[实验名称]
配置ISP的三层MPLS
[实验目的]
使总公司和分公司的网络之间实现三层通信
[背景描述]
宁波城市学院由于扩建,在慈溪成立了分校,由于业务需要,要在本部和慈溪分部之间实现业务互通。由于业务的重要性,对速度和服务质量有很高的要求,于是在ISP服务提供商申请了基于三层MPLS的×××
[需求分析]
对于总公司和分公司之间,ISP可以互相传输内部路由
[实验拓扑]
[实验设备]
cisco 3725 5台
IOS版本:c3725-adventerprisek9-mz.124-15.T10.extract
[预备知识]
×××, MPLS, OSPF, VRF,BGP的原理与配置
[实验原理]
在ISP内部建立BGP的***v4承载,然后在PE端建立VRF虚拟路由转发来建立不同客户的路由交换
[实验步骤]
第0步:基本配置
配置好接口地址(图中已经详细指明接口地址,民工级别的配置在这里就不再列出了)
这里再注明一下,CEA1的lo1口是模拟本部的内部地址,同样CEA2的lo1是模拟分部的内部地址
第1步 ISP内部启用IGP(民工级配置,就不详细说明了)
PE1:
PE1(config-router)#router-id 12.0.0.101
PE1(config)#router ospf 1
PE1(config-router)#net 12.0.0.101 0.0.0.0 a 0
P:
P(config)#router ospf 1
P(config-router)#router-id 12.0.0.100
P(config-router)#net 12.0.0.2 0.0.0.0 a 0
P(config-router)#net 12.0.0.5 0.0.0.0 a 0
P(config-router)#net 12.0.0.100 0.0.0.0 a 0
PE2
PE2(config)#router ospf 1
PE2(config-router)#router-id 12.0.0.102
PE2(config-router)#net 12.0.0.102 0.0.0.0 a 0
PE2(config-router)#net 12.0.0.6 0.0.0.0 a 0
第2步 ISP内部建立MPLS转发
PE1
PE1(config)#mpls label protocol ldp 启用MLPS,并使用LDP协议分发标签
PE1(config)#mpls ldp router-id loopback 0 force 强制使用lo0口作为mpls的router-id
PE1(config)#int s1/1
PE1(config-if)#mpls ip 在接口下启用MPLS
P:(下面命令和PE1类似,具体作用就不详细说了,下文中同样作用的命令也将只说明一次)
P(config)#mpls label protocol ldp
P(config)#mpls ldp router-id loopback 0 force
P(config)#int s 1/0
P(config-if)#mpls ip
P(config-if)#int s1/1
P(config-if)#mpls ip
PE2
PE2(config)#mpls label protocol ldp
PE2(config)#mpls ldp router-id loopback 0 force
PE2(config)#int s1/0
PE2(config-if)#mpls ip
第3步:建立基于MPLS的BGP邻居关系
PE1(config)#router bgp 1 启用BGP1进程
PE1(config-router)#bgp router-id 12.0.0.101 配置BGP的router-id
PE1(config-router)#neighbor 12.0.0.102 remote-as 1 建立AS1对端邻居
PE1(config-router)#neighbor 12.0.0.102 update-source loopback 0 使用lo 0作为源更新接口
PE2
PE2(config)#router bgp 1
PE2(config-router)#bgp router-id 12.0.0.102
PE2(config-router)#neighbor 12.0.0.101 remote-as 1
PE2(config-router)#neighbor 12.0.0.101 update-source loopback 0
第4步:在PE上配置VRF
PE1(config)#ip vrf CEA 为总部建立一个虚拟转发路由器 CEA
PE1(config-vrf)#rd 1:100 客户标识为1:100
PE1(config-vrf)#route-target both 1:100 发送和接受标志为1:100的×××v4路由
PE1(config)#int s1/0
PE1(config-if)#ip vrf forwarding CEA 将接口(此接口是对应客户的接口)加入VRF CEA中
PE1(config-if)#ip address 192.168.1.1 255.255.255.0 将接口加入VRF中后必须重新配置地址,原来的配置的地址会被刷掉
PE1(config-if)#int loo 1
PE1(config-if)#ip vrf forwarding CEA
PE1(config-if)#ip address 1.1.1.2 255.255.255.255
PE2
PE2(config)#ip vrf CEA
PE2(config-vrf)#rd 1:100
PE2(config-vrf)#route-target both 1:100
PE2(config)#int s1/1
PE2(config-if)#ip vrf forwarding CEA
PE2(config-if)#ip address 192.168.2.1 255.255.255.0
PE2(config-if)#int loo 1
PE2(config-if)#ip vrf forwarding CEA
PE1(config-if)#ip address 2.2.2.2 255.255.255.255
第5步:建立BGP的***v4承载,用来承载VRF的路由
PE1
PE1(config)#router bgp 1
PE1(config-router)#address-family ***v4
PE1(config-router-af)#neighbor 12.0.0.102 activate
PE2
PE2(config)#router bgp 1
PE2(config-router)#address-family ***v4
PE2(config-router-af)#neighbor 12.0.0.101 activate
第6步:在CE和PE上配置客户和ISP边缘之间的路由
PE1(config)#router ospf 101 vrf CEA 建立针对总部CEA的OSPF路由协议
PE1(config-router)#router-id 1.1.1.2 使用已经加入vrf CEA的lo 1的地址作为router-id
PE1(config-router)#net 192.168.1.0 0.0.0.255 a 1 宣告路由条目
PE2
PE2(config)#router ospf 101 vrf CEA
PE2(config-router)#router-id 2.2.2.2
PE2(config-router)#net 192.168.2.0 0.0.0.255 a 2
第7步: 建立CE内部,CE外部和PE之间的路由,其中总部内部使用EIGRP,分部内部使用RIP
CEA1
CEA1(config)#router ospf 1 启用CEA和PE之间的ospf路由
CEA1(config-router)#router-id 1.1.1.1
CEA1(config-router)#net 1.1.1.1 0.0.0.0 a 1 宣告路由 区域为1
CEA1(config-router)#net 192.168.1.0 0.0.0.255 a 1
CEA1(config)#router eigrp 1 总部内部EIGRP协议
CEA1(config-router)#no auto-summary 关闭自动汇总
CEA1(config-router)#net 192.168.20.0 0.0.0.255 宣告路由
CEA1(config)#router ospf 1 进入OSPF进程
CEA1(config-router)#redistribute eigrp 1 subnets 重分发EIGRP路由
CEA2
CEA2(config)#router ospf 1
CEA2(config-router)#router-id 2.2.2.1
CEA2(config-router)#net 192.168.2.0 0.0.0.255 a 2
CEA2(config)#router rip
CEA2(config-router)#no auto-summary
CEA2(config-router)#version 2
CEA2(config-router)#net 192.168.21.0
CEA2(config)#router ospf 1
CEA2(config-router)#redistribute rip subnets
第8步:在VRF和BGP之间重发布各自的路由
PE1
PE1(config)#router bgp 1 进入BGP进程
PE1(config-router-af)#redistribute ospf 101 vrf CEA match internal external 重发布VRF CEA中的路由条目,包括内部的和从外部进来的路由
PE1(config)#router ospf 101 vrf CEA 进入VRF CEA的OSPF路由进程中
PE1(config-router)#redistribute bgp 1 subnets 重发布BGP中的路由(由于BGP有了×××承载,所以只会像里面发布RT为1:100(RT为1:100的是CEA)的路由条目)
PE2
PE2(config)#router bgp 1
PE2(config-router)#address-family ipv4 vrf CEA
PE2(config-router-af)#redistribute ospf 101 vrf CEA match internal external
PE2(config)#router ospf 101 vrf CEA
PE2(config-router)#redistribute bgp 1 subnets
[验证测试]
在CEA1上用内部地址ping CEA2的内部地址
查看CEA1的路由表
查看CEA2的路由表
查看PE1上CEA的路由表
查看PE2上CEA的路由表
[参考配置](删除了一些无用信息)
CEA1
Building configuration...
Current configuration : 1362 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CEA1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 192.168.20.1 255.255.255.0
!
interface Serial1/1
ip address 192.168.1.2 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 192.168.20.0
no auto-summary
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
redistribute eigrp 1 subnets
network 1.1.1.1 0.0.0.0 area 1
network 192.168.1.0 0.0.0.255 area 1
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
------------------------------------华丽的分割线-------------------------------
PE1
PE1#sh run
Building configuration...
Current configuration : 2061 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip vrf CEA
rd 1:100
route-target export 1:100
route-target import 1:100
!
no ip domain lookup
!
mpls label protocol ldp
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 12.0.0.101 255.255.255.255
!
interface Loopback1
ip vrf forwarding CEA
ip address 1.1.1.2 255.255.255.255
!
interface Serial1/0
ip vrf forwarding CEA
ip address 192.168.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 12.0.0.1 255.255.255.252
mpls ip
serial restart-delay 0
router ospf 101 vrf CEA
router-id 1.1.1.2
log-adjacency-changes
redistribute bgp 1 subnets
network 192.168.1.0 0.0.0.255 area 1
!
router ospf 1
router-id 12.0.0.101
log-adjacency-changes
network 12.0.0.1 0.0.0.0 area 0
network 12.0.0.101 0.0.0.0 area 0
!
router bgp 1
no synchronization
bgp router-id 12.0.0.101
bgp log-neighbor-changes
neighbor 12.0.0.102 remote-as 1
neighbor 12.0.0.102 update-source Loopback0
no auto-summary
!
address-family ***v4
neighbor 12.0.0.102 activate
neighbor 12.0.0.102 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute ospf 101 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0 force
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
------------------------------------华丽的分割线-------------------------------
P
P#sh run
Building configuration...
Current configuration : 1337 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
--More--
*Mar 1 01:30:01.899: %SYS-5-CONFIG_I: Configured from console by console
mpls label protocol ldp
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 12.0.0.100 255.255.255.255
!
!
interface Serial1/0
ip address 12.0.0.2 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 12.0.0.5 255.255.255.252
mpls ip
serial restart-delay 0
!
!
router ospf 1
router-id 12.0.0.100
log-adjacency-changes
network 12.0.0.2 0.0.0.0 area 0
network 12.0.0.5 0.0.0.0 area 0
network 12.0.0.100 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0 force
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
------------------------------------华丽的分割线-------------------------------
PE2
PE2#sh run
Building configuration...
Current configuration : 2061 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip vrf CEA
rd 1:100
route-target export 1:100
route-target import 1:100
!
no ip domain lookup
!
mpls label protocol ldp
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface Loopback0
ip address 12.0.0.102 255.255.255.255
!
interface Loopback1
ip vrf forwarding CEA
ip address 2.2.2.2 255.255.255.255
!
interface Serial1/0
ip address 12.0.0.6 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding CEA
ip address 192.168.2.1 255.255.255.0
serial restart-delay 0
!
router ospf 101 vrf CEA
router-id 2.2.2.2
log-adjacency-changes
redistribute bgp 1 subnets
network 192.168.2.0 0.0.0.255 area 2
!
router ospf 1
router-id 12.0.0.102
log-adjacency-changes
network 12.0.0.6 0.0.0.0 area 0
network 12.0.0.102 0.0.0.0 area 0
!
router bgp 1
no synchronization
bgp router-id 12.0.0.102
bgp log-neighbor-changes
neighbor 12.0.0.101 remote-as 1
neighbor 12.0.0.101 update-source Loopback0
no auto-summary
!
address-family ***v4
neighbor 12.0.0.101 activate
neighbor 12.0.0.101 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute ospf 101 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0 force
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
------------------------------------华丽的分割线-------------------------------
CEA2
CEA2#sh run
Building configuration...
Current configuration : 1312 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CEA2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface Loopback0
ip address 192.168.21.1 255.255.255.0
!
interface Serial1/0
ip address 192.168.2.2 255.255.255.0
serial restart-delay 0
!
router ospf 1
router-id 2.2.2.1
log-adjacency-changes
redistribute rip subnets
network 192.168.2.0 0.0.0.255 area 2
!
router rip
version 2
network 192.168.21.0
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end