为了进一步了解BGP/MPLS VPN,先搭建一个MPLS Lab。
简述CCNP配置实验步骤:
1、准备P-network
1.1配置接口和IGP
1.2定义VPN
1.3配置PE-PE的路由会话
1.4配置PE-CE的路由会话
2、配置CE路由器
下面详细讲解CCNP配置实验,CCNP-BGP/MPLS VPN配置步骤如下:
CCNP配置实验之一:准备P-network
1.1配置接口和IGP
- router P
- !
- ip cef
- !
- interface Loopback0
- ip address 1.1.1.1 255.255.255.255
- !
- interface Serial1/0
- ip unnumbered Loopback0
- mpls ip
- !
- interface Serial1/1
- ip unnumbered Loopback0
- mpls
- !
- router ospf 1
- log-adjacency-changes
- network 1.1.1.1 0.0.0.0 area 0
- Router PEA
- !
- ip cef
- !
- interface Loopback0
- ip address 1.1.1.2 255.255.255.255
- !
- interface Serial1/1
- ip unnumbered Loopback0
- mpls ip
- !
- router ospf 1
- log-adjacency-changes
- network 1.1.1.2 0.0.0.0 area 0
- Router PEB
- !
- ip cef
- !
- interface Loopback0
- ip address 1.1.1.3 255.255.255.255
- !
- interface Serial1/0
- ip unnumbered Loopback0
- mpls ip
- !
- router ospf 1
- log-adjacency-changes
- network 1.1.1.3 0.0.0.0 area 0
主要完成下列任务:
在全局模式打开赛虎CEF,CEF是运行MPLS所必须的;
配置相应的IP地址和完成IGP(OSPF)的配置;
在接口启用MPLS交换。
#p#
1.2在PE定义VPN
主要完成下列任务:
定义vrf,定义不同的vpn路由选择和转发实例;
用RD(Router Distinguisher)标识VPN,为用户VPN创建路由选择和转发表;
从或者向vpn扩展公用体导入导出路由选择信息;
把VRF和接口或子接口关联起来。
- Router PEA
- !
- ip vrf vpn-a
- rd 65001:1
- route-target export 65001:1
- route-target import 65001:1
- !
- ip vrf vpn-b
- rd 65001:2
- route-target export 65001:2
- route-target import 65001:2
- interface Serial1/0
- ip vrf forwarding vpn-a
- ip address 172.16.3.1 255.255.255.0
- !
- interface Serial1/2
- ip vrf forwarding vpn-b
- ip address 172.16.5.1 255.255.255.252
- Router PEB
- !
- ip vrf vpn-a
- rd 65001:1
- route-target export 65001:1
- route-target import 65001:1
- !
- ip vrf vpn-b
- rd 65001:2
- route-target export 65001:2
- route-target import 65001:2
- !
- interface Serial1/1
- ip vrf forwarding vpn-a
- ip address 172.16.4.1 255.255.255.0
- !
- interface Serial1/2
- ip vrf forwarding vpn-b
- ip address 172.16.5.5 255.255.255.252
- !
1.3配置PE-PE的路由会话
配置PE-PE的路由主要完成下列任务:
启用BGP;
关闭ipv4单播前缀的通告;
配置PE的邻居PE;
激活IPv4到邻居的通告。
- Router PEA
- !
- router bgp 4837
- no bgp default ipv4-unicast
- bgp log-neighbor-changes
- neighbor 1.1.1.3 remote-as 4837
- neighbor 1.1.1.3 update-source Loopback0
- !
- address-family vpnv4
- neighbor 1.1.1.3 activate
- neighbor 1.1.1.3 send-community extended
- exit-address-family
- !
- Router PEB
- !
- router bgp 4837
- no synchronization
- bgp log-neighbor-changes
- neighbor 1.1.1.2 remote-as 4837
- neighbor 1.1.1.2 update-source Loopback0
- no auto-summary
- !
- address-family vpnv4
- neighbor 1.1.1.2 activate
- neighbor 1.1.1.2 send-community extended
- exit-address-family
- !
1.4配置BGP4的PE-CE的路由选择会话
- Router PEA
- !
- router bgp 4837
- no bgp default ipv4-unicast
- bgp log-neighbor-changes
- neighbor 1.1.1.3 remote-as 4837
- neighbor 1.1.1.3 update-source Loopback0
- !
- address-family vpnv4
- neighbor 1.1.1.3 activate
- neighbor 1.1.1.3 send-community extended
- exit-address-family
- !
- address-family ipv4 vrf vpn-b
- neighbor 172.16.5.2 remote-as 65003
- neighbor 172.16.5.2 activate
- no synchronization
- network 172.16.5.0 mask 255.255.255.252
- exit-address-family
- !
- address-family ipv4 vrf vpn-a
- neighbor 172.16.3.2 remote-as 65001
- neighbor 172.16.3.2 activate
- no synchronization
- network 172.16.3.0 mask 255.255.255.0
- exit-address-family
- Router PEB
- router bgp 4837
- no synchronization
- bgp log-neighbor-changes
- neighbor 1.1.1.2 remote-as 4837
- neighbor 1.1.1.2 update-source Loopback0
- no auto-summary
- !
- address-family vpnv4
- neighbor 1.1.1.2 activate
- neighbor 1.1.1.2 send-community extended
- exit-address-family
- !
- address-family ipv4 vrf vpn-b
- neighbor 172.16.5.6 remote-as 65004
- neighbor 172.16.5.6 activate
- no synchronization
- network 172.16.5.4 mask 255.255.255.252
- exit-address-family
- !
- address-family ipv4 vrf vpn-a
- neighbor 172.16.4.2 remote-as 65002
- neighbor 172.16.4.2 activate
- no synchronization
- network 172.16.4.0 mask 255.255.255.0
- exit-address-family
- !
#p#
CCNP配置实验之二:配置CE路由器
- Router CED
- !
- interface Loopback0
- ip address 192.168.100.1 255.255.255.0
- !
- interface Serial1/0
- ip address 172.16.5.6 255.255.255.252
- !
- router bgp 65004
- bgp log-neighbor-changes
- neighbor 172.16.5.5 remote-as 4837
- !
- address-family ipv4
- neighbor 172.16.5.5 activate
- no auto-summary
- no synchronization
- network 192.168.100.0
- exit-address-family
- !
- Router CEC
- !
- interface Loopback0
- ip address 192.168.10.1 255.255.255.0
- !
- interface Serial1/1
- ip address 172.16.5.2 255.255.255.252
- !
- router bgp 65003
- bgp log-neighbor-changes
- neighbor 172.16.5.1 remote-as 4837
- !
- address-family ipv4
- neighbor 172.16.5.1 activate
- no auto-summary
- no synchronization
- network 192.168.10.0
- exit-address-family
- !
- Router CEA
- !
- interface Loopback0
- ip address 10.10.0.1 255.255.0.0
- !
- interface Serial1/1
- ip address 172.16.3.2 255.255.255.0
- !
- router bgp 65001
- no synchronization
- bgp log-neighbor-changes
- network 10.10.0.0 mask 255.255.0.0
- neighbor 172.16.3.1 remote-as 4837
- no auto-summary
- !
- Router CEB
- !
- interface Loopback0
- ip address 10.20.0.1 255.255.0.0
- !
- interface Loopback1
- ip address 10.40.0.1 255.255.0.0
- !
- interface Serial1/0
- ip address 172.16.4.2 255.255.255.0
- !
- router bgp 65002
- no synchronization
- bgp log-neighbor-changes
- network 10.20.0.0 mask 255.255.0.0
- network 10.40.0.0 mask 255.255.0.0
- neighbor 172.16.4.1 remote-as 4837
- no auto-summary
- !
CCNP配置实验结果验证:
- CEA# show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- 172.16.0.0/24 is subnetted, 2 subnets
- B 172.16.4.0 [20/0] via 172.16.3.1, 00:06:50
- C 172.16.3.0 is directly connected, Serial1/1
- 10.0.0.0/16 is subnetted, 3 subnets
- C 10.10.0.0 is directly connected, Loopback0
- B 10.20.0.0 [20/0] via 172.16.3.1, 00:06:50
- B 10.40.0.0 [20/0] via 172.16.3.1, 00:06:50
- CEA#
- CEA#ping ip
- Target IP address: 10.40.0.1
- Repeat count [5]:
- Datagram size [100]:
- Timeout in seconds [2]: 10
- Extended commands [n]:
- Sweep range of sizes [n]:
- Type escape sequence to abort.
- Sending 5, 100-byte ICMP Echos to 10.40.0.1, timeout is 10 seconds:
- !!!!!
- Success rate is 100 percent (5/5), round-trip min/avg/max = 1400/2528/4192 ms
- CEA#
- CEC# show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-
- ia - IS-IS inter area, * - candidate default, U - per-user static ro
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- C 192.168.10.0/24 is directly connected, Loopback0
- 172.16.0.0/30 is subnetted, 2 subnets
- C 172.16.5.0 is directly connected, Serial1/1
- B 172.16.5.4 [20/0] via 172.16.5.1, 00:09:20
- B 192.168.100.0/24 [20/0] via 172.16.5.1, 00:09:20
- CEC#
- CEC#ping ip
- Target IP address: 192.168.100.1
- Repeat count [5]:
- Datagram size [100]:
- Timeout in seconds [2]: 10
- Extended commands [n]:
- Sweep range of sizes [n]:
- Type escape sequence to abort.
- Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 10 seconds:
- !!!!.
- Success rate is 80 percent (4/5), round-trip min/avg/max = 1256/1972/3144 ms
- CEC#
Comment:
终于在我的小本上实现了CCNP配置实验之BGP/MPLS VPN,算是先僵化吧,当然还要继续固化,最后才有可能优化。
【编辑推荐】
