- 在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通
# 配置PE1。
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] vlan batch 10 20 30 [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] port link-type trunk [PE1-GigabitEthernet1/0/0] port trunk allow-pass
[PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] port link-type trunk [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] port link-type trunk [PE1-GigabitEthernet3/0/0] port trunk allow-pass vlan 30
[PE1-GigabitEthernet3/0/0] quit [PE1] interface vlanif 30 [PE1-Vlanif30] ip address 172.1.1.1 24 [PE1-Vlanif30] quit [PE1] ospf 1 router-id 1.1.1.9 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-
# 配置P。
<HUAWEI> system-view [HUAWEI] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] vlan batch 30 60 [P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port link-type trunk [P-GigabitEthernet1/0/0] port trunk allow-pass vlan 30 [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] port link-type trunk [P-GigabitEthernet2/0/0] port trunk allow-pass vlan 60 [P-GigabitEthernet2/0/0] quit [P] interface vlanif 30 [P-Vlanif30] ip address 172.1.1.2 24 [P-Vlanif30] quit [P] interface vlanif 60 [P-Vlanif60] ip address 172.2.1.1 24 [P-Vlanif60] quit
# 配置PE2。
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] vlan batch 40 50 60 [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] port link-type trunk [PE2-GigabitEthernet1/0/0] port trunk allow-pass
[PE2-GigabitEthernet2/0/0] port link-type trunk [PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 50 [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] port link-type trunk [PE2-GigabitEthernet3/0/0] port trunk allow-pass vlan 60 [PE2-GigabitEthernet3/0/0] quit [PE2] interface vlanif 60 [PE2-Vlanif60] ip address 172.2.1.2 24 [PE2-Vlanif60] quit [PE2] ospf 1 router-id 3.3.3.9 [PE2-ospf-1] area 0 [PE2-ospf-1-area
配置完成后,PE1和P、P和PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib, T - to vpn-instance ------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.9/32 OSPF 10 1 D 172.1.1.2 Vlanif30
3.3.3.9/32 OSPF 10 2 D 172.1.1.2 Vlanif30
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.1.0/24 Direct 0 0 D 172.1.1.1 Vlanif30
172.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Vlanif30[PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 172.1.1.1(Vlanif30)'s neighbors
Router ID: 2.2.2.9 Address: 172.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 172.1.1.2 BDR: 172.1.1.1 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:16:21 Authentication Sequence: [ 0 ]
-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
vlan 40 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0
[P] ospf 1 router-id 2.2.2.9 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
0.0.0.0] quit [PE1-ospf-1] quit
vlan 10
- 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlanif 30 [PE1-Vlanif30] mpls [PE1-Vlanif30] mpls ldp [PE1-Vlanif30] quit
# 配置P。
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface vlanif 30 [P-Vlanif30] mpls [P-Vlanif30] mpls ldp [P-Vlanif30] quit [P] interface vlanif 60 [P-Vlanif60] mpls [P-Vlanif60] mpls ldp [P-Vlanif60] quit
# 配置PE2。
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlanif 60 [PE2-Vlanif60] mpls [PE2-Vlanif60] mpls ldp [PE2-Vlanif60] quit
上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
以PE1的显示为例:
[PE1] display mpls ldp session LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:01 6/6 ------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp LDP LSP Information
-------------------------------------------------------------------------------
Flag after Out IF: (I) - LSP Is Only Iterated by RLFA
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0
*1.1.1.9/32 Liberal/1024 DS/2.2.2.9
2.2.2.9/32 NULL/3 - 172.1.1.2 Vlanif30
2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 Vlanif30
3.3.3.9/32 NULL/1025 - 172.1.1.2 Vlanif30
3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 Vlanif30
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP
- 在PE设备上配置VPN实例,将CE接入PE
# 配置PE1。
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE1-vpn-instance-vpna-af-ipv4] quit [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instan
# 配置PE2。
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE2-vpn-instance-vpna-af-ipv4] quit [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2 [PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE2-vpn-instance-vpnb-af-ipv4] quit [PE2-vpn-instance-vpnb] quit [PE2] interface vlanif 40 [PE2-Vlanif40] ip binding vpn-instance vpna [PE2-Vlanif40] ip address 10.3.1.2 24 [PE2-Vlanif40] quit [PE2] interface vlanif 50 [PE2-Vlanif50] ip binding vpn-instance vpnb [PE2-Vlanif50] ip address 10.4.1.2 24 [PE2-Vlanif50] quit
# 按图1配置连接公司总部研发区的CE1的接口IP地址,CE2、CE3和CE4的配置与CE1类似,配置过程略。
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] vlan batch 10 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port link-type trunk [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0] quit [CE1] interface vlanif 10 [CE1-Vlanif10] ip address 10.1.1.1 24 [CE1-Vlanif10] quit
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
当PE上有多个接口绑定了同一个VPN,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
以PE1为例:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpna, 1
Interfaces : Vlanif10
Address family ipv4
Create date : 2014-11-03 02:39:34+00:00 Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label Policy : label per instance
Per-Instance Label : 4098 Log Interval : 5
VPN-Instance Name and ID : vpnb, 2
Interfaces : Vlanif20
Address family ipv4
Create date : 2014-11-03 02:39:34+00:00 Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label Policy : label per instance
Per-Instance Label : 4098 Log Interval : 5
[PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/6/16 ms
ce-vpnb-af-ipv4] vpn-target 222:2 both [PE1-vpn-instance-vpnb-af-ipv4] quit [PE1-vpn-instance-vpnb] quit [PE1] interface vlanif 10 [PE1-Vlanif10] ip binding vpn-instance vpna [PE1-Vlanif10] ip address 10.1.1.2 24 [PE1-Vlanif10] quit [PE1] interface vlanif 20 [PE1-Vlanif20] ip binding vpn-
instance vpnb [PE1-Vlanif20] ip address 10.2.1.2 24 [PE1-Vlanif20] quit
- 在PE与CE之间建立EBGP对等体关系,引入VPN路由
# 配置连接公司总部研发区的CE1。CE2、CE3和CE4的配置与CE1类似,详见配置文件。
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# 配置PE1。PE2的配置与PE1类似,详见配置文件。
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpnb] import-route direct [PE1-bgp-vpnb]
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.9:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.1 4 65410 11 9 0 00:07:25 Established 1
quit [PE1-bgp] quit
- 在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# 配置PE2。
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.9 4 100 12 6 0 00:02:21 Established 0
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Established 0 Peer of IPv4-family for vpn instance :
VPN-Instance vpna, Router ID 1.1.1.9:
10.1.1.1 4 65410 25 25 0 00:17:57 Established 1 VPN-Instance vpnb, Router ID 1.1.1.9:
10.2.1.1 4 65420 21 22 0 00:17:10 Established 1
- 检查配置结果
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由。
以PE1的显示为例:
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib, T - to vpn-instance ------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30[PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relay, D - download to fib, T - to vpn-instance ------------------------------------------------------------------------------
Routing Tables: vpnb
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif20
10.2.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 Vlanif30同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。
例如:连接公司总部研发区的CE1能够Ping通连接分支机构研发区的CE3(10.3.1.1),但不能Ping通连接分支机构非研发区的CE4(10.4.1.1)。
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms