mpls跨域optionB
optionB的核心思想是私網路由傳遞過程是 PE-ASBR1-ASBR2-PE2 在傳遞過程中私網標簽發生了變化(由ASBR重新分配了私網標簽),而在數據平面(不考慮PHP機制)當數據包到達ASBR1時標簽存在公網標簽和私網標簽兩層,當轉發給ASBR2時只有一層由ASBR2分配的私網標簽,通過EBGP隧道迭代直接到達ASBR2,ASBR2再把私網標簽替換成PE分配的標簽並壓入公網標簽后轉發。
所以在optionB中私網標簽一共有三個,數據包標簽最少時只有一層私網標簽
optionB的缺點是ASBR設備需要維護到用戶側的VPNV4路由,占用大量設備資源,所以現網中如果使用optionB做為跨域方案,建議ASBR設備只做MPLS設備來使用
拓撲
編址
| G0/0/0 | G0/0/1 | loopback0 | |
| CE1 | 10.0.0.1/30 | 192.168.0.1 | |
| PE1 | 12.1.1.1/24 | 10.0.0.2/30 | 1.1.1.1 |
| P1 | 12.1.1.2/24 | 23.1.1.2/24 | 2.2.2.2 |
| ASBR1 | 34.1.1.3/24 | 23.1.1.3/24 | 3.3.3.3 |
| ASBR2 | 34.1.1.4/24 | 45.1.1.4/24 | 4.4.4.4 |
| P2 | 56.1.1.5/24 | 45.1.1.5/24 | 5.5.5.5 |
| PE2 | 56.1.1.6/24 | 10.10.10.2/30 | 6.6.6.6 |
| CE1 | 10.10.10.1/30 | 192.168.1.1 |
- 底層互聯地址ospf,域內mpls ldp配置略
- 查看ASBR路由表
- 查看ASBR mpls lsp
- 查看ASBR路由表
- PE配置VPN端口接入CE
- PE1
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunityinterface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 10.0.0.2 255.255.255.252bgp 100
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance vpn1
peer 10.0.0.1 as-number 300
CE1bgp 300
peer 10.0.0.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 192.168.0.1 255.255.255.255
peer 10.0.0.2 enable
# - PE2
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunityinterface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 10.10.10.2 255.255.255.252bgp 200
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance vpn1
peer 10.10.10.1 as-number 400
- PE1
- 查看BGP狀態與路由
- PE1
- PE2
- PE1
- PE與ASBR間建立IBGP-VPNV4鄰居關系,傳遞私網路由,注意ASBR一定要undo policy vpn-target,否則會因為VPN RT值不匹配導致無法安裝私網路由
ASBR
PE
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 34.1.1.4 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
查看ASBR是否正常接收到PE傳遞的私網路由
- ASBR間建立EBGP-VPNV4鄰居關系,並配置替換外層VPN標簽,使公網LSP完整
ASBR1
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 34.1.1.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy to-pe export
peer 1.1.1.1 label-route-capability
peer 34.1.1.4 enable
peer 34.1.1.4 route-policy to-asbr export
peer 34.1.1.4 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 34.1.1.4 enableroute-policy to-asbr permit node 10
apply mpls-label
#
route-policy to-pe permit node 10
if-match mpls-label
apply mpls-label
ASBR2bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
peer 34.1.1.3 as-number 100
#
ipv4-family unicast
undo synchronization
peer 6.6.6.6 enable
peer 6.6.6.6 route-policy to-pe export
peer 6.6.6.6 label-route-capability
peer 34.1.1.3 enable
peer 34.1.1.3 route-policy to-asbr export
peer 34.1.1.3 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 6.6.6.6 enable
peer 34.1.1.3 enableroute-policy to-asbr permit node 10
apply mpls-label
#
route-policy to-pe permit node 10
if-match mpls-label
apply mpls-label
查看兩端ASBR路由
查看兩端ASBR MPLS LSP
- 查看CE設備路由表,並測試連通性
