【思科×××】BGP MPLS-×××基本部署執行個體

實驗拓撲：

實驗需求：如圖，r1,r2,r3為公網路由器，屬于as65001。r4，r6為a公司的總公司和子公司出口路由器，r5,r7為b公司的總公司和子公司的出口路由器。營運商為r4,r5連接配接r1的網段均部署為私網網段172.16.40.0/24 ,為r6,r7連接配接r3的網段部署為172.16.60.0/24和172.16.70.0/24 。

要求使a公司的總公司(40.1)能與子公司出口路由器的内網網段(60.1)通信，b公司的總公司(40.1)能與子公司出口路由器的内網網段(70.1)通信。

實驗步驟：

首先進行基本配置。(r1,r3的下行口一會再配）

r1:

f0/0:12.0.0.1/24

l0:1.1.1.1/32

r2:

f0/0:12.0.0.2/24

f0/1:23.0.0.2/24

l0:2.2.2.2/32

r3

f0/0:23.0.0.3/24

l0:3.3.3.3/32

r4

f0/0:172.16.40.2/24

l0:192.168.40.1/24

r5

r6

f0/0:172.16.60.2/24

l0:192.168.60.1/24

r7

f0/0:172.16.70.2/24

l0:192.168.70.1/24

首先在r1,r2,r3上運作ospf協定。

r1

router ospf 1

 router-id 1.1.1.1

  network 1.1.1.1 0.0.0.0 area 0

 network 12.0.0.0 0.0.0.255 area 0

!

r2

 router-id 2.2.2.2

 network 2.2.2.2 0.0.0.0 area 0

 network 23.0.0.0 0.0.0.255 area 0

 router-id 3.3.3.3

 network 3.3.3.3 0.0.0.0 area 0

測試下連通性

r1#p 3.3.3.3                        

type escape sequence to abort.

sending 5, 100-byte icmp echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

success rate is 100 percent (5/5), round-trip min/avg/max = 32/42/64 ms

2.運作mpls-vpn，建立vrf路由表

建立a公司的vrf表vpna,建立b公司的vrf表vpnb

ip vrf vpna

 rd 100:1

 route-target export 100:1

 route-target import 100:1

ip vrf vpnb

 rd 200:1

 route-target export 200:1

 route-target import 200:1

将下行口分别放入vpna,vpnb

interface fastethernet0/1

 ip vrf forwarding vpna

 ip address 172.16.40.1 255.255.255.0

interface fastethernet1/0

 ip vrf forwarding vpnb

 !

在r4,r5上做預設指向r1, r1上做靜态往下指

ip route 0.0.0.0 0.0.0.0 172.16.40.1

!        

r1做靜态時要關聯vrf表

ip route vrf vpna 192.168.40.0 255.255.255.0 172.16.40.2

ip route vrf vpnb 192.168.40.0 255.255.255.0 172.16.40.2

!    

r1#p vrf vpna 192.168.40.1

sending 5, 100-byte icmp echos to 192.168.40.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

r3與r1做類似配置

 ip address 172.16.60.1 255.255.255.0

 ip address 172.16.70.1 255.255.255.0

!  

r3,r6,r7運作ripv2協定

router rip

 version 2

 network 172.16.60.0

 network 192.168.60.0

 no auto-summary

 network 172.16.70.0

 network 192.168.70.0

r3運作ripv2時要關聯vrf路由表

 !       

 address-family ipv4 vrf vpnb

 exit-address-family

 address-family ipv4 vrf vpna

 version 2   

r3#p vrf vpna 192.168.60.1

sending 5, 100-byte icmp echos to 192.168.60.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 4/23/56 ms

現在私網網段已經搞定了。

3.在r1,r3上運作mp-bgp協定，建立ibgp鄰居。

router bgp 65001

  bgp router-id 1.1.1.1

  neighbor 3.3.3.3 remote-as 65001

 neighbor 3.3.3.3 update-source loopback0

激活mp-bgp鄰居

 address-family vpnv4

 neighbor 3.3.3.3 activate

 neighbor 3.3.3.3 send-community extended

 bgp router-id 3.3.3.3

  neighbor 1.1.1.1 remote-as 65001

 neighbor 1.1.1.1 update-source loopback0

 neighbor 1.1.1.1 activate

 neighbor 1.1.1.1 send-community extended

在r1的bgp上釋出兩條192.168.40.0/24路由,這裡采用直接network 和重釋出兩種方法。

address-family ipv4 vrf vpna

！

address-family ipv4 vrf vpnb

redistribute static metric 20

在r3的bgp上，将ripv2重釋出進bgp,同時也要将bgp協定重釋出進ripv2，使得回程可達。

 redistribute rip metric 20

redistribute bgp 65001 metric 3

4.别忘記r2并沒有運作bgp,并無私網路由，此時會造成路由黑洞，是以，在r1,r2,r3上可以運作ldp協定來解決。

interface fastethernet0/0

 mpls ip

檢視ldp鄰居是否建立

r2#show mpls ldp neighbor 

    peer ldp ident: 1.1.1.1:0; local ldp ident 2.2.2.2:0

        tcp connection: 1.1.1.1.646 - 2.2.2.2.21318

        state: oper; msgs sent/rcvd: 97/98; downstream

        up time: 01:18:42

        ldp discovery sources:

          fastethernet0/0, src ip addr: 12.0.0.1

        addresses bound to peer ldp ident:

          12.0.0.1        1.1.1.1

    peer ldp ident: 3.3.3.3:0; local ldp ident 2.2.2.2:0

        tcp connection: 3.3.3.3.14076 - 2.2.2.2.646

        state: oper; msgs sent/rcvd: 99/97; downstream

        up time: 01:18:41

          fastethernet0/1, src ip addr: 23.0.0.3

          23.0.0.3        3.3.3.3  

沒問題，在r1,r3上檢視是否學習到對方的私網路由

r1#show ip bgp vpnv4 vrf vpna

bgp table version is 9, local router id is 1.1.1.1

   network          next hop            metric locprf weight path

route distinguisher: 100:1 (default for vrf vpna)

*> 192.168.40.0     172.16.40.2              0         32768 i

*>i192.168.60.0     3.3.3.3                  1    100      0 i

r1#show ip bgp vpnv4 vrf vpnb

route distinguisher: 200:1 (default for vrf vpnb)

*>i192.168.70.0     3.3.3.3                  1    100      0 i

r3 

r3#show ip bgp vpnv4 vrf vpna

bgp table version is 9, local router id is 3.3.3.3

*>i192.168.40.0     1.1.1.1                  0    100      0 i

*> 192.168.60.0     172.16.60.2              1         32768 i

r3#show ip bgp vpnv4 vrf vpnb

*> 192.168.70.0     172.16.70.2              1         32768 i

可以發現已經互相學習到了

最後進行連通性測試

r4#p 192.168.60.1 source 192.168.40.1

packet sent with a source address of 192.168.40.1

success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/116 ms

r4#

r5#p 192.168.70.1 source 192.168.40.1

sending 5, 100-byte icmp echos to 192.168.70.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 68/92/128 ms

可以通信了，實驗結束。