BGP MPLS VPN 跨域方案C &RR反射器

拓扑图

需求：实现CE1 AR9的私网跨越AS100 AS200到达AS10 R10私网带反射器的BGP MPLS 隧道。

配置思路

1. 跨域骨干网AS100-R1-R2-R3-R4  AS200-R5-R6-R7-R8  IP/ISIS/MPLS/反射器,IBGP和跨域R3-R5 EBGP配置，ASBR到域内IBGP修改下一跳local。
2. 打通R1-R2-R3-R5-R6-R7的BGP-MPLS隧道,R4-R8建立vpnv4邻居。
  2.1 R3 R5间接口开启MPLS，建立EBGP邻居
  2.2 R3发布R4 lo0, R5发布R8 lo0, 用于R4-R8通过公网建立vpnv4邻居
  2.3 R3发布R1 lo0, R5发布R7 lo0，用于打通R1-R7之间的BGP LSP
  2.4 R3 R5分别建立两条route-policy P1和P2，BGP开启标签能力
    P1打MPLS标签，R3-R5之间传递调用，形成双向BGP MPLS标签
    P2检测到标签则再打一层标签，ASBR传递到域内的RR调用
  2.5 R4-R1, 和R8-R7开启BGP标签能力。形成R1-R4-R3-R5-R8-R7的MPLS隧道
  2.6 考虑到实际环境中多PE的情况，在R4-R8建立vpnv4邻居。修改ebgp最大跳数，关闭vpn-target策略
  2.7 数据转发经过了RR需修正最优路径，R4-R1/R8, R8-R4/R7 vpnv4对端下一跳设置不变
3. PE接入端R1/R7实例配置
4. CE端R9/R10配置

配置命令

1. 跨域骨干网AS100-R1-R2-R3-R4 AS200-R5-R6-R7-R8，IP/ISIS/MPLS/反射器,IBGP和跨域R3-R5 EBGP配置

#R1 (PE1)
sys
sysn R1
int g0/0/1
ip addr 12.1.1.1 24
int lo0 
ip addr 1.1.1.1 32

isis 1 
is-level level-2
network-entity 49.0001.0000.0000.0001.00
int g0/0/1
isis en 1
int lo0
isis en 1

mpls lsr-id 1.1.1.1
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp

bgp 100
router-id 1.1.1.1
undo default ipv4-unicast
peer 4.4.4.4 as-number 100 
peer 4.4.4.4 connect-interface Lo0
ipv4-family unicast
peer 4.4.4.4 enable


#R2 (P)
sys
sysn R2
int g0/0/0
ip addr 12.1.1.2 24
int g0/0/1
ip addr 23.1.1.2 24
int g0/0/2
ip addr 24.1.1.2 24
int lo0 
ip addr 2.2.2.2 32

isis 1 
is-level level-2
network-entity 49.0002.0000.0000.0002.00
int g0/0/0
isis en 1
int g0/0/1
isis en 1
int g0/0/2
isis en 1
int lo0
isis en 1

mpls lsr-id 2.2.2.2
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
int g0/0/2
mpls
mpls ldp


#R3 (ASBR1)
sys
sysn R3
int g0/0/0
ip addr 23.1.1.3 24
int g0/0/1
ip addr 35.1.1.3 24
int lo0 
ip addr 3.3.3.3 32

isis 1 
is-level level-2
network-entity 49.0003.0000.0000.0003.00
int g0/0/0
isis en 1
int lo0
isis en 1

mpls lsr-id 3.3.3.3
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp

bgp 100
router-id 3.3.3.3
undo default ipv4-unicast
peer 4.4.4.4 as-number 100 
peer 4.4.4.4 connect-interface LoopBack0
ipv4-family unicast
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local


#R4 (RR1)
sys
sysn R4
int g0/0/0
ip addr 24.1.1.4 24
int lo0
ip addr 4.4.4.4 32

isis 1 
is-level level-2
network-entity 49.0004.0000.0000.0004.00
int g0/0/0
isis en 1
int lo0
isis en 1

mpls lsr-id 4.4.4.4
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp

bgp 100
router-id 4.4.4.4
undo default ipv4-unicast
peer 1.1.1.1 as-number 100 
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100 
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client


#R5 (ASBR2)
sys
sysn R5
int g0/0/0
ip addr 56.1.1.5 24
int g0/0/1
ip addr 35.1.1.5 24
int lo0
ip addr 5.5.5.5 32

isis 1 
is-level level-2
network-entity 49.0005.0000.0000.0005.00
int g0/0/0
isis en 1
int lo0
isis en 1

mpls lsr-id 5.5.5.5
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp

bgp 200
router-id 5.5.5.5
undo default ipv4-unicast
peer 8.8.8.8 as-number 200 
peer 8.8.8.8 connect-interface LoopBack0
ipv4-family unicast
peer 8.8.8.8 enable
peer 8.8.8.8 next-hop-local 


#R6 (P)
sys
sysn R6
int g0/0/0
ip addr 56.1.1.6 24
int g0/0/1
ip addr 67.1.1.6 24
int g0/0/2
ip addr 68.1.1.6 24
int lo0
ip addr 6.6.6.6 32

isis 1 
is-level level-2
network-entity 49.0006.0000.0000.0006.00
int g0/0/0
isis en 1
int g0/0/1
isis en 1
int g0/0/2
isis en 1
int lo0
isis en 1

mpls lsr-id 6.6.6.6
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
int g0/0/2
mpls
mpls ldp


#R7 (PE2)
sys
sysn R7
int g0/0/0
ip addr 67.1.1.7 24
int lo0 
ip addr 7.7.7.7 32

isis 1 
is-level level-2
network-entity 49.0007.0000.0000.0007.00
int g0/0/0
isis en 1
int lo0
isis en 1

mpls lsr-id 7.7.7.7
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp

bgp 200
router-id 7.7.7.7
undo default ipv4-unicast
peer 8.8.8.8 as-number 200 
peer 8.8.8.8 connect-interface LoopBack0
ipv4-family unicast
peer 8.8.8.8 enable


#R8 (RR2)
sys
sysn R8
int g0/0/0
ip addr 68.1.1.8 24
int lo0
ip addr 8.8.8.8 32

isis 1 
is-level level-2
network-entity 49.0008.0000.0000.0008.00
int g0/0/0
isis en 1
int lo0
isis en 1

mpls lsr-id 8.8.8.8
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp

bgp 200
router-id 8.8.8.8
undo default ipv4-unicast
peer 5.5.5.5 as-number 200 
peer 5.5.5.5 connect-interface LoopBack0
peer 7.7.7.7 as-number 200 
peer 7.7.7.7 connect-interface LoopBack0
ipv4-family unicast
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client

2.打通R1-R2-R3-R5-R6-R7的BGP-MPLS隧道,R4-R8建立vpnv4邻居。

#R3 (ASBR1)
int g0/0/1
mpls

route-policy P1 permit node 10 
apply mpls-label
route-policy P2 permit node 10 
if-match mpls-label 
apply mpls-label

bgp 100
peer 35.1.1.5 as-number 200
ipv4-family unicast
peer 35.1.1.5 enable
network 1.1.1.1 32
network 4.4.4.4 32
peer 35.1.1.5 route-policy P1 export
peer 35.1.1.5 label-route-capability
peer 4.4.4.4 route-policy P2 export
peer 4.4.4.4 label-route-capability


#R5 (ASBR2)
int g0/0/1
mpls

route-policy P1 permit node 10 
apply mpls-label
route-policy P2 permit node 10 
if-match mpls-label 
apply mpls-label

bgp 200
peer 35.1.1.3 as-number 100 
ipv4-family unicast
peer 35.1.1.3 enable
network 7.7.7.7 32
network 8.8.8.8 32
peer 8.8.8.8 route-policy P2 export
peer 8.8.8.8 label-route-capability
peer 35.1.1.3 route-policy P1 export
peer 35.1.1.3 label-route-capability


#R1 (PE1)
bgp 100
ipv4-family unicast
peer 4.4.4.4 label-route-capability
ipv4-family vpnv4
peer 4.4.4.4 enable


#R4 (RR1)
bgp 100
ipv4-family unicast
peer 8.8.8.8 as-number 200
peer 8.8.8.8 ebgp-max-hop 255
peer 8.8.8.8 connect-interface LoopBack0
peer 1.1.1.1 label-route-capability
peer 3.3.3.3 label-route-capability
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-invariable
peer 8.8.8.8 enable
peer 8.8.8.8 next-hop-invariable


#R7 (PE2)
bgp 200
ipv4-family unicast
peer 8.8.8.8 label-route-capability
ipv4-family vpnv4
peer 8.8.8.8 enable


#R8 (RR2)
bgp 200
ipv4-family unicast
peer 4.4.4.4 as-number 100 
peer 4.4.4.4 ebgp-max-hop 255 
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 label-route-capability
peer 7.7.7.7 label-route-capability
ipv4-family vpnv4
undo policy vpn-target
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-invariable 
peer 7.7.7.7 enable
peer 7.7.7.7 next-hop-invariable

3. PE端接入实例配置

#R1 (PE1)
ip vpn-instance 9
route-distinguisher 9:9
vpn-target 9:10 export-extcommunity
vpn-target 10:9 import-extcommunity
interface GigabitEthernet0/0/0
ip binding vpn-instance 9
ip address 19.1.1.1 255.255.255.0

bgp 100
ipv4-family vpn-instance 9 
peer 19.1.1.9 as-number 9 


#R7 (PE2)
ip vpn-instance 10
route-distinguisher 10:10
vpn-target 10:9 export-extcommunity
vpn-target 9:10 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance 10
ip address 70.1.1.7 255.255.255.0

bgp 200
 ipv4-family vpn-instance 10 
 peer 70.1.1.10 as-number 10

4.CE接入端配置

#R9 (CE1)
sys
sysn R9
int g0/0/0
ip addr 19.1.1.9 24
int lo0
ip addr 9.9.9.9 32

bgp 9
router-id 9.9.9.9
peer 19.1.1.1 as-number 100 
ipv4-family unicast
network 9.9.9.9 255.255.255.255 
peer 19.1.1.1 enable


#R10 (CE2)
sys
sysn R10
int g0/0/0
ip addr 70.1.1.10 24
int lo0
ip addr 10.10.10.10 32

bgp 10
router-id 10.10.10.10
peer 70.1.1.7 as-number 200
ipv4-family unicast
network 10.10.10.10 255.255.255.255 
peer 70.1.1.7 enable

结果验证

0x0

BGP MPLS VPN 跨域方案C &RR反射器

BGP MPLS VPN 跨域方案C &RR反射器

Hub&Spoke组网方式一

MPLS VPN 基础实验2

VRF 虚拟路由转发

MPLS VPN 跨域方案 C方式一

BGP MPLS VPN 跨域方案C &RR反射器

openwrt 软路由wireshark ssh tcpdump远程抓包

BGP MPLS VPN 跨域方案C &RR反射器

Hub&Spoke组网方式一

MPLS VPN 基础实验2

VRF 虚拟路由转发

MPLS VPN 跨域方案 C方式一