MPLS虚拟专用网跨域--OptionB方案

OptionB方案

跨域VPN-OptionB中,两个ASBR通过MP-EBGP交换它们从各自AS的PE设备接收的标签VPN-IPv4路由。图中,VPN LSP表示私网隧道,LSP表示公网隧道。
MPLS虚拟专用网跨域--OptionB方案_第1张图片
跨域VPN-OptionB方案中,ASBR接收本域内和域外传过来的所有跨域VPN-IPv4路由,再把VPN-IPv4路由发布出去。但MPLS VPN的基本实现中,PE上只保存与本地VPN实例的VPN Target相匹配的VPN路由。通过对标签VPN-IPv4路由进行特殊处理,让ASBR不进行VPN Target匹配把收到的VPN路由全部保存下来,而不管本地是否有和它匹配的VPN实例。
这种方案的优点是所有的流量都经过ASBR转发,使流量具有良好的可控性,但ASBR的负担重。可以同时使用BGP路由策略(如对RT的过滤),使ASBR上只保存部分VPN-IPv4路由。

跨域OptionB路由发布

本例中,CE1将10.1.1.1/24的路由发布给CE2。NH表示下一跳,L1、L2和L3表示所携带的私网标签。图中省略了公网IGP路由和标签的分配。
MPLS虚拟专用网跨域--OptionB方案_第2张图片
VPN路由的具体发布过程:
(1)CE1通过BGP、OSPF或RIP方式将路由发布给AS100内的PE1。
(2)AS100内的PE1先通过MP-IBGP方式把标签VPNv4路由发布给AS100的ASBR1,或发布给路由反射器RR(Route Reflector),由RR反射给ASBR1。
(3)ASBR1通过MP-EBGP方式把标签VPNv4路由发布给ASBR2。由于MP-EBGP在传递路由时,需要改变路由的下一跳,ASBR1向外发布时给这些VPNv4路由信息分配新标签。
(4)ASBR2通过MP-IBGP方式把标签VPNv4路由发布给AS200内的PE3,或发布给RR,由RR反射给PE3。当ASBR2向域内的MP-IBGP对等体发布路由时,将下一跳改为自己。
(5)AS200内的PE3通过BGP、OSPF或RIP方式将路由发布给CE2。
在ASBR1和ASBR2上都对VPNv4路由交换内层标签,域间的标签由BGP携带,因此ASBR之间不需要运行LDP(Label Distribution Protocol)或RSVP(Resource Reservation Protocol)等协议。

跨域OptionB报文转发

在跨域VPN-OptionB方式的报文转发中,在两个ASBR上都要对VPN的LSP做一次交换。以LSP为公网隧道的报文转发流程,其中,L1、L2和L3表示私网标签。Lx和Ly表示公网外层隧道标签。
MPLS虚拟专用网跨域--OptionB方案_第3张图片

跨域OptionB方案特点

跨域OptionB方案,不同于OptionA,OptionB方案不受ASBR之间互联链路数目的限制。
局限性:VPN的路由信息时通过AS之间的ASBR来保存和扩散的,当VPN路由较多时,ASBR负担重,容易成为故障点。因此在MP-EBGP方案中,需要维护VPN路由信息的ASBR一般不再负责公网IP转发。

跨域OptionB方案实验配置

MPLS虚拟专用网跨域--OptionB方案_第4张图片

配置步骤

1.IP地址配置。

<Huawei>sy
[Huawei]sy AR1_CE1	
[AR1_CE1]interface  GigabitEthernet 0/0/0
[AR1_CE1-GigabitEthernet0/0/0]ip address  10.0.12.1 24
[AR1_CE1-GigabitEthernet0/0/0]qui
[AR1_CE1]interface  LoopBack 0
[AR1_CE1-LoopBack0]ip address  192.168.1.1 24
[AR1_CE1-LoopBack0]q
[AR1_CE1]


<Huawei>system-view 
[Huawei]sysname  AR2_PE1	
[AR2_PE1]interface  g0/0/0
[AR2_PE1-GigabitEthernet0/0/0]ip address  10.0.12.2 24
[AR2_PE1-GigabitEthernet0/0/0]q
[AR2_PE1]interface  GigabitEthernet 0/0/1
[AR2_PE1-GigabitEthernet0/0/1]ip address  10.0.23.2 24
[AR2_PE1-GigabitEthernet0/0/1]qui	
[AR2_PE1]interface  LoopBack 0
[AR2_PE1-LoopBack0]ip address  10.0.2.2 32
[AR2_PE1-LoopBack0]q
[AR2_PE1]

[Huawei]sysname  AR3_P1	
[AR3_P1]interface  GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]ip address  10.0.23.3 24
[AR3_P1-GigabitEthernet0/0/1]q
[AR3_P1-GigabitEthernet0/0/1]qui	
[AR3_P1]interface  LoopBack 0
[AR3_P1-LoopBack0]ip address  10.0.3.3 32
[AR3_P1-LoopBack0]q	
[AR3_P1]interface  GigabitEthernet 0/0/2	
[AR3_P1-GigabitEthernet0/0/2]ip address  10.0.34.3 24 
[AR3_P1-GigabitEthernet0/0/2]qui
[AR3_P1]
	
<Huawei>system-view 	
[Huawei]sysname  AR4_ASBR1	
[AR4_ASBR1]interface LoopBack 0	
[AR4_ASBR1-LoopBack0]ip address  10.0.4.4 32
[AR4_ASBR1-LoopBack0]qui	
[AR4_ASBR1]interface  GigabitEthernet 0/0/2	
[AR4_ASBR1-GigabitEthernet0/0/2]ip address  10.0.34.4 24
[AR4_ASBR1-GigabitEthernet0/0/2]qui
[AR4_ASBR1]interface  GigabitEthernet 0/0/0	
[AR4_ASBR1-GigabitEthernet0/0/0]ip address  10.0.45.4 24 
[AR4_ASBR1-GigabitEthernet0/0/0]qui
[AR4_ASBR1]
	
<AR5_ASBR2>system-view 
[AR5_ASBR1]sysname AR5_ASBR2	
[AR5_ASBR2]interface  LoopBack 0	
[AR5_ASBR2-LoopBack0]ip address  10.0.5.5 32
[AR5_ASBR2-LoopBack0]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/0	
[AR5_ASBR2-GigabitEthernet0/0/0]ip address  10.0.45.5 24 
[AR5_ASBR2-GigabitEthernet0/0/0]qui
[AR5_ASBR2]interface  GigabitEthernet 0/0/1	
[AR5_ASBR2-GigabitEthernet0/0/1]ip address  10.0.56.5 24
[AR5_ASBR2-GigabitEthernet0/0/1]qui
[AR5_ASBR2]

<AR6_P2>system-view 
[Huawei]sysname  AR6_P2	
[AR6_P2]interface  LoopBack 0	
[AR6_P2-LoopBack0]ip address  10.0.6.6 32
[AR6_P2-LoopBack0]qui	
[AR6_P2]interface  GigabitEthernet 0/0/1	
[AR6_P2-GigabitEthernet0/0/1]ip address  10.0.56.6 24
[AR6_P2-GigabitEthernet0/0/1]qui	
[AR6_P2]interface  GigabitEthernet 0/0/0	
[AR6_P2-GigabitEthernet0/0/0]ip address  10.0.67.6 24
[AR6_P2-GigabitEthernet0/0/0]qui
[AR6_P2]

<AR7_PE2>system-view 
[Huawei]sysname  AR7_PE2
[AR7_PE2]interface  LoopBack 0
[AR7_PE2-LoopBack0]ip address 10.0.7.7 32
[AR7_PE2-LoopBack0]qui	
[AR7_PE2]interface  GigabitEthernet 0/0/0
[AR7_PE2-GigabitEthernet0/0/0]ip address  10.0.67.7 24
[AR7_PE2-GigabitEthernet0/0/0]qui
[AR7_PE2]interface  GigabitEthernet 0/0/1
[AR7_PE2-GigabitEthernet0/0/1]ip address  10.0.78.7 24
[AR7_PE2-GigabitEthernet0/0/1]qui
[AR7_PE2]

<Huawei>system-view 
[Huawei]sysname  AR8_CE2.	
[AR8_CE2]interface  LoopBack 0	
[AR8_CE2-LoopBack0]ip address  192.168.2.1 24
[AR8_CE2-LoopBack0]qui	
[AR8_CE2]interface  GigabitEthernet 0/0/1
[AR8_CE2-GigabitEthernet0/0/1]ip address  10.0.78.8 24
[AR8_CE2-GigabitEthernet0/0/1]qui
[AR8_CE2]

2.配置各AS内路由互通。

[AR2_PE1]ospf 1 router-id  2.2.2.2
[AR2_PE1-ospf-1]area  0	
[AR2_PE1-ospf-1-area-0.0.0.0]network  10.0.23.0 0.0.0.255	
[AR2_PE1-ospf-1-area-0.0.0.0]network  10.0.2.2 0.0.0.0
[AR2_PE1-ospf-1-area-0.0.0.0]qui
[AR2_PE1-ospf-1]qui
[AR2_PE1]

[AR3_P1]ospf 1 router-id  3.3.3.3	
[AR3_P1-ospf-1]area  0	
[AR3_P1-ospf-1-area-0.0.0.0]network  10.0.34.0 0.0.0.255 
[AR3_P1-ospf-1-area-0.0.0.0]network  10.0.3.3 0.0.0.0
[AR3_P1-ospf-1-area-0.0.0.0]network  10.0.23.0 0.0.0.255
[AR3_P1-ospf-1-area-0.0.0.0]qui
[AR3_P1-ospf-1]q
[AR3_P1]

[AR4_ASBR1]ospf 1 router-id  4.4.4.4	
[AR4_ASBR1-ospf-1]area  0	
[AR4_ASBR1-ospf-1-area-0.0.0.0]network  10.0.34.0 0.0.0.255	
[AR4_ASBR1-ospf-1-area-0.0.0.0]network  10.0.4.4 0.0.0.0
[AR4_ASBR1-ospf-1-area-0.0.0.0]qui
[AR4_ASBR1-ospf-1]qui
[AR4_ASBR1]

==================================================================

[AR5_ASBR2]ospf 2 router-id  5.5.5.5	
[AR5_ASBR2-ospf-2]area  0	
[AR5_ASBR2-ospf-2-area-0.0.0.0]network  10.0.56.0 0.0.0.255	
[AR5_ASBR2-ospf-2-area-0.0.0.0]network  10.0.5.5 0.0.0.0
[AR5_ASBR2-ospf-2-area-0.0.0.0]qui
[AR5_ASBR2-ospf-2]qui
[AR5_ASBR2]

[AR6_P2]ospf 2 router-id  6.6.6.6	
[AR6_P2-ospf-2]area  0
[AR6_P2-ospf-2-area-0.0.0.0]network  10.0.6.6 0.0.0.0	
[AR6_P2-ospf-2-area-0.0.0.0]network  10.0.67.0 0.0.0.255
[AR6_P2-ospf-2-area-0.0.0.0]network  10.0.56.0 0.0.0.255
[AR6_P2-ospf-2-area-0.0.0.0]qui
[AR6_P2-ospf-2]qui
[AR6_P2]

[AR7_PE2]ospf 2 router-id  7.7.7.7
[AR7_PE2-ospf-2]area  0	
[AR7_PE2-ospf-2-area-0.0.0.0]network  10.0.7.7 0.0.0.0	
[AR7_PE2-ospf-2-area-0.0.0.0]network  10.0.67.0 0.0.0.255
[AR7_PE2-ospf-2-area-0.0.0.0]qui
[AR7_PE2-ospf-2]qui
[AR7_PE2]

3.配置各AS的公网标签分配协议MPLS LDP。

[AR2_PE1]mpls  lsr-id  10.0.2.2	
[AR2_PE1]mpls  	
[AR2_PE1-mpls]quit
[AR2_PE1]mpls  ldp
[AR2_PE1-mpls-ldp]qui	
[AR2_PE1]interface  GigabitEthernet 0/0/1	
[AR2_PE1-GigabitEthernet0/0/1]mpls  	
[AR2_PE1-GigabitEthernet0/0/1]mpls  ldp 
[AR2_PE1-GigabitEthernet0/0/1]qui
[AR2_PE1]

[AR3_P1]mpls  lsr-id  10.0.3.3 	
[AR3_P1]mpls  	
[AR3_P1-mpls]quit
[AR3_P1]mpls  ldp
[AR3_P1-mpls-ldp]qui	
[AR3_P1]interface  GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]mpls 	
[AR3_P1-GigabitEthernet0/0/1]mpls  ldp 
[AR3_P1-GigabitEthernet0/0/1]qui	
[AR3_P1]interface  GigabitEthernet 0/0/2
[AR3_P1-GigabitEthernet0/0/2]mpls 	
[AR3_P1-GigabitEthernet0/0/2]mpls  ldp 
[AR3_P1-GigabitEthernet0/0/2]qui
[AR3_P1]

[AR4_ASBR1]mpls  lsr-id  10.0.4.4	
[AR4_ASBR1]mpls 
[AR4_ASBR1-mpls]quit	
[AR4_ASBR1]mpls  ldp
[AR4_ASBR1-mpls-ldp]qui
[AR4_ASBR1]interface  GigabitEthernet 0/0/2	
[AR4_ASBR1-GigabitEthernet0/0/2]mpls 	
[AR4_ASBR1-GigabitEthernet0/0/2]mpls  ldp 
[AR4_ASBR1-GigabitEthernet0/0/2]qui
[AR4_ASBR1]

===============================================================

[AR5_ASBR2]mpls  lsr-id  10.0.5.5	
[AR5_ASBR2]mpls  	
[AR5_ASBR2-mpls]quit	
[AR5_ASBR]mpls  ldp
[AR5_ASBR2-mpls-ldp]qui	
[AR5_ASBR2]interface  GigabitEthernet 0/0/1	
[AR5_ASBR2-GigabitEthernet0/0/1]mpls  ldp 
[AR5_ASBR2-GigabitEthernet0/0/1]qui
[AR5_ASBR2]

[AR6_P2]mpls  lsr-id  10.0.6.6	
[AR6_P2]mpls 
[AR6_P2-mpls]qui	
[AR6_P2]mpls  ldp 
[AR6_P2-mpls-ldp]qui	
[AR6_P2]interface  GigabitEthernet 0/0/1
[AR6_P2-GigabitEthernet0/0/1]mpls 	
[AR6_P2-GigabitEthernet0/0/1]mpls  ldp 
[AR6_P2-GigabitEthernet0/0/1]qui	
[AR6_P2]interface  GigabitEthernet 0/0/0
[AR6_P2-GigabitEthernet0/0/0]mpls 	
[AR6_P2-GigabitEthernet0/0/0]mpls  ldp 
[AR6_P2-GigabitEthernet0/0/0]qui
[AR6_P2]

[AR7_PE2]mpls  lsr-id  10.0.7.7
[AR7_PE2]mpls 
[AR7_PE2-mpls]qui	
[AR7_PE2]mpls  ldp 
[AR7_PE2-mpls-ldp]q	
[AR7_PE2]interface  GigabitEthernet 0/0/0	
[AR7_PE2-GigabitEthernet0/0/0]mpls  	
[AR7_PE2-GigabitEthernet0/0/0]mpls  ldp 
[AR7_PE2-GigabitEthernet0/0/0]qui
[AR7_PE2]

4.配置各AS内的MP-IBGP邻居。

[AR2_PE1]bgp  100	
[AR2_PE1-bgp]router-id  2.2.2.2	
[AR2_PE1-bgp]peer  10.0.4.4 as-number 100	
[AR2_PE1-bgp]peer  10.0.4.4 connect-interface  LoopBack 0
[AR2_PE1-bgp]ipv4-family unicast 
[AR2_PE1-bgp-af-ipv4]undo peer 10.0.4.4 enable 
[AR2_PE1-bgp-af-ipv4]qui	
[AR2_PE1-bgp]ipv4-family v4
[AR2_PE1-bgp-af-v4]peer  10.0.4.4 enable 
[AR2_PE1-bgp-af-v4]qui
[AR2_PE1-bgp]qui
[AR2_PE1]
=======================================================
[AR4_ASBR1]bgp  100	
[AR4_ASBR1-bgp]router-id  4.4.4.4	
[AR4_ASBR1-bgp]peer  10.0.2.2 as-number 100	
[AR4_ASBR1-bgp]peer  10.0.2.2 connect-interface  LoopBack 0	
[AR4_ASBR1-bgp]ipv4-family unicast 	
[AR4_ASBR1-bgp-af-ipv4]undo  peer  10.0.2.2 enable    //关闭单播IPv4邻居
[AR4_ASBR1-bgp-af-ipv4]qui	
[AR4_ASBR1-bgp]ipv4-family v4 	
[AR4_ASBR1-bgp-af-v4]peer  10.0.2.2 enable    //开启MP-BGP功能
[AR4_ASBR1

你可能感兴趣的:(网络,网络协议,信息与通信)