《H3CMSR系列路由器MPLSL3VPN跨域方案ABC功能配置.doc》由会员分享,可在线阅读,更多相关《H3CMSR系列路由器MPLSL3VPN跨域方案ABC功能配置.doc(26页珍藏版)》请在三一办公上搜索。
1、 .MSR系列路由器MPLS L3VPN跨域方案A功能的配置关键词:MSR;MPLS;L3VPN;跨域;OptionA一、组网需求:peA和asbrA在AS1,peB和asbrB在AS2;peA和peB都下挂着vpna和vpnb的站点,peA下挂vpna和vpnb站点1,peB下挂vpna和vpnb站点2。设备清单:MSR系列路由器4台二、组网图:三、配置步骤:peA配置:#router id 3.3.3.3#ip vpn-instance vpnaroute-distinguisher 3:1vpn-target 1:1 export-extcommunityvpn-target 1:1 i
2、mport-extcommunity#ip vpn-instance vpnbroute-distinguisher 3:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 3.3.3.3#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 1.3.0.3 255.255.255.0mplsmpls ldp#interface Ethernet0/1port link-mode routeip bindi
3、ng vpn-instance vpnaip address 192.168.1.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.1.1 255.255.255.0#interface LoopBack0ip address 3.3.3.3 255.255.255.255#bgp 1undo synchronizationpeer 1.1.1.1 as-number 1peer 1.1.1.1 connect-interface Loop
4、Back0#ipv4-family vpnv4peer 1.1.1.1 enable#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 3.3.3.3 0.0.0.0network 1.3.0.0 0.0.0.255#asbrA配置:router id 1.1.1.1#ip vpn-instance vpnaroute-distinguisher 1:1vpn-target 1:1 export-e
5、xtcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 1:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 1.1.1.1#mpls#mpls ldp#interface Ethernet0/0.1 /asbr间用子接口区分不同vpn流量vlan-type dot1q vid 1ip binding vpn-instance vpnaip address 1.2.1
6、.1 255.255.255.0#interface Ethernet0/0.2 /asbr间用子接口区分不同vpn流量vlan-type dot1q vid 2ip binding vpn-instance vpnbip address 1.2.2.1 255.255.255.0#interface Ethernet0/1port link-mode routeip address 1.3.0.1 255.255.255.0mplsmpls ldp#interface LoopBack0ip address 1.1.1.1 255.255.255.255#bgp 1undo synchron
7、izationpeer 3.3.3.3 as-number 1 /asbr和pe间是标准L3VPN配置peer 3.3.3.3 connect-interface LoopBack0#ipv4-family vpnv4peer 3.3.3.3 enable#ipv4-family vpn-instance vpna /asbr间使用PE-CE模式传vpna路由peer 1.2.1.2 as-number 2#ipv4-family vpn-instance vpnb /asbr间使用PE-CE模式传vpna路由peer 1.2.2.2 as-number 2#ospf 1area 0.0.0.
8、0network 1.1.1.1 0.0.0.0network 1.3.0.0 0.0.0.255#asbrB配置:#router id 2.2.2.2#ip vpn-instance vpnaroute-distinguisher 2:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 2:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity
9、#mpls lsr-id 2.2.2.2#mpls#mpls ldp#interface Ethernet0/0.1 /asbr间用子接口区分不同vpn流量vlan-type dot1q vid 1ip binding vpn-instance vpnaip address 1.2.1.2 255.255.255.0#interface Ethernet0/0.2 /asbr间用子接口区分不同vpn流量vlan-type dot1q vid 2ip binding vpn-instance vpnbip address 1.2.2.2 255.255.255.0#interface Ether
10、net0/1port link-mode routeip address 2.4.0.2 255.255.255.0mplsmpls ldp#interface LoopBack0ip address 2.2.2.2 255.255.255.255#bgp 2undo synchronizationpeer 4.4.4.4 as-number 2 /asbr和pe间是标准L3VPN配置peer 4.4.4.4 connect-interface LoopBack0#ipv4-family vpnv4peer 4.4.4.4 enable#ipv4-family vpn-instance vpn
11、a /asbr间使用PE-CE模式传vpna路由peer 1.2.1.1 as-number 1#ipv4-family vpn-instance vpnb /asbr间使用PE-CE模式传vpnb路由peer 1.2.2.1 as-number 1#ospf 1area 0.0.0.0network 2.2.2.2 0.0.0.0network 2.4.0.0 0.0.0.255#peB配置:router id 4.4.4.4#ip vpn-instance vpnaroute-distinguisher 4:1vpn-target 1:1 export-extcommunityvpn-ta
12、rget 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 4:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 4.4.4.4#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 2.4.0.4 255.255.255.0mplsmpls ldp#interface Ethernet0/1port link-mode rou
13、teip binding vpn-instance vpnaip address 192.168.2.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.2.1 255.255.255.0#interface LoopBack0ip address 4.4.4.4 255.255.255.255#bgp 2undo synchronizationpeer 2.2.2.2 as-number 2peer 2.2.2.2 connect-inte
14、rface LoopBack0#ipv4-family vpnv4peer 2.2.2.2 enable#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 4.4.4.4 0.0.0.0network 2.4.0.0 0.0.0.255#四、配置关键点:1.asbr间需要用不同链路隔离不同vpn流量,可以使用不同物理链路或逻辑链路如子接口或E1/T1通道;2.asbr间互相把对方认为CE,所以要配置
15、在bgp的vpn实例视图下配置。MSR系列路由器MPLS L3VPN跨域方案B功能的配置关键词:MSR;MPLS;L3VPN;跨域;OptionB一、组网需求:peA和asbrA在AS1,peB和asbrB在AS2;peA和peB都下挂着vpna和vpnb的站点,peA下挂vpna和vpnb站点1,peB下挂vpna和vpnb站点2。设备清单:MSR系列路由器4台二、组网图:三、配置步骤:适用设备和版本:MSR系列、Version 5.20, Beta 1105后所有版本。peA配置:#router id 3.3.3.3#ip vpn-instance vpnaroute-distinguis
16、her 3:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 3:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 3.3.3.3#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 1.3.0.3 255.255.255.0mplsm
17、pls ldp#interface Ethernet0/1port link-mode routeip binding vpn-instance vpnaip address 192.168.1.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.1.1 255.255.255.0#interface LoopBack0ip address 3.3.3.3 255.255.255.255#bgp 1undo synchronizationpe
18、er 1.1.1.1 as-number 1peer 1.1.1.1 connect-interface LoopBack0#ipv4-family vpnv4peer 1.1.1.1 enable#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 3.3.3.3 0.0.0.0network 1.3.0.0 0.0.0.255#asbrA配置:router id 1.1.1.1#mpls lsr-
19、id 1.1.1.1#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 1.2.0.1 255.255.255.0mpls /使能MPLS流量转发能力#interface Ethernet0/1port link-mode routeip address 1.3.0.1 255.255.255.0mplsmpls ldp#interface LoopBack0ip address 1.1.1.1 255.255.255.255#bgp 1undo synchronizationpeer 1.2.0.2 as-nu
20、mber 2 /建立EBGP连接peer 3.3.3.3 as-number 1peer 3.3.3.3 connect-interface LoopBack0#ipv4-family vpnv4undo policy vpn-target /取消vpn-target策略peer 3.3.3.3 enablepeer 1.2.0.2 enable /向EBGP邻居发vpn所有vpn路由#ospf 1area 0.0.0.0network 1.1.1.1 0.0.0.0network 1.3.0.0 0.0.0.255#asbrB配置:#router id 2.2.2.2#mpls lsr-id
21、 2.2.2.2#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 1.2.0.2 255.255.255.0mpls /使能MPLS流量转发能力#interface Ethernet0/1port link-mode routeip address 2.4.0.2 255.255.255.0mplsmpls ldp#interface LoopBack0ip address 2.2.2.2 255.255.255.255#bgp 2undo synchronizationpeer 1.2.0.1 as-numb
22、er 1 /建立EBGP连接peer 4.4.4.4 as-number 2peer 4.4.4.4 connect-interface LoopBack0#ipv4-family vpnv4undo policy vpn-target /取消vpn-target策略peer 4.4.4.4 enablepeer 1.2.0.1 enable /向EBGP邻居发vpn所有vpn路由#ospf 1area 0.0.0.0network 2.2.2.2 0.0.0.0network 2.4.0.0 0.0.0.255#peB配置:router id 4.4.4.4#ip vpn-instance
23、vpnaroute-distinguisher 4:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 4:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 4.4.4.4#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 2.4.0.
24、4 255.255.255.0mplsmpls ldp#interface Ethernet0/1port link-mode routeip binding vpn-instance vpnaip address 192.168.2.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.2.1 255.255.255.0#interface LoopBack0ip address 4.4.4.4 255.255.255.255#bgp 2un
25、do synchronizationpeer 2.2.2.2 as-number 2peer 2.2.2.2 connect-interface LoopBack0#ipv4-family vpnv4peer 2.2.2.2 enable#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 4.4.4.4 0.0.0.0network 2.4.0.0 0.0.0.255#四、配置关键点:1.asbr间
26、的直连链路必须要使能MPLS转发能力;2.asbr间要建立MP-EBGP连接,配置类似于普通L3VPN的MP-IBGP连接;3.asbr可以不用配置vpn实例,需要在bgp的vpnv4视图下取消vpn-target策略。MSR系列路由器MPLS L3VPN跨域方案C功能的配置关键词:MSR;MPLS;L3VPN;跨域;OptionC一、组网需求:peA和asbrA在AS1,peB和asbrB在AS2;peA和peB都下挂着vpna和vpnb的站点,peA下挂vpna和vpnb站点1,peB下挂vpna和vpnb站点2。设备清单:MSR系列路由器4台二、组网图:三、配置步骤:适用设备和版本:MS
27、R系列、Version 5.20, Beta 1105后所有版本。peA配置:#router id 3.3.3.3#ip vpn-instance vpnaroute-distinguisher 3:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 3:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 3.3.3.
28、3#mpls#mpls ldp#interface Ethernet0/0port link-mode routeip address 1.3.0.3 255.255.255.0mplsmpls ldp#interface Ethernet0/1port link-mode routeip binding vpn-instance vpnaip address 192.168.1.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.1.1 2
29、55.255.255.0#interface LoopBack0ip address 3.3.3.3 255.255.255.255#bgp 1undo synchronizationpeer 4.4.4.4 as-number 2 /与peB建立EBGP连接peer 1.1.1.1 as-number 1peer 4.4.4.4 ebgp-max-hop 64 /支持多跳EBGP连接peer 4.4.4.4 connect-interface LoopBack0 /使用环回口连接peer 1.1.1.1 label-route-capability /使能标签路由能力peer 1.1.1.1
30、 connect-interface LoopBack0#ipv4-family vpnv4peer 4.4.4.4 enable /与peB交换vpn路由#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 3.3.3.3 0.0.0.0network 1.3.0.0 0.0.0.255#asbrA配置:router id 1.1.1.1#mpls lsr-id 1.1.1.1#mpls#mpls
31、ldp#acl number 2000 /定义ACL用于路由策略rule 0 permit source 3.3.3.3 0rule 5 deny#interface Ethernet0/0port link-mode routeip address 1.2.0.1 255.255.255.0mpls /使能MPLS流量转发能力#interface Ethernet0/1port link-mode routeip address 1.3.0.1 255.255.255.0mplsmpls ldp#interface LoopBack0ip address 1.1.1.1 255.255.25
32、5.255#bgp 1network 3.3.3.3 255.255.255.255 /引入peA路由undo synchronizationpeer 1.2.0.2 as-number 2peer 3.3.3.3 as-number 1peer 1.2.0.2 route-policy asbrB export /应用路由策略peer 1.2.0.2 label-route-capability /使能标签路由能力peer 3.3.3.3 route-policy peA export /应用路由策略peer 3.3.3.3 label-route-capability /使能标签路由能力p
33、eer 3.3.3.3 connect-interface LoopBack0#ospf 1area 0.0.0.0network 1.1.1.1 0.0.0.0network 1.3.0.0 0.0.0.255#route-policy asbrB permit node 0 /对asbrB的路由策略if-match acl 2000 /匹配条件apply mpls-label /分标签操作route-policy peA permit node 0 /对peA的路由策略if-match mpls-label /匹配条件apply mpls-label /分标签#asbrB配置:#route
34、r id 2.2.2.2#mpls lsr-id 2.2.2.2#mpls#mpls ldp#acl number 2000 /定义ACL用于路由策略rule 0 permit source 4.4.4.4 0rule 5 deny#interface Ethernet0/0port link-mode routeip address 1.2.0.2 255.255.255.0mpls /使能MPLS流量转发能力#interface Ethernet0/1port link-mode routeip address 2.4.0.2 255.255.255.0mplsmpls ldp#inter
35、face LoopBack0ip address 2.2.2.2 255.255.255.255#bgp 2network 4.4.4.4 255.255.255.255 /引入peB路由undo synchronizationpeer 1.2.0.1 as-number 1peer 4.4.4.4 as-number 2peer 1.2.0.1 route-policy asbrA export /应用路由策略peer 1.2.0.1 label-route-capability /使能标签路由能力peer 4.4.4.4 route-policy peB export /应用路由策略pee
36、r 4.4.4.4 label-route-capability /使能标签路由能力peer 4.4.4.4 connect-interface LoopBack0#ospf 1area 0.0.0.0network 2.2.2.2 0.0.0.0network 2.4.0.0 0.0.0.255#route-policy asbrA permit node 0 /对asbrA的路由策略if-match acl 2000 /匹配条件apply mpls-label /分标签操作route-policy peB permit node 0 /对peB的路由策略if-match mpls-labe
37、l /匹配条件apply mpls-label /分标签#peB配置:router id 4.4.4.4#ip vpn-instance vpnaroute-distinguisher 4:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#ip vpn-instance vpnbroute-distinguisher 4:2vpn-target 2:2 export-extcommunityvpn-target 2:2 import-extcommunity#mpls lsr-id 4.4.4.4#mpl
38、s#mpls ldp#interface Ethernet0/0port link-mode routeip address 2.4.0.4 255.255.255.0mplsmpls ldp#interface Ethernet0/1port link-mode routeip binding vpn-instance vpnaip address 192.168.2.1 255.255.255.0#interface Ethernet1/0port link-mode routeip binding vpn-instance vpnbip address 172.32.2.1 255.25
39、5.255.0#interface LoopBack0ip address 4.4.4.4 255.255.255.255#bgp 2undo synchronizationpeer 3.3.3.3 as-number 1 /与peA建立EBGP连接peer 2.2.2.2 as-number 2peer 3.3.3.3 ebgp-max-hop 64 /支持多跳EBGP连接peer 3.3.3.3 connect-interface LoopBack0 /使用环回口连接peer 2.2.2.2 label-route-capability /使能标签路由能力peer 2.2.2.2 conn
40、ect-interface LoopBack0#ipv4-family vpnv4peer 3.3.3.3 enable /与peA交换vpn路由#ipv4-family vpn-instance vpnaimport-route direct#ipv4-family vpn-instance vpnbimport-route direct#ospf 1area 0.0.0.0network 4.4.4.4 0.0.0.0network 2.4.0.0 0.0.0.255#四、配置关键点:1.asbr上要配置匹配pe环回接口地址的ACL、对asbr和pe的路由策略;2.asbr间不传递vpn路由,但是在bgp中要引入pe环回接口路由;3.asbr上要仔细配置路由策略;4.asbr间和asbr-pe间都要使能bgp路由标签能力;5.pe间建立多跳EBGP连接必须要注意多跳选项;6.pe间的多跳EBGP连接必须使用环回接口建立连接。26 / 26
