华为mpls vpn跨域方案c-1无RR

发布时间:2023年12月21日

在这里插入图片描述
重要的几点注意:
1、r2和r5上面不需要跑bgp,只开mpls ldp负责传递标签
2、r3和r4上面不需要跑vpnv4路由,只传标签就可以了。所以不要和自己as内的对端建立vpnv4路由,减轻压力。
3、r1和r6使用的是vpnv4路由,vpnv4路由的特点是它会自动进入mpls vpn隧道,所以r2和r5上面不存在mpls黑洞路由。
4、asbr之间只建立普通的ebgp邻居,且接口上只开mpls
5、2个asbr之间和各对内的ibgp都要开启发送标签能力,并用策略路由加上标签。

以下关键配置

R1:

ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity

mpls lsr-id 1.1.1.1
mpls

mpls ldp

isis 1
network-entity 49.0000.0000.0000.0001.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.17.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability
peer 6.6.6.6 enable

ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable

ipv4-family vpn-instance a
peer 10.0.17.7 as-number 60000

R2:

mpls lsr-id 2.2.2.2
mpls

mpls ldp

isis 1
network-entity 49.0000.0000.0002.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1

R3

mpls lsr-id 3.3.3.3
mpls

mpls ldp

isis 1
network-entity 49.0000.0000.0003.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
mpls

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 10.0.34.4 as-number 200

ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy labe1 export
peer 1.1.1.1 label-route-capability
peer 10.0.34.4 enable
peer 10.0.34.4 route-policy labe2 export
peer 10.0.34.4 label-route-capability

route-policy labe1 permit node 10
if-match mpls-label //只对过来带标签的数据加上标签,不带标签的数据则不加
apply mpls-label

route-policy labe2 permit node 10
apply mpls-label

R4

mpls lsr-id 4.4.4.4
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0004.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls

interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 1

bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 10.0.34.3 as-number 100

ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
peer 6.6.6.6 enable
peer 6.6.6.6 route-policy ibgp export
peer 6.6.6.6 label-route-capability
peer 10.0.34.3 enable
peer 10.0.34.3 route-policy asbr export
peer 10.0.34.3 label-route-capability

route-policy ibgp permit node 10
if-match mpls-label
apply mpls-label

route-policy asbr permit node 10
apply mpls-label

R5

mpls lsr-id 5.5.5.5
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0005.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.56.5 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 1

R6:

ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity

mpls lsr-id 6.6.6.6
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0006.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.56.6 255.255.255.0
isis enable 1
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.68.6 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 6.6.6.6 255.255.255.255
isis enable 1

bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 255
peer 1.1.1.1 connect-interface LoopBack0
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 4.4.4.4 enable
peer 4.4.4.4 label-route-capability

ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable

ipv4-family vpn-instance a
peer 10.0.68.8 as-number 60001

文章来源:https://blog.csdn.net/ydaxia110/article/details/135129405
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。