上一篇文章介绍了第一种跨域VPN的解决方案-Option A,从配置上看最重要的一点是ASBR与ASBR之间的“特殊接口”的配置,将两个ASBR之间的关系模拟成CE与PE.但是这样的配置缺少扩展性,例如如果PE上的用户很多,存在多个VRF的情况,如果使用Option A,那么我们就需要在ASBR之间增加链路,并配置属于不同的VRF。工作量大,而且繁琐。下面介绍一种相对简单的方案Option B.
写在最前面
配置步骤如下:
- 配置IP地址以及VRF
- 配置两个AS中的IGP协议_ISIS
- 配置AS中的标签分配协议(LDP)
- 配置CE与PE,PE与ASBR之间的BGP邻居
- 配置ASBR之间的BGP VPNv4邻居
- 配置静态路由解决标签分发问题
- 验证连通性
前四个步骤和Option A的配置很类似,可以参考上一篇文章,不同如下:
配置IP地址以及VRF
不需要再R4和R5上配置VRF-
ASBR之间的链路不需要加入VRF中,如下:
```
RP/0/0/CPU0:R4#show run int gigabitEthernet 0/0/0/1
Wed Jun 26 10:24:09.987 UTC
interface GigabitEthernet0/0/0/1
ipv4 address 10.1.45.4 255.255.255.0
!
RP/0/0/CPU0:R5#show run int gigabitEthernet 0/0/0/1
Wed Jun 26 10:24:29.228 UTC
interface GigabitEthernet0/0/0/1
ipv4 address 10.1.45.5 255.255.255.0
!
```
配置两个AS中的IGP协议_ISIS
配置AS中的标签分配协议(LDP)
配置CE与PE,PE与ASBR之间的BGP邻居
不需要再BGP进程中添加vrf配置
配置ASBR之间的BGP VPNv4邻居
```
R4
RP/0/0/CPU0:R4#show run router bgp
Wed Jun 26 10:30:26.822 UTC
router bgp 1
bgp router-id 10.1.4.4
address-family vpnv4 unicast
retain route-target all <<< 默认开启RT过滤,所以使用这个命令关闭RT过滤
!
neighbor 10.1.2.2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
next-hop-self
!
!
neighbor 10.1.45.5 <<< ASBR
remote-as 2
address-family vpnv4 unicast
route-policy EBGP_PASS in
route-policy EBGP_PASS out
```
```
R5
RP/0/0/CPU0:R5#show run router bgp
Wed Jun 26 10:33:44.250 UTC
router bgp 2
bgp router-id 10.1.5.5
address-family vpnv4 unicast
retain route-target all
!
neighbor 10.1.7.7
remote-as 2
update-source Loopback0
address-family vpnv4 unicast
next-hop-self
!
!
neighbor 10.1.45.4
remote-as 1
address-family vpnv4 unicast
route-policy EBGP_PASS in
route-policy EBGP_PASS out
```
配置静态路由
再两个ASBR上配置/32静态路由,只指出接口,不写下一跳.
```
R4
RP/0/0/CPU0:R4#show run router static
Wed Jun 26 12:08:27.689 UTC
router static
address-family ipv4 unicast
10.1.45.5/32 GigabitEthernet0/0/0/1
!
!
```
```
R5
RP/0/0/CPU0:R5#show run router static
Wed Jun 26 12:07:59.292 UTC
router static
address-family ipv4 unicast
10.1.45.4/32 GigabitEthernet0/0/0/1
!
!
```
查看转发表项:
```
RP/0/0/CPU0:R4#show mpls forwarding
Wed Jun 26 12:09:04.126 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 10.1.3.3/32 Gi0/0/0/0 10.1.34.3 591070
24001 24000 10.1.2.2/32 Gi0/0/0/0 10.1.34.3 572537
24004 24002 10.1.2.2:0:10.1.1.1/32 \
10.1.2.2 4568
24006 Pop 10.1.45.5/32 Gi0/0/0/1 10.1.45.5 7440
24007 24004 10.1.7.7:0:10.1.8.8/32 \
Gi0/0/0/1 10.1.45.5 2764
RP/0/0/CPU0:R4#
```
```
RP/0/0/CPU0:R5#show mpls forwarding
Wed Jun 26 12:09:25.166 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 10.1.6.6/32 Gi0/0/0/0 10.1.56.6 591020
24001 24000 10.1.7.7/32 Gi0/0/0/0 10.1.56.6 568880
24004 24002 10.1.7.7:0:10.1.8.8/32 \
10.1.7.7 3130
24006 Pop 10.1.45.4/32 Gi0/0/0/1 10.1.45.4 9629
24007 24004 10.1.2.2:0:10.1.1.1/32 \
Gi0/0/0/1 10.1.45.4 4568
RP/0/0/CPU0:R5#
```
验证连通性
24001/24007对应LDP Label/BGP VPNv4 Lable24007对应 BGP VPNv4 Lable24004对应 BGP VPNv4 Lable 24000/24002对应LDP Lable/BGP VPNv4 Label24002对应BGP VPNv4 Label
RP/0/0/CPU0:R1#traceroute 10.1.8.8 source 10.1.1.1
Wed Jun 26 12:11:33.265 UTC
Type escape sequence to abort.
Tracing the route to 10.1.8.8
1 10.1.12.2 9 msec 0 msec 0 msec
2 10.1.23.3 [MPLS: Labels 24001/24007 Exp 0] 19 msec 29 msec 29 msec
3 10.1.34.4 [MPLS: Label 24007 Exp 0] 29 msec 29 msec 29 msec
4 10.1.45.5 [MPLS: Label 24004 Exp 0] 29 msec 29 msec 29 msec
5 10.1.56.6 [MPLS: Labels 24000/24002 Exp 0] 29 msec 39 msec 29 msec
6 10.1.67.7 [MPLS: Label 24002 Exp 0] 29 msec 29 msec 19 msec
7 10.1.78.8 19 msec * 29 msec
RP/0/0/CPU0:R1#
配置文件:
https://mega.nz/#F!8KhVxI7A!Js3SwYD0dhlmbskhx1R40w
No comments
Comments feed for this article