BGP MPLS VPN配置与排错——H3C.ppt

资源描述

《BGP MPLS VPN配置与排错——H3C.ppt》由会员分享，可在线阅读，更多相关《BGP MPLS VPN配置与排错——H3C.ppt（28页珍藏版）》请在三一办公上搜索。

1、BGP/MPLS VPN配置与排错,BGP/MPLS VPN实现原理回顾BGP/MPLS VPN配置步骤与排错方法总结与提要,目标,1.巩固BGP/MPLS VPN的原理,3.熟悉MPLS VPN网络的排错方法,2.掌握MPLS VPN的配置方法,PC(CE4),SR88(PE1),S75E(PE2),AS37937,Lo=59.0.0.1,S36(CE1),Lo=59.0.0.2,Gig3/1/1,Vlan10 Gig2/0/1,Gig3/1/20,Gig3/1/19,Vlan20 Gig2/0/24,Vlan 30 Gig2/0/23,192.168.10.1/30,172.32.10.1

2、/24,Lo=192.168.254.10,192.168.12.1/30,172.32.12.1/24,Lo=192.168.255.10,VPN1,一个简单的MPLS VPN组网,172.32.10.2/24,S36(CE3),172.32.12.2/24,192.168.12.2/30,PC(CE2),192.168.10.2/30,VLan20 eth1/0/1,vlan20eth1/0/1,59.0.10.1/30,59.0.10.2/30,VPN2,PC(CE8),SR88(PE3),S75E(PE4),AS37937,Lo=59.0.0.3,S36(CE5),Lo=59.0.0.

3、4,Gig3/1/1,Vlan10 Gig2/0/1,Gig3/1/20,Gig3/1/19,Vlan20 Gig2/0/24,Vlan 30 Gig2/0/23,192.168.1.1/30,172.32.1.1/24,Lo=192.168.254.1,192.168.2.1/30,172.32.2.1/24,Lo=192.168.255.1,VPN1,一个简单的MPLS VPN组网,172.32.1.2/24,S36(CE7),172.32.2.2/24,192.168.2.2/30,PC(CE6),192.168.1.2/30,VLan20 eth1/0/1,vlan20eth1/0/1

4、,59.0.1.1/30,59.0.1.2/30,VPN2,BGP/MPLS VPN实现原理回顾BGP/MPLS VPN配置步骤与排错方法总结与提要,1.配置IGP公网路由协议,2.配置MPLS,3.配置BGP,4.配置VPN，配置PE和CE之间的路由,目标：所有PE和P设备可以互相学到32位loopback地址,目标：所有相邻PE和P设备之间建立LDPsession，并为其32位loopback地址分配MPLS标签,目标：所有PE设备之间普通BGP邻居和BGP vpnv4邻居,目标：PE设备可以学习到直连CE侧的私网路由（以OSPF为例）,5.将本端学到的私网路由引入到对应的BGP的VPN实

5、例，将BGP学过来的远端私网路由引入给本端的CE侧。,目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,MPLS VPN的配置步骤与逐步排错方法,1.配置IGP公网路由协议,目标：所有PE和P设备可以互相学到32位loop地址,SR88(PE1),S75(PE2),router id 59.0.0.1 ospf 1 area 0.0.0.0 network 59.0.0.1 0.0.0.0 network 59.0.10.0 0.0.0.3,router id 59.0.0.2 ospf 1 area 0.0.0.0 network 59.0.0.2 0.0

6、.0.0 network 59.0.10.2 0.0.0.3,1.配置IGP公网路由协议,目标：所有PE和P设备可以互相学到32位loop地址,SR88(PE1),PE1dis ip routing-table Routing Tables:Public Destinations:6 Routes:6Destination/Mask Proto Pre Cost NextHop Interface59.0.0.1/32 Direct 0 0 127.0.0.1 InLoop059.0.0.2/32 OSPF 10 1 59.0.10.2 GE3/1/1,1.配置IGP公网路由协议,目标：所有P

7、E和P设备可以互相学到32位loop地址,S75(PE2),PE2dis ip routing-table Routing Tables:Public Destinations:8 Routes:8Destination/Mask Proto Pre Cost NextHop Interface59.0.0.1/32 OSPF 10 1 59.0.10.1 Vlan1059.0.0.2/32 Direct 0 0 127.0.0.1 InLoop0,2.配置MPLS,目标：所有PE和P设备之间建立LDPsession，并为其32位loopback地址分配MPLS标签,SR88(PE1),S75

8、(PE2),mpls lsr-id 59.0.0.1 mpls mpls ldp,mpls lsr-id 59.0.0.2mplsmpls ldp,interface Gig3/1/1ip address 59.0.10.1 255.255.255.252 mpls mpls ldp,interface VLAN 10 ip address 59.0.10.2 255.255.255.252 mpls mpls ldp,2.配置MPLS,目标：所有相邻PE和P设备之间建立LDPsession，并为其32位loopback地址分配MPLS标签,SR88(PE1),dis mpls ldp ses

9、sion LDP Session(s)in Public Network Total number of sessions:1-Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv-59.0.0.2:0 Operational DU Passive Off Off 10/10-LAM:Label Advertisement Mode FT:Fault Tolerancedis mpls ldp lsp LDP LSP Information-SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface-

10、1 59.0.0.1/32 3/NULL 127.0.0.1-/InLoop0 2 59.0.0.2/32 NULL/3 59.0.10.2-/GE3/1/1-A*before an LSP means the LSP is not established A*before a Label means the USCB or DSCB is stale,2.配置MPLS,目标：所有PE和P设备之间建立LDPsession，并为其32位loopback地址分配MPLS标签,S75(PE2),PE2dis mpls ldp session LDP Session(s)in Public Netwo

11、rk Total number of sessions:1-Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv-59.0.0.1:0 Operational DU Active Off Off 4/4-LAM:Label Advertisement Mode FT:Fault TolerancePE2dis mpls ldp lsp LDP LSP Information-SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface-1 59.0.0.1/32 NULL/3 59.0.10.1-/Vl

12、an10 2 59.0.0.2/32 3/NULL 127.0.0.1 Vlan10/InLoop0-A*before an LSP means the LSP is not established A*before a Label means the USCB or DSCB is stale,3.配置BGP,目标：所有PE设备之间普通BGP邻居和BGP vpnv4邻居,SR88(PE1),S75(PE2),bgp 37937 peer 59.0.0.2 as-number 37937 peer 59.0.0.2 connect-interface LoopBack0#ipv4-family

13、 vpnv4 peer 59.0.0.2 enable,bgp 37937 peer 59.0.0.1 as-number 37937 peer 59.0.0.1 connect-interface LoopBack0#ipv4-family vpnv4 peer 59.0.0.1 enable,3.配置BGP,目标：所有PE设备之间普通BGP邻居和BGP vpnv4邻居,SR88(PE1),PE1dis bgp peer BGP local router ID:59.0.0.1 Local AS number:37937 Total number of peers:1 Peers in es

14、tablished state:1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 59.0.0.2 4 37937 3 3 0 0 00:01:45 EstablishedPE1dis bgp vpnPE1dis bgp vpnv4 allPE1dis bgp vpnv4 all peer BGP local router ID:59.0.0.1 Local AS number:37937 Total number of peers:1 Peers in established state:1 Peer V AS MsgRcvd Ms

15、gSent OutQ PrefRcv Up/Down State 59.0.0.2 4 37937 4 3 0 0 00:02:03 Established,3.配置BGP,目标：所有PE设备之间普通BGP邻居和BGP vpnv4邻居,S75(PE2),PE2-bgpdis bgp peer BGP local router ID:59.0.0.2 Local AS number:37937 Total number of peers:1 Peers in established state:1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down St

16、ate 59.0.0.1 4 37937 2 2 0 0 00:00:16 EstablishedPE2-bgpdis bgp vpnv4 all peer BGP local router ID:59.0.0.2 Local AS number:37937 Total number of peers:1 Peers in established state:1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 59.0.0.1 4 37937 2 2 0 0 00:00:33 Established,4.配置VPN，配置PE和CE之间的

17、路由,目标：PE设备可以学习到直连CE侧的私网路由（以OSPF为例）,SR88(PE1),ip vpn-instance vpn1 route-distinguisher 37937:1 vpn-target 37937:1 export-extcommunity vpn-target 37937:1 import-extcommunity#ip vpn-instance vpn2 route-distinguisher 37937:2 vpn-target 37937:2 export-extcommunity vpn-target 37937:2 import-extcommunity#i

18、nterface GigabitEthernet3/1/19 port link-mode route description TO_CE2 ip binding vpn-instance vpn2 ip address 172.32.10.1 255.255.255.0#interface GigabitEthernet3/1/20 port link-mode route description TO_CE1 ip binding vpn-instance vpn1 ip address 192.168.10.1 255.255.255.252#,ospf 11 vpn-instance

19、vpn1 area 0.0.0.0 network 192.168.10.0 0.0.0.3,S36(PE1)ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.3 network 192.168.254.10 0.0.0.0,4.配置VPN，配置PE和CE之间的路由,目标：PE设备可以学习到直连CE侧的私网路由（以OSPF为例）,ip vpn-instance vpn1 route-distinguisher 37937:1 vpn-target 37937:1 export-extcommunity vpn-target 37937:1 impor

20、t-extcommunity#ip vpn-instance vpn2 route-distinguisher 37937:2 vpn-target 37937:2 export-extcommunity vpn-target 37937:2 import-extcommunity#interface Vlan-interface20 description TO_CE3 ip binding vpn-instance vpn1 ip address 192.168.12.1 255.255.255.252#interface Vlan-interface30 description TO_C

21、E4 ip binding vpn-instance vpn2 ip address 172.32.12.1 255.255.255.0#,ospf 11 vpn-instance vpn1 area 0.0.0.0 network 192.168.2.0 0.0.0.3,S36-CE3ospf 1 area 0.0.0.0 network 192.168.12.0 0.0.0.3 network 192.168.255.10 0.0.0.0,S75(PE2),4.配置VPN，配置PE和CE之间的路由,目标：PE设备可以学习到直连CE侧的私网路由（以OSPF为例）,SR88(PE1),PE1d

22、is ospf peer OSPF Process 1 with Router ID 59.0.0.1 Neighbor Brief Information Area:0.0.0.0 Router ID Address Pri Dead-Time Interface State 59.0.0.2 59.0.10.2 1 36 GE3/1/1 Full/BDR OSPF Process 11 with Router ID 192.168.10.1 Neighbor Brief Information Area:0.0.0.0 Router ID Address Pri Dead-Time Int

23、erface State 192.168.10.2 192.168.10.2 1 33 GE3/1/20 Full/BDR,PE1dis ip rout vpn vpn1Routing Tables:vpn1 Destinations:7 Routes:7Destination/Mask Proto Pre Cost NextHop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.10.0/30 Direct 0 0 192.168.10.1 GE

24、3/1/20192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.254.10/32 OSPF 10 2 192.168.10.2 GE3/1/20,dis ip rout vpn-instance vpn1Routing Tables:vpn1 Destinations:7 Routes:7Destination/Mask Proto Pre Cost NextHop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoo

25、p0192.168.12.0/30 Direct 0 0 192.168.12.1 Vlan20192.168.12.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.255.10/32 OSPF 10 2 192.168.12.2 Vlan20,4.配置VPN，配置PE和CE之间的路由,目标：PE设备可以学习到直连CE侧的私网路由（以OSPF为例）,dis ospf peer OSPF Process 1 with Router ID 59.0.0.2 Neighbor Brief Information Area:0.0.0.0 Router ID Addr

26、ess Pri Dead-Time Interface State 59.0.0.1 59.0.10.1 1 36 Vlan10 Full/DR OSPF Process 11 with Router ID 192.168.12.1 Neighbor Brief Information Area:0.0.0.0 Router ID Address Pri Dead-Time Interface State 192.168.255.10 192.168.12.2 1 33 Vlan20 Full/BDR,S75(PE2),5.将本端学到的私网路由引入到对应的BGP的VPN实例将BGP学过来的远

27、端私网路由引入给本端的CE侧,SR88(PE1),S75(PE2),bgp 37937 ipv4-family vpn-instance vpn1 import-route direct import-route ospf 11#ipv4-family vpn-instance vpn2 import-route direct,bgp 37937 ipv4-family vpn-instance vpn1 import-route direct import-route ospf 11#ipv4-family vpn-instance vpn2 import-route direct,ospf

28、 11 vpn-instance vpn1 import-route bgp area 0.0.0.0 network 192.168.1.0 0.0.0.3#,ospf 11 vpn-instance vpn1 import-route bgp area 0.0.0.0 network 192.168.2.0 0.0.0.3,目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,5.将本端学到的私网路由引入到对应的BGP的VPN实例将BGP学过来的远端私网路由引入给本端的CE侧,SR88(PE1),PE1dis ip rout vpn vpn1Routing

29、 Tables:vpn1 Destinations:7 Routes:7Destination/Mask Proto Pre Cost NextHop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.10.0/30 Direct 0 0 192.168.10.1 GE3/1/20192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.12.0/30 BGP 255 0 59.0.0.2 NULL019

30、2.168.254.10/32 OSPF 10 2 192.168.10.2 GE3/1/20192.168.255.10/32 BGP 255 3 59.0.0.2 NULL0,目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,5.将本端学到的私网路由引入到对应的BGP的VPN实例将BGP学过来的远端私网路由引入给本端的CE侧,dis ip routing-table vpn vpn1Routing Tables:vpn1 Destinations:7 Routes:7Destination/Mask Proto Pre Cost NextHop Int

31、erface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.10.0/30 BGP 255 0 59.0.0.1 NULL0192.168.12.0/30 Direct 0 0 192.168.12.1 Vlan20192.168.12.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.254.10/32 BGP 255 3 59.0.0.1 NULL0192.168.255.10/32 OSPF 10 2 192.168.12.2

32、Vlan20,S75(PE2),目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,5.将本端学到的私网路由引入到对应的BGP的VPN实例将BGP学过来的远端私网路由引入给本端的CE侧,S36(CE1),目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,dis ip routing-table Routing Table:public netDestination/Mask Protocol Pre Cost Nexthop Interface127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopB

33、ack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.10.0/30 DIRECT 0 0 192.168.10.2 Vlan-interface10192.168.10.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.12.0/30 O_ASE 150 1 192.168.10.1 Vlan-interface10192.168.254.10/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.255.10/32 OSPF 10 13 192.168.10.

34、1 Vlan-interface10ping 192.168.255.10 PING 192.168.255.10:56 data bytes,press CTRL_C to break Reply from 192.168.255.10:bytes=56 Sequence=1 ttl=252 time=4 ms Reply from 192.168.255.10:bytes=56 Sequence=2 ttl=252 time=4 ms Reply from 192.168.255.10:bytes=56 Sequence=3 ttl=252 time=4 ms,5.将本端学到的私网路由引入

35、到对应的BGP的VPN实例将BGP学过来的远端私网路由引入给本端的CE侧,S36(CE3),目标：PE设备可以学习到远端CE侧的私网路由 CE设备可以学习到远端CE侧的私网路由,dis ip routing-table Routing Table:public netDestination/Mask Protocol Pre Cost Nexthop Interface127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.10.0/30 O_ASE 15

36、0 1 192.168.12.1 Vlan-interface20192.168.12.0/30 DIRECT 0 0 192.168.12.2 Vlan-interface20192.168.12.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.254.10/32 OSPF 10 13 192.168.12.1 Vlan-interface20192.168.255.10/32 DIRECT 0 0 127.0.0.1 InLoopBack0ping 192.168.254.10 PING 192.168.254.10:56 data bytes,p

37、ress CTRL_C to break Reply from 192.168.254.10:bytes=56 Sequence=1 ttl=252 time=6 ms Reply from 192.168.254.10:bytes=56 Sequence=2 ttl=252 time=4 ms Reply from 192.168.254.10:bytes=56 Sequence=3 ttl=252 time=4 ms,BGP/MPLS VPN实现原理回顾BGP/MPLS VPN配置步骤与排错方法总结与提要,总结,MPLS VPN配置的5个步骤,1.配置IGP公网路由协议,2.配置MPLS,3.配置BGP,4.配置VPN，配置PE和CE之间的路由,5.将本端学到的私网路由引入到对应的BGP的VPN实例，将BGP学过来的远端私网路由引入给本端的CE侧。,总结,感谢各位！,

展开阅读全文