思科路由器MPLS-VPN配置

Hello World, Hello Blog

Posted by Haike Nan on March 28, 2021
需求:
  1. 完成基本IP配置
  2. BGP234内运行OSPF(进程号100),激活MPLS
  3. 在PE上创建VRF,将PE-CE间的接口放入VRF;在PE和CE间运行IGP协议
  4. PE配置MP-BGP,建立MP-iBGP邻接关系
  5. 完成PE-CE之间的路由重发布
拓扑:

点击图片查看大图

配置:

CE1:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/1
 ip address 202.0.12.1 255.255.255.0
 mpls ip #此处启用mpls只为能跟踪到mpls上的流量
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.1.254 0.0.0.0 area 0
 network 202.0.12.1 0.0.0.0 area 0
!

CE2:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
 ip address 202.0.45.5 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.2.254 255.255.255.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1
 router-id 5.5.5.5
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.2.254 0.0.0.0 area 0
 network 202.0.45.5 0.0.0.0 area 0
!

CE3:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
interface Loopback0
 ip address 6.6.6.6 255.255.255.0
!
interface Ethernet0/0
 ip address 202.0.26.6 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1
 router-id 6.6.6.6
 network 192.168.1.254 0.0.0.0 area 0
 network 202.0.26.6 0.0.0.0 area 0
!

CE4:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
interface Ethernet0/0
 ip address 202.0.47.7 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.2.254 255.255.255.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1
 network 192.168.2.254 0.0.0.0 area 0
 network 202.0.47.7 0.0.0.0 area 0
!

PE1:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
ip vrf kenan #定义名为kenan的VRF
 rd 234:2 #设置RD值(AS号加编号)
 route-target export 234:2 #设置出方向的RT值(和对端PE的import对应)
 route-target import 234:4 #设置入方向的RT值(和对端PE的export对应)
!
ip vrf xiaokun
 rd 234:5
 route-target export 234:6
 route-target import 234:7
!
!
!
!
mpls label range 200 299 #设置mpls标签范围(仅为方便实验观察,现网中请慎用)
mpls ldp router-id Loopback0 #
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
 ip vrf forwarding kenan #将接口划分给vrf(划分之后接口IP地址会被移除)
 ip address 202.0.12.2 255.255.255.0
!
interface Ethernet0/1
 ip address 202.0.23.2 255.255.255.0
 mpls ip #启用mpls
!
interface Ethernet0/2
 ip vrf forwarding xiaokun
 ip address 202.0.26.2 255.255.255.0
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1 vrf kenan #配置PE和CE之间的动态路由(需在完成vrf配置之后,不然无法启动进程)
 redistribute bgp 234 subnets #将bgp重发布进此路由进程
 network 202.0.12.2 0.0.0.0 area 0
!
router ospf 2 vrf xiaokun
 redistribute bgp 234 subnets
 network 202.0.26.2 0.0.0.0 area 0
!
router ospf 100
 router-id 2.2.2.2
 network 2.2.2.2 0.0.0.0 area 0
 network 202.0.23.2 0.0.0.0 area 0
!
router bgp 234
 bgp router-id 2.2.2.2
 no bgp default ipv4-unicast #关闭bgp的ipv4单播
 neighbor 4.4.4.4 remote-as 234
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family vpnv4 #进入vpnv4地址族
  neighbor 4.4.4.4 activate #激活邻居
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf kenan
  redistribute ospf 1 match internal external 1 external 2 #将vrf的OSPF路由重发布进BGP(将所有OSPF的路由都重发布进来)
 exit-address-family
 !
 address-family ipv4 vrf xiaokun
  redistribute ospf 2 match internal external 1 external 2
 exit-address-family
!

PE2:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
ip vrf kenan
 rd 234:4
 route-target export 234:4
 route-target import 234:2
!
ip vrf xiaokun
 rd 234:5
 route-target export 234:7
 route-target import 234:6
!
!
!
mpls label range 400 499
mpls ldp router-id Loopback0
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
 ip address 202.0.34.4 255.255.255.0
 mpls ip
!
interface Ethernet0/1
 ip vrf forwarding kenan
 ip address 202.0.45.4 255.255.255.0
!
interface Ethernet0/2
 ip vrf forwarding xiaokun
 ip address 202.0.47.4 255.255.255.0
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1 vrf kenan
 redistribute bgp 234 subnets
 network 202.0.45.4 0.0.0.0 area 0
!
router ospf 2 vrf xiaokun
 redistribute bgp 234 subnets
 network 202.0.47.4 0.0.0.0 area 0
!
router ospf 100
 router-id 4.4.4.4
 network 4.4.4.4 0.0.0.0 area 0
 network 202.0.34.4 0.0.0.0 area 0
!
router bgp 234
 bgp router-id 4.4.4.4
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2.2.2.2 remote-as 234
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf kenan
  redistribute ospf 1 match internal external 1 external 2
 exit-address-family
 !
 address-family ipv4 vrf xiaokun
  redistribute ospf 2 match internal external 1 external 2
 exit-address-family
!

P:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
mpls label range 300 399
mpls ldp router-id Loopback0
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
 ip address 202.0.23.3 255.255.255.0
 mpls ip
!
interface Ethernet0/1
 ip address 202.0.34.3 255.255.255.0
 mpls ip
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 100
 router-id 3.3.3.3
 network 3.3.3.3 0.0.0.0 area 0
 network 202.0.23.3 0.0.0.0 area 0
 network 202.0.34.3 0.0.0.0 area 0
!

PC1pingPC2,抓包发现确实是去了PC2(没有去PC4):

点击图片查看大图

PC3pingPC4同理:

点击图片查看大图