MPLS L3 跨域 optionB 配置

mpls跨域optionB

  optionB的核心思想是私网路由传递过程是 PE-ASBR1-ASBR2-PE2 在传递过程中私网标签发生了变化(由ASBR重新分配了私网标签),而在数据平面(不考虑PHP机制)当数据包到达ASBR1时标签存在公网标签和私网标签两层,当转发给ASBR2时只有一层由ASBR2分配的私网标签,通过EBGP隧道迭代直接到达ASBR2,ASBR2再把私网标签替换成PE分配的标签并压入公网标签后转发。

  所以在optionB中私网标签一共有三个,数据包标签最少时只有一层私网标签

  optionB的缺点是ASBR设备需要维护到用户侧的VPNV4路由,占用大量设备资源,所以现网中如果使用optionB做为跨域方案,建议ASBR设备只做MPLS设备来使用

拓扑

 编址

 G0/0/0G0/0/1loopback0
CE110.0.0.1/30 192.168.0.1
PE112.1.1.1/2410.0.0.2/301.1.1.1
P112.1.1.2/2423.1.1.2/242.2.2.2
ASBR134.1.1.3/2423.1.1.3/243.3.3.3
ASBR234.1.1.4/2445.1.1.4/244.4.4.4
P256.1.1.5/2445.1.1.5/245.5.5.5
PE256.1.1.6/2410.10.10.2/306.6.6.6
CE110.10.10.1/30 192.168.1.1

底层互联地址ospf,域内mpls ldp配置略
  查看ASBR路由表

查看ASBR mpls lsp

PE配置VPN端口接入CE

PE1

ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 10.0.0.2 255.255.255.252

bgp 100
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance vpn1
peer 10.0.0.1 as-number 300

CE1

bgp 300
peer 10.0.0.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 192.168.0.1 255.255.255.255
peer 10.0.0.2 enable
#

PE2

ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity



interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 10.10.10.2 255.255.255.252



bgp 200
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance vpn1
peer 10.10.10.1 as-number 400

查看BGP状态与路由

PE1

PE2

PE与ASBR间建立IBGP-VPNV4邻居关系,传递私网路由

注意ASBR一定要undo policy vpn-target,否则会因为VPN RT值不匹配导致无法安装私网路由

ASBR
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 34.1.1.4 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable

PE
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable

查看ASBR是否正常接收到PE传递的私网路由

ASBR间建立EBGP-VPNV4邻居关系,并配置替换外层VPN标签,使公网LSP完整

ASBR1

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 34.1.1.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy to-pe export
peer 1.1.1.1 label-route-capability
peer 34.1.1.4 enable
peer 34.1.1.4 route-policy to-asbr export
peer 34.1.1.4 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 34.1.1.4 enable



route-policy to-asbr permit node 10
apply mpls-label
#
route-policy to-pe permit node 10
if-match mpls-label
apply mpls-label

ASBR2

bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 34.1.1.3 as-number 100
#
ipv4-family unicast
undo synchronization
peer 6.6.6.6 enable
peer 6.6.6.6 route-policy to-pe export
peer 6.6.6.6 label-route-capability
peer 34.1.1.3 enable
peer 34.1.1.3 route-policy to-asbr export
peer 34.1.1.3 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 6.6.6.6 enable
peer 34.1.1.3 enable



route-policy to-asbr permit node 10
apply mpls-label
#
route-policy to-pe permit node 10
if-match mpls-label
apply mpls-label

查看两端ASBR路由

查看两端ASBR MPLS LSP

查看CE设备路由表,并测试连通性

Leave a Reply

Your email address will not be published. Required fields are marked *

X