CCIE-MPLS VPN-实验手册(上卷)

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

看完了看完了看完了,豪爽豪爽豪爽,一个月了,写得挺棒。总共14个mpls 的实验,为留下学习的痕迹,原封不动献出。CCIE-MPLS <wbr>VPN-实验手册(上卷)CCIE-MPLS <wbr>VPN-实验手册(上卷)


CCIE实验手册

(路由部分-MPLSVPN基础篇)

 

 

[CCIE]  JUSTECH思科教学小组    

 

 

 

 

 

 

 

 

 

 

 

 

JUSTECH网络科技有限公司


目录

1:MPLS VPN 基础实验

1.1 实验拓扑

1.2 实验需求

1.3 配置步骤

1.4 校验

2MPLS VPN PE CE 间动态路由协议+UNTAG 实验

2.1 实验拓扑

2.2 实验需求

2.3 实验步骤

2.5 校验

2.6 思考题:

3MPLS VPN RT 设计实验

3.1 实验拓扑

3.3 实验需求

3.4 实验步骤

3.4 校验:

3.5 思考题

4MPLS VPN VRF IMPORT MAP 实验

4.1 实验拓扑

4.2 实验需求

4.3 实验步骤

4.4 校验

4.5 思考题

5MPLS VPN PE CE OSPF 实验1

5.1 实验拓扑

5.2 实验需求

5.2 实验步骤

5.4 校验

6MPLS VPN PE CE OSPF Domain-id 实验

6.1 实验拓扑

6.2 实验需求

6.3 实验步骤

6.4 校验

7MPLS VPN PE CE OSPF 虚链路实验

7.1 实验拓扑

7.2 实验需求

7.3 实验步骤

7.4 校验

7.5 思考题

8MPLS VPN Sham-link(伪链路) 实验

8.1 实验拓扑

8.2 实验需求

8.3 实验步骤

8.4  校验

9MPLS-VPN SHAM-LINK 疑难解析实验

9.1 实验拓扑

9.2 实验需求

9.3 实验步骤

9.4 校验

9.5思考题

10:跨域的MPLS VPN (Option A)

10.1 实验拓扑

10.1 实验需求

10.2 实验步骤

10.4 校验

10.5 思考题

11:跨域的MPLS VPN (Option B -2a)

11.1      实验拓扑

11.2实验需求

11.3实验步骤

11.4思考题

12:跨域的MPLS VPN Option B - 2b

12.1 实验拓扑

12.2 实验需求

12.3配置步骤

12.4 校验

13:跨域的MPLS VPN  (Option B -2c)

13.1 实验拓扑

13.2 实验需求

13.4 校验

14:跨域的MPLS VPN Option C

14.1 实验拓扑

14.2 实验需求

14.3 实验步骤

14.4 校验

14.5 思考题

 

 

 

 

 

 

 

 

 

 

1:MPLS VPN 基础实验

 

1.1 实验拓扑

CCIE-MPLS <wbr>VPN-实验手册(上卷)

1.2 实验需求

a.R1 R2 R3 的直连网络及loopback 0网络被宣告进EIGRP 1

b.R1 R2 R3 的直连网络启用MPLS,要求按如下需求完成MPLS 的配置:

MPLS 标签分配分发协议:LDP

MPLS LDP ROUTER-ID: loopback 0

R1 MPLS 标签取值范围上100~199

R2                     200~299

R3                     300~399

c.要求R1 R3 建立位于BGP AS 13 内的IBGP 对等体关系,并且激活MP-BGP 对等体关系

d.要求R1 R3 作为PE 设备创建VRF 参数如下:

VRF KFC                      VRF M

RD 1:1                       RD 2:2

ROUTE-TARGET 1:1             ROUTE-TARGET 2:2

e.要求通过适当的配置使得KFC 站点所包含的C-NETWORK 可以相互通讯,同样M 站点所包含的C-NETWORK 网络可以相互通讯

 

 

1.3 配置步骤

 

步骤1:完成P-NETWORK 中基础配置

只包含接口IPEIGRP

 

此时完成如上配置,管理员应该确认R1 R2 R3 可以分别抵达对方LOOPBACK 0 网络,因为该网络一会会被当做LDP ROUTER-ID BGP ROUTER-ID

 

步骤2:根据需求完成MPLS 的配置

 

R1

Mpls label protocol ldp

Mpls label range 100 199

Mpls ldp router-id lo 0

Int e0/0

Mpls ip

 

 

R2

Mpls label protocol ldp

Mpls label range 200 299

Mpls ldp router-id lo 0

Int range e0/0 -1

Mpls ip

 

R3

Mpls label protocol ldp

Mpls label range 300 399

Mpls ldp router-id lo 0

Int  e0/1

Mpls ip

 

此时管理员完成如上配置,应该确认LDP 的邻接关系已经形成,利用”show mpls ldp neighbor”命令,现象如下:

 

R2#show mpls ldp neighbor

    Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0

        TCP connection: 1.1.1.1.646 - 2.2.2.2.55979

        State: Oper; Msgs sent/rcvd: 8/8; Downstream

        Up time: 00:00:47

        LDP discovery sources:

          Ethernet0/0, Src IP addr: 31.31.12.1

        Addresses bound to peer LDP Ident:

          31.31.12.1      1.1.1.1        

    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

        TCP connection: 3.3.3.3.26969 - 2.2.2.2.646

        State: Oper; Msgs sent/rcvd: 8/8; Downstream

        Up time: 00:00:34

        LDP discovery sources:

          Ethernet0/1, Src IP addr: 31.31.23.3

        Addresses bound to peer LDP Ident:

          31.31.23.3      3.3.3.3      

 

步骤3:完成R1 R3BGP MP-BGP 的对等体关系建立

R1

Router bgp 13

Bgp router-id 1.1.1.1

Neighbor 3.3.3.3 remote 13

Nei 3.3.3.3 up lo 0

no bgp default ipv4-unicast //阻止BGP 进程建立BGPV4 对等体关系

Address-family v4 unicast

Neighbor 3.3.3.3 ac

neighbor 3.3.3.3 send-community extended //该命令行事系统自行配置的,含义为发送MP-BGP拓展团体属性,其实就是说RD RT 及栈底标签可以被当做路由更新的一部分发送出去

 

R3

Router bgp 13

Bgp router-id 3.3.3.3

Nei 1.1.1.1 remote 13

Nei 1.1.1.1 up lo 0

no bgp default ipv4-unicast

Add v un

Nei 1.1.1.1 ac

neighbor 3.3.3.3 send-community extended

 

此时管理员完成如上配置,必须确认MP-BGP 对等体关系建立完毕,现象如下:

R1#show ip bgp v4 all summary //该命令用于查看MP-BGP 对等体关系是否建立

BGP router identifier 1.1.1.1, local AS number 13

BGP table version is 1, main routing table version 1

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

3.3.3.3         4    13       2       2        0    0    0 00:00:08        0

 

R3#show ip bgp v4 all summary

BGP router identifier 3.3.3.3, local AS number 13

BGP table version is 1, main routing table version 1

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

1.1.1.1         4    13       2       2        0    0    0 00:00:24        0

 

步骤4:在PE 设备上创建VRF

 R1

Ip vrf KFC

Rd 1:1

Route-target 1:1

Exit

Ip vrf M

Rd 2:2

Route-target 2:2

 

R3

Ip vrf KFC

Rd 1:1

Route-target 1:1

Exit

Ip vrf M

Rd 2:2

Route-target 2:2

 

步骤5:在PE 设备上将指定接口划入特定VRF

 

R1

Interface s1/0

Ip vrf forward KFC

Ip add 31.31.14.1 255.255.255.0

No sh

!

Int s1/1

Ip vrf for M

Ip add 31.31.15.1 255.255.255.0

No sh

 

R3

Int s1/1

Ip vrf for KFC

Ip add 31.31.37.3 255.255.255.0

No sh

!

Int s0/0

Ip vrf for M

Ip add 31.31.36.3 255.255.255.0

No sh

 

此时管理员完成如上配置后应做如下检查:

(1)检查当前设备VRF 配置

R1#show ip vrf

  Name                             Default RD          Interfaces

  KFC                              1:1                 Se1/0

  M                                2:2                 Se1/1

 

 

R3#show ip vrf

  Name                             Default RD          Interfaces

  KFC                              1:1                 Se1/1

  M                                2:2                 Se1/0

 

步骤6:在R1 R3 上用静态路由往VRF 表中注入路由

 

R1

ip route vrf KFC 10.1.1.0 255.255.255.0 Serial1/0

ip route vrf KFC 44.44.44.0 255.255.255.0 Serial1/0

ip route vrf M 10.1.1.0 255.255.255.0 Serial1/1

ip route vrf M 55.55.55.0 255.255.255.0 Serial1/1

 

R3

ip route vrf KFC 10.2.2.0 255.255.255.0 Serial1/1

ip route vrf KFC 77.77.77.0 255.255.255.0 Serial1/1

ip route vrf M 10.2.2.0 255.255.255.0 Serial1/0

ip route vrf M 66.66.66.0 255.255.255.0 Serial1/0

 

步骤7:在R1 R3 上完成MP-BGP 下的IGPS VRF MP-BGP VRF

R1

Router bgp 13

Address-family ipv4 vrf KFC

Redistribute static

Exit

Address-family ipv4 vrf M

Redistribute static


R3

Router bgp 13

Address-family ipv4 vrf KFC

Redistribute static

Exit

Address-family ipv4 vrf M

Redistribute static

 

步骤8:完成CE设备配置

此处管理员除了根据拓扑需求完成基本的配置,别忘记在CE 设备添加缺省路由,下一跳指向PE设备。

 

1.4 校验

(1) R1 R3 上查看对应VRF 表项中的静态路由

需要确认C-NETWORK 的网络被以静态路由的形式注入VRF

 

R1#show ip route vrf KFC static

     10.0.0.0/24 is subnetted, 2 subnets

S       10.1.1.0 is directly connected, Serial1/0

     44.0.0.0/24 is subnetted, 1 subnets

S       44.44.44.0 is directly connected, Serial1/0

 

R1#show ip route vrf M static

     55.0.0.0/24 is subnetted, 1 subnets

S       55.55.55.0 is directly connected, Serial1/1

     10.0.0.0/24 is subnetted, 2 subnets

S       10.1.1.0 is directly connected, Serial1/1

 

R3#show ip route vrf KFC static

     77.0.0.0/24 is subnetted, 1 subnets

S       77.77.77.0 is directly connected, Serial1/1

     10.0.0.0/24 is subnetted, 2 subnets

S       10.2.2.0 is directly connected, Serial1/1

R3#show ip route vrf M static

     66.0.0.0/24 is subnetted, 1 subnets

S       66.66.66.0 is directly connected, Serial1/0

     10.0.0.0/24 is subnetted, 2 subnets

S       10.2.2.0 is directly connected, Serial1/0

 

假设此时管理员需要在PE 设备上确认某个VRFC-NETWORK 网络可达性,我们建立利用如下命令:

R1#ping vrf KFC 44.44.44.44 

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/52/80 ms

R1#

 

(2)确认IGPSVRF 条目被成功的注入MP-BGP VRF表中

 

R1#show ip bgp v4 all

BGP table version is 17, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf KFC) //描述VRF KFC 转发表项

*> 10.1.1.0/24      0.0.0.0                  0         32768 ?

*>i10.2.2.0/24      3.3.3.3                  0    100      0 ?

*> 44.44.44.0/24    0.0.0.0                  0         32768 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 ?

Route Distinguisher: 2:2 (default for vrf M)

*> 10.1.1.0/24      0.0.0.0                  0         32768 ?

*>i10.2.2.0/24      3.3.3.3                  0    100      0 ?

*> 55.55.55.0/24    0.0.0.0                  0         32768 ?

*>i66.66.66.0/24    3.3.3.3                  0    100      0 ?

 

(3)PE 设备上查看MP-BGP BGP 条目分配的栈底标签

R1#show ip bgp v4 all labels

   Network          Next Hop      In label/Out label

Route Distinguisher: 1:1 (KFC)

   10.1.1.0/24      0.0.0.0         103/nolabel

   10.2.2.0/24      3.3.3.3         nolabel/305

   44.44.44.0/24    0.0.0.0         104/nolabel

   77.77.77.0/24    3.3.3.3         nolabel/306

 

Route Distinguisher: 2:2 (M)

   10.1.1.0/24      0.0.0.0         105/nolabel

   10.2.2.0/24      3.3.3.3         nolabel/303

   55.55.55.0/24    0.0.0.0         106/nolabel

   66.66.66.0/24    3.3.3.3         nolabel/304

 

In label 字段:其对应的值是当前PE 设备BGP 给特定网络分配的本地栈底标签

 

Out label 字段:其对应的值是对端PE设备BGP 给特定网络分配的远程栈底标签

 

!!注意

当数据包去向特定网络需要栈底标签时,一定使用的是远程栈底标签。

 

(4)查看MP-BGP 发送的VPNV4 路由更新

 

R1#show ip bgp v4 all 10.1.1.0

BGP routing table entry for 1:1:10.1.1.0/24, version 4

Paths: (1 available, best #1, table KFC)

  Advertised to update-groups:

     1        

  Local

    0.0.0.0 from 0.0.0.0 (1.1.1.1)

      Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best

      Extended Community: RT:1:1

      mpls labels in/out 103/nolabel

BGP routing table entry for 2:2:10.1.1.0/24, version 8

Paths: (1 available, best #1, table M)

  Advertised to update-groups:

     1        

  Local

    0.0.0.0 from 0.0.0.0 (1.1.1.1)

      Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best

      Extended Community: RT:2:2

      mpls labels in/out 105/nolabel

 

(5)查看P-NETWORK PE P 设备的MPLS 标签转发信息库(LFIB)

 

R1#show mpls forwarding-table

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   

tag    tag or VC   or Tunnel Id      switched   interface             

100    Pop tag     2.2.2.0/24        0          Et0/0      31.31.12.2  

101    201         3.3.3.0/24        0          Et0/0      31.31.12.2  

102    Pop tag     31.31.23.0/24     0          Et0/0      31.31.12.2  

103    Untagged    10.1.1.0/24[V]    1040       Se1/0      point2point 

104    Untagged    44.44.44.0/24[V]  0          Se1/0      point2point 

105    Untagged    10.1.1.0/24[V]    0          Se1/1      point2point 

106    Untagged    55.55.55.0/24[V]  0          Se1/1      point2point 

 

R2#show mpls forwarding-table

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   

tag    tag or VC   or Tunnel Id      switched   interface             

200    Pop tag     1.1.1.0/24        9385       Et0/0      31.31.12.1  

201    Pop tag     3.3.3.0/24        11742      Et0/1      31.31.23.3 

 

 

R3#show mpls forwarding-table

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   

tag    tag or VC   or Tunnel Id      switched   interface             

300    200         1.1.1.0/24        0          Et0/1      31.31.23.2  

301    Pop tag     2.2.2.0/24        0          Et0/1      31.31.23.2  

302    Pop tag     31.31.12.0/24     0          Et0/1      31.31.23.2  

303    Untagged    10.2.2.0/24[V]    0          Se1/0      point2point 

304    Untagged    66.66.66.0/24[V]  0          Se1/0      point2point 

305    Untagged    10.2.2.0/24[V]    520        Se1/1      point2point 

306    Untagged    77.77.77.0/24[V]  520        Se1/1      point2point 

 

 

 

2MPLS VPN PE CE 间动态路由协议+UNTAG 实验

 

2.1 实验拓扑

 CCIE-MPLS <wbr>VPN-实验手册(上卷)

2.2 实验需求

a.R1 R2 R3 组成P-NETWORK,底层协议采用OSPFR1 R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF

b.R1 R2 R3 启用MPLSR1 R2 R3 的标签分配取值范围如下:

R1100 199

R2200 299

R3300 399

c.R1 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。

d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47VRF R56

e.按拓扑要求在R1 R4 间启用RIPV2R1 R5 间启用EIGRPR3 R6间启用OSPFR3 R7 间启用BGP

f.要求完成MPLS VPN 的配置,使得R4 R7 可以相互通讯,R5 R6 可以相互通讯。

 

2.3 实验步骤

 

步骤1:完成所有CE 设备的配置

 

步骤2:完成P-NETWORK 的配置

例如:底层协议OSPF

      MPLS

      MP-BGP

 

此时完成如上配置后,管理员应该做如下检查:

(1)    LDP 的邻接关系是否建立?
show mpls ldp neighbor

(2)    MP-BGP的对等体关系是否建立?
show ip bgp v4 all summary

(3)    关注R1 R2 R3 loopback 0口网络在R1 R2 R3 路由表中的状态
R2#show ip route ospf  

     1.0.0.0/32 is subnetted, 1 subnets

O       1.1.1.1 [110/11] via 31.31.12.1, 00:03:15, Ethernet1/0

     3.0.0.0/32 is subnetted, 1 subnets

O       3.3.3.3 [110/11] via 31.31.23.3, 00:03:15, Ethernet1/1

 

步骤3:在PE 设备上创建VRF

 

R1

 

Ip vrf R47

Rd 4:7

Route-target 4:7

!

Int s0/0

Ip vrf forward R47

Ip add 31.31.14.1 255.255.255.0

No sh

!

ip vrf R56

rd 5:6

route-target 5:6

!

Int s0/1

Ip vrf forward R56

Ip add 31.31.15.1 255.255.255.0

No sh

 

 

R3

 

Ip vrf R47

Rd 4:7

Route-target 4:7

!

Int s0/1

Ip vrf forward R47

Ip add 31.31.37.3 255.255.255.0

No sh

!

ip vrf R56

rd 5:6

route-target 5:6

!

Int s0/0

Ip vrf forward R56

Ip add 31.31.36.3 255.255.255.0

No sh

 

步骤4:完成PE上指定路由协议的配置

 

R1

Router rip

Address-family ipv4 vrf R47

Version 2

No auto-summary

Network 31.0.0.0

Exit

Router eigrp 1

Address-family ipv4 vrf R56

No auto-summary

Autonomous-system 1

Net 31.31.15.1 0.0.0.0

 

此时管理员应该在R1 上检查VRF R47 VRF R56的路由表,确认PE 是否已经通过动态路由协议学习到C-NETWORK 的路由信息,现象如下:

 

R1#show ip route vrf R47 rip

     44.0.0.0/24 is subnetted, 1 subnets

R       44.44.44.0[120/1] via 31.31.14.4, 00:00:25, Serial0/0

 

R1#show ip route vrf R56 eigrp

     55.0.0.0/24 is subnetted, 1 subnets

D       55.55.55.0 [90/2297856] via 31.31.15.5, 00:01:16, Serial0/1

 

R3

 

Router ospf 2 vrf R56

Router-id 33.33.33.33

Network 31.31.36.3 0.0.0.0 a 0

!

Router bgp 13

Address-family ipv4 vrf R47

Neighbor 31.31.37.7 remote 7

Neighbor 31.31.37.7 activate

 

此时完成如上配置后,管理员应该确认R3 透过OSPF 学习到R6C-NETWORK 网络信息,同时R3 也应该透过与R7 BGP 学习到R7 C-NETWORK 网络信息,现象如下:

R3#show ip route vrf R56 ospf

 

Routing Table: R56

 

     66.0.0.0/32 is subnetted, 1 subnets

O       66.66.66.66[110/65] via 31.31.36.6, 00:00:59, Serial0/0

 

R3#show ip route vrf R47 bgp

     77.0.0.0/24 is subnetted, 1 subnets

B       77.77.77.0 [20/0] via 31.31.37.7, 00:00:07

 

步骤5:完成PE IGPS 协议到EGPS协议的双向充分发

 

R1

Router bgp 13

Address-family ipv4 vrf R47

Redistribute rip

!

Address-family ipv4 vrf R56

Redistribute eigrp 1

!

Router rip

Address-family ipv4 vrf R47

Redistribute bgp 13 metric 1

!

Router eigrp 1

Address-family ipv4 vrf R56

Redistribute bgp 13 metric 10000 100 255 1 1500

 

R3

Router bgp 13

Address-family ipv4 vrf R56

Redistribute ospf 2

!

Router ospf 2

Redistribute bgp 13 subnets

 

此时管理员完成如上配置后,应该直接检查CE 设备,查看同一站点不同C-NETWORK 路由是否被交换学习,现象如下:

 

R4#show ip route rip

     77.0.0.0/24 is subnetted, 1 subnets

R       77.77.77.0 [120/1] via 31.31.14.1, 00:00:06, Serial0/0

 

R7#show ip route bgp

     44.0.0.0/24 is subnetted, 1 subnets

B       44.44.44.0 [20/0] via 31.31.37.3, 00:01:25

     31.0.0.0/24 is subnetted, 2 subnets

B       31.31.14.0 [20/0] via 31.31.37.3, 00:01:25

 

 

R5#show ip route eigrp

     66.0.0.0/32 is subnetted, 1 subnets

D EX    66.66.66.66 [170/2195456] via 31.31.15.1, 00:02:04, Serial0/1

     31.0.0.0/24 is subnetted, 2 subnets

D EX    31.31.36.0 [170/2195456] via 31.31.15.1, 00:02:04, Serial0/1

 

 

R6#show ip route ospf

     55.0.0.0/24 is subnetted, 1 subnets

O E2    55.55.55.0 [110/2297856] via 31.31.36.3, 00:02:05, Serial0/0

     31.0.0.0/24 is subnetted, 2 subnets

O E2    31.31.15.0 [110/1] via 31.31.36.3, 00:02:05, Serial0/0

 

步骤6:记得在P-NETWORK 中将参与OSPF LOOPBACK 0网络类型进行修改

R1

Interface loopback 0

Ip ospf network point-to-point

R2

Interface loopback 0

Ip ospf network point-to-point

R3

Interface loopback 0

Ip ospf network point-to-point

 

 

2.5 校验

 

(1)    同一站点不同CE 设备PING  对端路由

2.6 思考题:

(1)请问什么时候运行LDP的路由器会给网络分配UNTAG 标签?

当前网络只有本地标签没有可用的远端标签,系统分配UNTAG

 

(2)    请问在该试验中UNTAG 会带来什么问题?

 

 

!!注意

Bgp的配置技巧

router bgp

bgp router-id

address-family ipv4 unicast  //创建BGPV4的对等体关系

neighbor remote

address-family v4 unicast   //MP-BGP 对等体关系

neighbor activate

address-family ipv4 multicast  //M-BGP

neighbor active

address-family ipv4 vrf //VRF BGP

neighbor remote

neighbor activate

 

3MPLS VPN RT 设计实验

 

3.1 实验拓扑

 CCIE-MPLS <wbr>VPN-实验手册(上卷)

3.3 实验需求

a.R1 R2 R3 组成P-NETWORK,底层协议采用OSPFR1 R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF

b.R1 R2 R3 启用MPLSR1 R2 R3 的标签分配取值范围如下:

R1100 199

R2200 299

R3300 399

c.R1 R2 ,R2 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。

d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47VRF R56

e.按拓扑要求在R1 R4 间启用RIPV2R1 R5 间启用EIGRPR3 R6间启用OSPFR3 R7 间启用BGP

f.要求完成MPLS VPN 的配置,使得R4 R7 可以相互通讯,R5 R6 可以相互通讯。

g.要求R8 创建VRF King_of_Router,并且能够学习到R56 R47 站点路由,但是不希望R56 R47 相互学习路由。且R888.88.88.0/24网络能PING R47 R56的内网。

 

3.4 实验步骤

步骤1:完成 R1 R2 R3 BGP MP-BGP 的配置

R1

Router bgp 13

Neighbor 2.2.2.2 remote 13

Nei 2.2.2.2 up lo 0

Ad v u

Nei 2.2.2.2 ac

Exit

 

R2

Router bgp 13

Neighbor 1.1.1.1 remote 13

Nei 1.1.1.1 up lo 0

Nei 3.3.3.3 remote 13

Nei 3.3.3.3 up lo 0

Ad v u

Nei 1.1.1.1 ac

Nei 3.3.3.3 ac

Exi

 

R3

Router bgp 13

Bgp router-id 3.3.3.3

Nei 2.2.2.2 remote 13

Nei 2.2.2.2 up lo 0

Ad v u

Nei 2.2.2.2 ac

End

 

此时管理员完成如上配置,应该在R2上检查是否与R1 R3 建立了MP-BGP IBGP-PEER 关系,现象如下:

 

R2#show ip bgp v4 all summary

BGP router identifier 2.2.2.2, local AS number 13

BGP table version is 1, main routing table version 1

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

1.1.1.1         4    13      10       6        1    0    0 00:02:04        0

3.3.3.3         4    13       9       6        1    0    0 00:02:07        0

 

此时管理员还应该注意R1 R3 R2是否能够学到对端VRF 路由,现象如下:

 

R1#show ip bgp v4 all

BGP table version is 18, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24    0.0.0.0                  0         32768 ?

*> 44.44.44.0/24    31.31.14.4               1         32768 ?

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24    0.0.0.0                  0         32768 ?

*> 55.55.55.0/24    31.31.15.5         2297856         32768 ?

 

R3#show ip bgp v4 all

BGP table version is 19, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 77.77.77.0/24    31.31.37.7               0             0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.36.0/24    0.0.0.0                  0         32768 ?

*> 66.66.66.66/32   31.31.36.6              65         32768 ?

 

R2#show ip bgp v4 all

 

R2#

如上现象告诉我们能接收到VPNV4 更新的MP-BGP 设备,如果没有对应的VRF 存在,是忽略这些VPNV4 更新的,而且还证明BGP IBGP 水平分割对MP-BGP 也起效。

 

!!注意

R2

Router bgp 13

no bgp default route-target filter //关闭RT 过滤功能,当前路由器即便不存在特定的VRF RT 值,也能接收所有VPNV4 更新条目信息

 

cle ip bgp * v4 unicast out //该命令式MP-BGP 的软清除命令。

 

 

步骤2:为了R1 R3 能够相互交换路由信息,在R2 上配置MP-BGP RR

Router bgp 13

Address-family v4 unicast

Neighbor 1.1.1.1 route-reflector-client

Neighbor 3.3.3.3 route-reflector-client

 

此时,管理员完成如上配置,那么应该到R1 R3 上再次校验MP-BGP VRF 转发表,确认RR已经生效,现象如下:

R1#show ip bgp all

BGP table version is 24, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24    0.0.0.0                  0         32768 ?

*> 44.44.44.0/24    31.31.14.4               1         32768 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24    0.0.0.0                  0         32768 ?

*>i31.31.36.0/24    3.3.3.3                  0    100      0 ?

*> 55.55.55.0/24    31.31.15.5         2297856         32768 ?

*>i66.66.66.66/32   3.3.3.3                 65    100      0 ?

 

R3#show ip bgp v4 all

BGP table version is 27, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*>i31.31.14.0/24    1.1.1.1                  0    100      0 ?

*>i44.44.44.0/24    1.1.1.1                  1    100      0 ?

*> 77.77.77.0/24    31.31.37.7               0             0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*>i31.31.15.0/24    1.1.1.1                  0    100      0 ?

*> 31.31.36.0/24    0.0.0.0                  0         32768 ?

*>i55.55.55.0/24    1.1.1.1            2297856    100      0 ?

*> 66.66.66.66/32   31.31.36.6              65         32768 ?

 

R2#show ip bgp v4 all

BGP table version is 22, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7

*>i31.31.14.0/24    1.1.1.1                  0    100      0 ?

*>i44.44.44.0/24    1.1.1.1                  1    100      0 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 7 i

Route Distinguisher: 5:6

*>i31.31.15.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.36.0/24    3.3.3.3                  0    100      0 ?

*>i55.55.55.0/24    1.1.1.1            2297856    100      0 ?

*>i66.66.66.66/32   3.3.3.3                 65    100      0 ?

 

步骤3:在R2 上完成VRF 的创建

R2

Ip vrf King_of_Routing

Rd 184:184

Route-target import 4:7

Route-target import 5:6

Route-target export 4:7

Route-target export 5:6

Exi

Int e1/2

Ip vrf forward King_of_Routing

Ip add 31.31.28.2 255.255.255.0

 

步骤4:在R2 R8上创建RIPV2 用于交换路由更新

R2

Router rip

Address-family ipv4 vrf King_of_Routing

No auto-summary

Network 31.0.0.0

Redistribute bgp 13 metric 1

!

Router bgp 13

Address-family ipv4 vrf King_of_Routing

Redistribute rip

 

R8

Int e1/2

Ip add 31.31.28.8 255.255.255.0

No sh

!

Int lo 0

Ip add 88.88.88.88 255.255.255.0

No sh

!

Router rip

Ver 2

No auto

Net 31.0.0.0

Net 88.0.0.0

 

3.4 校验:

(1)R2上检查MP-BGP VRF 转发表

R2#show ip bgp v4 all

BGP table version is 29, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7

*>i31.31.14.0/24    1.1.1.1                  0    100      0 ?

*>i44.44.44.0/24    1.1.1.1                  1    100      0 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 7 i

Route Distinguisher: 5:6

*>i31.31.15.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.36.0/24    3.3.3.3                  0    100      0 ?

*>i55.55.55.0/24    1.1.1.1            2297856    100      0 ?

*>i66.66.66.66/32   3.3.3.3                 65    100      0 ?

Route Distinguisher: 184:184 (default for vrf King_of_Routing)

*>i31.31.14.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.15.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.36.0/24    3.3.3.3                  0    100      0 ?

*>i44.44.44.0/24    1.1.1.1                  1    100      0 ?

*>i55.55.55.0/24    1.1.1.1            2297856    100      0 ?

*>i66.66.66.66/32   3.3.3.3                 65    100      0 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 7 i

*>88.88.88.0/24     0.0.0.0                  0    100      0  i

 

R2#

 

(3)    R1 R3 上查看MP-BGP VPNV4 转发表

R1#show ip bgp v4 all

BGP table version is 30, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24    0.0.0.0                  0         32768 ?

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*> 44.44.44.0/24    31.31.14.4               1         32768 ?

*>i77.77.77.0/24    3.3.3.3                  0    100      0 7 i

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24    0.0.0.0                  0         32768 ?

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*>i31.31.36.0/24    3.3.3.3                  0    100      0 ?

*> 55.55.55.0/24    31.31.15.5         2297856         32768 ?

*>i66.66.66.66/32   3.3.3.3                 65    100      0 ?

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

Route Distinguisher: 184:184

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

 

 

R3#show ip bgp v4 all

BGP table version is 33, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*>i31.31.14.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*>i44.44.44.0/24    1.1.1.1                  1    100      0 ?

*> 77.77.77.0/24    31.31.37.7               0             0 7 i

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

Route Distinguisher: 5:6 (default for vrf R56)

*>i31.31.15.0/24    1.1.1.1                  0    100      0 ?

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*> 31.31.36.0/24    0.0.0.0                  0         32768 ?

*>i55.55.55.0/24    1.1.1.1            2297856    100      0 ?

*> 66.66.66.66/32   31.31.36.6              65         32768 ?

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

Route Distinguisher: 184:184

*>i31.31.28.0/24    2.2.2.2                  0    100      0 ?

*>i88.88.88.0/24    2.2.2.2                  0    100      0 ?

 

3.5 思考题

(1)什么时候VRF 才把RT EXPORT 值打入VPNV4 更新?

只有当前PE设备从CE 设备学习路由时。

 

 

 

 

4MPLS VPN VRF IMPORT MAP 实验

 

4.1 实验拓扑

 

 CCIE-MPLS <wbr>VPN-实验手册(上卷)

4.2 实验需求

a.R1 R2 启用EIGRP 当做底层协议,R1 R2 将本地直连网络及LOOPBACK 0网络宣告进EIGRP

b.R1 R2 直连网络启用MPLS,标签分配范围如下:
R1 100 199

R2 200 299

c.R1 R2 上创建VRF CCCIERD 1:3 RT 1:3

d.R2 作为PE 设备与R3 启用RIP,共享C-NETWORK 路由信息

e.最终要求在R1 VRF CCIE 中,值看到3.3.3.0/24 网络

 

4.3 实验步骤

 

步骤1:基础配置

例如:底层协议

      MPLS

      MP-BGP

      VRF

      PE-CE 间路由协议及PE上的IGPS MP-BGP 的相互充分发

 

此时管理员完成如上配置,应该在R1 上利用”show ip bgp v4 all”命令确认R1VRF 表中所学习的路由,现象如下:

R1#show ip bgp v al

BGP table version is 4, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:3 (default for vrf R13)

*>i3.3.3.0/24       2.2.2.2                  1    100      0 ?

*>i31.31.23.0/24    2.2.2.2                  0    100      0 ?

*>i33.33.33.0/24    2.2.2.2                  1    100      0 ?

 

R1#show ip route vrf R13 bgp

 

R1#show ip route vrf R13 bgp

     3.0.0.0/24 is subnetted, 1 subnets

B       3.3.3.0 [200/1] via 2.2.2.2, 00:02:45

B       33.33.33.0[200/1]via 2.2.2.2,00:02:45

B       31.31.23.0[200/1]via 2.2.2.2,00:02:45

 

步骤2:在R1 上配置import-map使得R1 VRF 表中只装在3.3.3.0 网络信息

Access-list 1 permit 3.3.3.0 0.0.0.255 //利用该ACL 匹配出ROUTE-MAP 所关心的网络

!

Route-map IM permit 10  //创建名为IM ROUTE-MAP,第10个策略对ACL 1 匹配的网络进行放行

Match ip address 1

Exi

Ip vrf R13

Import map IM //VRF 下套用IMPORT-MAP,阻止来自远端PE的路由进入IGP VRF

 

4.4 校验

(1) R1 上查看3.3.3.0 33.33.33.0 BGP 转发表中的区别

 

R1#show ip bgp v4 all 3.3.3.0 //查看MP-BGP 转发表中特定条目信息

BGP routing table entry for 1:3:3.3.3.0/24, version 5

Paths: (1 available, best #1, table R13)//含义是可以进入IGP VRF R13

  Not advertised to any peer

  Local

    2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)

      Origin incomplete, metric 1, localpref 100, valid, internal, best

      Extended Community: RT:1:3

      mpls labels in/out nolabel/205

 

R1#show ip bgp v4 all 33.33.33.0

BGP routing table entry for 1:3:33.33.33.0/24, version 9

Paths: (1 available, best #1, no table)//不能被注入任何IGP VRF

Flag: 0x800

  Not advertised to any peer

  Local

    2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)

      Origin incomplete, metric 1, localpref 100, valid, internal, best

      Extended Community: RT:1:3

      mpls labels in/out nolabel/204

 

(2)查看R1 IGP VRF 表,确认是否只学习了3.3.3.0

 

R1#show ip route vrf R13 bgp

     3.0.0.0/24 is subnetted, 1 subnets

B       3.3.3.0 [200/1] via 2.2.2.2, 00:02:45

 

 

4.5 思考题

(1)请解释export map的作用?

export map import map 的最大不同在于:

export map 可以完成路由泄露,比如当前站点VRF export rt value 1:1,但是我们现在希望特定的路由变成VPNV4 更新被发送时,携带export rt value 2:2的信息,那么我们就可以利用acl匹配该网络,并且用ROUTE-MAP 对该ACL 匹配的网络做set extended rt 2:2 ,这样该路由就可以被远端import rt 2:2VRF 学习,达到了路由泄露的目的,但是这里如果不利用  additive 关键字,会导致该路由只携带一个RT值,会影响路由的学习。

 

 


转载于:https://my.oschina.net/jinhengyu/blog/1571984

你可能感兴趣的:(CCIE-MPLS VPN-实验手册(上卷))