MPLS VPN跨域C1方案 RR反射器

拓扑图如下

• 配置两个RR之间建立MP-EBGP邻居

1. R9配置

bgp 100 peer 10.10.10.10 as-number 200 peer 10.10.10.10 ebgp-max-hop 255 peer 10.10.10.10 connect-interface LoopBack0 ipv4-family v4 peer 10.10.10.10 enable peer 10.10.10.10 next-hop-invariable

1. R10配置

bgp 200 peer 9.9.9.9 as-number 100 peer 9.9.9.9 ebgp-max-hop 255 peer 9.9.9.9 connect-interface LoopBack0 ipv4-family v4 peer 9.9.9.9 enable peer 9.9.9.9 next-hop-invariable

现在虽然配置了建立邻居的BGP进程，但是因为双方是没有对方的路由的，所以无法建立。

• R3与R4建立EBGP邻居，各自宣告9.9.9.9与10.10.10.10

1. R3配置

bgp 100 peer 34.1.1.4 as-number 200   peer 34.1.1.4 enable   peer 34.1.1.4 route-policy 1 export   peer 34.1.1.4 label-route-capability network 9.9.9.9 255.255.255.255

1. R4配置
    

bgp 200 peer 34.1.1.3 as-number 100   peer 34.1.1.3 enable   peer 34.1.1.3 route-policy 1 export   peer 34.1.1.3 label-route-capability network 10.10.10.10 255.255.255.255

• R3与R9建立邻居，R4与R10建立邻居（IBGP邻居关系）

1. AS 100

R9 bgp 100  peer 3.3.3.3 as-number 100  peer 3.3.3.3 connect-interface LoopBack0 ipv4-family unicast   undo synchronization   peer 3.3.3.3 enable   peer 3.3.3.3 label-route-capability  ipv4-family v4   undo policy -target   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client R3 bgp 100  peer 9.9.9.9 as-number 100  peer 9.9.9.9 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   network 9.9.9.9 255.255.255.255   peer 9.9.9.9 enable   peer 9.9.9.9 route-policy 2 export   peer 9.9.9.9 label-route-capability

1. AS 200

R10 bgp 200  peer 4.4.4.4 as-number 200  peer 4.4.4.4 connect-interface LoopBack0  ipv4-family unicast   undo synchronization   peer 4.4.4.4 enable   peer 4.4.4.4 label-route-capability R4 bgp 200  peer 10.10.10.10 as-number 200  peer 10.10.10.10 connect-interface LoopBack0  ipv4-family unicast   undo synchronization   network 6.6.6.6 255.255.255.255   network 10.10.10.10 255.255.255.255   peer 10.10.10.10 enable   peer 10.10.10.10 route-policy 2 export   peer 10.10.10.10 label-route-capability

• 配置策略路由

1. R3配置，应用策略已在上一步配置

route-policy 1 permit node 10  apply mpls-label route-policy 2 permit node 10  if-match mpls-label  apply mpls-label

1. R4配置
    

route-policy 1 permit node 10  apply mpls-label route-policy 2 permit node 10  if-match mpls-label  apply mpls-label

此时，两个RR之间的路由可达，RR之间可以正常建立MP-EGBP邻居。

下一步需要R1与R9建立MP-IBGP邻居关系，R1把VPNV4路由传给R9

R6与R10建立MP-IBGP邻居关系，R6把VPNVR路由传给R10

之后R9与R10互相传递VPNVR路由，他们就能收到了。

• R1与R9，R6与R10建立MP-IBGP邻居

1. AS 100

R1 bgp 100  peer 9.9.9.9 as-number 100  peer 9.9.9.9 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 9.9.9.9 enable   peer 9.9.9.9 label-route-capability  #  ipv4-family v4   policy -target   peer 9.9.9.9 enable  #  ipv4-family -instance 1   import-route ospf 1 R9 bgp 100  peer 1.1.1.1 as-number 100  peer 1.1.1.1 connect-interface LoopBack0  ipv4-family unicast   undo synchronization   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client   peer 1.1.1.1 label-route-capability#  ipv4-family v4   undo policy -target   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client

1. AS 200

R9 bgp 100  peer 10.10.10.10 as-number 200  peer 10.10.10.10 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 10.10.10.10 enable   peer 10.10.10.10 label-route-capability  #  ipv4-family v4   policy -target   peer 10.10.10.10 enable  #  ipv4-family -instance 1   import-route ospf 1 R9 bgp 100  peer 6.6.6.6 as-number 100  peer 6.6.6.6 connect-interface LoopBack0  ipv4-family unicast   undo synchronization   peer 6.6.6.6 enable   peer 1.1.1.1 reflect-client   peer 1.1.1.1 label-route-capability#  ipv4-family v4   undo policy -target   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client

现在路由就可以正常传递了，但是对于两边的PE设备来说，1.1.1.1和6.6.6.6都不是可达的。所以需要在中间设备R3与R4上面分别network 1.1.1.1和 6.6.6.6.

数据配置

R1

dis cu [V200R003C00] #  sysname R1 #  snmp-agent local-engineid 800007DB03000000000000  snmp-agent #  clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip #  drop illegal-mac alarm #  wlan ac-global carrier id other ac id 0 #  set cpu-usage threshold 80 restore 75 # ip -instance 1  ipv4-family   route-distinguisher 1:1   -target 1:6 export-extcommunity   -target 6:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 49.0000.0000.0001.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip binding -instance 1  ip address 17.1.1.1 255.255.255.0  ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/1  ip address 12.1.1.1 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 1.1.1.1 255.255.255.255  isis enable 1 # bgp 100  peer 9.9.9.9 as-number 100  peer 9.9.9.9 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 9.9.9.9 enable   peer 9.9.9.9 label-route-capability  #  ipv4-family v4   policy -target   peer 9.9.9.9 enable  #  ipv4-family -instance 1   import-route ospf 1 # ospf 1 -instance 1  import-route bgp  area 0.0.0.0 # user-interface con 0  authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

R3

mpls lsr-id 3.3.3.3 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 49.0000.0000.0003.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 23.1.1.3 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/1  ip address 34.1.1.3 255.255.255.0  mpls # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 3.3.3.3 255.255.255.255  isis enable 1 # bgp 100  peer 9.9.9.9 as-number 100  peer 9.9.9.9 connect-interface LoopBack0  peer 34.1.1.4 as-number 200  #  ipv4-family unicast   undo synchronization   network 1.1.1.1 255.255.255.255   network 9.0.0.0   network 9.9.9.9 255.255.255.255   peer 9.9.9.9 enable   peer 9.9.9.9 route-policy 2 export   peer 9.9.9.9 label-route-capability   peer 34.1.1.4 enable   peer 34.1.1.4 route-policy 1 export   peer 34.1.1.4 label-route-capability # route-policy 1 permit node 10  apply mpls-label # route-policy 2 permit node 10  if-match mpls-label  apply mpls-label

R9

mpls lsr-id 9.9.9.9 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 49.0000.0000.0009.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 29.1.1.9 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 9.9.9.9 255.255.255.255  isis enable 1 # bgp 100  peer 1.1.1.1 as-number 100  peer 1.1.1.1 connect-interface LoopBack0  peer 3.3.3.3 as-number 100  peer 3.3.3.3 connect-interface LoopBack0  peer 10.10.10.10 as-number 200  peer 10.10.10.10 ebgp-max-hop 255  peer 10.10.10.10 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client   peer 1.1.1.1 label-route-capability   peer 3.3.3.3 enable   peer 3.3.3.3 label-route-capability   peer 10.10.10.10 enable  #  ipv4-family v4   undo policy -target   peer 1.1.1.1 enable   peer 1.1.1.1 reflect-client   peer 10.10.10.10 enable   peer 10.1

R4

mpls lsr-id 4.4.4.4 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 50.0000.0000.0004.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 34.1.1.4 255.255.255.0  mpls # interface GigabitEthernet0/0/1  ip address 45.1.1.4 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 4.4.4.4 255.255.255.255  isis enable 1 # bgp 200  peer 10.10.10.10 as-number 200  peer 10.10.10.10 connect-interface LoopBack0  peer 34.1.1.3 as-number 100  #  ipv4-family unicast   undo synchronization   network 6.6.6.6 255.255.255.255   network 10.10.10.10 255.255.255.255   peer 10.10.10.10 enable   peer 10.10.10.10 route-policy 2 export   peer 10.10.10.10 label-route-capability   peer 34.1.1.3 enable   peer 34.1.1.3 route-policy 1 export   peer 34.1.1.3 label-route-capability # route-policy 2 permit node 10  if-match mpls-label  apply mpls-label # route-policy 1 permit node 10  apply mpls-label

R6

ip -instance 1  ipv4-family   route-distinguisher 6:6   -target 6:1 export-extcommunity   -target 1:6 import-extcommunity # mpls lsr-id 6.6.6.6 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 50.0000.0000.0006.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 56.1.1.6 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/1  ip binding -instance 1  ip address 68.1.1.6 255.255.255.0  ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 6.6.6.6 255.255.255.255  isis enable 1 # bgp 200  peer 10.10.10.10 as-number 200  peer 10.10.10.10 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 10.10.10.10 enable   peer 10.10.10.10 label-route-capability  #  ipv4-family v4   policy -target   peer 10.10.10.10 enable  #  ipv4-family -instance 1   import-route ospf 1 # ospf 1 -instance 1  import-route bgp  area 0.0.0.0

R10
 

mpls lsr-id 10.10.10.10 mpls # mpls ldp # # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$  local-user admin service-type http # isis 1  is-level level-2  cost-style wide  network-entity 50.0000.0000.0010.00 # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 15.1.1.1 255.255.255.0  isis enable 1  mpls  mpls ldp # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0  ip address 10.10.10.10 255.255.255.255  isis enable 1 # interface LoopBack9 # bgp 200  peer 4.4.4.4 as-number 200  peer 4.4.4.4 connect-interface LoopBack0  peer 6.6.6.6 as-number 200  peer 6.6.6.6 connect-interface LoopBack0  peer 9.9.9.9 as-number 100  peer 9.9.9.9 ebgp-max-hop 255  peer 9.9.9.9 connect-interface LoopBack0  #  ipv4-family unicast   undo synchronization   peer 4.4.4.4 enable   peer 4.4.4.4 label-route-capability   peer 6.6.6.6 enable   peer 6.6.6.6 reflect-client   peer 6.6.6.6 label-route-capability   peer 9.9.9.9 enable  #  ipv4-family v4   undo policy -target   peer 6.6.6.6 enable   peer 6.6.6.6 reflect-client   peer 9.9.9.9 enable   peer 9.9.9.9 next-hop-invariable