no sh

int e 0/2
ip add 106.1.1.6 255.255.255.0
no sh

IOU8:

conf t
int l 0
ip add 8.8.8.8 255.255.255.255

int e 0/1
ip add 18.1.1.8 255.255.255.0
no sh

IOU7:

conf t
int l 0
ip add 7.7.7.7 255.255.255.255

int e 0/2
ip add 17.1.1.7 255.255.255.0
no sh

IOU10:

conf t
int l 0
ip add 10.10.10.10 255.255.255.255

int e 0/2
ip add 106.1.1.10 255.255.255.0
no sh

IOU9:

conf t
int l 0
ip add 9.9.9.9 255.255.255.255

int e 0/0
ip add 69.1.1.9 255.255.255.0
no sh

2、在 P 和 PE 上开启 IGP 和 MPLS:

IOU1:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.1111.1111.1111.1111.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/0
ip router isis

router isis
passive-interface loopback 0
adv passive-only

IOU2:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.1111.2222.2222.2222.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/0-1
ip router isis

router isis
passive-interface loopback 0
adv passive-only

IOU3:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.1111.3333.3333.3333.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/1
ip router isis

router isis
passive-interface loopback 0
adv passive-only

IOU4:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.2222.4444.4444.4444.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/0
ip router isis

router isis
passive-interface loopback 0
adv passive-only

IOU5:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.2222.5555.5555.5555.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/0-1
ip router isis

router isis
passive-interface loopback 0
adv passive-only

IOU6:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router isis
net 49.2222.6666.6666.6666.00
is-type level-1
log all
mpls ldp autoconfig

int r l 0 , e 0/1
ip router isis

router isis
passive-interface loopback 0
adv passive-only

3、PE 上配置 VRF,并配置 PE 和 CE 间的 IGP:

IOU1:

ip vrf 89
rd 89:89
route-target 89:89

int e 0/1
ip vrf f 89
ip add 18.1.1.1 255.255.255.0
ip os 89 a 0

ip vrf 710
rd 710:710
route-target 710:710

int e 0/2
ip vrf f 710
ip add 17.1.1.1 255.255.255.0
ip os 710 a 0

IOU6:

ip vrf 89
rd 89:89
route-target 89:89

int e 0/0
ip vrf f 89
ip add 69.1.1.6 255.255.255.0
ip os 89 a 0

ip vrf 710
rd 710:710
route-target 710:710

int e 0/2
ip vrf f 710
ip add 106.1.1.6 255.255.255.0
ip os 710 a 0

IOU8:

router os 89
router-id 8.8.8.8
net 0.0.0.0 0.0.0.0 a 0

IOU7:

router os 710
router-id 7.7.7.7
net 0.0.0.0 0.0.0.0 a 0

IOU10:

router os 710
router-id 10.10.10.10
net 0.0.0.0 0.0.0.0 a 0

IOU9:

router os 89
router-id 9.9.9.9
net 0.0.0.0 0.0.0.0 a 0

4、配置 MP-BGP,并在 PE 上做双向重分布:

IOU1:

router bgp 123
bgp router-id 1.1.1.1
no bgp def ipv4
nei 2.2.2.2 remot 123
nei 2.2.2.2 up l 0

add vpnv4 un
nei 2.2.2.2 ac

add ipv4 vrf 89
red os 89 ma e i

add ipv4 vrf 710
red os 710 ma e i

router os 89 vrf 89
red bgp 123 subnets

router os 710 vrf 710
red bgp 123 subnets

IOU2:

router bgp 123
bgp router-id 2.2.2.2
no bgp def ipv4
nei 1.1.1.1 remot 123
nei 1.1.1.1 up l 0
nei 3.3.3.3 remot 123
nei 3.3.3.3 up l 0

add vpnv4 un
nei 1.1.1.1 ac
nei 1.1.1.1 route-reflector-client
nei 3.3.3.3 ac
nei 3.3.3.3 route-reflector-client

IOU5:

router bgp 456
bgp router-id 5.5.5.5
no bgp def ipv4
nei 4.4.4.4 remot 456
nei 4.4.4.4 up l 0
nei 6.6.6.6 remot 456
nei 6.6.6.6 up l 0

add vpnv4 un
nei 4.4.4.4 ac
nei 4.4.4.4 route-reflector-client
nei 6.6.6.6 ac
nei 6.6.6.6 route-reflector-client

IOU6:

router bgp 456
bgp router-id 6.6.6.6
no bgp def ipv4
nei 5.5.5.5 remot 456
nei 5.5.5.5 up l 0

add vpnv4 un
nei 5.5.5.5 ac

add ipv4 vrf 89
red os 89 ma e i

add ipv4 vrf 710
red os 710 ma e i

router os 89 vrf 89
red bgp 456 subnets

router os 710 vrf 710
red bgp 456 subnets

5、back to back VRF 关键在 IOU3 和 IOU4 上,IOU3 和 IOU4 上还要把对方看做是自己的 CE(需要开启子接口,因为 VRF 太多连实线会不方便):

IOU3:

ip vrf 89
rd 89:89
route-target 89:89

int e 0/2.89
ip vrf f 89
en do 89
ip add 34.1.1.3 255.255.255.0

ip vrf 710
rd 710:710
route-target 710:710

int e 0/2.710
ip vrf f 710
en do 710
ip add 34.1.1.3 255.255.255.0

router bgp 123
bgp router-id 3.3.3.3
no bgp def ipv4
nei 2.2.2.2 remot 123
nei 2.2.2.2 up l 0

add vpnv4 un
nei 2.2.2.2 ac

add ipv4 vrf 89
nei 34.1.1.4 remot 456

add ipv4 vrf 710
nei 34.1.1.4 remot 456

IOU4:

ip vrf 89
rd 89:89
route-target 89:89

int e 0/2.89
ip vrf f 89
en do 89
ip add 34.1.1.4 255.255.255.0

ip vrf 710
rd 710:710
route-target 710:710

int e 0/2.710
ip vrf f 710
en do 710
ip add 34.1.1.4 255.255.255.0

router bgp 456
bgp router-id 4.4.4.4
no bgp def ipv4
nei 5.5.5.5 remot 456
nei 5.5.5.5 up l 0

add vpnv4 un
nei 5.5.5.5 ac

add ipv4 vrf 89
nei 34.1.1.3 remot 123

add ipv4 vrf 710
nei 34.1.1.3 remot 123

测试:

IOU8#sh ip ro
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

 Gateway of last resort is not set

       8.0.0.0/32 is subnetted, 1 subnets
 C        8.8.8.8 is directly connected, Loopback0
       9.0.0.0/32 is subnetted, 1 subnets
 O E2     9.9.9.9 [110/1] via 18.1.1.1, 00:02:57, Ethernet0/1
       18.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C        18.1.1.0/24 is directly connected, Ethernet0/1
 L        18.1.1.8/32 is directly connected, Ethernet0/1
       69.0.0.0/24 is subnetted, 1 subnets
 O E2     69.1.1.0 [110/1] via 18.1.1.1, 00:02:57, Ethernet0/1

IOU8#tra 9.9.9.9 so l 0
 Type escape sequence to abort.
 Tracing the route to 9.9.9.9
 VRF info: (vrf in name/id, vrf out name/id)
   1 18.1.1.1 7 msec 4 msec 1 msec
   2 12.1.1.2 [MPLS: Labels 17/18 Exp 0] 1 msec 5 msec 0 msec
   3 34.1.1.3 [MPLS: Label 18 Exp 0] 1 msec 1 msec 0 msec
   4 34.1.1.4 1 msec 1 msec 0 msec
   5 45.1.1.5 [MPLS: Labels 17/18 Exp 0] 1 msec 1 msec 0 msec
   6 69.1.1.6 [MPLS: Label 18 Exp 0] 0 msec 1 msec 0 msec
   7 69.1.1.9 0 msec 1 msec 1 msec

IOU10#sh ip ro
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

 Gateway of last resort is not set

       7.0.0.0/32 is subnetted, 1 subnets
 O E2     7.7.7.7 [110/1] via 106.1.1.6, 00:04:40, Ethernet0/2
       10.0.0.0/32 is subnetted, 1 subnets
 C        10.10.10.10 is directly connected, Loopback0
       17.0.0.0/24 is subnetted, 1 subnets
 O E2     17.1.1.0 [110/1] via 106.1.1.6, 00:04:40, Ethernet0/2
       106.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C        106.1.1.0/24 is directly connected, Ethernet0/2
 L        106.1.1.10/32 is directly connected, Ethernet0/2

IOU10#tra 7.7.7.7
 Type escape sequence to abort.
 Tracing the route to 7.7.7.7
 VRF info: (vrf in name/id, vrf out name/id)
   1 106.1.1.6 4 msec 5 msec 5 msec
   2 56.1.1.5 [MPLS: Labels 16/20 Exp 0] 1 msec 4 msec 1 msec
   3 34.1.1.4 [MPLS: Label 20 Exp 0] 1 msec 0 msec 5 msec
   4 34.1.1.3 1 msec 1 msec 2 msec
   5 23.1.1.2 [MPLS: Labels 16/20 Exp 0] 1 msec 1 msec 1 msec
   6 17.1.1.1 [MPLS: Label 20 Exp 0] 1 msec 5 msec 1 msec
   7 17.1.1.7 5 msec 5 msec 2 msec
打赏作者
这里是 “ CCIE 工程师社区 ” 官方的捐款通道,您是否可以考虑请我们喝杯咖啡呢?

您的支持将鼓励我们继续创作!

[微信] 扫描二维码打赏

[支付宝] 扫描二维码打赏

Was this article helpful?

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.