配置MCE示例
组网需求:
某公司需要通过MPLS ×××实现总部和分支间的互通,同时需要隔离两种不同的业务。为节省开支,希望分支通过一台CE设备接入PE。
如图1所示,按如下组网:
CE1、CE2连接企业总部,CE1属于***a,CE2属于***b
MCE连接企业分支,通过CE3和CE4分别连接***a和***b
要求属于相同×××的用户之间能互相访问,但不同×××的用户之间不能互相访问,从而实现不同业务间隔离。
图1 配置Muti-×××-Instance CE组网图
配置思路
本例配置主要思路是:
1.PE与PE间配置OSPF协议,实现PE之间的互通;配置MP-IBGP交换×××路由信息。
2.PE上配置MPLS基本能力和MPLS LDP,建立LDP LSP。
3.PE和MCE上创建不同的×××实例(***a和***b),实现不同×××间的业务隔离。
4.PE1与相连的CE之间建立EBGP对等体,引入×××路由表中。
5.MCE与Site、MCE与PE2之间配置路由,引入×××路由信息。
操作步骤:
1.在骨干网的PE上配置OSPF协议,实现PE之间的互通
配置PE1。
system-view
[Huawei] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24
[PE1-GigabitEthernet3/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
PE2的配置过程与PE1类似,不再赘述(略)。
完成此步配置后,PE之间应能互相学习到对方的Loopback1的地址。
以PE2为例:
[PE2] display ip routing-table
Route Flags: R - relay, D - download to fib
[Huawei] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24
[PE1-GigabitEthernet3/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
PE2的配置过程与PE1类似,不再赘述(略)。
完成此步配置后,PE之间应能互相学习到对方的Loopback1的地址。
以PE2为例:
[PE2] display ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 OSPF 10 1 D 172.1.1.1 GigabitEthernet1/0/0
2.2.2.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.1.0/24 Direct 0 0 D 172.1.1.2 GigabitEthernet1/0/0
172.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
172.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.在骨干网的PE上配置MPLS基本能力和MPLS LDP,PE之间建立LDP LSP
配置PE1。
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] mpls
[PE1-GigabitEthernet3/0/0] mpls ldp
[PE1-GigabitEthernet3/0/0] quit
PE2的配置过程与PE1类似,不再赘述(略)。
完成此步配置后,在PE上执行命令display mpls ldp session,应能看见PE之间的MPLS LDP会话状态为“Operational”。
以PE2为例:
[PE2] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
PeerID Status LAM SsnRole SsnAge KASent/Rcv
1.1.1.9:0 Operational DU Active 0000:00:04 17/17
TOTAL: 1 session(s) Found.
3.在PE设备上配置×××实例,将CE1、CE2接入PE1,将MCE接入PE2
配置PE1。
[PE1] ip ***-instance ***a
[PE1-***-instance-***a] ipv4-family
[PE1-***-instance-***a-af-ipv4] route-distinguisher 100:1
[PE1-***-instance-***a-af-ipv4] ***-target 111:1 both
[PE1-***-instance-***a-af-ipv4] quit
[PE1-***-instance-***a] quit
[PE1] ip ***-instance ***b
[PE1-***-instance-***b] ipv4-family
[PE1-***-instance-***b-af-ipv4] route-distinguisher 100:2
[PE1-***-instance-***b-af-ipv4] ***-target 222:2 both
[PE1-***-instance-***b-af-ipv4] quit
[PE1-***-instance-***b] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip binding ***-instance ***a
[PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] ip binding ***-instance ***b
[PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[PE1-GigabitEthernet2/0/0] quit
配置PE2。
[PE2] ip ***-instance ***a
[PE2-***-instance-***a] ipv4-family
[PE2-***-instance-***a-af-ipv4] route-distinguisher 200:1
[PE2-***-instance-***a-af-ipv4] ***-target 111:1 both
[PE2-***-instance-***a-af-ipv4] quit
[PE2-***-instance-***a] quit
[PE2] ip ***-instance ***b
[PE2-***-instance-***b] ipv4-family
[PE2-***-instance-***b-af-ipv4] route-distinguisher 200:2
[PE2-***-instance-***b-af-ipv4] ***-target 222:2 both
[PE2-***-instance-***b-af-ipv4] quit
[PE2-***-instance-***b] quit
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet2/0/0.1] ip binding ***-instance ***a
[PE2-GigabitEthernet2/0/0.1] ip address 192.1.1.1 24
[PE2-GigabitEthernet2/0/0.1] quit
[PE2] interface gigabitethernet 2/0/0.2
[PE2-GigabitEthernet2/0/0.2] dot1q termination vid 20
[PE2-GigabitEthernet2/0/0.2] ip binding ***-instance ***b
[PE2-GigabitEthernet2/0/0.2] ip address 192.2.1.1 24
[PE2-GigabitEthernet2/0/0.2] quit
4.在MCE设备上配置×××实例,将CE3、CE4及PE2接入MCE
[Huawei] sysname MCE
[MCE] ip ***-instance ***a
[MCE-***-instance-***a] ipv4-family
[MCE-***-instance-***a-af-ipv4] route-distinguisher 300:1
[MCE-***-instance-***a-af-ipv4] ***-target 111:1 both
[MCE-***-instance-***a-af-ipv4] quit
[MCE-***-instance-***a] quit
[MCE] ip ***-instance ***b
[MCE-***-instance-***b] ipv4-family
[MCE-***-instance-***b-af-ipv4] route-distinguisher 300:2
[MCE-***-instance-***b-af-ipv4] ***-target 222:2 both
[MCE-***-instance-***b-af-ipv4] quit
[MCE-***-instance-***b] quit
[MCE] interface gigabitethernet 3/0/0
[MCE-GigabitEthernet3/0/0] ip binding ***-instance ***a
[MCE-GigabitEthernet3/0/0] ip address 10.3.1.2 24
[MCE-GigabitEthernet3/0/0] quit
[MCE] interface gigabitethernet 4/0/0
[MCE-GigabitEthernet4/0/0] ip binding ***-instance ***b
[MCE-GigabitEthernet4/0/0] ip address 10.4.1.2 24
[MCE-GigabitEthernet4/0/0] quit
[MCE] interface gigabitethernet 1/0/0.1
[MCE-GigabitEthernet1/0/0.1] dot1q termination vid 10
[MCE-GigabitEthernet1/0/0.1] ip binding ***-instance ***a
[MCE-GigabitEthernet1/0/0.1] ip address 192.1.1.2 24
[MCE-GigabitEthernet1/0/0.1] quit
[MCE] interface gigabitethernet 1/0/0.2
[MCE-GigabitEthernet1/0/0.2] dot1q termination vid 20
[MCE-GigabitEthernet1/0/0.2] ip binding ***-instance ***b
[MCE-GigabitEthernet1/0/0.2] ip address 192.2.1.2 24
[MCE-GigabitEthernet1/0/0.2] quit
5.在PE之间建立MP-IBGP对等体,在PE1与CE1、CE2之间建立EBGP对等体
配置CE1。
[Huawei] sysname CE1
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] ipv4-family unicast
[CE1-bgp-af-ipv4] import-route direct
[CE1-bgp-af-ipv4] quit
[CE1-bgp] quit
PE1和CE2的配置与CE1类似,不再赘述(略)。
完成此步配置后,在PE1上执行命令display bgp ***v4 all peer可以看见PE1与PE2的IBGP对等体关系及PE1与CE1、CE2之间建立EBGP对等体关系均为“Established”。
[PE1] display bgp ***v4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.9 4 100 288 287 0 01:19:16 Established 4
Peer of IPv4-family for *** instance :
×××-Instance ***a, router ID 1.1.1.9:
10.1.1.1 4 65410 9 11 0 00:04:14 Established 4
×××-Instance ***b, router ID 1.1.1.9:
10.2.1.1 4 65420 9 12 0 00:04:09 Established 3
- 在PE2和MCE之间配置OSPF多实例
配置PE2。
[PE2] ospf 100 ***-instance ***a
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.0] quit
[PE2-ospf-100] import-route bgp
[PE2-ospf-100] quit
[PE2] ospf 200 ***-instance ***b
[PE2-ospf-200] area 0
[PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[PE2-ospf-200-area-0.0.0.0] quit
[PE2-ospf-200] import-route bgp
[PE2-ospf-200] quit
[PE2] bgp 100
[PE2-bgp] ipv4-family ***-instance ***a
[PE2-bgp-***a] import-route ospf 100
[PE2-bgp-***a] quit
[PE2-bgp] ipv4-family ***-instance ***b
[PE2-bgp-***b] import-route ospf 200
[PE2-bgp-***b] quit
[PE2-bgp] quit配置MCE。
[MCE] ospf 100 ***-instance ***a
[MCE-ospf-100] area 0
[MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] quit
[MCE-ospf-100] quit
[MCE] ospf 200 ***-instance ***b
[MCE-ospf-200] area 0
[MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] quit
[MCE-ospf-200] quit
7.在MCE和CE3、CE4之间配置RIP-2配置MCE。
[MCE] rip 100 ***-instance ***a
[MCE-rip-100] version 2
[MCE-rip-100] network 10.0.0.0
[MCE-rip-100] import-route ospf 100
[MCE-rip-100] quit
[MCE] rip 200 ***-instance ***b
[MCE-rip-200] version 2
[MCE-rip-200] network 10.0.0.0
[MCE-rip-200] import-route ospf 200
[MCE-rip-200] quit
配置CE3。
[Huawei] sysname CE3
[CE3] rip 100
[CE3-rip-100] version 2
[CE3-rip-100] network 10.0.0.0
[CE3-rip-100] import-route direct
配置CE4。
[Huawei] sysname CE4
[CE4] rip 200
[CE4-rip-200] version 2
[CE4-rip-200] network 10.0.0.0
[CE4-rip-200] import-route direct
8.在MCE上配置不进行环路检查,并引入RIP路由
[MCE] ospf 100 ***-instance ***a
[MCE-ospf-100] ***-instance-capability simple
[MCE-ospf-100] import-route rip 100
[MCE-ospf-100] quit
[MCE] ospf 200 ***-instance ***b
[MCE-ospf-200] ***-instance-capability simple
[MCE-ospf-200] import-route rip 200
[MCE-ospf-200] quit
9.检查配置结果
完成上述配置后,在MCE设备上执行命令display ip routing-table ***-instance命令,可以看到去往对端CE的路由。
以***a为例:
[MCE] display ip routing-table ***-instance ***a
Route Flags: R - relay, D - download to fib
Routing Tables: ***a
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 O_ASE 150 1 D 192.1.1.1 GigabitEthernet1/0/0.1
10.3.1.0/24 Direct 0 0 D 10.3.1.2 GigabitEthernet3/0/0
10.3.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0
10.3.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0
192.1.1.0/24 Direct 0 0 D 192.1.1.2 GigabitEthernet1/0/0.1
192.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0.1
192.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0.1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在PE上执行display ip routing-table ***-instance命令,可以看到去往对端CE的路由。
以PE1上的***a为例:
[PE1] display ip routing-table ***-instance ***a
Route Flags: R - relay, D - download to fib
Routing Tables: ***a
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0
10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
10.3.1.0/24 IBGP 255 2 RD 2.2.2.9 GigabitEthernet3/0/0
192.1.1.0/24 IBGP 255 0 RD 2.2.2.9 GigabitEthernet3/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CE1、CE3之间可以互通,CE2、CE4之间可以互通。
以CE1为例:
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=125 ms
--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 125/125/125 ms
CE1不能与CE2和CE4互通,CE3也不能与CE2和CE4互通。
以CE1上ping CE4的显示为例。
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.4.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss