关注我,后续将发布更多干货内容。(需要学习华为数通认证培训以及认证题库的私)
1.实验环境: CE1和CE2属于vpn1、CE3和CE4属于vpn2。要求vpn1的RD值配置为100:1,RT值配置为100:1 both。vpn2的RD值配置为200:1,RT值配置为200:1both。最终要求CE1能访问CE2、CE3能访问CE4。
(1)配置互联ip地址如图所示,每个设备配置对应的环回口。
(2)CE1、CE2与PE设备之间运行ospf协议。CE3和CE4与PE设备之间运行BGP协议。
(3)isp内部的IGP协议选择ospf,并且运行MPLS-ldp,建立lsp隧道。PE1和PE2建立MP-BGP邻居关系,传递私网路由。
2.实验目的:
①掌握mpls vpn的基本配置
②掌握mpls vpn中vpnv4路由传递过程
③掌握mpls vpn中数据的传递过程
3.实验拓扑:
配置MPLS VPN基本组网-intranet实验拓扑如图所示。
4.实验步骤:
1)配置ip地址,ip地址规划见表。(接口属于vpn实例的ip地址步骤4再配置)
mpls vpn基本组网-intranet ip地址规划表
设备名称 |
接口编号 |
Ip地址 |
所属Vpn实例 |
PE1 |
G0/0/1 |
12.1.1.1/24 |
|
PE1 |
G0/0/0 |
192.168.1.1/24 |
vpn1 |
PE1 |
G0/0/2 |
192.168.1.1/24 |
vpn2 |
PE1 |
Loopback 0 |
1.1.1.1/32 |
|
P |
G0/0/0 |
12.1.1.2/24 |
|
P |
G0/0/1 |
23.1.1.1/24 |
|
P |
Loopback0 |
2.2.2.2/32 |
|
PE2 |
G0/0/0 |
23.1.1.2/24 |
|
PE2 |
G0/0/1 |
172.16.1.1/24 |
vpn1 |
PE2 |
G0/0/2 |
172.16.1.1/24 |
vpn2 |
PE2 |
Loopback0 |
3.3.3.3/32 |
|
CE1 |
G0/0/0 |
192.168.1.2/24 |
|
CE1 |
Loopback0 |
10.10.10.10/32 |
|
CE3 |
G0/0/0 |
192.168.1.2/24 |
|
CE3 |
Loopback0 |
30.30.30.30/32 |
|
CE2 |
G0/0/0 |
172.16.1.2/24 |
|
CE2 |
Loopback0 |
20.20.20.20/32 |
|
CE4 |
G0/0/0 |
172.16.1.2/24 |
|
CE4 |
Loopback0 |
40.40.40.40/32 |
|
2)配置ISP内部的ospf协议
PE1的配置:
[PE1]ospf
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
P的配置:
[P]ospf
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
PE2的配置:
[PE2]ospf
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
查看PE1是否有ISP内部路由
[PE1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 10 1 D 12.1.1.2 GigabitEthernet
0/0/1
3.3.3.3/32 OSPF 10 2 D 12.1.1.2 GigabitEthernet
0/0/1
12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet
0/0/1
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
23.1.1.0/24 OSPF 10 2 D 12.1.1.2 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0可以看到PE1设备有ISP内部的路由。
3)配置ISP内部的mpls及mpls ldp,建立公网的lsp隧道
PE1的配置:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1]mpls ldp
[PE1]interface g0/0/1
[PE1-GigabitEthernet0/0/1]mpls
[PE1-GigabitEthernet0/0/1]mpls ldp
P的配置:
[P]mpls lsr-id 2.2.2.2
[P]mpls
[P]mpls ldp
[P]interface g0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
[P]interface g0/0/0
[P-GigabitEthernet0/0/0]mpls
[P-GigabitEthernet0/0/0]mpls ldp
PE2的配置:
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
[PE2]mpls ldp
[PE2]interface g0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
查看PE1的lsp信息
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1025 -/GE0/0/1
3.3.3.3/32 1025/1025 -/GE0/0/1 可以看到PE设备已经为32位的环回口地址分配了标签,并建立了lsp隧道。
4)配置vpn实例,将接口加入到vpn实例。
在PE1和PE2上为不同的vpn配置vpn实例。(在ISP中会接入很多不同的客户即CE设备,CE设备的ip地址可能会出现冲突现象,因此配置不同的vpn实例可以将不同用户的路由放到不同的vpn实例路由表中,实现逻辑隔离)
PE1的配置:
[PE1]ip vpn-instance vpn1 //创建vpn实例,命名位vpn1
[PE1-vpn-instance-vpn1]ipv4-family //进入ipv4地址族视图
[PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher100:1 //配置RD为100:1
[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 100:1 both//配置import、export RT都为100:1
[PE1]ip vpn-instance vpn2
[PE1-vpn-instance-vpn2]ipv4-family
[PE1-vpn-instance-vpn2-af-ipv4]route-distinguisher200:1
[PE1-vpn-instance-vpn2-af-ipv4]vpn-target 200:1 both
PE2的配置:
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] ipv4-family
[PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2]ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] ipv4-family
[PE2-vpn-instance-vpn2-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-vpn2-af-ipv4] vpn-target 200:1 both
RD作用:用于标记vpnv4路由,bgp传递vpnv4路由的时候会携带RD值,代表这是一条唯一的vpnv4路由。
RT作用:用于控制vpnv4路由的接收,出方向RT等于对端设备入方向RT则接收路由,并且将路由加入到对应的vpn实例路由表中。
将接口加入到对应的vpn实例
PE1的配置:
[PE1]interface g0/0/0
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn1 //将G0/0/0口绑定到vpn实例vpn1中
[PE1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[PE1]interface g0/0/2
[PE1-GigabitEthernet0/0/2]ip binding vpn-instancevpn2 //将G0/0/2口绑定到vpn实例vpn2中
[PE1-GigabitEthernet0/0/2]ip address 192.168.1.1 24
通过:display ip routing-table vpn-instance vpn1、display ip routing-table vpn-instance vpn2 查看不同vpn实例的路由表。可以看到G0/0/0口与G0/0/2口的直连路由虽然ip地址相同,但是属于不同的vpn实例的路由表中,实现逻辑隔离。
[PE1]display ip routing-table vpn-instancevpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 4 Routes :4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1]display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn2
Destinations : 4 Routes :4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/2
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
PE2的配置:
[PE2]interface g0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instancevpn1
[PE2-GigabitEthernet0/0/1]ip address 172.16.1.1 24
[PE2]interface g0/0/2
[PE2-GigabitEthernet0/0/2]ip binding vpn-instancevpn2
[PE2-GigabitEthernet0/0/2]ip address 172.16.1.1 24
5)按照题目需求,配置CE和PE之间的路由协议
PE1的ospf配置:
[PE1]ospf 100 vpn-instance vpn1 //将ospf 100绑定到vpn实例vpn1
[PE1-ospf-100]area 0
[PE1-ospf-100-area-0.0.0.0]network 192.168.1.00.0.0.255
CE1的ospf配置
[CE1]ospf 100
[CE1-ospf-100]area 0
[CE1-ospf-100-area-0.0.0.0]network 10.10.10.10 0.0.0.0
[CE1-ospf-100-area-0.0.0.0]network 192.168.1.0 0.0.0.255
等待邻居建立,查看PE1的vpn实例vpn1的路由表中能否学习到CE1的路由信息
[PE1]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 5 Routes :5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.10.10/32 OSPF 10 1 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以看到vpn实例vpn1可以学习到10.10.10.10/32的路由信息。
PE2的ospf配置
[PE2]ospf 100 vpn-instance vpn1
[PE2-ospf-100]area 0
[PE2-ospf-100-area-0.0.0.0]network 172.16.1.00.0.0.255
CE2的ospf配置
[CE2]ospf 100
[CE2-ospf-100]area 0
[CE2-ospf-100-area-0.0.0.0]network 172.16.1.00.0.0.255
[CE2-ospf-100-area-0.0.0.0]network 20.20.20.200.0.0.0
等待邻居建立,查看PE2的vpn实例vpn1的路由表中能否学习到CE2的路由信息
[PE2]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 5 Routes :5
Destination/Mask Proto Pre Cost Flags NextHop Interface
20.20.20.20/32 OSPF 10 1 D 172.16.1.2 GigabitEthernet
0/0/1
172.16.1.0/24 Direct 0 0 D 172.16.1.1 GigabitEthernet
0/0/1
172.16.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0可以看到vpn实例vpn1可以学习到20.20.20.20/32的路由信息。
PE1的BGP配置:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpn2 //进入vpn实例vpn2的地址族
[PE1-bgp-vpn2]peer 192.168.1.2 as-number 200 //配置与CE3的EBGP邻居关系
CE3的BGP配置
[CE3]bgp 200
[CE3-bgp]peer 192.168.1.1 as-number 100
[CE3-bgp]network 30.30.30.30 32
查看PE1和CE3的BGP邻居关系
<PE1>display bgp vpnv4 all peer
BGP localrouter ID : 12.1.1.1
Local ASnumber : 100
Total numberof peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
Peer ofIPv4-family for vpn instance :
VPN-Instancevpn2, Router ID 12.1.1.1:
192.168.1.2 4 200 17 17 0 00:14:37 Established 1可以看到,设备之间建立了vpn实例的邻居关系
查看PE1的vpn实例vpn2的路由表中能否学习到CE3的路由信息
[PE1]display ip routing-table vpn-instancevpn2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
30.30.30.30/32 EBGP 255 0 D 192.168.1.2 GigabitEthernet
0/0/2
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/2
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0可以看到vpn实例vpn2可以学习到30.30.30.30/32的路由信息。再次查看BGP的vpnv4路由表。
[PE1]display bgp vpnv4 all routing-table
BGP Localrouter ID is 12.1.1.1
Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s -suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total numberof routes from all PE: 1
RouteDistinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i
VPN-Instancevpn2, Router ID 12.1.1.1:
Total Numberof Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i可以看到30.30.30.30/32的路由直接导入到了BGP的vpnv4路由表中,其中分为了RD为200:1的路由,以及VPN实例VPN2的路由,那么为说明CE1的10.10.10.10/32的路由并没有出现在这张路由表中呢?
因为CE1和PE1之间的运行的是ospf协议,而此表项为vpnv4的路由表,如果向将CE1的路由导入到vpnv4路由表中再传递给对端PE2,那么PE1就必须在BGP中引入ospf100的路由,并且再将BGP的路由引入到ospf 100,间vpnv4路由传递给CE1。(此步骤我们在步骤6中体现)
PE2的BGP配置:
[PE2]bgp 100
[PE2-bgp]ipv4-family vpn-instance vpn2
[PE2-bgp-vpn2]peer 172.16.1.2 as-number 300
CE4的BGP配置:
[CE4]bgp 300
[CE4-bgp]peer 172.16.1.1 as-number 100
[CE4-bgp]network 40.40.40.40 32
查看PE2的VPNV4路由
[PE2]display bgp vpnv4 all routing-table
BGP Localrouter ID is 23.1.1.2
Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s -suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total numberof routes from all PE: 1
RouteDistinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 40.40.40.40/32 172.16.1.2 0 0 300i
VPN-Instancevpn2, Router ID 23.1.1.2:
Total Numberof Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 40.40.40.40/32 172.16.1.2 0 0 300i
6)将PE1、PE2的ospf 100的路由引入到BGP中,把vpn实例vpn1的路由变为vpnv4路由,在步骤7使用MP-BGP传递给对端PE,并且将BGP的路由引入到ospf100中。
PE1的配置:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]import-route ospf 100 //在bgp的vpn实例vpn1中引入ospf100的路由
查看PE1的vpnv4路由表:
[PE1]display bgp vpnv4 all routing-table
BGP Localrouter ID is 12.1.1.1
Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s -suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total numberof routes from all PE: 3
RouteDistinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 0.0.0.0 2 0 ?
*> 192.168.1.0 0.0.0.0 0 0 ?
RouteDistinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i
VPN-Instancevpn1, Router ID 12.1.1.1:
Total Numberof Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 0.0.0.0 2 0 ?
*> 192.168.1.0 0.0.0.0 0 0 ?
VPN-Instancevpn2, Router ID 12.1.1.1:
Total Numberof Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i
可以看到10.10.10.10/32的路由以及被导入到vpnv4路由表中了。
将bgp的路由再次引入到ospf 100 中,其目的是对端的PE2将CE2的路由发送给bgp时,再把BGP的路由引入到ospf 100 ,PE1就能将CE2的路由发送给CE1了。
PE1的配置:
[PE1]ospf 100
[PE1-ospf-100]import-route bgp
PE2的配置:
[PE2]bgp 100
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]import-route ospf 100
[PE2]ospf 100
[PE2-ospf-100]import-route bgp
7)配置PE1和PE2之间的MP-BGP,传递各个站点之间的VPNV4路由信息。
PE1的配置:
[PE1]bgp 100
[PE1-bgp]peer 3.3.3.3 as-number 100
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4 //进入vpnv4地址族
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable //使能3.3.3.3对等体的vpnv4邻居关系
PE2的配置:
[PE2]bgp 100
[PE2-bgp]peer 1.1.1.1 as-number 100
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
查看vpnv4邻居建立情况
[PE1]display bgp vpnv4 all peer
BGP localrouter ID : 12.1.1.1
Local ASnumber : 100
Total numberof peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
3.3.3.3 4 100 6 6 0 00:01:49 Established
3
Peer ofIPv4-family for vpn instance :
VPN-Instancevpn2, Router ID 12.1.1.1:
192.168.1.2 4 200 38 40 0 00:36:01 Established 可以看到PE1和PE2已经建立了MP-BGP邻居关系
查看对端的VPNV4路由是否传递
[PE1]display bgp vpnv4 all routing-table
BGP Localrouter ID is 12.1.1.1
Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s -suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total numberof routes from all PE: 6
RouteDistinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 0.0.0.0 2 0 ?
*>i 20.20.20.20/32 3.3.3.3 2 100 0 ?
*>i 172.16.1.0/24 3.3.3.3 0 100 0 ?
*> 192.168.1.0 0.0.0.0 0 0 ?
RouteDistinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i
*>i 40.40.40.40/32 3.3.3.3 0 100 0 300i
VPN-Instancevpn1, Router ID 12.1.1.1:
Total Numberof Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 0.0.0.0 2 0 ?
*>i 20.20.20.20/32 3.3.3.3 2 100 0 ?
*>i 172.16.1.0/24 3.3.3.3 0 100 0 ?
*> 192.168.1.0 0.0.0.0 0 0 ?
VPN-Instancevpn2, Router ID 12.1.1.1:
Total Numberof Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 30.30.30.30/32 192.168.1.2 0 0 200i
*>i 40.40.40.40/32 3.3.3.3 0 100 0 300i可以看到,VPNV4路由中的vpn实例vpn1、vpn2中各自携带各个站点的路由信息。
查看CE1和CE3的路由
<CE1>display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes :2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
20.20.20.20/32 OSPF 10 3 D 192.168.1.1 GigabitEthernet
0/0/0
172.16.1.0/24 O_ASE 150 1 D 192.168.1.1 GigabitEthernet
0/0/0CE1学习到了CE2的路由信息。
<CE3>display ip routing-table protocol bgp
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : BGP
Destinations : 1 Routes :1
BGP routing table status : <Active>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
40.40.40.40/32 EBGP 255 0 D 192.168.1.1 GigabitEthernet
0/0/0CE3学习到了CE4的路由信息。
8)测试网络连通性,理解mpls vpn的转发流程
<CE1>ping 20.20.20.20
PING20.20.20.20: 56 data bytes, press CTRL_Cto break
Reply from20.20.20.20: bytes=56 Sequence=1 ttl=252 time=60 ms
Reply from20.20.20.20: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from20.20.20.20: bytes=56 Sequence=3 ttl=252 time=30 ms
Reply from20.20.20.20: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from20.20.20.20: bytes=56 Sequence=5 ttl=252 time=40 ms
---20.20.20.20 ping statistics ---
5 packet(s)transmitted
5 packet(s)received
0.00%packet loss
round-tripmin/avg/max = 30/42/60 ms
<CE3>ping -a 30.30.30.30 40.40.40.40
PING40.40.40.40: 56 data bytes, press CTRL_Cto break
Reply from40.40.40.40: bytes=56 Sequence=1 ttl=252 time=40 ms
Reply from40.40.40.40: bytes=56 Sequence=2 ttl=252 time=30 ms
Reply from40.40.40.40: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from40.40.40.40: bytes=56 Sequence=4 ttl=252 time=30 ms
Reply from40.40.40.40: bytes=56 Sequence=5 ttl=252 time=30 ms
---40.40.40.40 ping statistics ---
5 packet(s)transmitted
5 packet(s)received
0.00%packet loss
round-trip min/avg/max = 30/34/40 ms测试结果表明,CE1能访问CE2。CE3能访问CE4 。那么具体的通信过程是怎样的呢。
我们来根据以下几个表项了解下,以CE1访问20.20.20.20/32的目标网段为例:
查看私网路由的标签分配情况,
<PE1>display bgp vpnv4 all routing-table label
----------------------------------------------------------------
VPN-Instancevpn1, Router ID 12.1.1.1:
Total Numberof Routes: 2
Network NextHop In/Out Label
*>i 20.20.20.20 3.3.3.3 NULL/1028
*>i 172.16.1.0 3.3.3.3 NULL/1027
VPN-Instancevpn2, Router ID 12.1.1.1:
Total Numberof Routes: 1
Network NextHop In/Out Label
*>i 40.40.40.40 3.3.3.3 NULL/1026可以看到PE2为20.20.20.20/32分配了私网标签1028 。
查看公网标签分配情况
<PE1>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
30.30.30.30/32 1026/NULL -/- vpn2
192.168.1.0/24 1027/NULL -/- vpn1
10.10.10.10/32 1028/NULL -/- vpn1
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1025 -/GE0/0/1
3.3.3.3/32 1025/1025 -/GE0/0/1
通过上述表项内容可知,PE1收到目标网段为20.20.20.20数据时,先打上私网标签1028,下一跳为3.3.3.3。因此将迭代进入mpls ldp建立的公网lsp隧道。出标签为1025。因此内层标签为私网标签1028、出标签为公网标签1025。
在CE1访问20.20.20.20/32的同时在PE1的G0/0/1口抓包,查看抓包情况,如图所示。
PE1的G0/0/1口抓包结果
因此此数据可以通过外层标签(mplslsp 隧道)发送到PE2,PE2再查看内层标签1028,通过mpls标签表现决定发往哪个vpn实例。由下图可知,入标签为1028的数据将发往vpn1。PE2查看VPN1实例的路由表决定发往哪个接口。
<PE2>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
40.40.40.40/32 1026/NULL -/- vpn2
172.16.1.0/24 1027/NULL -/- vpn1
20.20.20.20/32 1028/NULL -/- vpn1
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/1024 -/GE0/0/0
1.1.1.1/32 1024/1024 -/GE0/0/0
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1025/3 -/GE0/0/0
3.3.3.3/32 3/NULL -/-
查看PE2的vpn实例vpn1的路由表
[PE2]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 7 Routes :7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.10.10/32 IBGP 255 2 RD 1.1.1.1 GigabitEthernet0/0/0
20.20.20.20/32 OSPF 10 1 D 172.16.1.2 GigabitEthernet0/0/1
172.16.1.0/24 Direct 0 0 D 172.16.1.1 GigabitEthernet0/0/1
172.16.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
192.168.1.0/24 IBGP 255 0 RD 1.1.1.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0最终PE2查看vpn1的路由表可以将数据从G0/0/1接口发出,发往172.16.1.2(即CE2)。