CCIE K4知識點:配置靜態路由之MPLS VPN實驗
大家好,今天我給大家演示一下PE與CE之間如何通過靜態路由來實現MPLS VPN。實驗本身并不難,目的在于如何去理解實現的原理、方法與步驟。
廢話不說,我們開始進入主題。
拓撲:
說明:
1. 所有的路由器都起環回口:x.x.x.x/24
2. R1為公司總部,R7和R8分別為分公司。
3. R2-R4-R6建立IBGP,并且R4為RR
4. 要求在SP內部通過部署MPLS VPN,并且所有的CE和PE之間均為靜態路由。使得分公司均能與總公司通信,但分公司之間無法通信。
擴展訓練:
1. 要求總公司與分公司之間可以進行互訪,而且分公司之間也可以進行互訪,但必須通過總公司繞行來進行互訪。
配置:
1. 底層預配:
說明:所有的串口都是通過FR相連的。 Router>en
Router#conf t
Router(config)#host CE-R1
CE-R1(config)#no ip do loo
CE-R1(config)#line co 0
CE-R1(config-line)#exec-t 0 0
CE-R1(config-line)#logging sy
CE-R1(config-line)#int s1/0
CE-R1(config-if)#en fr
CE-R1(config-if)#no arp fr
CE-R1(config-if)#no frame inv
CE-R1(config-if)#ip add 12.12.12.1 255.255.255.0
CE-R1(config-if)#frame map ip 12.12.12.2 102 b
CE-R1(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router(config)#host PE-R2
PE-R2(config)#no ip do loo
PE-R2(config)#line con 0
PE-R2(config-line)#exec-t 0 0
PE-R2(config-line)#logging sy
PE-R2(config-line)#int loo0
PE-R2(config-if)#ip add 2.2.2.2 255.255.255.0
PE-R2(config-if)#int s1/0
PE-R2(config-if)#en fr
PE-R2(config-if)#no arp fr
PE-R2(config-if)#no frame inv
PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0
PE-R2(config-if)#frame map ip 12.12.12.1 201 b
PE-R2(config-if)#no shut
PE-R2(config-if)#int s1/1
PE-R2(config-if)#en fr
PE-R2(config-if)#no arp fr
PE-R2(config-if)#no frame inv
PE-R2(config-if)#ip add 23.23.23.2 255.255.255.0
PE-R2(config-if)#frame map ip 23.23.23.3 213 b
PE-R2(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router(config)#host P-R3
P-R3(config)#no ip do loo
P-R3(config)#line co 0
P-R3(config-line)#exec-t 0 0
P-R3(config-line)#logging sy
P-R3(config-line)#int loo0
P-R3(config-if)#ip add 3.3.3.3 255.255.255.0
P-R3(config-if)#int s1/1
P-R3(config-if)#en fr
P-R3(config-if)#no arp fr
P-R3(config-if)#no frame inv
P-R3(config-if)#ip add 23.23.23.3 255.255.255.0
P-R3(config-if)#frame map ip 23.23.23.2 312 b
P-R3(config-if)#no shut
P-R3(config-if)#int s1/0
P-R3(config-if)#en fr
P-R3(config-if)#no arp fr
P-R3(config-if)#no frame inv
P-R3(config-if)#ip add 34.34.34.3 255.255.255.0
P-R3(config-if)#frame map ip 34.34.34.4 304 b
P-R3(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router (config)#host P-RR-R4
P-RR-R4(config)#no ip do loo
P-RR-R4(config)#line con 0
P-RR-R4(config-line)#exec-t 0 0
P-RR-R4(config-line)#logging sy
P-RR-R4(config-line)#int loo0
P-RR-R4(config-if)#ip add 4.4.4.4 255.255.255.0
P-RR-R4(config-if)#int s1/0
P-RR-R4(config-if)#en fr
P-RR-R4(config-if)#no arp fr
P-RR-R4(config-if)#no frame inv
P-RR-R4(config-if)#ip add 34.34.34.4 255.255.255.0
P-RR-R4(config-if)#frame map ip 34.34.34.3 403 b
P-RR-R4(config-if)#no shut
P-RR-R4(config-if)#int s1/1
P-RR-R4(config-if)#en fr
P-RR-R4(config-if)#no arp fr
P-RR-R4(config-if)#no frame inv
P-RR-R4(config-if)#ip add 45.45.45.4 255.255.255.0
P-RR-R4(config-if)#frame map ip 45.45.45.5 415 b
P-RR-R4(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router(config)#host P-R5
P-R5(config)#no ip do loo
P-R5(config)#line con 0
P-R5(config-line)#exec-t 0 0
P-R5(config-line)#logging sy
P-R5(config-line)#int loo0
P-R5(config-if)#ip add 5.5.5.5 255.255.255.0
P-R5(config-if)#int s1/1
P-R5(config-if)#en fr
P-R5(config-if)#no arp fr
P-R5(config-if)#no frame inv
P-R5(config-if)#ip add 45.45.45.5 255.255.255.0
P-R5(config-if)#frame map ip 45.45.45.4 514 b
P-R5(config-if)#no shut
P-R5(config-if)#int s1/0
P-R5(config-if)#en fr
P-R5(config-if)#no arp fr
P-R5(config-if)#no frame inv
P-R5(config-if)#ip add 56.56.56.5 255.255.255.0
P-R5(config-if)#frame map ip 56.56.56.6 506 b
P-R5(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router(config)#host PE-R6
PE-R6(config)#no ip do loo
PE-R6(config)#line con 0
PE-R6(config-line)#exec-t 0 0
PE-R6(config-line)#int loo0
PE-R6(config-if)#ip add 6.6.6.6 255.255.255.0
PE-R6(config-if)#int s1/0
PE-R6(config-if)#en fr
PE-R6(config-if)#no arp fr
PE-R6(config-if)#no frame inv
PE-R6(config-if)#ip add 56.56.56.6 255.255.255.0
PE-R6(config-if)#frame map ip 56.56.56.5 605 b
PE-R6(config-if)#no shut
PE-R6(config-if)#int s1/1
PE-R6(config-if)#en fr
PE-R6(config-if)#no arp f
PE-R6(config-if)#no frame inv
PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0
PE-R6(config-if)#frame map ip 67.67.67.
PE-R6(config-if)#no shut
PE-R6(config-if)#int f0/0
PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0
PE-R6(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router#conf t
Router(config)#host CE-R7
CE-R7(config)#no ip do loo
CE-R7(config)#line co 0
CE-R7(config-line)#exec-t 0 0
CE-R7(config-line)#logging sy
CE-R7(config-line)#int s1/1
CE-R7(config-if)#en fr
CE-R7(config-if)#no arp fr
CE-R7(config-if)#no frame inv
CE-R7(config-if)#ip add 67.67.67.7 255.255.255.0
CE-R7(config-if)#frame map ip 67.67.67.6 716 b
CE-R7(config-if)#no shut
----------------------------------------------------------------------------------------------------------------------
Router>en
Router(config)#host CE-R8
CE-R8(config)#no ip do loo
CE-R8(config)#line con 0
CE-R8(config-line)#exec-t 0 0
CE-R8(config-line)#logging sy
CE-R8(config-line)#int loo0
CE-R8(config-if)#ip add 8.8.8.8 255.255.255.0
CE-R8(config-if)#int f0/0
CE-R8(config-if)#ip add 68.68.68.8 255.255.255.0
CE-R8(config-if)#no shut
2.測試底層的連通性 CE-R1#ping 12.12.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/33/48 ms
----------------------------------------------------------------------------------------------------------------------
PE-R2#ping 23.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/40 ms
----------------------------------------------------------------------------------------------------------------------
P-R3#ping 34.34.34.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.34.34.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/48 ms
----------------------------------------------------------------------------------------------------------------------
P-RR-R4#ping 45.45.45.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 45.45.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/44 ms
----------------------------------------------------------------------------------------------------------------------
P-R5#ping 56.56.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 56.56.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/44 ms
----------------------------------------------------------------------------------------------------------------------
PE-R6#ping 67.67.67.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 67.67.67.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/34/48 ms
----------------------------------------------------------------------------------------------------------------------
PE-R6#ping 68.68.68.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 68.68.68.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/44 ms
3. 配置SP骨干網內部IGP協議——OSPF,要求網絡接口類型統一為point-to-point PE-R2(config)#router ospf 100
PE-R2(config-router)#router-id 2.2.2.2
PE-R2(config-router)#net 2.2.2.0 0.0.0.255 a 0
PE-R2(config-router)#net 23.23.23.0 0.0.0.255 a 0
PE-R2(config-router)#int s1/1
PE-R2(config-if)#ip ospf net point-to-p
PE-R2(config-if)#int loo0
PE-R2(config-if)#ip ospf network point-to-p
----------------------------------------------------------------------------------------------------------------------
P-R3(config)#router ospf 100
P-R3(config-router)#router-id 3.3.3.3
P-R3(config-router)#net 3.3.3.0 0.0.0.255 a 0
P-R3(config-router)#net 23.23.23.0 0.0.0.255 a 0
P-R3(config-router)#net 34.34.34.0 0.0.0.255 a 0
P-R3(config-router)#int s1/1
P-R3(config-if)#ip ospf net point-to-p
P-R3(config-router)#int s1/0
P-R3(config-if)#ip ospf net point-to-point
P-R3(config-if)#int loo0
P-R3(config-if)#ip ospf net point-to-p
----------------------------------------------------------------------------------------------------------------------
P-RR-R4(config)#router ospf 100
P-RR-R4(config-router)#routere
P-RR-R4(config-router)#router
P-RR-R4(config-router)#router-id 4.4.4.4
P-RR-R4(config-router)#net 4.4.4.0 0.0.0.255 a 0
P-RR-R4(config-router)#net 34.34.34.0 0.0.0.255 a 0
P-RR-R4(config-router)#net 45.45.45.0 0.0.0.255 a 0
P-RR-R4(config-router)#int s1/0
P-RR-R4(config-if)#ip ospf net po
P-RR-R4(config-if)#ip ospf net point-to-p
P-RR-R4(config-if)#int s1/1
P-RR-R4(config-if)#ip ospf net point-to-p
P-RR-R4(config-if)#int loo0
P-RR-R4(config-if)#ip ospf net point-to-p
----------------------------------------------------------------------------------------------------------------------
P-R5(config)#router ospf 100
P-R5(config-router)#router-id 5.5.5.5
P-R5(config-router)#net 5.5.5.0 0.0.0.255 a 0
P-R5(config-router)#net 45.45.45.0 0.0.0.255 a 0
P-R5(config-router)#net 56.56.56.0 0.0.0.255 a 0
P-R5(config-router)#int s1/1
P-R5(config-if)#ip ospf net point-to-p
P-R5(config-if)#int s1/0
P-R5(config-if)#ip ospf net point-to-p
P-R5(config-if)#int loo0
P-R5(config-if)#ip ospf net point-to-p
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#router ospf 100
PE-R6(config-router)#router-id 6.6.6.6
PE-R6(config-router)#net 6.6.6.0 0.0.0.255 a 0
PE-R6(config-router)#net 56.56.56.0 0.0.0.255 a 0
PE-R6(config-router)#int s1/0
PE-R6(config-if)#ip ospf net point-to-p
PE-R6(config-if)#int loo0
PE-R6(config-if)#ip ospf network point-to-p
----------------------------------------------------------------------------------------------------------------------
測試連通性:
PE-R2#ping 6.6.6.6 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/72 ms
4. 在SP骨干網內部配置LDP,并保證標簽能夠正常轉發 PE-R2(config)#mpls ldp router-id loo0
PE-R2(config)#mpls label range 200 299
PE-R2(config)#int s1/1
PE-R2(config-if)#mpls ip
----------------------------------------------------------------------------------------------------------------------
P-R3(config)#mpls ldp router-id loo0
P-R3(config)#mpls label range 300 399
P-R3(config)#int s1/1
P-R3(config-if)#mpls ip
P-R3(config-if)#int s1/0
P-R3(config-if)#mpls ip
----------------------------------------------------------------------------------------------------------------------
P-RR-R4(config)#mpls ldp router loo0
P-RR-R4(config)#mpls label range 400 499
P-RR-R4(config)#int s1/1
P-RR-R4(config-if)#mpls ip
P-RR-R4(config-if)#int s1/0
P-RR-R4(config-if)#mpls ip
----------------------------------------------------------------------------------------------------------------------
P-R5(config)#mpls ldp router-id loo0
P-R5(config)#mpls label range 500 599
P-R5(config)#int s1/1
P-R5(config-if)#mpls ip
P-R5(config-if)#int s1/0
P-R5(config-if)#mpls ip
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#mpls ldp router loo0
PE-R6(config)#mpls label range 600 699
PE-R6(config)#int s1/0
PE-R6(config-if)#mpls ip
----------------------------------------------------------------------------------------------------------------------
進行標簽追蹤
PE-R2#traceroute 6.6.6.6
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 23.23.23.3 [MPLS: Label 302 Exp 0] 84 msec 56 msec 80 msec
2 34.34.34.4 [MPLS: Label 403 Exp 0] 84 msec 76 msec 76 msec
3 45.45.45.5 [MPLS: Label 504 Exp 0] 80 msec 80 msec 72 msec
4 56.56.56.6 60 msec * 48 msec
5. 在R2-R4-R6之間運行MP IBGP,并將R4設置為RR PE-R2(config)#router bgp 100
PE-R2(config-router)#no au
PE-R2(config-router)#no sy
PE-R2(config-router)#bgp router-id 2.2.2.2
PE-R2(config-router)#no bgp default ipv4-unicast
PE-R2(config-router)#nei 4.4.4.4 remote-as 100
PE-R2(config-router)#nei 4.4.4.4 update-source loo0
PE-R2(config-router)#address-family vpnv4
PE-R2(config-router-af)#nei 4.4.4.4 activate
----------------------------------------------------------------------------------------------------------------------
P-RR-R4(config)#router bgp 100
P-RR-R4(config-router)#no au
P-RR-R4(config-router)#no sy
P-RR-R4(config-router)#bgp router-id 4.4.4.4
P-RR-R4(config-router)#no bgp default ipv4-unicast
P-RR-R4(config-router)#nei 2.2.2.2 remote-as 100
P-RR-R4(config-router)#nei 2.2.2.2 update-source loo0
P-RR-R4(config-router)#nei 6.6.6.6 remote-as 100
P-RR-R4(config-router)#nei 6.6.6.6 update-source loo0
P-RR-R4(config-router)#address-family vpnv4
P-RR-R4(config-router-af)#nei 2.2.2.2 activate
P-RR-R4(config-router-af)#nei 2.2.2.2 route-reflector-client
P-RR-R4(config-router-af)#nei 6.6.6.6 activate
P-RR-R4(config-router-af)#nei 6.6.6.6 route-reflector-client
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#router bgp 100
PE-R6(config-router)#no au
PE-R6(config-router)#no sy
PE-R6(config-router)#bgp router 6.6.6.6
PE-R6(config-router)#no bgp default ipv4-unicast
PE-R6(config-router)#nei 4.4.4.4 remote-as 100
PE-R6(config-router)#nei 4.4.4.4 update-source loo0
PE-R6(config-router)#address-family vpnv4
PE-R6(config-router-af)#nei 4.4.4.4 activate
----------------------------------------------------------------------------------------------------------------------
驗證VPNv4鄰居是否建立起來
P-RR-R4#sh ip bgp vpnv4 all summary
BGP router identifier 4.4.4.4, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 20 21 1 0 0 00:15:42 0
6.6.6.6 4 100 12 12 1 0 0 00:08:37 0
6. 在CE上分別創建靜態路由,這里我們采用默認路由方式。 CE-R1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2
----------------------------------------------------------------------------------------------------------------------
CE-R7(config)#ip route 0.0.0.0 0.0.0.0 67.67.67.6
----------------------------------------------------------------------------------------------------------------------
CE-R8(config)#ip route 0.0.0.0 0.0.0.0 68.68.68.6
7. 在PE-R2和PE-R6上創建vrf表項,要求總公司能與各個分公司進行互訪,但分公司之間不能互訪,這里我們通過指定RT值來實現。 PE-R2(config)#ip vrf A
PE-R2(config-vrf)#rd 1:1
PE-R2(config-vrf)#route-target import 62:62
PE-R2(config-vrf)#route-target export 26:26
PE-R2(config-vrf)#int s1/0
PE-R2(config-if)#ip vrf forwarding A
% Interface Serial1/0 IP address 12.12.12.2 removed due to enabling VRF A
PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#ip vrf A
PE-R6(config-vrf)#rd 7:7
PE-R6(config-vrf)#route-target import 26:26
PE-R6(config-vrf)#route-target export 62:62
PE-R6(config-vrf)#int s1/1
PE-R6(config-if)#ip vrf forwarding A
% Interface Serial1/1 IP address 67.67.67.6 removed due to enabling VRF A
PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0
PE-R6(config-if)#exit
PE-R6(config)#ip vrf B
PE-R6(config-vrf)#rd 8:8
PE-R6(config-vrf)#route-target import 26:26
PE-R6(config-vrf)#route-target export 62:62
PE-R6(config-vrf)#int f0/0
PE-R6(config-if)#ip vrf forwarding B
% Interface FastEthernet0/0 IP address 68.68.68.6 removed due to enabling VRF B
PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0
8. 在PE-R2和PE-R6上分別創建靜態路由 PE-R2(config)#ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#ip route vrf A 7.7.7.0 255.255.255.0 67.67.67.7
PE-R6(config)#ip route vrf B 8.8.8.0 255.255.255.0 68.68.68.8
9. 在PE-R2和PE-R6上分別將創建的靜態路由以及PE-CE之間的直連路由重分布到MP-BGP中。 PE-R2(config)#router bgp 100
PE-R2(config-router)#address-family ipv4 vrf A
PE-R2(config-router-af)#redistribute connected
PE-R2(config-router-af)#redistribute static
----------------------------------------------------------------------------------------------------------------------
PE-R6(config)#router bgp 100
PE-R6(config-router)#address-family ipv4 vrf A
PE-R6(config-router-af)#redistribute connected
PE-R6(config-router-af)#redistribute static
PE-R6(config-router-af)#exit
PE-R6(config-router)#address-family ipv4 vrf B
PE-R6(config-router-af)#redistribute connected
10.驗證 查看VPNv4表項
PE-R2#sh ip bgp vpnv4 all
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2:2 (default for vrf A)
*> 1.1.1.0/24 12.12.12.1 0 32768 ?
*>i7.7.7.0/24 6.6.6.6 0 100 0 ?
*>i8.8.8.0/24 6.6.6.6 0 100 0 ?
*> 12.12.12.0/24 0.0.0.0 0 32768 ?
*>i67.67.67.0/24 6.6.6.6 0 100 0 ?
*>i68.68.68.0/24 6.6.6.6 0 100 0 ?
Route Distinguisher: 7:7
*>i7.7.7.0/24 6.6.6.6 0 100 0 ?
*>i67.67.67.0/24 6.6.6.6 0 100 0 ?
Route Distinguisher: 8:8
*>i8.8.8.0/24 6.6.6.6 0 100 0 ?
*>i68.68.68.0/24 6.6.6.6 0 100 0 ?
PE-R6#sh ip bgp vpnv4 all
BGP table version is 15, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2:2
*>i1.1.1.0/24 2.2.2.2 0 100 0 ?
*>i12.12.12.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 7:7 (default for vrf A)
*>i1.1.1.0/24 2.2.2.2 0 100 0 ?
*> 7.7.7.0/24 67.67.67.7 0 32768 ?
*>i12.12.12.0/24 2.2.2.2 0 100 0 ?
*> 67.67.67.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 8:8 (default for vrf B)
*>i1.1.1.0/24 2.2.2.2 0 100 0 ?
*> 8.8.8.0/24 68.68.68.8 0 32768 ?
*>i12.12.12.0/24 2.2.2.2 0 100 0 ?
*> 68.68.68.0/24 0.0.0.0 0 32768 ?
----------------------------------------------------------------------------------------------------------------------
查看vrf表項:
PE-R2#sh ip route vrf A
Routing Table: A
Gateway of last resort is not set
68.0.0.0/24 is subnetted, 1 subnets
B 68.68.68.0 [200/0] via 6.6.6.6, 00:03:02
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 12.12.12.1
67.0.0.0/24 is subnetted, 1 subnets
B 67.67.67.0 [200/0] via 6.6.6.6, 00:03:17
7.0.0.0/24 is subnetted, 1 subnets
B 7.7.7.0 [200/0] via 6.6.6.6, 00:03:17
8.0.0.0/24 is subnetted, 1 subnets
B 8.8.8.0 [200/0] via 6.6.6.6, 00:03:02
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Serial1/0
PE-R6#sh ip route vrf A
Routing Table: A
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:31
67.0.0.0/24 is subnetted, 1 subnets
C 67.67.67.0 is directly connected, Serial1/1
7.0.0.0/24 is subnetted, 1 subnets
S 7.7.7.0 [1/0] via 67.67.67.7
12.0.0.0/24 is subnetted, 1 subnets
B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:31
PE-R6#sh ip route vrf B
Routing Table: B
Gateway of last resort is not set
68.0.0.0/24 is subnetted, 1 subnets
C 68.68.68.0 is directly connected, FastEthernet0/0
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:35
8.0.0.0/24 is subnetted, 1 subnets
S 8.8.8.0 [1/0] via 68.68.68.8
12.0.0.0/24 is subnetted, 1 subnets
B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:35
11.在CE上進行測試 CE-R1#ping 7.7.7.7 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/58/76 ms
CE-R1#ping 8.8.8.8 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/95/140 ms
----------------------------------------------------------------------------------------------------------------------
CE-R7#ping 1.1.1.1 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/58/76 ms
CE-R7#ping 8.8.8.8 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
U.U.U
Success rate is 0 percent (0/5)
----------------------------------------------------------------------------------------------------------------------
CE-R8#ping 1.1.1.1 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 8.8.8.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/67/76 ms
CE-R8#ping 7.7.7.7 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 8.8.8.8
U.U.U
Success rate is 0 percent (0/5)
12. 優化LDP繁衍 優化前:
CE-R1#traceroute 7.7.7.7 source loo0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 12.12.12.2 16 msec 28 msec 32 msec
2 23.23.23.3 48 msec 44 msec 60 msec
3 34.34.34.4 68 msec 44 msec 60 msec
4 45.45.45.5 52 msec 76 msec 44 msec
5 67.67.67.6 52 msec 44 msec 36 msec
6 67.67.67.7 60 msec * 48 msec
CE-R1#traceroute 8.8.8.8 source loo0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 12.12.12.2 8 msec 8 msec 12 msec
2 23.23.23.3 56 msec 76 msec 72 msec
3 34.34.34.4 52 msec 56 msec 60 msec
4 45.45.45.5 44 msec 60 msec 44 msec
5 68.68.68.6 52 msec 44 msec 32 msec
6 68.68.68.8 56 msec * 52 msec
說明:此時在客戶端可以看到SP骨干網內的路由器,這樣將會對SP骨干網將會構成威脅,為此我們將對此情況進行優化,只保證在PE路由器上可以進行路由追蹤。
----------------------------------------------------------------------------------------------------------------------
PE-R2(config)#no mpls ip propagate-ttl ?
forwarded Propagate IP TTL for forwarded traffic
local Propagate IP TTL for locally originated traffic
PE-R2(config)#no mpls ip propagate-ttl forwarded
PE-R6(config)#no mpls ip propagate-ttl forwarded
----------------------------------------------------------------------------------------------------------------------
再次在CE上進行測試:
CE-R1#traceroute 7.7.7.7 source loo0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 12.12.12.2 64 msec 64 msec 28 msec
2 67.67.67.6 40 msec 56 msec 88 msec
3 67.67.67.7 56 msec * 68 msec
CE-R1#traceroute 8.8.8.8 source loo0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 12.12.12.2 32 msec 44 msec 44 msec
2 68.68.68.6 48 msec 48 msec 44 msec
3 68.68.68.8 72 msec * 80 msec
----------------------------------------------------------------------------------------------------------------------
再次在PE上進行測試:
PE-R2#traceroute vrf A 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 23.23.23.3 [MPLS: Labels 304/608 Exp 0] 76 msec 116 msec 60 msec
2 34.34.34.4 [MPLS: Labels 404/608 Exp 0] 84 msec 44 msec 44 msec
3 45.45.45.5 [MPLS: Labels 500/608 Exp 0] 60 msec 16 msec 100 msec
4 67.67.67.6 [MPLS: Label 608 Exp 0] 32 msec 28 msec 36 msec
5 67.67.67.7 28 msec * 60 msec
PE-R2#traceroute vrf A 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 23.23.23.3 [MPLS: Labels 304/610 Exp 0] 88 msec 96 msec 92 msec
2 34.34.34.4 [MPLS: Labels 404/610 Exp 0] 56 msec 16 msec 40 msec
3 45.45.45.5 [MPLS: Labels 500/610 Exp 0] 36 msec 56 msec 28 msec
4 68.68.68.6 [MPLS: Label 610 Exp 0] 68 msec 40 msec 12 msec
5 68.68.68.8 68 msec * 44 msec
擴展訓練:
要求總公司與分公司之間可以進行互訪,而且分公司之間也可以進行互訪,但必須通過總公司繞行來進行互訪。
配置: 在PE-R2上將原有的靜態路由刪掉
PE-R2(config)#no ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1
----------------------------------------------------------------------------------------------------------------------
在PE-R2上手動創建一條默認路由
PE-R2(config)#ip route vrf A 0.0.0.0 0.0.0.0 12.12.12.1
----------------------------------------------------------------------------------------------------------------------
在PE上將該默認路由重分發到MP-BGP中
PE-R2(config)#router bgp 100
PE-R2(config-router)#address-family ipv4 vrf A
PE-R2(config-router-af)#net 0.0.0.0 mask 0.0.0.0
----------------------------------------------------------------------------------------------------------------------
查看PE-R2的VPNv4路由表項
PE-R2#sh ip bgp vpnv4 all
BGP table version is 15, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2:2 (default for vrf A)
*> 0.0.0.0 12.12.12.1 0 32768 i
*>i7.7.7.0/24 6.6.6.6 0 100 0 ?
*>i8.8.8.0/24 6.6.6.6 0 100 0 ?
*> 12.12.12.0/24 0.0.0.0 0 32768 ?
*>i67.67.67.0/24 6.6.6.6 0 100 0 ?
*>i68.68.68.0/24 6.6.6.6 0 100 0 ?
Route Distinguisher: 7:7
*>i7.7.7.0/24 6.6.6.6 0 100 0 ?
*>i67.67.67.0/24 6.6.6.6 0 100 0 ?
Route Distinguisher: 8:8
*>i8.8.8.0/24 6.6.6.6 0 100 0 ?
*>i68.68.68.0/24 6.6.6.6 0 100 0 ?
----------------------------------------------------------------------------------------------------------------------
在PE-R6上查看各個vrf路由表項
Routing Table: A
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
67.0.0.0/24 is subnetted, 1 subnets
C 67.67.67.0 is directly connected, Serial1/1
7.0.0.0/24 is subnetted, 1 subnets
S 7.7.7.0 [1/0] via 67.67.67.7
12.0.0.0/24 is subnetted, 1 subnets
B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:33
B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:02
PE-R6#sh ip route vrf B
Routing Table: B
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
68.0.0.0/24 is subnetted, 1 subnets
C 68.68.68.0 is directly connected, FastEthernet0/0
8.0.0.0/24 is subnetted, 1 subnets
S 8.8.8.0 [1/0] via 68.68.68.8
12.0.0.0/24 is subnetted, 1 subnets
B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:38
B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:07
----------------------------------------------------------------------------------------------------------------------
在遠端CE-R7和CE-R8上進行測試
CE-R7#ping 1.1.1.1 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/63/72 ms
CE-R7#ping 8.8.8.8 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/104 ms
CE-R8#ping 1.1.1.1 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 8.8.8.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/70/84 ms
CE-R8#ping 7.7.7.7 source loo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 8.8.8.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/89/108 ms
----------------------------------------------------------------------------------------------------------------------
在R8上進行路由追蹤
CE-R8#traceroute 7.7.7.7 source loo0
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 68.68.68.6 52 msec 28 msec 36 msec
2 12.12.12.2 44 msec 60 msec 60 msec
3 12.12.12.1 96 msec 84 msec 56 msec
4 12.12.12.2 44 msec 60 msec 56 msec
5 67.67.67.6 56 msec 76 msec 92 msec
6 67.67.67.7 96 msec * 84 msec
【編輯推薦】
