拓扑图
需求:R1和R2是分部,R6是总部,实现分部间的内网互访流量经过总部。
配置思路
1.R3-R4-R5骨干网底层接口IP ISIS MPLS BGP配置
2.R3 R5配置VPN实例(HUB&Spoke都是BGP邻居关系)
3.配置CE端 R1/R2/R6的接口IP和BGP
4.CE/PE BGP打破AS防环配置
5.如果分部CE-PE使用OSPF,HUB-PE2使用BGP
6.分部CE-PE和HUB-PE使用IGP,未写。
7.如果CE-PE1 使用BGP,HUB-PE2使用OSPF。不适用此方案。原因如下:
HUB侧PE2 in实例把bgp路由引入到ospf中会丢失BGP AS路径属性,
再通过HUB-PE2 out实例传回CE-PE1实例中。
根据优选原则CE-PE1实例中会优选HUB侧out实列中引入的ospf无BGP AS的路由,
CE1起源传来CE-PE1实例的bgp路由带了AS属性计算出不是最优不加表。
由于CE1才是此路由条目的起源,但是起源CE1传给CE-PE1不是最优不加表。
所以CE-PE1从HUB-PE2学来的最优路由的起源失效后,此路由条目也会失效。
CE1再次通过bgp更新路由,重复以上的动作后会再次消失。
最终会造成循环的路由震荡。
配置命令
1.R3-R4-R5骨干网底层接口IP ISIS MPLS BGP配置。
###R3
sys
sysn R3
int g0/0/0
ip addr 172.16.13.3 24
int lo0
ip addr 3.3.3.3 32
isis 1
is-level level-2
network-entity 49.0003.0000.0000.0003.00
int g0/0/2
isis en 1
int lo0
isis en 1
mpls lsr-id 3.3.3.3
mpls
mpls ldp
int g0/0/2
mpls
mpls ldp
bgp 500
router-id 3.3.3.3
undo default ipv4-unicast
peer 5.5.5.5 as-number 500
peer 5.5.5.5 connect-interface LoopBack0
ipv4-family vpnv4
peer 5.5.5.5 enable
###R4
sys
sysn R4
int g0/0/0
ip addr 172.16.34.4 24
int g0/0/1
ip addr 172.16.45.4 24
int lo0
ip addr 4.4.4.4 32
isis 1
is-level level-2
network-entity 49.0004.0000.0000.0004.00
int g0/0/0
isis en 1
int g0/0/1
isis en 1
int lo0
isis en 1
mpls lsr-id 4.4.4.4
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
###R5
sys
sysn R5
int g0/0/0
ip addr 172.16.45.5 24
int lo0
ip addr 5.5.5.5 32
isis 1
is-level level-2
network-entity 49.0005.0000.0000.0005.00
int g0/0/1
isis en 1
int lo0
isis en 1
qu
mpls lsr-id 5.5.5.5
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
qu
bgp 500
router-id 5.5.5.5
undo default ipv4-unicast
peer 3.3.3.3 as-number 500
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family vpnv4
peer 3.3.3.3 enable2.R3 R5配置VPN实例(HUB&Spoke都是BGP邻居关系)
###PE1 (R3)
ip vpn-instance 1
route-distinguisher 1:1
vpn-target 12:1 export-extcommunity
vpn-target 1:12 import-extcommunity
ip vpn-instance 2
route-distinguisher 2:2
vpn-target 12:1 export-extcommunity
vpn-target 1:12 import-extcommunity
int g0/0/0
ip binding vpn-instance 1
ip add 192.168.13.3 24
int g0/0/1
ip binding vpn-instance 2
ip add 192.168.23.3 24
bgp 500
ipv4-family vpn-instance 1
peer 192.168.13.1 as 100
ipv4-family vpn-instance 2
peer 192.168.23.2 as 100
###PE2 (R5)
ip vpn-instance in
route-distinguisher 3:3
vpn-target 12:1 import-extcommunity
ip vpn-instance out
route-distinguisher 4:4
vpn-target 1:12 export-extcommunity
int g0/0/1.10
ip binding vpn-instance in
ip add 192.168.10.5 24
dot1q termination vid 10
arp broadcast enable
int g0/0/1.20
ip binding vpn-instance out
ip add 192.168.20.5 24
dot1q termination vid 20
arp broadcast enable
bgp 500
ipv4-family vpn-instance in
peer 192.168.10.6 as-number 100
ipv4-family vpn-instance out
peer 192.168.20.6 as-number 1003.配置CE端 R1/R2/R6的接口IP和BGP
###R1
sys
sysn R1
int g0/0/0
ip add 192.168.13.1 24
int lo0
ip add 172.16.1.1 32
bgp 100
router-id 1.1.1.1
peer 192.168.13.3 as-number 500
peer 192.168.13.3 enable
network 172.16.1.1 32
###R2
sys
sysn R2
int g0/0/0
ip add 192.168.23.2 24
int lo0
ip add 172.16.2.1 32
bgp 100
router-id 2.2.2.2
peer 192.168.23.3 as-number 500
peer 192.168.23.3 enable
network 172.16.2.1 32
###R6
sys
sysn R6
int g0/0/0.10
ip add 192.168.10.6 24
dot1q termination vid 10
arp broadcast enable
int g0/0/0.20
ip add 192.168.20.6 24
dot1q termination vid 20
arp broadcast enable
int lo0
ip addr 172.16.3.1 32
bgp 100
router-id 6.6.6.6
peer 192.168.10.5 as-number 500
peer 192.168.20.5 as-number 500
peer 192.168.10.5 enable
peer 192.168.20.5 enable
network 172.16.3.1 324.CE/PE BGP打破AS防环配置
###R5
bgp 500
ipv4-family vpn-instance out
peer 192.168.20.6 allow-as-loop
###R6
bgp 100
peer 192.168.10.5 allow-as-loop
###R1
bgp 100
peer 192.168.13.3 allow-as-loop 2
###R2
bgp 100
peer 192.168.23.3 allow-as-loop 25.如果分部CE-PE使用OSPF,HUB-PE2使用BGP。分部CE上OSPF发布路由通告,分部PE R3上双实例中BGP/OSPF互相引入。路由策略过滤掉OSPF直连路由。
###CE-PE1 R3
ip ip-prefix 1 index 10 permit 172.16.1.1 32
ip ip-prefix 2 index 10 permit 172.16.2.1 32
route-policy 1 permit node 10
if-match ip-prefix 1
route-policy 2 permit node 10
if-match ip-prefix 2
bgp 500
ipv4-family vpn-instance 1
import-route ospf 1 route-policy 1
ipv4-family vpn-instance 2
import-route ospf 1 route-policy 2
ospf 1
import-route bgp
ospf 2
import-route bgp
###HUB-PE2 R5 out实例中允许bgp as环路。
bgp 500
ipv4-family vpn-instance out
peer 192.168.20.6 allow-as-loop验证结果
