MPLS ××× 互访关系控制
1.各路由器基本信息配置
2.OSPF规范配置,修改网络类型为点对点,配置被动接口
3.MPLS骨干网运行OSPF,标签分发协议为LDP
4.RT1、RT2、RT3、RT4和RT5运行MP_IPGP,RT1为MP_IPGP RR,RT2、RT3、RT4和RT5分别与RR建立MP_IBGP邻居
5.RT4的S0/1和E3/0划分到VRF SC,S0/2、E3/1划分到VRF BG,E3/2划分到VRF HUB,RT5的S0/1和E3/0划分到VRF SC,S0/2、E3/1划分到VRF BG,E3/2划分到VRF HUB
6.RT4 VRF SC与RT6运行RIP、RT4 VRF BG 与RT7配置静态路由、RT5 VRF SC与RT8运行OSPF,RT5 VRF BG与RT9运行EBGP
IP地址分配如下:
RT2 E3/2 172.18.2.1/24 RT4 E3/2 172.18.4.1
RT3 E3/2 172.18.3.1/24 RT5 E3/2 172.18.5.1/24
MPLS ××× 互访关系控制如下:
1.××× WG的站点可相互访问
2.HUB-Spoke MPLS ×××
调整WG为HUB-Spoke MPLS ×××,RT2为HUB端(中心端),RT3、RT4、RT5为Spoke端(分支端);Spoke端的WG只能访问HUB端,Spoke端间不能互访。
3.复杂MPLS ×××
调整WG的互访关系:RT2、RT3为中心端,中心端之间能够互访,RT4、RT5为分支端,分支端只能访问中心端,分支端之间不能互访。
一、MPLS 骨干网的IGP及MPLS配置略
(不明白请看http://tangfangxiao.blog.51cto.com/2116646/663010 )
二、MP_IPGP RR调测
RT1:
router bgp 65000
no synchronization
neighbor rrc peer-group //创建一个对等组命名rrc
neighbor rrc remote-as 65000
neighbor rrc update-source Loopback0
neighbor rrc next-hop-self
neighbor 2.2.2.2 peer-group rrc
neighbor 3.3.3.3 peer-group rrc //调用对等组rrc建立IBGP邻居
neighbor 4.4.4.4 peer-group rrc
neighbor 5.5.5.5 peer-group rrc
no auto-summary
address-family ***v4
neighbor rrc activate //创建一个对等组命名rrc
neighbor rrc send-community extended
neighbor rrc route-reflector-client //配置成为RR的客户端
neighbor 2.2.2.2 peer-group rrc //调用对等组rrc建立MP_BGP RR
neighbor 3.3.3.3 peer-group rrc
neighbor 4.4.4.4 peer-group rrc
neighbor 5.5.5.5 peer-group rrc
exit-address-family
RT2:
router bgp 65000
no synchronization
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
RT3:
router bgp 65000
no synchronization
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
RT4:
router bgp 65000
no synchronization
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
RT5:
router bgp 65000
no synchronization
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
三、配置VRF调测
RT4:
ip vrf BG //建立VRF 命名为BG
rd 2:2 //VRF的RD为2:2
route-target export 2:20 //导出RT为2:20
route-target import 2:10 //导入RT为2:10
ip vrf SC
rd 1:1
route-target export 1:20
route-target import 1:10
RT5:
ip vrf BG
rd 2:2
route-target export 2:10
route-target import 2:20
ip vrf SC
rd 1:1
route-target export 1:10
route-target import 1:20
四、PE与CE路由协议调测
RT4:
router rip //配置CE与PE VRF之间路由协议
version 2
no auto-summary
address-family ipv4 vrf SC //配置MP_BGP
network 172.16.0.0
no auto-summary
version 2
exit-address-family
RT6:
router rip
version 2
network 6.0.0.0
network 172.16.0.0
no auto-summary
RT4:
ip route vrf BG 7.7.7.7 255.255.255.255 Serial0/2 172.17.47.2 //在VRF BG中添加静态路由
ip route vrf BG 172.17.7.0 255.255.255.0 Serial0/2 172.17.47.2
RT7:
ip route 0.0.0.0 0.0.0.0 172.17.47.1 //配置缺省路由
RT5:
router ospf 101 vrf SC //配置VRF SC OSPF
router-id 172.16.5.1
network 172.16.5.0 0.0.0.255 area 0
network 172.16.58.0 0.0.0.3 area 0
RT8:
router ospf 1
router-id 8.8.8.8
passive-interface Ethernet3/0
network 8.8.8.8 0.0.0.0 area 0
network 172.16.8.0 0.0.0.255 area 0
network 172.16.58.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
RT5:
router bgp 65000 //配置EBGP
address-family ipv4 vrf BG //配置MP_BGP
neighbor 172.17.59.2 remote-as 65001 //建立EBGP邻居
no auto-summary
no synchronization
exit-address-family
RT9:
router bgp 65001
no synchronization
network 9.9.9.9 mask 255.255.255.255
network 172.17.9.0 mask 255.255.255.0
network 172.17.59.0 mask 255.255.255.252
neighbor 172.17.59.1 remote-as 65000
no auto-summary
五、MPLS ×××调测
RT4:
router bgp 65000
address-family ipv4 vrf SC
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute rip metric 1000 //重RIP直连到MP_BGP
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf BG
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute static metric 1000 //重分布静态到MP_BGP
no auto-summary
no synchronization
exit-address-family
router rip
redistribute bgp 65000 metric 5 //重分布VRF SC到RIP
RT5:
router bgp 65000
address-family ipv4 vrf SC
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute ospf 101 vrf SC metric 1000 match internal external 1 external 2 //重分布OSPF 101 VRF SC中的匹配外部5类类型1和类型2的路由到MP_BGP中
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf BG
redistribute connected metric 1000 //重分布直连到MP_BGP
exit-address-family
六、MPLS ××× 互访关系控制
1.××× WG的站点可相互访问
RT2、RT3、RT4、RT5配置如下:
ip vrf WG
rd 1:5
route-target export 5:5
route-target import 5:5
int e3/2
ip vrf forwarding WG
ip address 172.18.xx.1 255.255.255.0
router bgp 65000
address-family ipv4 vrf WG
redistribute connected metric 1000
no auto-summary
no synchronization
exit-address-family
测试结果:
注意:如果配置正确,某条路由在MP_BGP表中存在,而没有自动导入VRF,请使用clear ip route vrf 〈名字〉*
2.HUB-Spoke MPLS ×××
调整WG为HUB-Spoke MPLS ×××,RT2为HUB端(中心端),RT3、RT4、RT5为Spoke端(分支端);Spoke端的WG只能访问HUB端,Spoke端间不能互访。
RT2:RT2、RT3、RT4、RT5:
ip vrf WG
no route-target export //清除之前配置的RT
no route-target import
RT2:
ip vrf WG
route-target export 5:5
route-target import 5:10
RT3、RT4、RT5:
ip vrf WG
route-target export 5:10
route-target import 5:5
RT2(config-vrf)#do show ip route vrf WG
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:24
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:02:38
C 172.18.2.0 is directly connected, Ethernet3/2
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:01:54
RT3(config-vrf)#do show ip route vrf WG
172.18.0.0/24 is subnetted, 2 subnets
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:01:40
C 172.18.3.0 is directly connected, Ethernet3/2
RT4(config-vrf)#do show ip route vrf WG
172.18.0.0/24 is subnetted, 2 subnets
C 172.18.4.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:07
注意:大家在查看VRF路由表时,还是先刷新一下VRF路由表
3.复杂MPLS ×××
调整WG的互访关系:RT2、RT3为中心端,中心端之间能够互访,RT4、RT5为分支端,分支端只能访问中心端,分支端之间不能互访。
RT2:RT2、RT3、RT4、RT5:
ip vrf WG
no route-target export //清除之前配置的RT
no route-target import
RT2、RT3:
ip vrf WG
route-target export 5:5
route-target import 5:5
route-target export 5:10
route-target import 5:20
RT4、RT5:
ip vrf WG
route-target export 5:20
route-target import 5:10
RT2:
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:03
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:00:03
C 172.18.2.0 is directly connected, Ethernet3/2
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:00:03
RT3:
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:09
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:00:09
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:09
C 172.18.3.0 is directly connected, Ethernet3/2
RT4:
172.18.0.0/24 is subnetted, 3 subnets
C 172.18.4.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:01
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:00:01
RT5:
172.18.0.0/24 is subnetted, 3 subnets
C 172.18.5.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:01:02
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:01:02
注意:大家在查看VRF路由表时,还是先刷新一下VRF路由表
RT的配置非常灵活,很容易实现业务分流,配置也很简单!