OptionB说明:
OptionB的优点是所有的流量都经过ASBR转发,使流量具有良好的可控性,但由于ASBR需要保存大量VPNv4路由,因此负担较重。可以同时使用BGP路由策略(如对RT的过滤),使ASBR上只保存部分VPNv4路由。
局限性:VPN的路由信息是通过AS之间的ASBR来保存和扩散的,当VPN路由较多时,ASBR负担重,容易成为瓶颈点。因此在MP-EBGP方案中,需要维护VPN路由信息的ASBR一般不再负责公网IP转发。
当需要支持大量VRF互通的时候,此解决方案优于OptionA。
背景:
总部A1和分部A2——CE1和CE3属于同一个VPN
总部B1和分部B2——CE2和CE4属于同一个VPN
AS分布情况:
部门:AS 500、AS 110、AS 501、AS 111
VPN域:AS 100、AS 200
配置过程:
一.CE1~CE4基础配置:LoopBack 、ospf、BGP和端口
[CE1]interface LoopBack 0
[CE1-LoopBack0]ip address 7.7.7.7 32
[CE1]bgp 500
[CE1-bgp]ipv4-family unicast
[CE1-bgp-af-ipv4]network 7.7.7.7 255.255.255.255
[CE1-bgp-af-ipv4]network 192.168.1.0 255.255.255.0
[CE1-bgp-af-ipv4]peer 192.168.1.1 enable
[CE1]interface GigabitEthernet 0/0/0
[CE1-GigabitEthernet0/0/0]ip address 192.168.1.2 24[CE2]interface LoopBack 0
[CE2-LoopBack0]ip address 8.8.8.8 32
[CE2]bgp 501
[CE2-bgp]peer 172.16.1.1 as-number 100
[CE2-bgp]ipv4-family unicast
[CE2-bgp-af-ipv4]network 8.8.8.8 255.255.255.255
[CE2-bgp-af-ipv4]network 172.16.1.0 255.255.255.0
[CE2-bgp-af-ipv4]peer 172.16.1.1 enable
[CE2]interface GigabitEthernet 0/0/0
[CE2-GigabitEthernet0/0/0]ip address 172.16.1.2 24[CE3]interface LoopBack 0
[CE3-LoopBack0]ip address 9.9.9.9 32
[CE3]bgp 110
[CE3-bgp]peer 192.168.2.1 as-number 200
[CE3-bgp]ipv4-family unicast
[CE3-bgp-af-ipv4]network 9.9.9.9 255.255.255.255
[CE3-bgp-af-ipv4]network 192.168.2.0 255.255.255.0
[CE3-bgp-af-ipv4]peer 192.168.2.1 enable
[CE3]interface GigabitEthernet 0/0/0
[CE3-GigabitEthernet0/0/0]ip address 192.168.2.2 24[CE4]interface LoopBack 0
[CE4-LoopBack0]ip address 10.10.10.10 32
[CE4]bgp 111
[CE4-bgp]peer 172.16.2.1 as-number 200
[CE4-bgp-af-ipv4]network 10.10.10.10 255.255.255.255
[CE4-bgp-af-ipv4]network 172.16.2.0 255.255.255.0
[CE4-bgp-af-ipv4]peer 172.16.2.1 enable
[CE4]interface GigabitEthernet 0/0/0
[CE4-GigabitEthernet0/0/0]ip address 172.16.2.2 24二.各AS内,PE与ASBR-PE之间建立MP-IBGP对等体关系,交换VPN路由信息
[PE1]interface LoopBack 0
[PE1-LoopBack0]ip address 1.1.1.1 32
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]mpls ldp
[PE1]ospf 1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[PE1]ip vpn-instance VPN1
[PE1-vpn-instance-VPN1]route-distinguisher 100:1
[PE1-vpn-instance-VPN1-af-ipv4]apply-label per-instance
#apply-label per-instance作用是为指定的VPN实例(在这个例子中为"VPN1")下
#的所有路由应用同一个MPLS标签,而不是为每个路由单独分配标签。
[PE1-vpn-instance-VPN1-af-ipv4]vpn-target 1:1 both
[PE1]ip vpn-instance VPN2
[PE1-vpn-instance-VPN2]route-distinguisher 200:1
[PE1-vpn-instance-VPN2-af-ipv4]apply-label per-instance
[PE1-vpn-instance-VPN2-af-ipv4]vpn-target 2:2 both
[PE1]bgp 100
[PE1-bgp]peer 2.2.2.2 as-number 100
[PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable
[PE1-bgp]ipv4-family vpn-instance VPN1
[PE1-bgp-VPN1]import-route direct
[PE1-bgp-VPN1]peer 192.168.1.2 as-number 500
[PE1-bgp]ipv4-family vpn-instance VPN2
[PE1-bgp-VPN2]import-route direct
[PE1-bgp-VPN2]peer 172.16.1.2 as-number 501
#PE1接口配置
[PE1]interface GigabitEthernet0/0/0
[PE1-GigabitEthernet0/0/0]mpls
[PE1-GigabitEthernet0/0/0]mpls ldp
[PE1-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[PE1]interface GigabitEthernet 0/0/1
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance VPN1
[PE1-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[PE1]interface GigabitEthernet 0/0/2
[PE1-GigabitEthernet0/0/2]ip binding vpn-instance VPN2
[PE1-GigabitEthernet0/0/2]ip address 172.16.1.1 24[P1]interface LoopBack 0
[P1-LoopBack0]ip address 5.5.5.5 32
[P1]mpls lsr-id 5.5.5.5
[P1]mpls
[P1-mpls]mpls ldp
[P1]interface GigabitEthernet 0/0/0
[P1-GigabitEthernet0/0/0]mpls
[P1-GigabitEthernet0/0/0]mpls ldp
[P1-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[P1]interface GigabitEthernet 0/0/1
[P1-GigabitEthernet0/0/1]mpls
[P1-GigabitEthernet0/0/1]mpls ldp
[P1-GigabitEthernet0/0/1]ip address 10.1.22.2 24
[P1]ospf 1
[P1-ospf-1]area 0
[P1-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[P1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[P1-ospf-1-area-0.0.0.0]network 10.1.22.0 0.0.0.255
[ASBR1]interface LoopBack 0
[ASBR1-LoopBack0]ip address 2.2.2.2 32
[ASBR1]mpls lsr-id 2.2.2.2
[ASBR1]mpls
[ASBR1-mpls]mpls ldp
[ASBR1]bgp 100
[ASBR1-bgp]peer 1.1.1.1 as-number 100
[ASBR1-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[ASBR1-bgp]peer 10.1.34.2 as-number 200
#配置与PE1建立MP-IBGP对等体关系
[ASBR1-bgp]ipv4-family vpnv4
[ASBR1-bgp-af-vpnv4]undo policy vpn-target
[ASBR1-bgp-af-vpnv4]apply-label per-nexthop
#缺省情况下,ASBR在向其他的MP-BGP对等体发布VPNv4路由时,同时为每一条路由
#分配一个标签。配置该命令后,ASBR为具有相同路由下一跳和出标签的路由分配一个标签
[ASBR1-bgp-af-vpnv4]peer 1.1.1.1 enable
[ASBR1-bgp-af-vpnv4]peer 10.1.34.2 enable
#接口配置
[ASBR1]interface GigabitEthernet 0/0/0
[ASBR1-GigabitEthernet0/0/0]mpls
[ASBR1-GigabitEthernet0/0/0]mpl ldp
[ASBR1-GigabitEthernet0/0/0]ip address 10.1.22.1 24
[ASBR1]interface GigabitEthernet 0/0/1
[ASBR1-GigabitEthernet0/0/1]mpls
[ASBR1-GigabitEthernet0/0/1]ip address 10.1.34.1 24
[ASBR1]ospf 1
[ASBR1-ospf-1]area 0
[ASBR1-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[ASBR1-ospf-1-area-0.0.0.0]network 10.1.22.0 0.0.0.255[ASBR2]interface LoopBack 0
[ASBR2-LoopBack0]ip address 3.3.3.3 32
[ASBR2]mpls lsr-id 3.3.3.3
[ASBR2]mpls
[ASBR2-mpls]mpls ldp
[ASBR2]interface GigabitEthernet 0/0/0
[ASBR2-GigabitEthernet0/0/0]mpls
[ASBR2-GigabitEthernet0/0/0]ip add 10.1.34.2 24
[ASBR2]interface GigabitEthernet 0/0/1
[ASBR2-GigabitEthernet0/0/1]mpls ldp
[ASBR2-GigabitEthernet0/0/1]ip address 10.1.23.1 24
[ASBR2]bgp 200
[ASBR2-bgp]peer 4.4.4.4 as-number 200
[ASBR2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[ASBR2-bgp]peer 10.1.34.1 as-number 100
[ASBR2-bgp]ipv4-family vpnv4
[ASBR2-bgp-af-vpnv4]undo policy vpn-target
[ASBR2-bgp-af-vpnv4]apply-label per-nexthop
[ASBR2-bgp-af-vpnv4]peer 4.4.4.4 enable
[ASBR2-bgp-af-vpnv4]peer 10.1.34.1 enable
[ASBR2]ospf 1
[ASBR2-ospf-1]area 0
[ASBR2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[ASBR2-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255[P2]interface LoopBack 0
[P2-LoopBack0]ip address 6.6.6.6 32
[P2]mpls lsr-id 6.6.6.6
[P2]mpls
[P2-mpls]mpls ldp
[P2]interface GigabitEthernet 0/0/0
[P2-GigabitEthernet0/0/0]mpls
[P2-GigabitEthernet0/0/0]mpls ldp
[P2-GigabitEthernet0/0/0]ip address 10.1.23.2 24
[P2]interface GigabitEthernet 0/0/1
[P2-GigabitEthernet0/0/1]mpls
[P2-GigabitEthernet0/0/1]mpls ldp
[P2-GigabitEthernet0/0/1]ip address 10.1.33.2 24
[P2]ospf 1
[P2-ospf-1]area 0
[P2-ospf-1-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[P2-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0]network 10.1.33.0 0.0.0.255[PE2]interface LoopBack 0
[PE2-LoopBack0]ip address 4.4.4.4 32
[PE2]mpls lsr-id 4.4.4.4
[PE2]mpls
[PE2-mpls]mpls ldp
[PE2]ospf 1
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]network 10.1.33.0 0.0.0.255
[PE2]ip vpn-instance VPN1
[PE2-vpn-instance-VPN1]route-distinguisher 100:2
[PE2-vpn-instance-VPN1-af-ipv4]vpn-target 1:1 both
[PE2]ip vpn-instance VPN2
[PE2-vpn-instance-VPN2]route-distinguisher 200:2
[PE2-vpn-instance-VPN2-af-ipv4]vpn-target 2:2 both
[PE2]bgp 200
[PE2-bgp]peer 3.3.3.3 as-number 200
[PE2-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 3.3.3.3 enable
[PE2-bgp]ipv4-family vpn-instance VPN1
[PE2-bgp-VPN1]import-route direct
[PE2-bgp-VPN1]peer 192.168.2.2 as-number 110
[PE2-bgp]ipv4-family vpn-instance VPN2
[PE2-bgp-VPN2]import-route direct
[PE2-bgp-VPN2]peer 172.16.2.2 as-number 111
[PE2]interface GigabitEthernet 0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
[PE2-GigabitEthernet0/0/0]ip address 10.1.33.1 24
#接口配置
[PE2]interface GigabitEthernet 0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance VPN1
[PE2-GigabitEthernet0/0/1]ip address 192.168.2.1 24
[PE2]interface GigabitEthernet 0/0/2
[PE2-GigabitEthernet0/0/2]ip binding vpn-instance VPN2
[PE2-GigabitEthernet0/0/2]ip address 172.16.2.1 24三.验证
display ip routing-table
tracert
用于显示数据包从你的计算机到指定主机所经过的路径。它通过发送数据包并利用IP协议中的TTL(生存时间,Time To Live)字段来发现到达目标地址的路由信息。
