一、组网需求
如下图:两个不同站点通过MPLS骨干网交互VPN路由,同时这两个站点间又假设了一条“后门链路”,其目的为了确保在MPLS骨干网发生故障时,两个站点的信息交互仍然可以通过这条备份链路正常交互。
二、 组网图
三、配置要点
● 在SITEA上配置和PE1、SITEB站点相连的接口运行OSPF协议,其中和SITEB站点是通过后门链路运行OSPF协议,配置接口OSPF Cost值。
● 在SITEB上配置和PE2、SITEA站点相连的接口运行OSPF协议,其中和SITEA站点是通过备份链路运行OSPF协议,配置接口的OSPF的Cost值。
● 在PE1上配置Loopback接口,创建一个VRF:VPN A,定义RD值和RT值,并把VRF和对应的接口关联,连接CE的接口关联VRF;配置VRF的环回口,用来建立伪链路,配置BGP协议,和PE2建立MP-IBGP会话,通过OSPF协议和CE交互路由,和PE2上的OSPF实例建立伪链路,配置骨干网MPLS信令,打开公网口的MPLS能力,配置骨干网路由协议。
● 在PE2上配置Loopback接口,创建一个VRF:VPN A,定义RD值和RT值,并把VRF和对应的接口关联,连接CE的接口关联VRF,配置VRF的环回口,用来建立伪链路;配置BGP协议,和PE1建立MP-IBGP会话,通过OSPF协议和CE交互VPN路由,配置和PE1建立伪链路;配置骨干网MPLS信令,打开公网口的MPLS能力,配置骨干网路由协议。
● 在P1上配置骨干网MPLS信令,打开接口MPLS能力,配置骨干网路由协议。
四、 配置步骤
(1) SITEA上的配置。
# 配置接口IP地址。
SITEA> enable
SITEA# configure terminal
SITEA(config)# interface gigabitethernet 1/0
SITEA(config-GigabitEthernet 1/0)# ip address 192.168.10.2 255.255.255.0
SITEA(config-GigabitEthernet 1/0)# ip ospf cost 1
SITEA(config-GigabitEthernet 1/0)# exit
SITEA(config)# interface gigabitethernet 1/1
SITEA(config-GigabitEthernet 1/1)# ip address 192.168.20.1 255.255.255.0
SITEA(config-GigabitEthernet 1/1)# ip ospf cost 200
SITEA(config-GigabitEthernet 1/1)# exit
# OSPF通告接口网络。
SITEA(config)# router ospf 10
SITEA(config-router)# network 192.168.10.0 255.255.255.0 area 0
SITEA(config-router)# network 192.168.20.0 255.255.255.0 area 0
(2) SITEB上的配置。
# 配置接口IP地址。
SITEB> enable
SITEB# configure terminal
SITEB(config)# interface gigabitethernet 1/0
SITEB(config-GigabitEthernet 1/0)# ip address 192.168.30.2 255.255.255.0
SITEB(config-GigabitEthernet 1/0)# ip ospf cost 1
SITEB(config-GigabitEthernet 1/0)# exit
SITEB(config)# interface gigabitethernet 1/1
SITEB(config-GigabitEthernet 1/1)# ip address 192.168.20.2 255.255.255.0
SITEB(config-GigabitEthernet 1/1)# ip ospf cost 200
SITEB(config-GigabitEthernet 1/1)# exit
# OSPF通告接口网络。
SITEB(config)# router ospf 10
SITEB(config-router)# network 192.168.30.0 255.255.255.0 area 0
SITEB(config-router)# network 192.168.20.0 255.255.255.0 area 0
(3) PE1上的配置。
# 配置环回口0。
PE1> enable
PE1# configure terminal
PE1(config)# interface loopback 0
PE1(config-Loopback 0)# ip address 172.168.0.1 255.255.255.255
PE1(config-Loopback 0)# exit
# 创建VRF VPNA,并定义其RD和RT属性值。
PE1(config)# ip vrf VPNA
PE1(config-vrf)# rd 1:100
PE1(config-vrf)# route-target both 1:100
PE1(config-vrf)# exit
# 配置接口IP,并将VRF和对应接口关联。
PE1(config)# interface gigabitethernet 1/2
PE1(config-GigabitEthernet 1/2)# ip vrf forwarding VPNA
PE1(config-GigabitEthernet 1/2)# ip address 192.168.10.1 255.255.255.0
PE1(config-GigabitEthernet 1/2)# exit
PE1(config)# interface loopback 10
PE1(config-Loopback 10)# ip vrf forwarding VPNA
PE1(config-Loopback 10)# ip address 192.168.0.1 255.255.255.255
PE1(config-Loopback 10)# exit
# 配置BGP协议,和PE2建立MP-IBGP会话。
PE1(config)# router bgp 1
PE1(config-router)# neighbor 172.168.0.2 remote-as 1
PE1(config-router)# neighbor 172.168.0.2 update-source loopback 0
PE1(config-router)# address-family vpnv4
PE1(config-router-af)# neighbor 172.168.0.2 activate
PE1(config-router-af)# exit
PE1(config-router)# exit
# 配置和PE2上的OSPF实例建立伪链路。
PE1(config)# router ospf 10 vrf VPNA
PE1(config-router)# network 192.168.10.0 255.255.255.0 area 0
PE1(config-router)# redistribute bgp subnets
PE1(config-router)# area 0 sham-link 192.168.0.1 192.168.0.2
PE1(config-router)# exit
# 配置BGP重分发OSPF、直连路由。
PE1(config)# router bgp 1
PE1(config-router)# address-family ipv4 vrf VPNA
PE1(config-router-af)# redistribute ospf 10
PE1(config-router-af)# redistribute connected
PE1(config-router-af)# exit
PE1(config-router)# exit
# 配置骨干网MPLS信令,打开公网口的MPLS能力。
PE1(config)# mpls ip
PE1(config)# mpls router ldp
PE1(config-mpls-router)# ldp router-id interface loopback 0 force
PE1(config-mpls-router)# exit
PE1(config)# interface gigabitethernet 1/1
PE1(config-GigabitEthernet 1/1)# ip address 172.168.10.1 255.255.255.0
PE1(config-GigabitEthernet 1/1)# label-switching
PE1(config-GigabitEthernet 1/1)# mpls ip
PE1(config-GigabitEthernet 1/1)# exit
# OSPF通告接口网络。
PE1(config)# router ospf 1
PE1(config-router)# network 172.168.10.0 0.0.0.255 area 0
PE1(config-router)# network 172.168.0.1 0.0.0.0 area 0
(4) PE2上的配置。
# 配置环回口0。
PE2> enable
PE2# configure terminal
PE2(config)# interface loopback 0
PE2(config-Loopback 0)# ip address 172.168.0.2 255.255.255.255
PE2(config-Loopback 0)# exit
# 创建VRF VPNA,并定义其RD和RT属性值。
PE2(config)# ip vrf VPNA
PE2(config-vrf)# rd 1:100
PE2(config-vrf)# route-target both 1:100
PE2(config-vrf)# exit
# 配置接口IP,并将VRF和对应接口关联。
PE2(config)# interface gigabitethernet 1/2
PE2(config-GigabitEthernet 1/2)# ip vrf forwarding VPNA
PE2(config-GigabitEthernet 1/2)# ip address 192.168.30.1 255.255.255.0
PE2(config-GigabitEthernet 1/2)# exit
PE2(config)# interface loopback 10
PE2(config-Loopback 10)# ip vrf forwarding VPNA
PE2(config-Loopback 10)# ip address 192.168.0.2 255.255.255.255
PE2(config-Loopback 10)# exit
# 配置BGP协议,和PE2建立MP-IBGP会话。
PE2(config)# router bgp 1
PE2(config-router)# neighbor 172.168.0.1 remote-as 1
PE2(config-router)# neighbor 172.168.0.1 update-source loopback 0
PE2(config-router)# address-family vpnv4
PE2(config-router-af)# neighbor 172.168.0.1 activate
PE2(config-router-af)# exit
PE2(config-router)# exit
# 配置和PE2上的OSPF实例建立伪链路。
PE2(config)# router ospf 10 vrf VPNA
PE2(config-router)# network 192.168.30.0 255.255.255.0 area 0
PE2(config-router)# redistribute bgp subnets
PE2(config-router)# area 0 sham-link 192.168.0.2 192.168.0.1
PE2(config-router)# exit
# 配置BGP重分发OSPF、直连路由。
PE2(config)# router bgp 1
PE2(config-router)# address-family ipv4 vrf VPNA
PE2(config-router-af)# redistribute ospf 10
PE2(config-router-af)# redistribute connected
PE2(config-router-af)# exit
# 配置骨干网MPLS信令,打开公网口的MPLS能力。
PE2(config)# mpls ip
PE2(config)# mpls router ldp
PE2(config-mpls-router)# ldp router-id interface loopback 0 force
PE2(config-mpls-router)# exit
PE2(config)# interface gigabitethernet 1/1
PE2(config-GigabitEthernet 1/1)# ip address 172.168.40.2 255.255.255.0
PE2(config-GigabitEthernet 1/1)# label-switching
PE2(config-GigabitEthernet 1/1)# mpls ip
PE2(config-GigabitEthernet 1/1)# exit
# OSPF通告接口网络。
PE2(config)# router ospf 1
PE2(config-router)# network 172.168.40.0 0.0.0.255 area 0
PE2(config-router)# network 172.168.0.2 0.0.0.0 area 0
(5) P1上的配置。
# P1配置环回口0。
P1> enable
P1# configure terminal
P1(config)# interface loopback 0
P1(config-Loopback 0)# ip address 172.168.0.3 255.255.255.255
P1(config-Loopback 0)# exit
# OSPF基础配置。
P1(config)# router ospf 1
P1(config-router)# network 172.168.40.0 0.0.0.255 area 0
P1(config-router)# network 172.168.10.0 0.0.0.255 area 0
P1(config-router)# network 172.168.0.3 0.0.0.0 area 0
P1(config-router)# exit
# 在P1上配置骨干网MPLS信令,打开接口MPLS能力。
P1(config)# interface gigabitethernet 1/0
P1(config-GigabitEthernet 1/0)# ip address 172.168.10.2 255.255.255.0
P1(config-GigabitEthernet 1/0)# mpls ip
P1(config-GigabitEthernet 1/0)# label-switch
P1(config-GigabitEthernet 1/0)# exit
P1(config)# interface gigabitethernet 1/1
P1(config-GigabitEthernet 1/1)# ip address 172.168.40.1 255.255.255.0
P1(config-GigabitEthernet 1/1)# mpls ip
P1(config-GigabitEthernet 1/1)# label-switch
P1(config-GigabitEthernet 1/1)# exit
P1(config)# mpls ip
P1(config)# mpls router ldp
PE2(config-mpls-router)# ldp router-id interface loopback 0 force
PE2(config-mpls-router)# exit
五、验证配置结果
(1) PE1的配置验证。
# 检查PE1上存在OSPF伪链路路由。
PE1# show ip ospf 10 sham-links
Sham Link SLINK0 to address 192.168.0.2 is up
Area 0.0.0.0 source address 192.168.0.1, Cost: 1
Output interface is GigabitEthernet 1/1
Nexthop address 172.16.40.2
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency state Full
# 检查PE1的OSPF邻居。
PE1# show ip ospf 10 neighbor
OSPF process 10, 1 Neighbors, 1 is Full:
Neighbor ID Pri State BFD State Dead Time Address Interface
192.168.0.2 1 Full/ – – 00:00:34 192.168.0.2 SLINK0
# 检查PE1 VRF路由。
PE1# show ip route vrf VPNA
Routing Table: VPNA
Codes: C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default
Gateway of last resort is no set
C 192.168.10.0/24 is directly connected, GigabitEthernet 1/2
O 192.168.20.0/24 [110/101] via 192.168.1.2, 00:56:23, GigabitEthernet 1/2
O 192.168.30.0/24 [110/2] via 172.168.0.2, 00:00:36
O 192.168.40.0/24 [110/2] via 172.168.0.2, 00:00:36
(2) PE2的配置验证。
# 检查PE1上存在OSPF 伪链路路由。
PE2# show ip ospf 10 sham-links
Sham Link SLINK0 to address 192.168.0.1 is up
Area 0.0.0.0 source address 192.168.0.2, Cost: 1
Output interface is GigabitEthernet 1/1
Nexthop address 172.16.10.1
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency state Full
# 检查PE2的OSPF邻居。
PE2# show ip ospf 10 neighbor
OSPF process 10, 1 Neighbors, 1 is Full:
Neighbor ID Pri State BFD State Dead Time Address Interface
192.168.0.1 1 Full/ – – 00:00:34 192.168.0.1 SLINK0
# 检查PE2 VRF路由。
PE2# show ip route vrf VPNA
Routing Table: VPNA
Codes: C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default
Gateway of last resort is no set
O 192.168.10.0/24 [110/2] via 172.168.0.1, 00:00:36
O 192.168.20.0/24 [110/2] via 172.168.0.1, 00:00:36
C 192.168.30.0/24 is directly connected, GigabitEthernet 1/2
O 192.168.40.0/24 [110/101] via 192.168.30.2, 00:56:23, GigabitEthernet 1/2
六、 配置文件
● SITEA的配置文件。
!
interface gigabitethernet 1/0
ip address 192.168.10.2 255.255.255.0
ip ospf cost 1
!
interface gigabitethernet 1/1
ip address 192.168.20.1 255.255.255.0
ip ospf cost 200
!
router ospf 10
network 192.168.10.0 255.255.255.0 area 0
network 192.168.20.0 255.255.255.0 area 0
!
●SITEB的配置文件。
!
interface gigabitethernet 1/0
ip address 192.168.30.2 255.255.255.0
ip ospf cost 1
!
interface gigabitethernet 1/1
ip address 192.168.20.2 255.255.255.0
ip ospf cost 200
!
router ospf 10
network 192.168.30.0 255.255.255.0 area 0
network 192.168.20.0 255.255.255.0 area 0
!
● PE1的配置文件。
!
ip vrf VPNA
rd 1:100
route-target both 1:100
!
interface gigabitethernet 1/1
ip address 172.168.10.1 255.255.255.0
label-switching
mpls ip
!
interface gigabitethernet 1/2
ip vrf forwarding VPNA
ip address 192.168.10.1 255.255.255.0
interface loopback 0
ip address 172.168.0.1 255.255.255.255
!
interface loopback 10
ip vrf forwarding VPNA
ip address 192.168.0.1 255.255.255.255
!
router bgp 1
neighbor 172.168.0.2 remote-as 1
neighbor 172.168.0.2 update-source loopback 0
address-family vpnv4
neighbor 172.168.0.2 activate
address-family ipv4 vrf VPNA
redistribute ospf 10
redistribute connected
!
router ospf 1
network 172.168.10.0 0.0.0.255 area 0
network 172.168.0.1 0.0.0.0 area 0
!
router ospf 10 vrf VPNA
network 192.168.10.0 255.255.255.0 area 0
redistribute bgp subnets
area 0 sham-link 192.168.0.1 192.168.0.2
!
mpls ip
mpls router ldp
ldp router-id interface loopback 0 force
!
●PE2的配置文件。
!
ip vrf VPNA
rd 1:100
route-target both 1:100
!
interface gigabitethernet 1/1
ip address 172.168.40.2 255.255.255.0
label-switching
mpls ip
!
interface gigabitethernet 1/2
ip vrf forwarding VPNA
ip address 192.168.30.1 255.255.255.0
!
interface loopback 0
ip address 172.168.0.2 255.255.255.255
!
interface loopback 10
ip vrf forwarding VPNA
ip address 192.168.0.2 255.255.255.255
!
router bgp 1
neighbor 172.168.0.1 remote-as 1
neighbor 172.168.0.1 update-source loopback 0
address-family vpnv4
neighbor 172.168.0.1 activate
address-family ipv4 vrf VPNA
redistribute ospf 10
redistribute connected
!
router ospf 1
network 172.168.40.0 0.0.0.255 area 0
network 172.168.0.2 0.0.0.0 area 0
!
router ospf 10 vrf VPNA
network 192.168.30.0 255.255.255.0 area 0
redistribute bgp subnets
area 0 sham-link 192.168.0.2 192.168.0.1
!
mpls ip
mpls router ldp
ldp router-id interface loopback 0 force
!
●P1的配置文件。
!
interface gigabitethernet 1/0
ip address 172.168.10.2 255.255.255.0
mpls ip
label-switch
!
interface gigabitethernet 1/1
ip address 172.168.40.1 255.255.255.0
mpls ip
label-switch
!
interface loopback 0
ip address 172.168.0.3 255.255.255.255
!
router ospf 1
network 172.168.40.0 0.0.0.255 area 0
network 172.168.10.0 0.0.0.255 area 0
network 172.168.0.3 0.0.0.0 area 0
!
mpls ip
mpls router ldp
ldp router-id interface loopback 0 force
!