CCIE路由实验(7) -- MPLS VPN

2023-07-18 22:44:52

1.LDP协议的各种情况
2.LDP和BGP交互
3.LDP高级部分
4.MPLS VPN (RIP和静态)
5.MPLS VPN (EIGRP)
6.MPLS VPN (OSPF)
7.MPLS VPN (EBGP)
8.Overlapping VPN和Central Service VPN
9.MPLS VPN (Internet Access)
10.组播VPN (mVPN)
11.Inter AS MPLS VPN (Option A)
12.Inter AS MPLS VPN (Option B)
13.Inter AS MPLS VPN (Option C)
14.CSC - Carrier Support Carrier
15.6vPE
16.MPLS TE各种情况
17.PMLS TE FRR

enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
line vty 0 4
pass cisco
logg sync
exit
host

1.LDP协议的各种情况
------------------------------------------------------------------------------------
实验目的：
1).掌握LDP router-id的选取原则和更改LDP router-id的方法
2).掌握测试LSP通道的方法，观察LSP标签通道
3).掌握LDP标签分配范围的指定方法
4).掌握LDP的认证方法
5).掌握对LDP标签的控制发送
6).掌握对LDP标签的控制接收
7).理解并修改MPLS MTU

配置接口IP和OSPF

R1:

ip add 13.1.1.1 255.255.255.0
no shut
exit
int l0
ip add 11.1.1.1 255.255.255.255
no shut
exit

router ospf
router-id 11.1.1.1
network
network
exit

R3:

ip add 13.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit
int l0
ip add 33.1.1.1 255.255.255.255
no shut
exit

router ospf
router-id 33.1.1.1
network
network
network
exit

R5:

ip add 35.1.1.5 255.255.255.0
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit
int l0
ip add 55.1.1.1 255.255.255.255
no shut
exit

router ospf
router-id 55.1.1.1
network
network
network
exit

R8:

ip add 58.1.1.8 255.255.255.0
no shut
exit
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

router ospf
router-id 88.1.1.1
network
network
exit

配置MPLS LDP

R1:
int l1
ip add 100.1.1.1 255.255.255.255
exit

ip cef
mpls ip
mpls label protocol ldp
mpls label range
no mpls label range  

mpls ip
exit

show mpls ldp discovery

路由器自动选择的LDP router-id为R1上最大的loopback1接口IP.

mpls ldp router-id l0 force
show mpls ldp discovery

路由器选择的LDP router-id为R1上最大的loopback0接口IP，注意一定要加上force参数

R3:

mpls ip
exit

mpls ip
exit

R5:

mpls ip
exit

mpls ip
exit

R8:

mpls ip
exit

R3:
show mpls ldp neighbor

邻居关系是利用TCP连接形成的，该TCP连接的IP地址为LDP的transport address，缺省为LDP 的router-id。如果router-id之间没有路由，可以用直连接口IP地址建立邻居关系，其实就是更改transport address为直连接口IP地址，修改命令为接口下，mpls ldp discovery transport-add interface.

R1:
ping 88.1.1.1
ping mpls ipv4 

测试确定LSP的通道已经形成。

R5:

no mpls ip
exit

R1:
ping mpls ipv4 

返回的表示BBBBB表示LSP通道在某处中断。

R5:

mpls ip
exit

R1:
traceroute mpls ipv4 

R1/R3/R5/R8:
show mpls forwarding-table

R5:
mpls label range
show mpls forwarding-table

存盘并重启R5(采用dynamips进行模拟，需要到dynamips界面下进行重启)

show mpls forwarding-table

R5:
mpls ldp neighbor 33.1.1.1 password yeslab

R3:
mpls ldp neighbor 55.1.1.1 password yeslab

配置邻居认证时，要指定邻居的LDP router-id

R5:
no mpls ldp advertise-lables
access-list  permit 33.1.1.1
access-list  permit 58.1.1.0
mpls ldp advertise-lables  to 

R3:
show mpls forwarding-table

R8:
show mpls forwarding-table

R5上配置的no mpls ldp advertise-label影响了给所有的LDP邻居传递标签。

R5:
access-list  deny 33.1.1.1
access-list  permit any
access-list  permit any
mpls ldp advertise-labels  to 

R8:
show mpls forwarding-table

access-list  permit 11.1.1.1
access-list  permit 33.1.1.1
access-list  permit 55.1.1.1
mpls ldp neighbor 

show mpls forwarding-table

R8只接收了指定前缀的标签

R5:
mpls ldp advertise-lables
no access-list
no access-list
no access-list
no access-list 

R8:
no access-list
no mpls ldp neighbor 

承载MPLS包时，IP MTU为1500-N*(N为标签个数)，导致数据包在MPLS接口被分片。有必要调整全网MPLS MTU以避免这种情况。缺省情况下，MPLS MTU等于出接口的MTU。

R1:
show ip
show mpls  detail

R3:
show ip
show mpls  detail

R1:
ping 

在R1的F1/0接口和R3的P2/0接口抓包观察包分片情况。接口分片的时候，是先执行分片，然后加上MPLS标签再传出去。

ping
ping 

mtu
exit

show mpls  detail

R5:

mpls mtu
exit

show mpls  detail

R1:
ping 

R8:

mpls mtu
exit

R3:

mtu
exit

R1:
ping

2.LDP和BGP交互
-------------------------------------------------------------------------------------
实验目的:
1).掌握LDP不为BGP前缀分配标签，而是为BGP前缀的next-hop分配标签
2).掌握通过标签交互，可以消除路由黑洞

传统的路由转发方式，要求经过的每一跳路由器都有对应的路由，否则将数据包丢弃。因此需要建立全互联的BGP对等体，或者路由反射器，以将路由同步到整个网络。在MPLS网络里，使用标签交互的方式，可以在中间路由器没有对应路由的情况下，利用标签交互，将数据报文送达目的地。

R3:
router bgp
bgp router-id 33.1.1.1
neighbor
neighbor 88.1.1.1 update-source l0
exit

R8:
router bgp
bgp router-id 88.1.1.1
neighbor
neighbor 33.1.1.1 update-source l0
exit

int l1
ip add 188.1.1.1 255.255.255.0
exit

router bgp
network 188.1.1.0 mask 255.255.255.0
exit

R3/R5:
show ip route

R5没有188.、24这条路由，相当于路由黑洞。

R1:
ip route 0.0.0.0 0.0.0.0 13.1.1.3

no mpls ip
exit

R3:

no mpls ip
exit

R3/R5/R8:
mpls ldp router-id l0 force

R1:
ping 188.1.1.1
traceroute 188.1.1.1

R3/R5:
show mpls forwarding-table

当数据包从IP域进入MPLS域的时候，如果依据BGP条目转发数据包，打上标签值为BGP条目下一跳路由的标签，这样可以带来几个好处：1）标签转发表变小；2）不需要全网运行BGP并避免路由黑洞，减轻核心路由器的压力

3.LDP高级部分
----------------------------------------------------------------------------------------------
实验目的:
1.理解LDP address message含义
2.理解MPLS TTL复制的意义和打开以及关闭TTL复制的影响
3.理解LDP的邻居发现和LDP的TCP session建立之间的关系
4.理解当两个路由器有多条链路时，为什么只建立一条TCP连接
5.掌握LDP的会话保护配置
6.掌握LDP的自动配置方法

配置接口IP以及OSPF

R1:

ip add 13.1.1.1 255.255.255.0
no shut
exit
int l0
ip add 11.1.1.1 255.255.255.255
exit

router ospf
router-id 11.1.1.1
network
network
exit

R3:

ip add 13.1.1.3 255.255.255.0
no shut
exit

ip add 34.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit
int l0
ip add 33.1.1.1 255.255.255.255
exit

router ospf
router-id 33.1.1.1
network
network
network
network
exit

R4:

ip add 34.1.1.4 255.255.255.0
no shut
exit

ip add 45.1.1.4 255.255.255.0
no shut
exit
int l0
ip add 44.1.1.1 255.255.255.255
exit

router ospf
router-id 44.1.1.1
network
network
network
exit 

R5:

ip add 35.1.1.5 255.255.255.0
no shut
exit

ip add 45.1.1.5 255.255.255.0
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit
int l0
ip add 55.1.1.1 255.255.255.255
exit

router ospf
router-id 55.1.1.1
network
network
network
network
exit

R8:

ip add 58.1.1.8 255.255.255.0
no shut
exit
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

router ospf
router-id 88.1.1.1
network
network
exit

4.MPLS VPN (RIP和静态)
-------------------------------------------------------------------------------------
实验目的:
1).掌握MPLS VPN的配置步骤
2).在PE和CE之间运行RIP和静态路由的情况下，观察CE路由的传递
3).掌握MPLS VPN数据包在传递过程中如何查询各种表
1).基本配置
2).配置接口IP以及ISP网络的IGP(OSPF)
3).ISP网络使能LDP协议
4).ISP网络建立MP-BGP邻居关系
5).PE设备创建vrf
6).PE与CE间路由配置(RIP和静态)
7).vrf路由协议与MP-BGP之间相互重分布

1).基本配置
-----------------------------------------------------------
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
line vty 0 4
pass cisco
logg sync
exit
host

2).配置接口IP以及ISP网络的IGP(OSPF)

R2:
int l0
ip add 22.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.2 255.255.255.0
no shut
exit

ip add 24.1.1.2 255.255.255.0
no shut
exit

R3:
int l0
ip add 33.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit

router ospf
router-id 33.1.1.1
network
network
exit

R4:
int l0
ip add 44.1.1.1 255.255.255.255
no shut
exit

ip add 24.1.1.4 255.255.255.0
no shut
exit

ip add 45.1.1.4 255.255.255.0
no shut
exit

ip add 46.1.1.4 255.255.255.0
no shut
exit

router ospf
router-id 44.1.1.1
network
network
network
exit

R5:
int l0
ip add 55.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit

ip add 45.1.1.5 255.255.255.0
no shut
exit

ip add 35.1.1.5 255.255.255.0
no shut
exit

router ospf
router-id 55.1.1.1
network
network
network
exit

R6:
int l0
ip add 66.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.6 255.255.255.0
no shut
exit

ip add 46.1.1.6 255.255.255.0
no shut
exit

router ospf
router-id 66.1.1.1
network
network
exit

R7:
int l0
ip add 77.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.7 255.255.255.0
no shut
exit

R8:
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.8 255.255.255.0
no shut
exit

3).ISP网络使能LDP协议

R3:
mpls ldp router-id l0 force

mpls ip
exit

R4:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R5:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R6:
mpls ldp router-id l0 force

mpls ip
exit

4).ISP网络建立MP-BGP邻居关系

R3:
router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate

R4:
router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate

R5:
router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate

R6:
router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate

5).PE设备创建vrf

R3:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 23.1.1.3 255.255.255.0
exit

R4:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 24.1.1.4 255.255.255.0
exit

R5:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 58.1.1.5 255.255.255.0
exit

R6:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 67.1.1.6 255.255.255.0
exit

6).PE与CE间路由配置(RIP和静态)

(R2, R3, R4)
R2:
router rip
version
no auto-summary
network 22.0.0.0
network 23.0.0.0
network 24.0.0.0
exit

R3:
router rip
address-family ipv4 vrf yeslab
version
no auto-summary
network 23.0.0.0
exit
exit

R4:
router rip
address-family ipv4 vrf yeslab
version
no auto-summary
network 24.0.0.0
exit
exit

(R6, R7)
R6:
router rip
address-family ipv4 vrf yeslab
version
no auto-summary
network 67.0.0.0
exit
exit

R7:
router rip
version
no auto-summary
network 77.0.0.0
network 67.0.0.0
exit

(R5, R8)
R5:
ip route vrf yeslab 88.1.1.1 255.255.255.255 58.1.1.8

R8:
ip route 0.0.0.0 0.0.0.0 58.1.1.5

7).vrf路由协议与MP-BGP之间相互重分布

R3:
router rip
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute rip
exit
exit

R4:
router rip
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute rip
exit
exit

R5:
router bgp
address-family ipv4 vrf yeslab
redistribute static
redistribute connected
exit
exit

R6:
router rip
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute rip
exit
exit

5.MPLS VPN (EIGRP)
-------------------------------------------------------------------------------------
实验目的:
1).掌握MPLS VPN的配置步骤
2).掌握在PE和CE之间运行EIGRP情况下的配置
3).观察CE路由的传递过程附加的与EIGRP相关的community值
4).掌握SOO的配置方法
1).基本配置
2).配置接口IP以及ISP网络的IGP(OSPF)
3).ISP网络使能LDP协议
4).ISP网络建立MP-BGP邻居关系
5).PE设备创建vrf
6).PE与CE间路由配置(RIP和静态)
7).vrf路由协议与MP-BGP之间相互重分布

1).基本配置
-----------------------------------------------------------
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
line vty 0 4
pass cisco
logg sync
exit
host

2).配置接口IP以及ISP网络的IGP(OSPF)

R2:
int l0
ip add 22.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.2 255.255.255.0
no shut
exit

ip add 24.1.1.2 255.255.255.0
no shut
exit

R3:
int l0
ip add 33.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit

router eigrp
no auto-summary
network 33.1.1.1 0.0.0.0
network 35.1.1.3 0.0.0.0
exit

R4:
int l0
ip add 44.1.1.1 255.255.255.255
no shut
exit

ip add 24.1.1.4 255.255.255.0
no shut
exit

ip add 45.1.1.4 255.255.255.0
no shut
exit

ip add 46.1.1.4 255.255.255.0
no shut
exit

router eigrp
no auto-summary
network 44.1.1.1 0.0.0.0
network 45.1.1.4 0.0.0.0
network 46.1.1.4 0.0.0.0
exit

R5:
int l0
ip add 55.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit

ip add 45.1.1.5 255.255.255.0
no shut
exit

ip add 35.1.1.5 255.255.255.0
no shut
exit

router eigrp
no auto-summary
network 55.1.1.1 0.0.0.0
network 35.1.1.5 0.0.0.0
network 45.1.1.5 0.0.0.0
exit

R6:
int l0
ip add 66.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.6 255.255.255.0
no shut
exit

ip add 46.1.1.6 255.255.255.0
no shut
exit

router eigrp
no auto-summary
network 66.1.1.1 0.0.0.0
network 46.1.1.6 0.0.0.0
exit

R7:
int l0
ip add 77.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.7 255.255.255.0
no shut
exit

R8:
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.8 255.255.255.0
no shut
exit

3).ISP网络使能LDP协议

R3:
mpls ldp router-id l0 force

mpls ip
exit

R4:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R5:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R6:
mpls ldp router-id l0 force

mpls ip
exit

4).ISP网络建立MP-BGP邻居关系

R3:
router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R4:
router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R5:
router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R6:
router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
exit
exit

5).PE设备创建vrf

R3:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 23.1.1.3 255.255.255.0
exit

R4:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 24.1.1.4 255.255.255.0
exit

R5:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 58.1.1.5 255.255.255.0
exit

R6:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 67.1.1.6 255.255.255.0
exit

6).PE与CE间路由配置(EIGRP)

R2:
router eigrp
no auto-summary
network 22.1.1.1 0.0.0.0
network 23.1.1.2 0.0.0.0
network 24.1.1.2 0.0.0.0
exit

R3:
router eigrp
address-family ipv4 unicast vrf yeslab autonomous-system
no auto-summary
network 23.1.1.3 0.0.0.0
exit
exit

R4:
router eigrp
address-family ipv4 unicast vrf yeslab autonomous-system
no auto-summary
network 24.1.1.4 0.0.0.0
exit
exit

R5:
router eigrp
address-family ipv4 unicast vrf yeslab autonomous-system
no auto-summary
network 58.1.1.5 0.0.0.0
exit
exit

R6:
router eigrp
address-family ipv4 unicast vrf yeslab autonomous-system
no auto-summary
network 67.1.1.6 0.0.0.0
exit
exit

R7:
router eigrp
no auto-summary
network 77.1.1.1 0.0.0.0
network 67.1.1.7 0.0.0.0
exit

R8:
router eigrp
no auto-summary
network 88.1.1.1 0.0.0.0
network 58.1.1.8 0.0.0.0
exit

7).vrf路由协议与MP-BGP之间相互重分布

R3:
router eigrp
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute eigrp
exit
exit

R4:
router eigrp
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute eigrp
exit
exit

R5:
router eigrp
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute eigrp
exit
exit

R6:
router eigrp
address-family ipv4 vrf yeslab
redistribute bgp  metric
exit
exit

router bgp
address-family ipv4 vrf yeslab
redistribute eigrp
exit
exit

R7:
show ip route eigrp
ping 22.1.1.1
traceroute 88.1.1.1

R3:
show ip route vrf yeslab eigrp
show ip bgp vpnv4 all

R5:
show ip bgp vpnv4 all
show ip route vrf

R6:show ip bgp vpnv4 all 22.1.1.1

EIGRP的SOO防环机制
------------------------------------------------------------------------------------
EIGRP路由在MP-BGP里传递的时候，不改变metric值的大小。
R4/R3:
show ip eigrp vrf yeslab topology

实验任务：
R7和R8在同一个CE站点，有双出口，分别是R5和R6。把R5从R8学来的路由打上SoO值传递到R6，然后利用该值，不把这条路由传递给R7.

R5:
route-map soo
:
exit

ip vrf sitemap soo
exit

R6:
route-map soo
:
exit

ip vrf sitemap soo
exit

R6:
show ip bgp vpnv4 all 88.1.1.1

R7:
show ip route

SoO的防环机制，是在PE传递路由给CE的时候，检查出接口配置的SoO值是否与从其他MP-BGP邻居收到的VPNv4路由的SoO值一致，如果一致，就不传给CE。

6.MPLS VPN (OSPF)
--------------------------------------------------------------------------------------
实验目的:
1).掌握MPLS VPN的配置步骤
2).掌握在PE和CE之间运行OSPF情况下的配置
3).观察domain-id的配置和作用
4).观察CE路由的传递过程附加的OSPF相关的community值
5).掌握PE和CE站点运行OSPF情况下的防环机制
6).掌握sham-link的配置和作用

1).基本配置
2).配置接口IP以及ISP网络的IGP(OSPF)
3).ISP网络使能LDP协议
4).ISP网络建立MP-BGP邻居关系
5).PE设备创建vrf
6).PE与CE间路由配置(RIP和静态)
7).vrf路由协议与MP-BGP之间相互重分布

1).基本配置
-----------------------------------------------------------
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
line vty 0 4
pass cisco
logg sync
exit
host

2).配置接口IP以及ISP网络的IGP(OSPF)

R2:
int l0
ip add 22.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.2 255.255.255.0
no shut
exit

ip add 24.1.1.2 255.255.255.0
no shut
exit

R3:
int l0
ip add 33.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit

router ospf
router-id 33.1.1.1
network
network
exit

R4:
int l0
ip add 44.1.1.1 255.255.255.255
no shut
exit

ip add 24.1.1.4 255.255.255.0
no shut
exit

ip add 45.1.1.4 255.255.255.0
no shut
exit

ip add 46.1.1.4 255.255.255.0
no shut
exit

router ospf
router-id 44.1.1.1
network
network
network
exit

R5:
int l0
ip add 55.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit

ip add 45.1.1.5 255.255.255.0
no shut
exit

ip add 35.1.1.5 255.255.255.0
no shut
exit

router ospf
router-id 55.1.1.1
network
network
network
exit

R6:
int l0
ip add 66.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.6 255.255.255.0
no shut
exit

ip add 46.1.1.6 255.255.255.0
no shut
exit

router ospf
router-id 66.1.1.1
network
network
exit

R7:
int l0
ip add 77.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.7 255.255.255.0
no shut
exit

R8:
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.8 255.255.255.0
no shut
exit

3).ISP网络使能LDP协议

R3:
mpls ldp router-id l0 force

mpls ip
exit

R4:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R5:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R6:
mpls ldp router-id l0 force

mpls ip
exit

4).ISP网络建立MP-BGP邻居关系

R3:
router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R4:
router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R5:
router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R6:
router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
exit
exit

5).PE设备创建vrf

R3:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 23.1.1.3 255.255.255.0
exit

R4:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 24.1.1.4 255.255.255.0
exit

R5:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 58.1.1.5 255.255.255.0
exit

R6:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 67.1.1.6 255.255.255.0
exit

6).PE与CE间路由配置(OSPF)

R3:
router ospf  vrf yeslab
network
exit

R4:
router ospf  vrf yeslab
network
exit

R5:
router ospf  vrf yeslab
network
exit

R6:
router ospf  vrf yeslab
network
exit

R2:
router ospf
router-id 22.1.1.1
network
network
network
exit

R7:
router ospf
router-id 77.1.1.1
network
network
exit

R8:
router ospf
router-id 88.1.1.1
network
network
exit

7).vrf路由协议与MP-BGP之间相互重分布

R3:
router ospf  vrf yeslab
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab
redistribute ospf  match internal external
exit-address-family
exit

R4:
router ospf  vrf yeslab
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab
redistribute ospf  match internal external
exit-address-family
exit

R5:
router ospf  vrf yeslab
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab
redistribute ospf  match internal external
exit-address-family
exit

R6:
router ospf  vrf yeslab
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab
redistribute ospf  match internal external
exit-address-family
exit

查看结果

R7:
show ip route ospf

R6:
show ip bgp vpnv4 all 22.1.1.1

R3/R4:
router ospf
domain-id type  value 

R7:
show ip route ospf

R8:
int l1
ip add 188.1.1.1 255.255.255.0
exit
router ospf
redistribute connected subnets
exit

R6:
show ip bgp vpnv4 all 188.1.1.0

OSPF在MPLS VPN环境的防环机制
对内部路由，采用的是down bit机制；对外部路由，采用的是tag机制

R7:
show ip ospf database summary 22.1.1.1

R2:
int l1
ip add 122.1.1.1 255.255.255.255
exit
router ospf
redistribute connected subnets
exit

R7:
show ip route 122.1.1.1

配置sham-link

R5:
int l1
ip vrf forwarding yeslab
ip add 155.1.1.1 255.255.255.255
exit

router bgp
address-family ipv4 vrf yeslab
network 155.1.1.1 mask 255.255.255.255
exit

R6:
int l1
ip vrf forwarding yeslab
ip add 166.1.1.1 255.255.255.255
exit

router bgp
address-family ipv4 vrf yeslab
network 166.1.1.1 mask 255.255.255.255
exit

R5:
router ospf  vrf yeslab
area  sham-link 155.1.1.1 166.1.1.1
exit

R6:
router ospf  vrf yeslab
area  sham-link 166.1.1.1 155.1.1.1
exit

R6:
show ip ospf sham-link

R7:
show ip route 88.1.1.1

ip ospf cost
exit

show ip route 88.1.1.1

7.MPLS VPN (EBGP)
----------------------------------------------------------------------------------------
实验目的:
1).掌握MPLS VPN的配置步骤
2).掌握在PE和CE之间运行EBGP情况下的配置
3).掌握allowas-in和as-override的配置场景和配置方法
4).掌握限制从CE学来BGP路由条目数的方法

1).基本配置
2).配置接口IP以及ISP网络的IGP(OSPF)
3).ISP网络使能LDP协议
4).ISP网络建立MP-BGP邻居关系
5).PE设备创建vrf
6).PE与CE间路由配置(EBGP)

1).基本配置
-----------------------------------------------------------
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
line vty 0 4
pass cisco
logg sync
exit
host

2).配置接口IP以及ISP网络的IGP(OSPF)

R2:
int l0
ip add 22.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.2 255.255.255.0
no shut
exit

ip add 24.1.1.2 255.255.255.0
no shut
exit

R3:
int l0
ip add 33.1.1.1 255.255.255.255
no shut
exit

ip add 23.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit

router ospf
router-id 33.1.1.1
network
network
exit

R4:
int l0
ip add 44.1.1.1 255.255.255.255
no shut
exit

ip add 24.1.1.4 255.255.255.0
no shut
exit

ip add 45.1.1.4 255.255.255.0
no shut
exit

ip add 46.1.1.4 255.255.255.0
no shut
exit

router ospf
router-id 44.1.1.1
network
network
network
exit

R5:
int l0
ip add 55.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.5 255.255.255.0
no shut
exit

ip add 45.1.1.5 255.255.255.0
no shut
exit

ip add 35.1.1.5 255.255.255.0
no shut
exit

router ospf
router-id 55.1.1.1
network
network
network
exit

R6:
int l0
ip add 66.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.6 255.255.255.0
no shut
exit

ip add 46.1.1.6 255.255.255.0
no shut
exit

router ospf
router-id 66.1.1.1
network
network
exit

R7:
int l0
ip add 77.1.1.1 255.255.255.255
no shut
exit

ip add 67.1.1.7 255.255.255.0
no shut
exit

R8:
int l0
ip add 88.1.1.1 255.255.255.255
no shut
exit

ip add 58.1.1.8 255.255.255.0
no shut
exit

3).ISP网络使能LDP协议

R3:
mpls ldp router-id l0 force

mpls ip
exit

R4:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R5:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R6:
mpls ldp router-id l0 force

mpls ip
exit

4).ISP网络建立MP-BGP邻居关系

R3:
router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R4:
router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R5:
router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate
exit
exit

R6:
router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
exit
exit

5).PE设备创建vrf

R3:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 23.1.1.3 255.255.255.0
exit

R4:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 24.1.1.4 255.255.255.0
exit

R5:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 58.1.1.5 255.255.255.0
exit

R6:
ip vrf yeslab
rd :
route-target :
exit

ip vrf forwarding yeslab
ip add 67.1.1.6 255.255.255.0
exit

6).PE与CE间路由配置(EBGP)

R3:
router bgp
address-family ipv4 vrf yeslab
neighbor
exit

R4:
router bgp
address-family ipv4 vrf yeslab
neighbor
exit

R5:
router bgp
address-family ipv4 vrf yeslab
neighbor
exit

R6:
router bgp
address-family ipv4 vrf yeslab
neighbor
exit

R2:
router bgp
bgp router-id 22.1.1.1
neighbor
neighbor
network 22.1.1.1 mask 255.255.255.255
exit

R7:
router bgp
bgp router-id 77.1.1.1
neighbor
network 77.1.1.1 mask 255.255.255.255
exit

R8:
router bgp
bgp router-id 88.1.1.1
neighbor
network 88.1.1.1 mask 255.255.255.255
exit

查看结果

R8:
show ip bgp

R5:
show ip bgp vpnv4 all

R5不能传递路由22./32给R8，是因为R8本身AS号也是200，由于AS-PATH防环机制，R8不能接收此路由。可以用allowas-in和as-override解决。R2不能接收R8的路由也用同样的方法解决。

R5:
router bgp
address-family ipv4 vrf yeslab
neighbor 58.1.1.8 as-override
exit
exit

R8:
show ip bgp

R2:
router bgp
neighbor 23.1.1.3 allowas-in
neighbor 24.1.1.4 allowas-in
exit

R2:
show ip bgp

控制vrf里某个邻居的路由数量

R6:
router bgp
address-family ipv4 vrf yeslab
neighbor
exit
exit

R7:
int l1
ip add 177.1.1.1 255.255.255.255
ip add 177.1.1.2 255.255.255.255 secondary
ip add 177.1.1.3 255.255.255.255 secondary
exit

route-map loop1
match int l1
exit

router bgp
redistribute connected route-map loop1
exit

int l1
ip add 177.1.1.4 255.255.255.255 secondary
exit

控制每个vrf里的路由总数

R6:
router bgp
address-family ipv4 vrf yeslab
no neighbor
exit

show ip route vrf yeslab

ip vrf yeslab
maximum routes   reinstall
exit

R2:
int l1
ip add 122.1.1.1 255.255.255.255
exit
int l2
ip add 122.1.1.2 255.255.255.255
exit

router bgp
network 122.1.1.1 mask 255.255.255.255
network 122.1.1.2 mask 255.255.255.255
exit

R6:
show ip route vrf yeslab summary

8.Overlapping VPN和Central Service VPN
------------------------------------------------------------------------------------------
实验目的:
1).掌握通过控制route-target值，生成各种复杂VPN的方法
2).掌握Overlapping VPN的配置方法
3).掌握Central Service VPN的配置方法

实验任务:
1).R1,R2,R7在一个简单VPN里，各个CE之间可以实现相互访问；R8,R8,R10在一个简单VPN里，各个CE之间可以实现相互访问；R1和R8可以相互访问
2).R1和R8是双中心站点，可以相互访问；R2,R9,R7,R10是分支点，可以访问中心站点R1和R8，但是不能相互访问

配置Overlapping VPN
配置任务：
R1、R2、R7在一个简单VPN里，各个CE之间可以是吸纳相互访问
R8、R9、R10在一个简单VPN里，各个CE之间可以是吸纳相互访问
R1和R8可以相互访问
1).配置接口IP以及ISP网络的IGP(OSPF)
2).ISP网络使能LDP协议
3).ISP网络建立MP-BGP邻居关系
4).PE设备创建vrf
5).PE与CE间路由配置(OSPF)以及PE的vrf路由与MP-BGP之间相互重分布

1).配置接口IP以及ISP网络的IGP(OSPF)

R1:

ip add 13.1.1.1 255.255.255.0
no shut
exit
int l0
ip add 11.1.1.1 255.255.255.255
exit

R2:

ip add 24.1.1.2 255.255.255.0
no shut
exit
int l0
ip add 22.1.1.1 255.255.255.255
exit

R3:

ip add 13.1.1.3 255.255.255.0
no shut
exit

ip add 34.1.1.3 255.255.255.0
no shut
exit

ip add 35.1.1.3 255.255.255.0
no shut
exit

ip add 36.1.1.3 255.255.255.0
no shut
exit
int l0
ip add 33.1.1.1 255.255.255.255
exit

router ospf
router-id 33.1.1.1
network
network
network
network
exit

R4:

ip add 24.1.1.4 255.255.255.0
no shut
exit

ip add 49.1.1.4 255.255.255.0
no shut
exit

ip add 34.1.1.4 255.255.255.0
no shut
exit

ip add 46.1.1.4 255.255.255.0
no shut
exit
int l0
ip add 44.1.1.1 255.255.255.255
exit

router ospf
router-id 44.1.1.1
network
network
network
exit

R5:

ip add 58.1.1.5 255.255.255.0
no shut
exit

ip add 35.1.1.5 255.255.255.0
no shut
exit
int l0
ip add 55.1.1.1 255.255.255.255
exit

router ospf
router-id 55.1.1.1
network
network
exit

R6:

ip add 67.1.1.6 255.255.255.0
no shut
exit

ip add 160.1.1.6 255.255.255.0
no shut
exit

ip add 36.1.1.6 255.255.255.0
no shut
exit

ip add 46.1.1.6 255.255.255.0
no shut
exit
int l0
ip add 66.1.1.1 255.255.255.255
exit

router ospf
router-id 66.1.1.1
network
network
network 

R7:

ip add 67.1.1.7 255.255.255.0
no shut
exit
int l0
ip add 77.1.1.1 255.255.255.255
exit

R8:

ip add 58.1.1.8 255.255.255.0
no shut
exit
int l0
ip add 88.1.1.1 255.255.255.255
exit

R9:

ip add 49.1.1.9 255.255.255.0
no shut
exit
int l0
ip add 99.1.1.1 255.255.255.255
exit

R10:

ip add 160.1.1.10 255.255.255.0
no shut
exit
int l0
ip add 110.1.1.1 255.255.255.255
exit

2).ISP网络使能LDP协议

R3:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

mpls ip
exit

R4:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

R5:
mpls ldp router-id l0 force

mpls ip
exit

R6:
mpls ldp router-id l0 force

mpls ip
exit

mpls ip
exit

3).ISP网络建立MP-BGP邻居关系

R3:
router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R4:
router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R5:
router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R6:
router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
exit-address-family
exit

4).PE设备创建vrf

R3:
ip vrf yeslab1
rd :
route-target :
route-target :
exit

ip vrf forwarding yeslab1
ip add 13.1.1.3 255.255.255.0
exit

R5:
ip vrf yeslab2
rd :
route-target :
route-target :
exit

ip vrf forwarding yeslab2
ip add 58.1.1.5 255.255.255.0
exit

R4:
ip vrf yeslab1
rd :
route-target :
exit
ip vrf yeslab2
rd :
route-target :
exit

ip vrf forwarding yeslab1
ip add 24.1.1.4 255.255.255.0
exit

ip vrf forwarding yeslab2
ip add 49.1.1.4 255.255.255.0
exit

R6:
ip vrf yeslab1
rd :
route-target :
exit
ip vrf yeslab2
rd :
route-target :
exit

ip vrf forwarding yeslab1
ip add 67.1.1.6 255.255.255.0
exit

ip vrf forwarding yeslab2
ip add 160.1.1.6 255.255.255.0
exit

5).PE与CE间路由配置(OSPF)以及PE的vrf路由与MP-BGP之间相互重分布

(R1,R3)
R1:
router ospf
network
network
exit

R3:
router ospf  vrf yeslab1
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab1
redistribute ospf  match internal external
exit-address-family
exit

(R5, R8)
R5:
router ospf  vrf yeslab2
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab2
redistribute ospf  match internal external
exit-address-family
exit

R8:
router ospf
network
network
exit

(R2, R4, R9)
R2:
router ospf
network
network
exit

R4:
router ospf  vrf yeslab1
network
redistribute bgp  subnets
exit

router ospf  vrf yeslab2
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab1
redistribute ospf  match internal external
exit-address-family
address-family ipv4 vrf yeslab2
redistribute ospf  match internal external
exit-address-family
exit

R9:
router ospf
network
network
exit

(R6, R7, R10)
R6:
router ospf  vrf yeslab1
network
redistribute bgp  subnets
exit

router ospf  vrf yeslab2
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf yeslab1
redistribute ospf  match internal external
exit-address-family
address-family ipv4 vrf yeslab2
redistribute ospf  match internal external
exit-address-family
exit

R7:
router ospf
network
network
exit

R10:
router ospf
network
network
exit

R10:
show ip route ospf
ping 88.1.1.1

R1:
show ip route ospf
ping 88.1.1.1
ping 22.1.1.1

配置任务：
R1和R8是双中心站点，可以相互访问
R2、R9、R7、R10是分支点，可以访问中心站点R1和R8，但是不能相互访问

PE	VRF	RD	RT	CE
R3	yeslab1	_100: 3	Export 100:2 Import 100:1 Export 100:18 Import 100:18	R1
R5	yeslab1	_100: 5	Export 100:2 Import 100:1 Export 100:18 Import 100:18	R8
R4	yeslab1	_100: 41	Export 100:1 Import 100:2	R2
	yeslab2	_100: 42	Export 100:1 Import 100:2	R9
R6	yeslab1	_100: 61	Export 100:1 Import 100:2	R7
	yeslab2	_100: 62	Export 100:1 Import 100:2	R10

R3:
ip vrf yeslab1
no route-target :
no route-target :
route-target :
route-target import :
route-target export :
exit

R4:
ip vrf yeslab1
no route-target :
route-target import :
route-target export :
exit

ip vrf yeslab2
no route-target :
route-target import :
route-target export :
exit

R5:
ip vrf yeslab2
no route-target :
no route-target :
route-target :
route-target import :
route-target export :
exit

R6:
ip vrf yeslab1
no route-target :
route-target import :
route-target export :
exit

ip vrf yeslab2
no route-target :
route-target import :
route-target export :
exit

R1:
show ip route ospf

R9:
show ip route ospf
ping 11.1.1.1
ping 88.1.1.1
ping 22.1.1.1

9.MPLS VPN (Internet Access)
---------------------------------------------------------------------------------------------------
实验目的:
掌握MPLS VPN的用户访问internet的多种配置方法
1).利用分离链路访问internet
2).利用同一链路访问internet

配置任务:
配置CE R8访问internet, 采用分离链路的方法。在R5和R8的链路上起两个子接口，封装VLAN ID分别为10和20，VLAN10的子接口用于VPN，VLAN20的子接口用于internet访问。R5的VLAN10子接口放在vrf yeslab2里，VLAN20子接口放在全局路由器里。

R5:

no ip vrf forwarding yeslab2
exit
int f1/0.10
encapsulation dot1q
ip vrf forwarding yeslab2
ip add 58.1.1.5 255.255.255.0
exit
int f1/0.20
encapsulation dot1q
ip add 158.1.1.5 255.255.255.0
exit

R8:

no ip add
exit
int f1/0.10
encapsulation dot1q
ip add 58.1.1.8 255.255.255.0
exit
int f1/0.20
encapsulation dot1q
ip add 158.1.1.8 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 158.1.1.5

R5:
access-list  permit 88.1.1.1
access-list  permit 158.1.1.0 0.0.0.255
access-list  permit 58.1.1.0 0.0.0.255
ip nat inside source list   overload

ip nat outside
exit
int f1/0.20
ip nat inside
exit

R8:
ping 44.1.1.1

R5:
show ip nat translation

配置任务：
1).CE R1站点访问internet,采用的是同一链路访问internet
2).配置CE R2、R7、R9、R10访问internet的流量都通过R1
3).对以上两步提到的CE流量，通过PE R3的时候，做NAT转换，转换为公网地址

R1:
router ospf
default-information originate always
exit

R3:
router bgp
address-family ipv4 vrf yeslab1
default-information originate
exit

R4:
router ospf  vrf yeslab1
default-information originate
exit
router ospf  vrf yeslab2
default-information originate
exit

R6:
router ospf  vrf yeslab1
default-information originate
exit
router ospf  vrf yeslab2
default-information originate
exit
注意：
在PE和CE之间运行OSPF协议的情况下，从一个CE往其他CE注入一条缺省路由的方法比较麻烦，具体配置如上。在CE和PE之间运行EBGP的情况下，注入方法简单，只需要在CE上配置基于PE的EBGP邻居发送缺省路由即可，这条缺省路由就会送到其他各个CE。

R1:
ip route 0.0.0.0 128.0.0.0 13.1.1.3
ip route 128.0.0.0 128.0.0.0 13.1.1.3

R3:
access-list  permit 22.1.1.1
access-list  permit 77.1.1.1
access-list  permit 99.1.1.1
access-list  permit 110.1.1.1

ip nat inside
exit

ip nat outside

ip nat inside source list   vrf yeslab1 overload

R3:
ip route 0.0.0.0 128.0.0.0 34.1.1.4 global
ip route 128.0.0.0 128.0.0.0 34.1.1.4 global

R1:
ping 44.1.1.1 source l0

R9/R10:
ping 55.1.1.1 source l0

R3:
show ip nat translations

R10:
traceroute 44.1.1.1 source l0

10.组播VPN (mVPN)

实验目的:
1).掌握mVPN的配置步骤
2).深入理解mVPN的工作过程和原理
3).深入理解ISP的各项组播路由表项
4).理解vpn的组播流如何穿越ISP网络
5).掌握default mdt向data mdt切换的配置方法
配置任务:
1).基本配置，确保MPLS VPN的站点R8、R9、R10之间可以相互访问
2).配置组播VPPN，R9作为组播源发送组播流量238.1.1.1，R8和R10的loopback0加入组播组238.1.1.1，模拟组播

接受者，确保组播流量能够到达R8和R10下的组播接收者
3).配置default mdt向data mdt的切换

配置MPLS VPN

R2:
int l0
ip add 22.1.1.1 255.255.255.255
exit

ip add 29.1.1.2 255.255.255.0
no shutdown
exit

ip add 23.1.1.2 255.255.255.0
no shutdown
exit

ip add 24.1.1.2 255.255.255.0
no shutdown
exit

mpls ldp router-id l0 force
int l0
ip ospf  area
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

router bgp
bgp router-id 22.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R3:
int l0
ip add 33.1.1.1 255.255.255.255
exit

ip add 23.1.1.3 255.255.255.0
no shutdown
exit

ip add 34.1.1.3 255.255.255.0
no shutdown
exit

ip add 35.1.1.3 255.255.255.0
no shutdown
exit

mpls ldp router-id l0 force
int l0
ip ospf  area
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

router bgp
bgp router-id 33.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 22.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 22.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R4:
int l0
ip add 44.1.1.1
exit

ip add 24.1.1.4 255.255.255.0
no shutdown
exit

ip add 34.1.1.4 255.255.255.0
no shutdown
exit

ip add 46.1.1.4 255.255.255.0
no shutdown
exit

mpls ldp router-id l0 force
int l0
ip ospf  area
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

router bgp
bgp router-id 44.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 22.1.1.1 update-source l0
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 22.1.1.1 activate
neighbor 33.1.1.1 activate
neighbor 55.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R5:
int l0
ip add 55.1.1.1
exit

ip add 56.1.1.5 255.255.255.0
no shutdown
exit

ip add 35.1.1.5 255.255.255.0
no shutdown
exit

ip add 58.1.1.5 255.255.255.0
no shutdown
exit

mpls ldp router-id l0 force
int l0
ip ospf  area
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

router bgp
bgp router-id 55.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 22.1.1.1 update-source l0
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 66.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 22.1.1.1 activate
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 66.1.1.1 activate
exit-address-family
exit

R6:
int l0
ip add 66.1.1.1
exit

ip add 56.1.1.6 255.255.255.0
no shutdown
exit

ip add 46.1.1.6 255.255.255.0
no shutdown
exit

ip add 160.1.1.6 255.255.255.0
no shutdown
exit

int l0
ip ospf  area
exit

ip ospf  area
mpls ip
exit

ip ospf  area
mpls ip
exit

router bgp
bgp router-id 66.1.1.1
no bgp default ipv4-unicast
neighbor
neighbor 22.1.1.1 update-source l0
neighbor
neighbor 33.1.1.1 update-source l0
neighbor
neighbor 44.1.1.1 update-source l0
neighbor
neighbor 55.1.1.1 update-source l0
address-family vpnv4 unicast
neighbor 22.1.1.1 activate
neighbor 33.1.1.1 activate
neighbor 44.1.1.1 activate
neighbor 55.1.1.1 activate
exit-address-family
exit

R8:
int l0
ip add 88.1.1.1
ip ospf  area
exit

ip add 58.1.1.8 255.255.255.0
ip ospf  area
no shutdown
exit

R9:
int l0
ip add 99.1.1.1
ip ospf  area
exit

ip add 29.1.1.9 255.255.255.0
ip ospf  area
no shutdown
exit

R10:
int l0
ip add 110.1.1.1
ip ospf  area
exit

ip add 160.1.1.10 255.255.255.0
ip ospf  area
no shutdown
exit

-------------------------------------------------------------------------------------------------
R2:
ip vrf mvpn
rd :
route-target :
exit

ip vrf forwarding mvpn
ip add 29.1.1.2 255.255.255.0
exit

router ospf  vrf mvpn
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf mvpn
redistribute ospf  match internal external
exit-address-family

R5:
ip vrf mvpn
rd :
route-target :
exit

ip vrf forwarding mvpn
ip add 58.1.1.5 255.255.255.0
exit

router ospf  vrf mvpn
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf mvpn
redistribute ospf  match internal external
exit-address-family

R6:
ip vrf mvpn
rd :
route-target :
exit

ip vrf forwarding mvpn
ip add 160.1.1.6 255.255.255.0
exit

router ospf  vrf mvpn
network
redistribute bgp  subnets
exit

router bgp
address-family ipv4 vrf mvpn
redistribute ospf  match internal external
exit-address-family
exit

配置任务：全网采用BSR的方式通告R3的loopback0接口为RP

R2:
ip multicast-routing

ip pim sparse-mode
exit

ip pim sparse-mode
exit

R3:
ip multicast-routing
int l0
ip pim sparse-mode
exit

ip pim sparse-mode
exit

ip pim sparse-mode
exit

ip pim sparse-mode
exit
ip pim bsr-candidate l0
ip pim rp-candidate l0

R4:
ip multicast-routing

ip pim sparse-mode
exit

ip pim sparse-mode
exit

ip pim sparse-mode
exit

R5:
ip multicast-routing

ip pim sparse-mode
exit

ip pim sparse-mode
exit

R6:
ip multicast-routing

ip pim sparse-mode
exit

ip pim sparse-mode
exit

R4:
show ip pim neighbor
show ip pim rp mapping

R2:
ip multicast-routing vrf mvpn

ip pim sparse-mode
exit
int l0
ip pim sparse-mode
exit
vrf definition mvpn
address-family ipv4
mdt default 239.1.1.1
exit-address-family
exit

R5:
ip multicast-routing vrf mvpn

ip pim sparse-mode
exit
int l0
ip pim sparse-mode
exit
vrf definition mvpn
address-family ipv4
mdt default 239.1.1.1
exit-address-family
exit

R6:
ip multicast-routing vrf mvpn

ip pim sparse-mode
exit
int l0
ip pim sparse-mode
exit
vrf definition mvpn
address-family ipv4
mdt default 239.1.1.1
exit-address-family
exit
PE设备的loopback0接口必须使能组播，这样才能确保PE之间通过MIT彼此形成vrf mvpn的pim邻居关系

R2:
show ip pim vrf mvpn neighbor
show
show ip mroute

ip pim vrf mvpn bsr-candidate f1/
ip pim vrf mvpn rp-candidate f1/

R8/R9:
ip multicast-routing

ip pim sparse-mode
exit
int l0
ip pim sparse-mode
ip igmp join-group 238.1.1.1
exit

show ip pim rp mapping
show ip mroute

R9:
ping 238.1.1.1 source l0

R8:
debug ip icmp

R9:
ping 238.1.1.1 source l0
R9发送组播的时候采用了多个接口的IP地址作为源，发送了多个组播报文。

配置任务：
当某个组播组在default mdt的流量大于1kbps的时候，该组播流切换到data mdt 237.1.1.1中。
R2/R5/R6:
vrf definition mvpn
address-family ipv4
mdt data 237.1.1.1 0.0.0.0 threshold 1
exit-address-family
exit

R9:
ping 238.1.1.1 source l0 repeat 1000

R2/R5/R6:
show ip mroute

说明：
原始的组播包在PE设备上被封装到GRE，GRE包的source IP是PE的loopback0接口，就是建立BGP session用的IP地址，GRE的destination IP是data mdt的组地址，说明封装后的数据包是以组播包的形式穿越ISP的网络，因此ISP必须支持组播。当组播包到达其他PE时，如果该PE设备连接的VPN网络有组播接收者，该PE就解开GRE报文，获得原始的组播报文，转发到CE站点；如果PE设备连接的VPN网络没有组播接收者，PE丢弃该报文

11.Inter AS MPLS VPN (Option A)
实验目的:
掌握域间MPLS VPN的option A的配置方法
掌握ASBR之间运行OSPF时碰到的问题及其解决方法
掌握互联ASBR的接口如何起多个子接口的方法

12.Inter AS MPLS VPN (Option B)
实验目的:
掌握域间MPLS VPN的option B的配置方法
观察MPLS VPN数据包穿过ASBR之间的链路时的标签情况
观察VPNv4路由下一跳更改时对应的内层标签的更改
观察外层LSP的标签通道形成情况

13.Inter AS MPLS VPN (Option C)
实验目的:
掌握域间MPLS VPN的option C的配置方法
掌握不同AS的PE与PE之间建立MP-EBGP的方法
掌握不同AS的VPNv4 RR之间建立MP-EBGP的方法
重点掌握外层LSP的不同形成方法

14.CSC - Carrier Support Carrier
15.6vPE
16.MPLS TE各种情况
17.PMLS TE FRR

码农公寓

相关文章