【思科×××】BGP MPLS-×××基本部署实例

实验拓扑：

实验需求：如图，r1,r2,r3为公网路由器，属于as65001。r4，r6为a公司的总公司和子公司出口路由器，r5,r7为b公司的总公司和子公司的出口路由器。运营商为r4,r5连接r1的网段均部署为私网网段172.16.40.0/24 ,为r6,r7连接r3的网段部署为172.16.60.0/24和172.16.70.0/24 。

要求使a公司的总公司(40.1)能与子公司出口路由器的内网网段(60.1)通信，b公司的总公司(40.1)能与子公司出口路由器的内网网段(70.1)通信。

实验步骤：

首先进行基本配置。(r1,r3的下行口一会再配）

r1:

f0/0:12.0.0.1/24

l0:1.1.1.1/32

r2:

f0/0:12.0.0.2/24

f0/1:23.0.0.2/24

l0:2.2.2.2/32

r3

f0/0:23.0.0.3/24

l0:3.3.3.3/32

r4

f0/0:172.16.40.2/24

l0:192.168.40.1/24

r5

r6

f0/0:172.16.60.2/24

l0:192.168.60.1/24

r7

f0/0:172.16.70.2/24

l0:192.168.70.1/24

首先在r1,r2,r3上运行ospf协议。

r1

router ospf 1

 router-id 1.1.1.1

  network 1.1.1.1 0.0.0.0 area 0

 network 12.0.0.0 0.0.0.255 area 0

!

r2

 router-id 2.2.2.2

 network 2.2.2.2 0.0.0.0 area 0

 network 23.0.0.0 0.0.0.255 area 0

 router-id 3.3.3.3

 network 3.3.3.3 0.0.0.0 area 0

测试下连通性

r1#p 3.3.3.3                        

type escape sequence to abort.

sending 5, 100-byte icmp echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

success rate is 100 percent (5/5), round-trip min/avg/max = 32/42/64 ms

2.运行mpls-vpn，建立vrf路由表

建立a公司的vrf表vpna,建立b公司的vrf表vpnb

ip vrf vpna

 rd 100:1

 route-target export 100:1

 route-target import 100:1

ip vrf vpnb

 rd 200:1

 route-target export 200:1

 route-target import 200:1

将下行口分别放入vpna,vpnb

interface fastethernet0/1

 ip vrf forwarding vpna

 ip address 172.16.40.1 255.255.255.0

interface fastethernet1/0

 ip vrf forwarding vpnb

 !

在r4,r5上做默认指向r1, r1上做静态往下指

ip route 0.0.0.0 0.0.0.0 172.16.40.1

!        

r1做静态时要关联vrf表

ip route vrf vpna 192.168.40.0 255.255.255.0 172.16.40.2

ip route vrf vpnb 192.168.40.0 255.255.255.0 172.16.40.2

!    

r1#p vrf vpna 192.168.40.1

sending 5, 100-byte icmp echos to 192.168.40.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

r3与r1做类似配置

 ip address 172.16.60.1 255.255.255.0

 ip address 172.16.70.1 255.255.255.0

!  

r3,r6,r7运行ripv2协议

router rip

 version 2

 network 172.16.60.0

 network 192.168.60.0

 no auto-summary

 network 172.16.70.0

 network 192.168.70.0

r3运行ripv2时要关联vrf路由表

 !       

 address-family ipv4 vrf vpnb

 exit-address-family

 address-family ipv4 vrf vpna

 version 2   

r3#p vrf vpna 192.168.60.1

sending 5, 100-byte icmp echos to 192.168.60.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 4/23/56 ms

现在私网网段已经搞定了。

3.在r1,r3上运行mp-bgp协议，建立ibgp邻居。

router bgp 65001

  bgp router-id 1.1.1.1

  neighbor 3.3.3.3 remote-as 65001

 neighbor 3.3.3.3 update-source loopback0

激活mp-bgp邻居

 address-family vpnv4

 neighbor 3.3.3.3 activate

 neighbor 3.3.3.3 send-community extended

 bgp router-id 3.3.3.3

  neighbor 1.1.1.1 remote-as 65001

 neighbor 1.1.1.1 update-source loopback0

 neighbor 1.1.1.1 activate

 neighbor 1.1.1.1 send-community extended

在r1的bgp上发布两条192.168.40.0/24路由,这里采用直接network 和重发布两种方法。

address-family ipv4 vrf vpna

！

address-family ipv4 vrf vpnb

redistribute static metric 20

在r3的bgp上，将ripv2重发布进bgp,同时也要将bgp协议重发布进ripv2，使得回程可达。

 redistribute rip metric 20

redistribute bgp 65001 metric 3

4.别忘记r2并没有运行bgp,并无私网路由，此时会造成路由黑洞，因此，在r1,r2,r3上可以运行ldp协议来解决。

interface fastethernet0/0

 mpls ip

查看ldp邻居是否建立

r2#show mpls ldp neighbor 

    peer ldp ident: 1.1.1.1:0; local ldp ident 2.2.2.2:0

        tcp connection: 1.1.1.1.646 - 2.2.2.2.21318

        state: oper; msgs sent/rcvd: 97/98; downstream

        up time: 01:18:42

        ldp discovery sources:

          fastethernet0/0, src ip addr: 12.0.0.1

        addresses bound to peer ldp ident:

          12.0.0.1        1.1.1.1

    peer ldp ident: 3.3.3.3:0; local ldp ident 2.2.2.2:0

        tcp connection: 3.3.3.3.14076 - 2.2.2.2.646

        state: oper; msgs sent/rcvd: 99/97; downstream

        up time: 01:18:41

          fastethernet0/1, src ip addr: 23.0.0.3

          23.0.0.3        3.3.3.3  

没问题，在r1,r3上查看是否学习到对方的私网路由

r1#show ip bgp vpnv4 vrf vpna

bgp table version is 9, local router id is 1.1.1.1

   network          next hop            metric locprf weight path

route distinguisher: 100:1 (default for vrf vpna)

*> 192.168.40.0     172.16.40.2              0         32768 i

*>i192.168.60.0     3.3.3.3                  1    100      0 i

r1#show ip bgp vpnv4 vrf vpnb

route distinguisher: 200:1 (default for vrf vpnb)

*>i192.168.70.0     3.3.3.3                  1    100      0 i

r3 

r3#show ip bgp vpnv4 vrf vpna

bgp table version is 9, local router id is 3.3.3.3

*>i192.168.40.0     1.1.1.1                  0    100      0 i

*> 192.168.60.0     172.16.60.2              1         32768 i

r3#show ip bgp vpnv4 vrf vpnb

*> 192.168.70.0     172.16.70.2              1         32768 i

可以发现已经互相学习到了

最后进行连通性测试

r4#p 192.168.60.1 source 192.168.40.1

packet sent with a source address of 192.168.40.1

success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/116 ms

r4#

r5#p 192.168.70.1 source 192.168.40.1

sending 5, 100-byte icmp echos to 192.168.70.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/avg/max = 68/92/128 ms

可以通信了，实验结束。