BGP MPLS L3VPN实验

BGP MPLS L3VPN实验

本实验演示BGP MPLS L3VPN基础配置,作为IPRAN的最根本基础应熟练掌握。

一、组网需求

组网图如下图所示:

  • CE1、CE3属于VPN-A。
  • CE2、CE4属于VPN-B。
  • VPN-A使用的VPN-target属性为111:1,VPN-B为222:2。
  • 不同VPN用户之间不能互相访问。

eNSP选择路由器时,建议选择Router,端口够用,最主要是配置时更为流畅。

二、配置思路

采用如下的思路配置BGP/MPLS IP VPN:

  1. 骨干网上配置ISIS实现PE之间的互通。
  2. 配置MPLS基本能力和MPLS LDP,建立MPLS LSP。
  3. PE之间配置MP-IBGP交换VPN路由信息。
  4. PE上配置VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
  5. CE与PE之间配置直连路由交互VPN路由信息。

三、数据配置

说明: 默认情况下,控制台用户显示功能为打开状态,设备的所有的调试/日志/告警信息都会在调测过程不断显示,如果不想显示,可通过<HUAWEI> undo terminal monitor命令关闭终端显示功能。

1. 在MPLS骨干网上配置IGP协议,实现骨干网PE和P之间的互通

配置PE1:

<HUAWEI> system-view 
[HUAWEI] sysname PE1 
[PE1] isis 1 
[PE1-isis-1] is-level level-2 
[PE1-isis-1] network-entity 49.0123.0010.0100.1001.00 
[PE1-isis-1] quit 
[PE1] interface loopback 0 
[PE1-LoopBack0] ip address 1.1.1.1 32 
[PE1-LoopBack0] isis enable 1 
[PE1-LoopBack0] quit 
[PE1] interface GigabitEthernet0/0/0 
[PE1-GigabitEthernet0/0/0] ip address 172.1.1.1 24 
[PE1-GigabitEthernet0/0/0] isis enable 1 
[PE1-GigabitEthernet0/0/0] quit

配置P:

<HUAWEI> system-view 
[HUAWEI] sysname P 
[P] isis 1 
[P-isis-1] is-level level-2 
[P-isis-1] network-entity 49.0123.0020.0200.2002.00 
[P-isis-1] quit 
[P] interface loopback 0 
[P-loopback0] ip address 2.2.2.2 32 
[P-LoopBack0] isis enable 1 
[P-loopback0] quit 
[P] interface GigabitEthernet0/0/0 
[P-GigabitEthernet0/0/0] ip address 172.1.1.2 24 
[P-GigabitEthernet0/0/0] isis enable 1 
[P-GigabitEthernet0/0/0] quit 
[P] interface GigabitEthernet0/0/1 
[P-GigabitEthernet0/0/1] ip address 172.2.1.1 24 
[P-GigabitEthernet0/0/1] isis enable 1 
[P-GigabitEthernet0/0/1] quit 

配置PE2:

<HUAWEI> system-view 
[HUAWEI] sysname PE2 
[PE2] isis 1 
[PE2-isis-1] is-level level-2 
[PE2-isis-1] network-entity 49.0123.0030.0300.3003.00 
[PE2-isis-1] quit
[PE2] interface loopback 0 
[PE2-loopback0] ip address 3.3.3.3 32 
[PE2-LoopBack0] isis enable 1 
[PE2-loopback0] quit 
[PE2] interface GigabitEthernet0/0/0 
[PE2-GigabitEthernet0/0/0] ip address 172.2.1.2 24 
[PE2-GigabitEthernet0/0/0] isis enable 1 
[PE2-GigabitEthernet0/0/0] quit 

配置完成后,PE1、P、PE2之间应能建立ISIS邻居关系,执行display isis peer命令可以看到邻居状态为Up。执行display ip routing-table 命令可以看到PE之间学习到对方的loopback0路由。

以PE1的显示为例:

[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 8        Routes : 8        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
        2.2.2.2/32  ISIS-L2 15   10          D   172.1.1.2       GigabitEthernet 0/0/0
        3.3.3.3/32  ISIS-L2 15   20          D   172.1.1.2       GigabitEthernet
0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      172.1.1.0/24  Direct  0    0           D   172.1.1.1       GigabitEthernet
0/0/0
      172.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
      172.2.1.0/24  ISIS-L2 15   20          D   172.1.1.2       GigabitEthernet
0/0/0

[PE1] display isis peer 

                          Peer information for ISIS(1)

  System Id     Interface          Circuit Id       State HoldTime Type     PRI
-------------------------------------------------------------------------------
0020.0200.2002  GE0/0/0            0010.0100.1001.01 Up   22s      L2       64 

Total Peer(s): 1 

2. 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP

配置PE1:

[PE1] mpls lsr-id 1.1.1.1 
[PE1] mpls 
[PE1-mpls] quit 
[PE1] mpls ldp 
[PE1-mpls-ldp] quit 
[PE1] interface GigabitEthernet0/0/0 
[PE1-GigabitEthernet0/0/0] mpls 
[PE1-GigabitEthernet0/0/0] mpls ldp 
[PE1-GigabitEthernet0/0/0] quit 

配置P:

[P] mpls lsr-id 2.2.2.2 
[P] mpls 
[P-mpls] quit 
[P] mpls ldp 
[P-mpls-ldp] quit 
[P] interface GigabitEthernet0/0/0 
[P-GigabitEthernet0/0/0] mpls 
[P-GigabitEthernet0/0/0] mpls ldp 
[P-GigabitEthernet0/0/0] quit 
[P] interface GigabitEthernet0/0/1 
[P-GigabitEthernet0/0/1] mpls 
[P-GigabitEthernet0/0/1] mpls ldp 
[P-GigabitEthernet0/0/1] quit 

配置PE2:

[PE2] mpls lsr-id 3.3.3.3 
[PE2] mpls 
[PE2-mpls] quit 
[PE2] mpls ldp 
[PE2-mpls-ldp] quit 
[PE2] interface GigabitEthernet0/0/0 
[PE2-GigabitEthernet0/0/0] mpls 
[PE2-GigabitEthernet0/0/0] mpls ldp 
[PE2-GigabitEthernet0/0/0] quit

上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。

以PE1的显示为例:

[PE1] display mpls ldp session

 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted.
 ------------------------------------------------------------------------------
 PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
 ------------------------------------------------------------------------------
 2.2.2.2:0          Operational DU   Passive  0000:00:01  6/6
 ------------------------------------------------------------------------------
 TOTAL: 1 session(s) Found.

[PE1] display mpls ldp lsp

 LDP LSP Information
 -------------------------------------------------------------------------------
 DestAddress/Mask   In/OutLabel    UpstreamPeer    NextHop         OutInterface
 -------------------------------------------------------------------------------

 1.1.1.1/32         3/NULL         2.2.2.2         127.0.0.1       InLoop0
*1.1.1.1/32         Liberal/1024                   DS/2.2.2.2
 2.2.2.2/32         NULL/3         -               172.1.1.2       GE0/0/0
 2.2.2.2/32         1024/3         2.2.2.2         172.1.1.2       GE0/0/0
 3.3.3.3/32         NULL/1025      -               172.1.1.2       GE0/0/0
 3.3.3.3/32         1025/1025      2.2.2.2         172.1.1.2       GE0/0/0
 -------------------------------------------------------------------------------
 TOTAL: 5 Normal LSP(s) Found.
 TOTAL: 1 Liberal LSP(s) Found.
 TOTAL: 0 Frr LSP(s) Found.
 A '*' before an LSP means the LSP is not established
 A '*' before a Label means the USCB or DSCB is stale
 A '*' before a UpstreamPeer means the session is stale
 A '*' before a DS means the session is stale
 A '*' before a NextHop means the LSP is FRR LSP

3. 在PE之间建立MP-IBGP对等体关系

配置PE1:

[PE1] bgp 100 
[PE1-bgp] peer 3.3.3.3 as-number 100 
[PE1-bgp] peer 3.3.3.3 connect-interface loopback 0 
[PE1-bgp] ipv4-family vpnv4 
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable 
[PE1-bgp-af-vpnv4] quit 
[PE1-bgp] quit 

配置PE2:

[PE2] bgp 100 
[PE2-bgp] peer 1.1.1.1 as-number 100 
[PE2-bgp] peer 1.1.1.1 connect-interface loopback 0 
[PE2-bgp] ipv4-family vpnv4 
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable 
[PE2-bgp-af-vpnv4] quit 
[PE2-bgp] quit 

配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP VPNv4对等体关系已建立,并达到Established状态。

[PE1] display bgp vpnv4 all peer

 BGP local router ID : 1.1.1.1
 Local AS number : 100
 Total number of peers : 1          Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State Pre
fRcv

  3.3.3.3         4         100        8        9     0 00:06:04 Established    
   0

说明: BGP缺省情况下,连接重传时间间隔是32秒,所以两端配置完成后需等待32秒后查看BGP对等体关系。

4. 在PE设备上配置VPN实例,将CE接入PE

配置PE1:

[PE1] ip vpn-instance vpna 
[PE1-vpn-instance-vpna] ipv4-family 
[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both 
[PE1-vpn-instance-vpna-af-ipv4] quit 
[PE1-vpn-instance-vpna] quit 
[PE1] ip vpn-instance vpnb 
[PE1-vpn-instance-vpnb] ipv4-family 
[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both 
[PE1-vpn-instance-vpnb-af-ipv4] quit 
[PE1-vpn-instance-vpnb] quit 
[PE1] interface gigabitethernet 0/0/1 
[PE1-GigabitEthernet0/0/1] ip binding vpn-instance vpna 
[PE1-GigabitEthernet0/0/1] ip address 10.1.1.2 24 
[PE1-GigabitEthernet0/0/1] quit 
[PE1] interface gigabitethernet 0/0/2 
[PE1-GigabitEthernet0/0/2] ip binding vpn-instance vpnb 
[PE1-GigabitEthernet0/0/2] ip address 10.2.1.2 24 
[PE1-GigabitEthernet0/0/2] quit 

配置PE2:

[PE2] ip vpn-instance vpna 
[PE2-vpn-instance-vpna] ipv4-family 
[PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both 
[PE2-vpn-instance-vpna-af-ipv4] quit 
[PE2-vpn-instance-vpna] quit 
[PE2] ip vpn-instance vpnb 
[PE2-vpn-instance-vpnb] ipv4-family 
[PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both 
[PE2-vpn-instance-vpnb-af-ipv4] quit 
[PE2-vpn-instance-vpnb] quit 
[PE2] interface gigabitethernet 0/0/1 
[PE2-GigabitEthernet0/0/1] ip binding vpn-instance vpna 
[PE2-GigabitEthernet0/0/1] ip address 10.3.1.2 24 
[PE2-GigabitEthernet0/0/1] quit 
[PE2] interface gigabitethernet 0/0/2 
[PE2-GigabitEthernet0/0/2] ip binding vpn-instance vpnb 
[PE2-GigabitEthernet0/0/2] ip address 10.4.1.2 24 
[PE2-GigabitEthernet0/0/2] quit 

配置CE1:

<HUAWEI> system-view 
[HUAWEI] sysname CE1 
[CE1] interface GigabitEthernet0/0/0 
[CE1-GigabitEthernet0/0/0] ip address 10.1.1.1 24 
[CE1-GigabitEthernet0/0/0] quit 

配置CE2:

<HUAWEI> system-view 
[HUAWEI] sysname CE2 
[CE2] interface GigabitEthernet0/0/0 
[CE2-GigabitEthernet0/0/0] ip address 10.2.1.1 24 
[CE2-GigabitEthernet0/0/0] quit 

配置CE3:

<HUAWEI> system-view 
[HUAWEI] sysname CE3 
[CE3] interface GigabitEthernet0/0/0 
[CE3-GigabitEthernet0/0/0] ip address 10.3.1.1 24 
[CE3-GigabitEthernet0/0/0] quit 

配置CE4:

<HUAWEI> system-view 
[HUAWEI] sysname CE4 
[CE4] interface GigabitEthernet0/0/0 
[CE4-GigabitEthernet0/0/0] ip address 10.4.1.1 24 
[CE4-GigabitEthernet0/0/0] quit 

执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

说明: 当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,如果不指定源地址,可能会因为设备默认选择的原地址不正确导致ping 不通。

以PE1和CE1为例:

[PE1] display ip vpn-instance verbose
 Total VPN-Instances configured : 2

 VPN-Instance Name and ID : vpna, 1
  Interfaces : GigabitEthernet0/0/1
 Address family ipv4
  Create date : 2020-02-07 00:28:52-08:00
  Up time : 0 days, 00 hours, 16 minutes and 58 seconds
  Route Distinguisher : 100:1
  Export VPN Targets :  111:1
  Import VPN Targets :  111:1
  Label Policy : label per route
  The diffserv-mode Information is : uniform   
  The ttl-mode Information is : pipe
  Log Interval : 5

 VPN-Instance Name and ID : vpnb, 2
  Interfaces : GigabitEthernet0/0/2
 Address family ipv4
  Create date : 2020-02-07 00:29:37-08:00
  Up time : 0 days, 00 hours, 16 minutes and 13 seconds
  Route Distinguisher : 200:2
  Export VPN Targets :  222:2
  Import VPN Targets :  222:2
  Label Policy : label per route
  The diffserv-mode Information is : uniform   
  The ttl-mode Information is : pipe
  Log Interval : 5

[PE1] ping -vpn-instance vpna 10.1.1.1
  PING 10.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=50 ms

  --- 10.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 50/50/50 ms

5. 在PE引入直连VPN路由,CE配置默认路由

配置PE1:

[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit

配置PE2:

[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpna
[PE2-bgp-vpna] import-route direct
[PE2-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit

配置CE1:

[CE1] ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 

配置CE2:

[CE2] ip route-static 0.0.0.0 0.0.0.0 10.2.1.2 

配置CE3:

[CE3] ip route-static 0.0.0.0 0.0.0.0 10.3.1.2 

配置CE4:

[CE4] ip route-static 0.0.0.0 0.0.0.0 10.4.1.2 

6. 检查配置结果

在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由。

以PE1的显示为例:

[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 3        Routes : 3        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  Direct  0    0           D   10.1.1.2        GigabitEthernet
0/0/1
       10.1.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
       10.3.1.0/24  IBGP    255  0          RD   3.3.3.3         GigabitEthernet
0/0/0

[PE1] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
         Destinations : 3        Routes : 3        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.2.1.0/24  Direct  0    0           D   10.2.1.2        GigabitEthernet
0/0/2
       10.2.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2
       10.4.1.0/24  IBGP    255  0          RD   3.3.3.3         GigabitEthernet
0/0/0

同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。
例如:CE1能够Ping通CE3(10.3.1.1/24),但不能Ping通CE4(10.4.1.1/24)。

[CE1] ping 10.3.1.1
  PING 10.3.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=110 ms
    Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=80 ms
    Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=100 ms
    Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=100 ms
    Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=110 ms

  --- 10.3.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 80/100/110 ms

[CE1] ping 10.4.1.1
  PING 10.4.1.1: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 10.4.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 xumeng32@126.com

文章标题:BGP MPLS L3VPN实验

文章字数:3k

本文作者:F_numen

发布时间:2020-02-06, 17:35:03

最后更新:2020-02-08, 15:52:09

原始链接:https://netheroone.cn/archives/fed0b8e7.html

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

目录
/*baidu统计*/