文章目录
实验目的
A-Hub 与 A-Spoke 为同一家公司的两地网络,B-Hub 与 B-Spoke 为另一家公司的两地网络,AR1、AR2、AR3 为运营商网络,内部 IGP 使用 OSPF 连通,外网构建 BGP 网络;各个 CE 与PE 之间部署运行 EBGP,且 A-Hub 与 A-Spoke 使用相同的 AS号码,B-Hub 与 B-Spoke 使用相同的 AS 号码;令 RTA 与 RTC
之间实现 MPLS VPN,在穿越 BGP 网络环境下实现公司内部的通信
RD+RT
RT是属性(RT【RouteTarget】路由标记;BGP的扩展community属性)
RD是数值(RD【Route Distinguisher】路由区分器)
更新与撤销,都会携带RD值;在IPv4前缀前加上RD,转换为全局唯一的VPN-IPv4路由
RD的结构使得每个运营商可以独立地分配RD,但为了在某些应用场景下保证路由正常,
必须保证RD全局唯一(其实推荐每个客户一个RD)
RT的本质是每个VPN实例表达自己的路由取舍及喜好的方式(RT在路由学习时区分)
一、基础配置
基础配置,端口IP
//防止自动退出
user-interface con 0
idle-timeout 0 0
q
1、AR1、AR2、AR3 使用OSPF
AR1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.252
interface GigabitEthernet0/0/1
ip address 14.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
ip address 15.1.1.1 255.255.255.252
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 router-id 1.1.1.1
area 0
network 12.1.1.1 0.0.0.3
AR2
system-view
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 23.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf 1 router-id 2.2.2.2
area 0
network 12.1.1.2 0.0.0.3
network 23.1.1.1 0.0.0.3
network 2.2.2.2 0.0.0.0
AR3
sys
interface GigabitEthernet0/0/0
ip address 23.1.1.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 36.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
ip address 37.1.1.1 255.255.255.252
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 router-id 3.3.3.3
area 0
net 23.1.1.0 0.0.0.255
net 3.3.3.3 0.0.0.0
AR2查看OSPF关系是否正常启动
[Huawei]dis ospf peer br
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full
0.0.0.0 GigabitEthernet0/0/1 3.3.3.3 Full
----------------------------------------------------------------------------
2、AR1-AR3 起BGP
AR1-AR3 起BGP
AR1
[Huawei]BGP 100
[Huawei-bgp]peer 3.3.3.3 as-number 100
[Huawei-bgp]peer 3.3.3.3 connect-interface lo 0
AR3
[Huawei-ospf-1]bgp 100
[Huawei-bgp]peer 1.1.1.1 as-number 100
[Huawei-bgp]peer 1.1.1.1 connect-interface lo 0
AR1-AR3 使能对等体交换 BGP-VPNv4 路由信息
AR1
[Huawei-bgp]ipv4-family vpnv4
[Huawei-bgp-af-vpnv4]peer 3.3.3.3 enable
AR3
[Huawei-bgp]ipv4-family vpnv4
[Huawei-bgp-af-vpnv4]peer 1.1.1.1 enable
BGP-VPNv4查看BGP邻居关系
[Huawei-bgp]dis bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv
3.3.3.3 4 100 2 3 0 00:00:37 Established 0
3、 全局开启MPLS LDP
R1 (只有G0/0/0需要使用LDP,G0/0/1使用MP-BGP)
[Huawei]mpls lsr-id 1.1.1.1
[Huawei]mpls
Info: Mpls starting, please wait... OK!
[Huawei-mpls]mpls ldp
[Huawei-mpls-ldp]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
R2
[Huawei]mpls lsr-id 2.2.2.2
[Huawei]mpls
Info: Mpls starting, please wait... OK!
[Huawei-mpls]mpls ldp
[Huawei-mpls-ldp]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls
[Huawei-GigabitEthernet0/0/1]mpls ldp
R3
[Huawei]mpls ls 3.3.3.3
[Huawei]mpls
Info: Mpls starting, please wait... OK!
[Huawei-mpls]mpls ldp
[Huawei-mpls-ldp]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
查看LDP关系
AR3上执行display mpls ldp session命令可以看到与相邻的LDP对等体关系
Status为“Operational”。
(推荐每步都查看下状态,避免累计到最后排障困难)
[Huawei]dis mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 0000:00:39 158/158
3.3.3.3:0 Operational DU Passive 0000:00:35 144/144
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
4.R1、R3 配置 VRF (Vpn-instance)
R1 配置VRF并绑定端口(端口地址会被清除,重新配置)
RD建议每客户全局唯一,RT可以相同(RT决定这个路由我收不收)
R1与A-Hub的互联接口
[Huawei]ip vpn-instance A
[Huawei-vpn-instance-A]route-distinguisher 100:1
[Huawei-vpn-instance-A-af-ipv4]vpn-target 100:1
[Huawei-vpn-instance-A-af-ipv4]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip binding vpn-instance A
[Huawei-GigabitEthernet0/0/1]ip add 14.1.1.1 30
R1与B-Hub的互联接口
[Huawei]ip vpn-instance B
[Huawei-vpn-instance-B]route-distinguisher 200:1
[Huawei-vpn-instance-B-af-ipv4]vpn-target 200:1
[Huawei-vpn-instance-B-af-ipv4]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip binding vpn-instance B
[Huawei-GigabitEthernet0/0/2]ip add 15.1.1.1 30
R3 配置VRF (VPN实例)
ip vpn-instance A
route-distinguisher 100:1
vpn-target 100:1
int g0/0/1
ip binding vpn-instance A
ip add 36.1.1.1 30
ip vpn-instance B
route-distinguisher 200:1
vpn-target 200:1
int g0/0/2
ip binding vpn-instance B
ip add 37.1.1.1 30
二、CE、PE 起EBGP关系
A-Hub 、AR1
A-Hub
[Huawei]bgp 200
[Huawei-bgp]peer 14.1.1.1 as-number 100
[Huawei-bgp]peer 14.1.1.1 ebgp-max-hop 2
[Huawei-bgp]peer 14.1.1.1 connect-interface GigabitEthernet 0/0/0
AR1
[Huawei]bgp 100
[Huawei-bgp]ipv4-family vpn-instance A
[Huawei-bgp-A]peer 14.1.1.2 as 200
[Huawei-bgp-A]peer 14.1.1.2 ebgp-max-hop 2
[Huawei-bgp-A]peer 14.1.1.2 connect-interface g0/0/1
查看BGP关系
[Huawei-bgp]dis bgp peer
BGP local router ID : 14.1.1.2
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
14.1.1.1 4 100 2 5 0 00:00:02 Established
B-Hub 、AR1
查看BGP关系一直处于 Idle状态,查看发现B-Hub BGP AS号未按照规划使用
undo bgp 重新 进入 bgp as 300
B-Hub
bgp 200
peer 15.1.1.1 as-number 100
peer 15.1.1.1 ebgp-max-hop 2
peer 15.1.1.1 connect-interface GigabitEthernet 0/0/0
AR1
bgp 100
ipv4-family vpn-instance B
peer 15.1.1.2 as 300
peer 15.1.1.2 ebgp-max-hop 2
peer 15.1.1.2 connect-interface g0/0/2
A-Spoke、AR3
A-Spoke
bgp 200
peer 36.1.1.1 as-number 100
peer 36.1.1.1 ebgp-max-hop 2
peer 36.1.1.1 connect-interface GigabitEthernet 0/0/0
AR3
bgp 100
ipv4-family vpn-instance A
peer 36.1.1.2 as 200
peer 36.1.1.2 ebgp-max-hop 2
peer 36.1.1.2 connect-interface g0/0/1
B-Spoke、AR3(关系未启动,查看是接口绑定VPN 关系错误,有提示黏贴的时候没注意)
B-Spoke
bgp 300
peer 37.1.1.1 as-number 100
peer 37.1.1.1 ebgp-max-hop 2
peer 37.1.1.1 connect-interface GigabitEthernet 0/0/0
AR3
bgp 100
ipv4-family vpn-instance B
peer 37.1.1.2 as 300
peer 37.1.1.2 ebgp-max-hop 2
peer 37.1.1.2 connect-interface g0/0/2
测试排障
A
[Huawei-bgp]int lo 1
[Huawei-LoopBack1]ip address 192.168.1.1 24
[Huawei-LoopBack1]bgp 200
[Huawei-bgp]net 192.168.1.0
B
[Huawei-bgp]int lo 1
[Huawei-LoopBack1]ip add 172.168.1.1 24
[Huawei-bgp]net 172.168.1.1 24
可以查看到 PE (AR1)收到了192.168.2.1的路由但是 A-Hub却没有收到
AR1
[Huawei-bgp]dis bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 1.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.1.0 14.1.1.2 0 0 200i
*>i 192.168.2.1/32 3.3.3.3 0 100 0 200i
A-Hub
[Huawei-bgp]dis bgp routing-table
BGP Local router ID is 14.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.1.0 0.0.0.0 0 0 i
IBGP:运行于同一AS内部的BGP称为IBGP。为防止AS内产生环路,BGP设备不将从IBGP对等体学习到的路由发布给其他IBGP对等体
在MPLS VPN场景中,若PE与CE之间运行EBGP交互路由信息,则可能会出现两个站点的AS号相同的情况
若CE1通过EBGP向PE1发送一条私网路由,并经过PE2发送到CE2,则CE2会由于AS号重复丢弃这条路由,
导致属于同一VPN的Site 1和Site 2之间无法连通
*
peer substitute-as
执行此命令后,当PE向指定对等体中的CE发布路由时,如果路由的AS_Path中有与CE相同的AS号,将被替换成PE的AS号后再发布。
说明:peer substitute-as仅适用于BGP MPLS IP/VPN里的PE设备上,配置不当会引起路由环路,请谨慎使用。
进入AR1
[Huawei-bgp]ipv4-family vpn-instance A
[Huawei-bgp-A]peer 14.1.1.2 substitute-as
再次查看 A-Hub的路由条目
但是此时没有在R3上进行对于A-Hub的AS号替换
此时 A-Spoke路由条目依旧不正常
[Huawei-bgp]dis bgp routing-table
BGP Local router ID is 36.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.2.1/32 0.0.0.0 0 0 i
AR3
[Huawei-bgp]ipv4-family vpn-instance A
[Huawei-bgp-A]peer 36.1.1.2 substitute-as
此时从Ahub ping A spoke
[Huawei-bgp]ping -a 192.168.1.1 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=252 time=50 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=252 time=50 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=252 time=40 ms