MPLS虚拟专用网--跨域OptionC方案
OptionC方案
前面介绍的两种方式都能够满足跨域VPN的组网需求,但这两种方式也都需要ASBR参与VPN-IPv4路由的维护和发布。当每个AS都有大量的VPN路由需要交换时,ASBR就很可能阻碍网络进一步的扩展。
解决上述问题的方案是:ASBR不维护或发布VPN-IPv4路由,PE之间直接交换VPN-IPv4路由。
ASBR通过MP-IBGP向各自AS内的PE设备发布标签IPv4路由,并将到达本AS内PE的标签IPv4路由通告给它在对端AS的ASBR对等体,过渡AS中的ASBR也通告带标签的IPv4路由。这样,在入口PE和出口PE之间建立一条LSP;
不同AS的PE之间建立Multihop方式的EBGP连接,交换VPN-IPv4路由;
ASBR上不保存VPN-IPv4路由,相互之间也不通告VPN-IPv4路由。
如图为跨域VPN-OptionC的组网图,其中,VPN LSP表示私网隧道,LSP表示公网隧道。BGP LSP主要作用是两个PE之间相互交换Loopback信息,由两部分组成,例如图中从PE1到PE3方向建立BGP LSP1,PE3到PE1方向建立BGP LSP2。
为提高可扩展性,可以在每个AS中指定一个路由反射器RR,由RR保存所有VPN-IPv4路由,与本AS内的PE交换VPN-IPv4路由信息。两个AS的RR之间建立MP-EBGP连接,通告VPN-IPv4路由。
跨域OptionC路由发布
跨域VPN-OptionC关键实现是公网跨域隧道的建立。例如在CE1中有一条10.1.1.1/24的路由信息,其发布流程如图9所示。D表示目的地址,NH表示下一跳,L3表示所携带的私网标签,L9、L10表示BGP LSP的标签。
跨域OptionC报文转发
L3表示私网标签,L10和L9表示BGP LSP的标签,Lx和Ly表示域内公网外层隧道标签。
报文从PE3向PE1转发时,需要在PE3上打上三层标签,分别为VPN路由的标签、BGP LSP的标签和公网LSP的标签。到ASBR2时,只剩下两层标签,分别是VPN的路由标签和BGP LSP的标签;进入ASBR1后,BGP LSP终结,之后就是普通的MPLS VPN的转发流程。
跨域VPN-OptionC的特点
VPN路由在入口PE和出口PE之间直接交换,不需要中间设备的保存和转发。
VPN的路由信息只出现在PE设备上,而P和ASBR只负责报文的转发,使得中间域的设备可以不支持MPLS VPN业务,只需支持MPLS转发,ASBR设备不再成为性能瓶颈。因此跨域VPN-OptionC更适合在跨越多个AS时使用。
更适合支持MPLS VPN的负载分担。
缺点是维护一条端到端的PE连接管理代价较大。
跨域OptionC方案实验配置
配置步骤
1.IP地址配置。
[Huawei]sy AR1_CE1
[AR1_CE1]interface GigabitEthernet 0/0/0
[AR1_CE1-GigabitEthernet0/0/0]ip address 10.0.12.1 24
[AR1_CE1-GigabitEthernet0/0/0]qui
[AR1_CE1]interface LoopBack 0
[AR1_CE1-LoopBack0]ip address 192.168.1.1 24
[AR1_CE1-LoopBack0]q
[AR1_CE1]
<Huawei>system-view
[Huawei]sysname AR2_PE1
[AR2_PE1]interface g0/0/0
[AR2_PE1-GigabitEthernet0/0/0]ip address 10.0.12.2 24
[AR2_PE1-GigabitEthernet0/0/0]q
[AR2_PE1]interface GigabitEthernet 0/0/1
[AR2_PE1-GigabitEthernet0/0/1]ip address 10.0.23.2 24
[AR2_PE1-GigabitEthernet0/0/1]qui
[AR2_PE1]interface LoopBack 0
[AR2_PE1-LoopBack0]ip address 10.0.2.2 32
[AR2_PE1-LoopBack0]q
[AR2_PE1]
[Huawei]sysname AR3_P1
[AR3_P1]interface GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]ip address 10.0.23.3 24
[AR3_P1-GigabitEthernet0/0/1]q
[AR3_P1-GigabitEthernet0/0/1]qui
[AR3_P1]interface LoopBack 0
[AR3_P1-LoopBack0]ip address 10.0.3.3 32
[AR3_P1-LoopBack0]q
[AR3_P1]interface GigabitEthernet 0/0/2
[AR3_P1-GigabitEthernet0/0/2]ip address 10.0.34.3 24
[AR3_P1-GigabitEthernet0/0/2]qui
[AR3_P1]
<Huawei>system-view
[Huawei]sysname AR4_ASBR1
[AR4_ASBR1]interface LoopBack 0
[AR4_ASBR1-LoopBack0]ip address 10.0.4.4 32
[AR4_ASBR1-LoopBack0]qui
[AR4_ASBR1]interface GigabitEthernet 0/0/2
[AR4_ASBR1-GigabitEthernet0/0/2]ip address 10.0.34.4 24
[AR4_ASBR1-GigabitEthernet0/0/2]qui
[AR4_ASBR1]interface GigabitEthernet 0/0/0
[AR4_ASBR1-GigabitEthernet0/0/0]ip address 10.0.45.4 24
[AR4_ASBR1-GigabitEthernet0/0/0]qui
[AR4_ASBR1]
<AR5_ASBR2>system-view
[AR5_ASBR1]sysname AR5_ASBR2
[AR5_ASBR2]interface LoopBack 0
[AR5_ASBR2-LoopBack0]ip address 10.0.5.5 32
[AR5_ASBR2-LoopBack0]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/0
[AR5_ASBR2-GigabitEthernet0/0/0]ip address 10.0.45.5 24
[AR5_ASBR2-GigabitEthernet0/0/0]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/1
[AR5_ASBR2-GigabitEthernet0/0/1]ip address 10.0.56.5 24
[AR5_ASBR2-GigabitEthernet0/0/1]qui
[AR5_ASBR2]
<AR6_P2>system-view
[Huawei]sysname AR6_P2
[AR6_P2]interface LoopBack 0
[AR6_P2-LoopBack0]ip address 10.0.6.6 32
[AR6_P2-LoopBack0]qui
[AR6_P2]interface GigabitEthernet 0/0/1
[AR6_P2-GigabitEthernet0/0/1]ip address 10.0.56.6 24
[AR6_P2-GigabitEthernet0/0/1]qui
[AR6_P2]interface GigabitEthernet 0/0/0
[AR6_P2-GigabitEthernet0/0/0]ip address 10.0.67.6 24
[AR6_P2-GigabitEthernet0/0/0]qui
[AR6_P2]
<AR7_PE2>system-view
[Huawei]sysname AR7_PE2
[AR7_PE2]interface LoopBack 0
[AR7_PE2-LoopBack0]ip address 10.0.7.7 32
[AR7_PE2-LoopBack0]qui
[AR7_PE2]interface GigabitEthernet 0/0/0
[AR7_PE2-GigabitEthernet0/0/0]ip address 10.0.67.7 24
[AR7_PE2-GigabitEthernet0/0/0]qui
[AR7_PE2]interface GigabitEthernet 0/0/1
[AR7_PE2-GigabitEthernet0/0/1]ip address 10.0.78.7 24
[AR7_PE2-GigabitEthernet0/0/1]qui
[AR7_PE2]
<Huawei>system-view
[Huawei]sysname AR8_CE2.
[AR8_CE2]interface LoopBack 0
[AR8_CE2-LoopBack0]ip address 192.168.2.1 24
[AR8_CE2-LoopBack0]qui
[AR8_CE2]interface GigabitEthernet 0/0/1
[AR8_CE2-GigabitEthernet0/0/1]ip address 10.0.78.8 24
[AR8_CE2-GigabitEthernet0/0/1]qui
[AR8_CE2]
2.配置各AS内路由互通。
[AR2_PE1]ospf 1 router-id 2.2.2.2
[AR2_PE1-ospf-1]area 0
[AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0
[AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[AR2_PE1-ospf-1-area-0.0.0.0]quit
[AR2_PE1-ospf-1]quit
[AR2_PE1]
[AR3_P1]ospf 1 router-id 3.3.3.3
[AR3_P1-ospf-1]area 0
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.23.3 0.0.0.0
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.34.3 0.0.0.0
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.3.3 0.0.0.0
[AR3_P1-ospf-1-area-0.0.0.0]quit
[AR3_P1-ospf-1]quit
[AR3_P1]
[AR4_ASBR1]ospf 1 router-id 4.4.4.4
[AR4_ASBR1-ospf-1]area 0
[AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0
[AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.34.4 0.0.0.0
[AR4_ASBR1-ospf-1-area-0.0.0.0]qui
[AR4_ASBR1-ospf-1]quit
[AR4_ASBR1]
===========================================================
[AR5_ASBR2]ospf 2 router-id 5.5.5.5
[AR5_ASBR2-ospf-2]area 0
[AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.56.5 0.0.0.0
[AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.5.5 0.0.0.0
[AR5_ASBR2-ospf-2-area-0.0.0.0]quit
[AR5_ASBR2-ospf-2]quit
[AR5_ASBR2]
[AR6_P2]ospf 2 router-id 6.6.6.6
[AR6_P2-ospf-2]area 0
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.56.6 0.0.0.0
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.67.6 0.0.0.0
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.6.6 0.0.0.0
[AR6_P2-ospf-2-area-0.0.0.0]quit
[AR6_P2-ospf-2]quit
[AR6_P2]
[AR7_PE2]ospf 2 router-id 7.7.7.7
[AR7_PE2-ospf-2]area 0
[AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.67.7 0.0.0.0
[AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.7.7 0.0.0.0
[AR7_PE2-ospf-2-area-0.0.0.0]quit
[AR7_PE2-ospf-2]quit
[AR7_PE2]
3.配置各AS的公网标签分配协议MPLS LDP。
[AR2_PE1]mpls lsr-id 10.0.2.2
[AR2_PE1]mpls
[AR2_PE1-mpls]mpls ldp
[AR2_PE1-mpls-ldp]qui
[AR2_PE1]interface GigabitEthernet 0/0/1
[AR2_PE1-GigabitEthernet0/0/1]mpls
[AR2_PE1-GigabitEthernet0/0/1]mpls ldp
[AR2_PE1-GigabitEthernet0/0/1]qui
[AR2_PE1]
[AR3_P1]mpls lsr-id 10.0.3.3
[AR3_P1]mpls
[AR3_P1-mpls]mpls ldp
[AR3_P1-mpls-ldp]qui
[AR3_P1]interface GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]mpls
[AR3_P1-GigabitEthernet0/0/1]mpls ldp
[AR3_P1-GigabitEthernet0/0/1]quit
[AR3_P1]interface GigabitEthernet 0/0/2
[AR3_P1-GigabitEthernet0/0/2]mpls
[AR3_P1-GigabitEthernet0/0/2]mpls ldp
[AR3_P1-GigabitEthernet0/0/2]quit
[AR3_P1]
[AR3_P1]
[AR4_ASBR1]mpls lsr-id 10.0.4.4
[AR4_ASBR1]mpls
[AR4_ASBR1-mpls]mpls ldp
[AR4_ASBR1-mpls-ldp]quit
[AR4_ASBR1]interface GigabitEthernet 0/0/2
[AR4_ASBR1-GigabitEthernet0/0/2]mpls
[AR4_ASBR1-GigabitEthernet0/0/2]mpls ldp
[AR4_ASBR1-GigabitEthernet0/0/2]quit
[AR4_ASBR1]
=====================================================
[AR5_ASBR2]mpls lsr-id 10.0.5.5
[AR5_ASBR2]mpls
[AR5_ASBR2-mpls]mpls ldp
[AR5_ASBR2-mpls-ldp]quit
[AR5_ASBR2]interface GigabitEthernet 0/0/1
[AR5_ASBR2-GigabitEthernet0/0/1]mpls
[AR5_ASBR2-GigabitEthernet0/0/1]mpls ldp
[AR5_ASBR2-GigabitEthernet0/0/1]quit
[AR5_ASBR2]
[AR6_P2]mpls lsr-id 10.0.6.6
[AR6_P2]mpls
[AR6_P2-mpls]mpls ldp
[AR6_P2-mpls-ldp]quit
[AR6_P2]interface GigabitEthernet 0/0/1
[AR6_P2-GigabitEthernet0/0/1]mpls
[AR6_P2-GigabitEthernet0/0/1]mpls ldp
[AR6_P2-GigabitEthernet0/0/1]quit
[AR6_P2]interface GigabitEthernet 0/0/0
[AR6_P2-GigabitEthernet0/0/0]mpls
[AR6_P2-GigabitEthernet0/0/0]mpls ldp
[AR6_P2-GigabitEthernet0/0/0]quit
[AR6_P2]
[AR7_PE2]mpls lsr-id 10.0.7.7
[AR7_PE2]mpls
[AR7_PE2-mpls]mpls ldp
[AR7_PE2-mpls-ldp]quit
[AR7_PE2]interface GigabitEthernet 0/0/0
[AR7_PE2-GigabitEthernet0/0/0]mpls
[AR7_PE2-GigabitEthernet0/0/0]mpls ldp
[AR7_PE2-GigabitEthernet0/0/0]quit
[AR7_PE2]
4.各AS内建立IBGP邻居关系传递路由信息。
[AR2_PE1]bgp 100
[AR2_PE1-bgp]router-id 2.2.2.2
[AR2_PE1-bgp]peer 10.0.4.4 as-number 100
[AR2_PE1-bgp]peer 10.0.4.4 connect-interface LoopBack 0
[AR2_PE1-bgp]qui
[AR2_PE1]
[AR4_ASBR1]bgp 100
[AR4_ASBR1-bgp]router-id 4.4.4.4
[AR4_ASBR1-bgp]peer 10.0.2.2 as-number 100
[AR4_ASBR1-bgp]peer 10.0.45.5 as-number 200
[AR4_ASBR1-bgp]quit
[AR4_ASBR1]
==============================================================
[AR5_ASBR2]bgp 200
[AR5_ASBR2-bgp]router-id 5.5.5.5
[AR5_ASBR2-bgp]peer 10.0.45.4 as-number 100
[AR5_ASBR2-bgp]peer 10.0.7.7 as-number 200
[AR5_ASBR2-bgp]peer 10.0.7.7 connect-interface LoopBack 0
[AR5_ASBR2-bgp