Table of contents
2) Configure the IGP protocol of the ISP network
4) Configure the vpn instance and add the interface to the vpn instance.
5) Configure the BGP routing protocol of PE and CE
6) Configure the MP-BGP neighbor relationship between spoke PE and hub PE
1. Experimental environment: As shown in the figure, CE1 is the headquarters of a certain company, and CE2 and CE3 are the branches of a certain company. Now it is required that the headquarters and the branches realize private network mutual visits through mpls vpn, and that the branches need to The traffic of mutual visits must pass through the headquarters.
(1) AS400 is an ISP network, and the IGP protocol uses ospf;
(2) BGP runs between CE and PE
2. Purpose of the experiment:
①Master the basic configuration of hub and spoke
② Master the working principle of hub and spoke
3. Experimental topology:
The topology of MPLS VPN basic networking-hub and spoke experiment is shown in the figure.
4. Experimental steps:
1) Configure the ip address, see the table for ip planning. (The interface belongs to the ip address of the vpn instance and then configured in step 4)
mpls vpn basic networking - hub and spoke ip address planning table
| device name |
interface number |
IP address |
Belonging Vpn instance |
| PE1 |
G0/0/0 |
11.1.1.1/24 |
vpn_in |
| PE1 |
G0/0/1 |
10.1.1.1/24 |
vpn_out |
| PE1 |
G0/0/2 |
10.0.12.1/24 |
|
| PE1 |
G4/0/0 |
10.0.13.1/24 |
|
| PE1 |
Loopback 0 |
1.1.1.1/32 |
|
| PE2 |
G0/0/0 |
10.0.12.2/24 |
|
| PE2 |
G0/0/1 |
22.1.1.1/24 |
vpn1 |
| PE2 |
Loopback 0 |
2.2.2.2/32 |
|
| PE3 |
G0/0/0 |
10.0.13.2/24 |
|
| PE3 |
G0/0/1 |
33.1.1.1/24 |
vpn1 |
| PE3 |
Loopback 0 |
3.3.3.3/32 |
|
| CE1 |
G0/0/0 |
11.1.1.2/24 |
|
| CE1 |
G0/0/1 |
10.1.1.2/24 |
|
| CE1 |
Loopback 0 |
10.10.10.10/32 |
|
| CE2 |
G0/0/0 |
22.1.1.2/24 |
|
| CE2 |
Loopback 0 |
20.20.20.20/32 |
|
| CE3 |
G0/0/0 |
33.1.1.2/24 |
|
| CE3 |
Loopback 0 |
30.30.30.30/32 |
2) Configure the IGP protocol of the ISP network
Configuration of PE1:
[PE1]ospf
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0Configuration of PE2:
[PE2]ospf
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0Configuration of PE3:
[PE3]ospf
[PE3-ospf-1]area 0
[PE3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0View the routing table of PE1
[PE1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet0/0/2
3.3.3.3/32 OSPF 10 1 D 10.0.13.2 GigabitEthernet4/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet0/0/2
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet4/0/0
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet4/0/0
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet4/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0You can see that the loopback interface routes of PE2 and PE3 can be learned.
3) Configure the mpls and mpls ldp inside the ISP, and establish the lsp tunnel of the public network
Configuration of PE1:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]q
[PE1]mpls ldp
[PE1]interface g0/0/2
[PE1-GigabitEthernet0/0/2]mpls
[PE1-GigabitEthernet0/0/2]mpls ldp
[PE1-GigabitEthernet0/0/2]q
[PE1]interface g4/0/0
[PE1-GigabitEthernet4/0/0]mpls
[PE1-GigabitEthernet4/0/0]mpls ldpConfiguration of PE2:
[PE2]mpls lsr-id 2.2.2.2
[PE2]mpls
[PE2-mpls]q
[PE2]mpls ldp
[PE2]interface g0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldpPE3 configuration
[PE3]mpls lsr-id 3.3.3.3
[PE3]mpls
[PE3-mpls]q
[PE3]mpls ldp
[PE3]interface g0/0/0
[PE3-GigabitEthernet0/0/0]mpls
[PE3-GigabitEthernet0/0/0]mpls ldpView the establishment of mpls lsp
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/2
2.2.2.2/32 1024/3 -/GE0/0/2
1.1.1.1/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE4/0/0
3.3.3.3/32 1025/3 -/GE4/0/04) Configure the vpn instance and add the interface to the vpn instance.
Configuration of PE1:
[PE1]ip vpn-instance vpn_in //创建vpn实例vpn_in,用于接收分部的路由
[PE1-vpn-instance-vpn_in]route-distinguisher 100:1
[PE1-vpn-instance-vpn_in-af-ipv4]vpn-target 200:1 import-extcommunity //配置入RT为200:1
[PE1]ip vpn-instance vpn_out//创建vpn实例vpn_in,用于发送路由
[PE1-vpn-instance-vpn_out]route-distinguisher 100:2
[PE1-vpn-instance-vpn_out-af-ipv4]vpn-target 100:1 export-extcommunity//配置出RT为100:1
[PE1]int g0/0/0
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn_in //将G0/0/0接口绑定到实例vpn_in
[PE1-GigabitEthernet0/0/0]ip address 11.1.1.1 24
[PE1]interface g0/0/1
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpn_out/将G0/0/1接口绑定到实例vpn_out
[PE1-GigabitEthernet0/0/1]ip address 10.1.1.1 24Configuration of PE2:
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]route-distinguisher 200:1
[PE2-vpn-instance-vpn1-af-ipv4]vpn-target 100:1 import-extcommunity //配置入RT为100:1,此处需要与hub节点的PE中的vpn_out的对应
[PE2-vpn-instance-vpn1-af-ipv4]vpn-target 200:1 export-extcommunity//配置出RT为200:1,此处需要与hub节点的PE中的vpn_in的对应
[PE2]interface g0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[PE2-GigabitEthernet0/0/1]ip address 22.1.1.1 24Configuration of PE3:
[PE3]ip vpn-instance vpn1
[PE3-vpn-instance-vpn1]route-distinguisher 300:1
[PE3-vpn-instance-vpn1-af-ipv4]vpn-target 200:1 export-extcommunity //配置入RT为100:1,此处需要与hub节点的PE中的vpn_out的对应
[PE3-vpn-instance-vpn1-af-ipv4]vpn-target 100:1 import-extcommunity//配置出RT为200:1,此处需要与hub节点的PE中的vpn_in的对应
[PE3]interface g0/0/1
[PE3-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[PE3-GigabitEthernet0/0/1]ip address 33.1.1.1 24The configuration rules for the RT value here are:
The inbound RT of the Spoke PE must be the same as the vpn_out of the hub PE, and the outbound RT of the spoke PE must be the same as the vpn_in of the hub PE. The vpn_in of the hub PE is used to receive the spoke route to the hub node, and the vpn_out of the hub PE is used to receive the route of the hub node, and then publish it to the spoke PE.
5) Configure the BGP routing protocol of PE and CE
Configuration of CE1:
[CE1]bgp 100
[CE1-bgp]peer 11.1.1.1 as-number 400
[CE1-bgp]peer 10.1.1.1 as-number 400
[CE1-bgp]network 10.10.10.10 32Configuration of PE1:
[PE1]bgp 400
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp]ipv4-family vpn-instance vpn_in
[PE1-bgp-vpn_in]peer 11.1.1.2 as-number 100
[PE1-bgp-vpn_in]q
[PE1-bgp]ipv4-family vpn-instance vpn_out
[PE1-bgp-vpn_out]peer 10.1.1.2 as-number 100View the bgp neighbor relationship of PE1
[PE1]display bgp vpnv4 all peer
BGP local router ID : 10.0.12.1
Local AS number : 400
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
Peer of IPv4-family for vpn instance :
VPN-Instance vpn_in, Router ID 10.0.12.1:
11.1.1.2 4 100 4 3 0 00:01:31 Established 1
VPN-Instance vpn_out, Router ID 10.0.12.1:
10.1.1.2 4 100 4 3 0 00:01:19 Established 1The result shows that PE1 has established BGP neighbor relationships with 11.1.1.2 and 10.1.1.2 through vpn_in and vpn_out respectively.
Configuration of CE2:
[CE2]bgp 200
[CE2-bgp]peer 22.1.1.1 as-number 400
[CE2-bgp]network 20.20.20.20 32Configuration of PE2:
[PE2]bgp 400
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]peer 22.1.1.2 as-number 200Check the BGP neighbors of PE2
[PE2]display bgp vpnv4 all peer
BGP local router ID : 10.0.12.2
Local AS number : 400
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
Peer of IPv4-family for vpn instance :
VPN-Instance vpn1, Router ID 10.0.12.2:
22.1.1.2 4 200 5 4 0 00:02:36 Established 1Configuration of CE3:
[CE3]bgp 300
[CE3-bgp]peer 33.1.1.1 as-number 400
[CE3-bgp]network 30.30.30.30 32Configuration of PE3:
[PE3]bgp 400
[PE3-bgp]ipv4-family vpn-instance vpn1
[PE3-bgp-vpn1]peer 33.1.1.2 as-number 300Check the bgp neighbors of PE3
[PE3]display bgp vpnv4 all peer
BGP local router ID : 10.0.13.2
Local AS number : 400
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
Peer of IPv4-family for vpn instance :
VPN-Instance vpn1, Router ID 10.0.13.2:
33.1.1.2 4 300 4 3 0 00:01:17 Established 16) Configure the MP-BGP neighbor relationship between spoke PE and hub PE
Configuration of PE1:
[PE1]bgp 400
[PE1-bgp]peer 2.2.2.2 as-number 400
[PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[PE1-bgp]peer 3.3.3.3 as-number 400
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enableConfiguration of PE2:
[PE2]bgp 400
[PE2-bgp]peer 1.1.1.1 as-number 400
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enableConfiguration of PE3:
[PE3]bgp 400
[PE3-bgp] peer 1.1.1.1 as-number 400
[PE3-bgp] peer 1.1.1.1 connect-interface LoopBack0
[PE3-bgp] ipv4-family vpnv4
[PE3-bgp-af-vpnv4] peer 1.1.1.1 enableView the vpnv4 neighbor relationship of PE1
[PE1]display bgp vpnv4 all peer
BGP local router ID : 10.0.12.1
Local AS number : 400
Total number of peers : 4 Peers in established state : 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 400 3 5 0 00:00:47 Established 1
3.3.3.3 4 400 3 7 0 00:00:03 Established 1
Peer of IPv4-family for vpn instance :
VPN-Instance vpn_in, Router ID 10.0.12.1:
11.1.1.2 4 100 23 22 0 00:18:48 Established 1
VPN-Instance vpn_out, Router ID 10.0.12.1:
10.1.1.2 4 100 23 20 0 00:18:36 Established 1The results show that PE1 has established mp-bgp neighbor relationships with PE2 (2.2.2.2) and PE3 (3.3.3.3).
View the vpnv4 routing table of PE1
[PE1]display bgp vpnv4 all peer
BGP local router ID : 10.0.12.1
Local AS number : 400
Total number of peers : 4 Peers in established state : 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 400 3 5 0 00:00:47 Established 1
3.3.3.3 4 400 3 7 0 00:00:03 Established 1
Peer of IPv4-family for vpn instance :
VPN-Instance vpn_in, Router ID 10.0.12.1:
11.1.1.2 4 100 23 22 0 00:18:48 Established 1
VPN-Instance vpn_out, Router ID 10.0.12.1:
10.1.1.2 4 100 23 20 0 00:18:36 Established 1The results show that in the vpn_in route, the routing information of each CE node can be learned, but in the vpn_out route, the spoke CE routing information is not learned.
Thinking: Why can't the vpn_out node learn the routing information of spoke CE? How to solve the problem?
Taking the route advertisement from Spoke-CE2 to Spoke-CE3 as an example, the general process is as follows:
①Spoke-CE2 advertises the route to Spoke-PE2 through EBGP.
②Spoke-PE2 advertises the route to Hub-PE1 through IBGP.
③Hub-PE1 imports the route into the VPN_in routing table through the Import Target attribute of the VPN instance (VPN_in), and publishes it to Hub-CE1 through EBGP.
④Hub-CE1 learns the route through the EBGP connection, and advertises the route to the VPN instance (VPN_out) of Hub-PE1 through another EBGP connection.
⑤Hub-PE1 advertises the route carrying the Export Target attribute of VPN_out to all Spoke-PEs.
⑥Spoke-PE3 advertises the route to Spoke-CE3 through EBGP.
When ④ is executed, the as-path attribute of the 20.20.20.20/32 route is 400 200, and it is sent to PE1 again. Since PE1 is AS400, based on the BGP ring prevention rules, the received as-path attribute includes the local AS number. , the route will not be accepted.
Therefore, CE1 can see the routing information, but PE1 cannot learn the routing information of other CEs through the vpn_out instance. as follows:
<CE1>display bgp routing-table
BGP Local router ID is 11.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 0.0.0.0 0 0 i
*> 20.20.20.20/32 11.1.1.1 0 400 200i
*> 30.30.30.30/32 11.1.1.1 0 400 300iUse the following configuration on PE1 to solve this problem:
Configuration of PE1:
[PE1]bgp 400
[PE1-bgp]ipv4-family vpn-instance vpn_out
[PE1-bgp-vpn_out]peer 10.1.1.2 allow-as-loop //配置从10.1.1.2收到路由时,能够与本地AS号的重复次数,缺省为1次View the bgp instance vpn_out routing table of PE1 again
[PE1]display bgp vpnv4 vpn-instance vpn_out routing-table
BGP Local router ID is 10.0.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn_out, Router ID 10.0.12.1:
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 10.1.1.2 0 0 100i
*> 20.20.20.20/32 10.1.1.2 0 100 400 200i
*> 30.30.30.30/32 10.1.1.2 0 100 400 300iAt this time, vpn_out of PE1 can learn the routing information advertised by spoke ce.
View the BGP routing table of CE2
<CE2>display bgp routing-table
BGP Local router ID is 22.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.10/32 22.1.1.1 0 400 100i
*> 20.20.20.20/32 0.0.0.0 0 0 i
*> 30.30.30.30/32 22.1.1.1 0 400 100 400 300iThe results show that the route for the hub node 10.10.10.10/32 also has the route for the spoke node 30.30.30.30/32, but the as-path is 400 100 400 300, indicating that the route to the spoke node needs to be forwarded by the hub node.
Test the traffic path from CE2 to CE3
<CE2>tracert -a 20.20.20.20 30.30.30.30
traceroute to 30.30.30.30(30.30.30.30), max hops: 30 ,packet length: 40,press CTRL_C to break
1 22.1.1.1 30 ms 20 ms 10 ms
2 10.1.1.1 30 ms 30 ms 30 ms
3 10.1.1.2 40 ms 40 ms 30 ms
4 11.1.1.1 40 ms 40 ms 40 ms
5 33.1.1.1 50 ms 60 ms 50 ms
6 33.1.1.2 50 ms 60 ms 50 msThe result shows that the traffic path is CE2-PE2-PE1-CE1-PE1-PE3-CE3. The data exchanged between Spoke nodes will pass through the hub node, which can facilitate the management and control of traffic information.