【实验】MPLS L3VPN中实现CE访问外网(Spoke CE从Hub CE访问外网)

实验环境:

操作系统:Mac OS X 10.11.4(当时最新正式版),模拟器:GNS3 IOU for Mac 1.4.5(当时最新版本)
注:当然,只要有思科模拟器都可以做这个实验

拓扑额外描述:

  • 中心站点(IOU1)通过rd值2345:1向分支站点(IOU6和IOU8)下发默认路由;
  • 分支站点(IOU6和IOU8)将自己的路由分别通过rd值2345:6和rd值2345:8上发到中心站点(IOU1),这样分支站点间的通信都通过中心站点来中转;
  • IOU1连接PE(IOU2)之间的链路有两个子接口:一个子接口e 0/0.1连接两个PE,一个子接口e 0/0.99连接Internet。

实验需求:

中心站点(IOU1)能访问互联网7.7.7.7,分支站点(IOU6和IOU8)经过中心站点(IOU1)也能访问互联网7.7.7.7。

先根据图中的要求快速完成MPLS VPN的配置:

IOU2:

conf t
int l 0
ip add 2.2.2.2 255.255.255.255

int e 0/0
no sh

int e 0/0.1
en do 1
ip add 172.16.12.2 255.255.255.0

int e 0/0.99
en do 99
ip add 12.1.1.2 255.255.255.0

int e 0/1
ip add 23.1.1.2 255.255.255.0
no sh

router os 2345
router-id 2.2.2.2

int r e 0/1 , l 0
ip os 2345 a 0

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

int e 0/1
mpls ip

ip vrf IOU1
rd 2345:1
route-target import 2345:6
route-target import 2345:8
route-target export 2345:1

int e 0/0.1
ip vrf f IOU1
en do 1
ip add 172.16.12.2 255.255.255.0
ip os 168 a 0

router bgp 2345
bgp router-id 2.2.2.2
no bgp def ipv4
nei 3.3.3.3 remot 2345
nei 3.3.3.3 up l 0

add ipv4 un
nei 3.3.3.3 ac
nei 3.3.3.3 next-hop-self

add vpnv4 un
nei 3.3.3.3 ac

add ipv4 vrf IOU1
red os 168 ma e i

router os 168 vrf IOU1
red bgp 2345 subnets

IOU3:

conf t
int l 0
ip add 3.3.3.3 255.255.255.255

int e 0/1
ip add 23.1.1.3 255.255.255.0
no sh

int e 0/2
ip add 34.1.1.3 255.255.255.0
no sh

int e 0/3
ip add 35.1.1.3 255.255.255.0
no sh

router os 2345
router-id 3.3.3.3

int r e 0/1-3 , l 0
ip os 2345 a 0

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

int r e 0/1-3
mpls ip

router bgp 2345
bgp router-id 3.3.3.3
no bgp def ipv4
nei 2.2.2.2 remot 2345
nei 2.2.2.2 up l 0
nei 4.4.4.4 remot 2345
nei 4.4.4.4 up l 0
nei 5.5.5.5 remot 2345
nei 5.5.5.5 up l 0

add vpnv4 un
nei 2.2.2.2 ac
nei 2.2.2.2 route-reflector-client
nei 4.4.4.4 ac
nei 4.4.4.4 route-reflector-client

add ipv4 un
nei 2.2.2.2 ac
nei 2.2.2.2 route-reflector-client
nei 5.5.5.5 ac
nei 5.5.5.5 route-reflector-client

IOU4:

conf t
int l 0
ip add 4.4.4.4 255.255.255.255

int e 0/0
ip add 172.16.46.4 255.255.255.0
no sh

int e 0/1
ip add 172.16.48.4 255.255.255.0
no sh

int e 0/2
ip add 34.1.1.4 255.255.255.0
no sh

router os 2345
router-id 4.4.4.4

int r e 0/2 , l 0
ip os 2345 a 0

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

int e 0/2
mpls ip

ip vrf IOU6
rd 2345:6
route-target export 2345:6
route-target import 2345:1

ip vrf IOU8
rd 2345:8
route-target export 2345:8
route-target import 2345:1

int e 0/0
ip vrf f IOU6
ip add 172.16.46.4 255.255.255.0
ip os 168 a 0

int e 0/1
ip vrf f IOU8
ip add 172.16.48.4 255.255.255.0
ip os 18 a 0

router bgp 2345
bgp router-id 4.4.4.4
no bgp def ipv4
nei 3.3.3.3 remot 2345
nei 3.3.3.3 up l 0

add vpnv4 un
nei 3.3.3.3 ac

add ipv4 vrf IOU6
red os 168 ma e i

add ipv4 vrf IOU8
red os 18 ma e i

router os 168 vrf IOU6
red bgp 2345 subnets

router os 18 vrf IOU8
red bgp 2345 subnets

IOU1:

conf t

router os 168
router-id 1.1.1.1

int l 0
ip add 192.168.1.1 255.255.255.255
ip os 168 a 0

int e 0/0
no sh

int e 0/0.1
en do 1
ip add 172.16.12.1 255.255.255.0
ip os 168 a 0

int e 0/0.99
en do 99
ip add 12.1.1.1 255.255.255.0

IOU6:

conf t
int l 0
ip add 192.168.2.1 255.255.255.255

int e 0/0
ip add 172.16.46.6 255.255.255.0
no sh

router os 168
router-id 6.6.6.6
net 0.0.0.0 0.0.0.0 a 0

IOU8:

conf t
int l 0
ip add 192.168.3.1 255.255.255.255

int e 0/1
ip add 172.16.48.8 255.255.255.0
no sh

router os 168
router-id 8.8.8.8
net 0.0.0.0 0.0.0.0 a 0

IOU5:

conf t
int l 0
ip add 5.5.5.5 255.255.255.255

int e 0/3
ip add 35.1.1.5 255.255.255.0
no sh

int e 0/0
ip add 57.1.1.5 255.255.255.0
no sh

router os 2345
router-id 5.5.5.5

int r e 0/3 , l 0
ip os 2345 a 0

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

int e 0/3
mpls ip

router bgp 2345
bgp router-id 5.5.5.5
nei 3.3.3.3 remot 2345
nei 3.3.3.3 up l 0
nei 3.3.3.3 next-hop-self
nei 57.1.1.7 remot 7

IOU7:

conf t
int l 0
ip add 7.7.7.7 255.255.255.255

int e 0/0
ip add 57.1.1.7 255.255.255.0
no sh

router bgp 7
bgp router-id 7.7.7.7
nei 57.1.1.5 remot 2345
net 7.7.7.7 mask 255.255.255.255

实验过程:

1、在IOU2上通过BGP通告PE和CE之间的链路到Internet:

router bgp 2345
 add ipv4 un
 net 12.1.1.0 mask 255.255.255.0

2、在IOU1上通过OSPF为两个分支站点(IOU6和IOU8)下发默认路由:

ip route 0.0.0.0 0.0.0.0 e 0/0.99 12.1.1.2

router os 168
 default-information originate

3、在IOU2上要在BGP相应的VRF下通告这个默认路由:

router bgp 2345
 add ipv4 vrf IOU1
 net 0.0.0.0

4、在IOU4上也要下发一下默认路由,不然IOU6和IOU8收不到:

router os 168 vrf IOU6
 default-information originate

router os 18 vrf IOU8
 default-information originate

5、在IOU1上配置PAT:

access-list 1 per 192.168.0.0 0.0.255.255

ip nat inside source list 1 interface e 0/0.99 overload

int e 0/0.1
 ip nat inside

int e 0/0.99
 ip nat outside

测试:

首先,中心站点(IOU1)可以分别访问两个分支站点(IOU6和IOU8):

IOU1#p 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/6 ms

IOU1#p 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/6 ms

然后,两个分支站点(IOU6和IOU8)见也可以互相访问:

IOU6#tra 192.168.3.1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.46.4 5 msec 5 msec 4 msec
  2 34.1.1.3 [MPLS: Labels 16/23 Exp 0] 1 msec 8 msec 6 msec
  3 172.16.12.2 [MPLS: Label 23 Exp 0] 5 msec 5 msec 4 msec
  4 172.16.12.1 5 msec 5 msec 5 msec
  5 172.16.12.2 5 msec 5 msec 5 msec
  6 23.1.1.3 [MPLS: Labels 17/24 Exp 0] 6 msec 6 msec 5 msec
  7 172.16.48.4 [MPLS: Label 24 Exp 0] 2 msec 4 msec 7 msec
  8 172.16.48.8 3 msec 2 msec 5 msec

接着,中心站点(IOU1)可以访问互联网:

IOU1#tra 7.7.7.7 so l 0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 12.1.1.2 5 msec 5 msec 0 msec
  2 23.1.1.3 [MPLS: Label 18 Exp 0] 1 msec 8 msec 2 msec
  3 35.1.1.5 1 msec 1 msec 1 msec
  4 57.1.1.7 1 msec 2 msec 1 msec

最后,两个分支站点(IOU6和IOU8)见也可以经过中心站点(IOU1)访问互联网:

IOU6#tra 7.7.7.7 so l 0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.46.4 6 msec 0 msec 5 msec
  2 34.1.1.3 [MPLS: Labels 16/23 Exp 0] 2 msec 6 msec 6 msec
  3 172.16.12.2 [MPLS: Label 23 Exp 0] 1 msec 1 msec 5 msec
  4 172.16.12.1 6 msec 5 msec 1 msec
  5 12.1.1.2 6 msec 5 msec 1 msec
  6 23.1.1.3 [MPLS: Label 18 Exp 0] 5 msec 5 msec 1 msec
  7 35.1.1.5 1 msec 4 msec 5 msec
  8 57.1.1.7 5 msec 1 msec 1 msec

IOU8#tra 7.7.7.7 so l 0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.48.4 0 msec 5 msec 4 msec
  2 34.1.1.3 [MPLS: Labels 16/23 Exp 0] 6 msec 5 msec 5 msec
  3 172.16.12.2 [MPLS: Label 23 Exp 0] 5 msec 2 msec 5 msec
  4 172.16.12.1 1 msec 5 msec 5 msec
  5 12.1.1.2 5 msec 1 msec 1 msec
  6 23.1.1.3 [MPLS: Label 18 Exp 0] 1 msec 0 msec 5 msec
  7 35.1.1.5 3 msec 5 msec 5 msec
  8 57.1.1.7 6 msec 5 msec 4 msec

 

其他相关文章:

打赏作者
这里是 “ CCIE 工程师社区 ” 官方的捐款通道,您是否可以考虑请我们喝杯咖啡呢?

您的支持将鼓励我们继续创作!

[微信] 扫描二维码打赏

[支付宝] 扫描二维码打赏

Was this article helpful?

Related Articles

Leave A Comment?

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据