Experiment 3: Configuring mpls vpn MCE networking
1. Experimental environment: A company needs to realize mutual visits between headquarters and branches through mpls vpn, and to realize business isolation between different departments. In order to save costs, the head office uses MCE equipment to access different departments. It is required that branch A can only access department A of the head office, and branch B can only access department B of the head office.
(1) CE1 and CE3 are the CE devices of branch A and branch B;
(2) MCE is connected to Department A and Department B on the side of the head office as a VPN multi-instance device;
(3) Branch A and department A belong to vpn instance vpn1, branch B and department B belong to vpn instance vpn2.
It is required that the same vpn instance can communicate with each other, but different vpn instances cannot communicate with each other.
2. Purpose of the experiment:
Master the application scenarios and basic configuration of MCE
3. Experimental topology:
The experimental topology is shown in Figure 7-6:
Figure 7-6 Configuring mpls vpn MCE networking
4. Experimental steps:
Step 1: Configure the interface ip address, and the ip plan is shown in Figure 7-3;
Table 7-3 IP address planning table for configuring mpls vpn MCE networking experiment
| device name |
interface number |
IP address |
Belonging Vpn instance |
| PE1 |
G0/0/0 |
10.0.11.1/24 |
vpn1 |
| PE1 |
G0/0/1 |
12.1.1.1/24 |
|
| PE1 |
G0/0/2 |
10.0.13.1/24 |
vpn2 |
| PE1 |
Loopback 0 |
1.1.1.1/32 |
|
| PE2 |
G0/0/0 |
23.1.1.2/24 |
|
| PE2 |
G0/0/1.10 |
10.0.100.1/24 |
vpn1 |
| PE2 |
G0/0/1.20 |
10.0.101.1/24 |
vpn2 |
| PE2 |
Loopback 0 |
3.3.3.3/32 |
|
| P |
G0/0/0 |
12.1.1.2/24 |
|
| P |
G0/0/1 |
23.1.1.1/24 |
|
| P |
Loopback 0 |
2.2.2.2/32 |
|
| CE1 |
G0/0/0 |
10.0.11.2/24 |
|
| CE1 |
Loopback 0 |
10.10.10.10/32 |
|
| CE2 |
G0/0/0 |
10.0.2.2/24 |
|
| CE2 |
Loopback 0 |
20.20.20.20/32 |
|
| CE3 |
G0/0/0 |
10.0.13.2/24 |
|
| CE3 |
Loopback 0 |
30.30.30.30/32 |
|
| CE4 |
G0/0/0 |
10.0.4.2/24 |
|
| CE4 |
Loopback 0 |
4.4.4.4/32 |
|
| MCE |
G0/0/0.10 |
10.0.100.2/24 |
vpn1 |
| MCE |
G0/0/0.20 |
10.0.101.2/24 |
vpn2 |
| MCE |
G0/0/1 |
10.0.2.1/24 |
vpn1 |
| MCE |
G0/0/2 |
10.0.4,1/24 |
vpn2 |
Step 2: Configure the IGP protocol of the ISP network
Configuration of PE1:
[PE1]ospf
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
Configuration of PE2:
[PE2]ospf
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
P configuration:
[P]ospf
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
View the learning status of public network routes
[P]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 1 D 12.1.1.1 GigabitEthernet0/0/0
3.3.3.3/32 OSPF 10 1 D 23.1.1.2 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
Step 3: Configure the mpls and mpls ldp inside the ISP, and establish the lsp tunnel of the public network
Configuration of PE1:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]q
[PE1]mpls ldp
[PE1-mpls-ldp]q
[PE1]int g0/0/1
[PE1-GigabitEthernet0/0/1]mpls
[PE1-GigabitEthernet0/0/1]mpls ldp
P configuration:
[P]mpls ls
[P]mpls lsr-id 2.2.2.2
[P]mpls
[P-mpls]q
[P]mpls ldp
[P-mpls-ldp]q
[P]interface g0/0/0
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q
[P]interface g0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
Configuration of PE2
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
[PE2-mpls]q
[PE2]mpls ldp
[PE2-mpls-ldp]q
[PE2]interface g0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
View the establishment of mpls lsp
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1025 -/GE0/0/1
3.3.3.3/32 1025/1025 -/GE0/0/1
Step 4: Configure the vpn instance and add the interface to the vpn instance
Configuration of PE1 vpn1:
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[PE1]interface g0/0/0
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
[PE1-GigabitEthernet0/0/0]ip address 10.0.11.1 24
PE1 vpn2 configuration
[PE1]ip vpn-instance vpn2
[PE1-vpn-instance-vpn2]route-distinguisher 200:1
[PE1-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 both
[PE1]interface g0/0/2
[PE1-GigabitEthernet0/0/2]ip binding vpn-instance vpn2
[PE1-GigabitEthernet0/0/2]ip address 10.0.13.1 24
PE2 vpn1 configuration
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[PE2]interface g0/0/1.10
[PE2-GigabitEthernet0/0/1.10]ip binding vpn-instance vpn1
[PE2-GigabitEthernet0/0/1.10]ip address 10.0.100.1 24
[PE2-GigabitEthernet0/0/1.10]dot1q termination vid 10
PE2 vpn2 configuration
[PE2]ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2-af-ipv4] vpn-target 2:2 both
[PE2]interface g0/0/1.20
[PE2-GigabitEthernet0/0/1.20]ip binding vpn-instance vpn2
[PE2-GigabitEthernet0/0/1.20]ip address 10.0.101.1 24
[PE2-GigabitEthernet0/0/1.20]dot1q termination vid 20
Configuration of MCE vpn1
[MCE]ip vpn-instance vpn1
[MCE-vpn-instance-vpn1]route-distinguisher 100:3
[MCE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[MCE]interface g0/0/0.10
[MCE-GigabitEthernet0/0/0.10]ip binding vpn-instance vpn1
[MCE-GigabitEthernet0/0/0.10]dot1q termination vid 10
[MCE-GigabitEthernet0/0/0.10]ip address 10.0.100.2 24
[MCE]interface g0/0/1
[MCE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[MCE-GigabitEthernet0/0/1]ip address 10.0.2.1 24
Configuration of MCE vpn2
[MCE]ip vpn-instance vpn2
[MCE-vpn-instance-vpn2]route-distinguisher 200:3
[MCE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 both
[MCE]interface g0/0/0.20
[MCE-GigabitEthernet0/0/0.20]ip binding vpn-instance vpn2
[MCE-GigabitEthernet0/0/0.20]dot1q termination vid 20
[MCE-GigabitEthernet0/0/0.20]ip address 10.0.101.2 24
[MCE]interface g0/0/2
[MCE-GigabitEthernet0/0/2]ip binding vpn-instance vpn2
[MCE-GigabitEthernet0/0/2]ip address 10.0.4.1 24
Note: Since PE2 and MCE need to distinguish the routes of two different departments to achieve business isolation, it is necessary to configure two vpn instances and use sub-interfaces to divide the sub-interfaces into different vpn instances to realize business traffic and routing level of isolation.
Step 5: Configure the routing protocol between PE and CE, all use ospf in this case
(1) Configure the ospf protocol of department A and department B of the company headquarters
Configuration of PE2:
[PE2]ospf 100 vpn-instance vpn1
[PE2-ospf-100]area 0
[PE2-ospf-100-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[PE2]ospf 200 vpn-instance vpn2
[PE2-ospf-200]area 0
[PE2-ospf-200-area-0.0.0.0]network 10.0.101.0 0.0.0.255
MCE configuration
[MCE]ospf 100 vpn-instance vpn1
[MCE-ospf-100]area 0
[MCE-ospf-100-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0]network 10.0.2.0 0.0.0.255
[MCE]ospf 200 vpn-instance vpn2
[MCE-ospf-200]area 0
[MCE-ospf-200-area-0.0.0.0]network 10.0.101.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0]network 10.0.4.0 0.0.0.255
Configuration of CE2
[CE2]ospf 100
[CE2-ospf-100]area 0
[CE2-ospf-100-area-0.0.0.0]network 10.0.2.0 0.0.0.255
[CE2-ospf-100-area-0.0.0.0]network 20.20.20.20 0.0.0.0
Configuration of CE4
[CE4]ospf 200
[CE4-ospf-200]area 0
[CE4-ospf-200-area-0.0.0.0]network 10.0.4.0 0.0.0.255
[CE4-ospf-200-area-0.0.0.0]network 40.40.40.40 0.0.0.0
Check the ospf neighbor relationship of MCE
<MCE>display ospf peer brief
OSPF Process 100 with Router ID 10.0.100.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0.10 10.0.100.1 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.2.2 Full
----------------------------------------------------------------------------
OSPF Process 200 with Router ID 10.0.101.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0.20 10.0.101.1 Full
0.0.0.0 GigabitEthernet0/0/2 10.0.4.2 Full
----------------------------------------------------------------------------
You can see that MCE has established ospf neighbor relationships with PE2, CE2, and CE4.
View the routing table of the MCE
Routing table of VPN instance vpn1
<MCE>display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The result shows that the route to 20.20.20.20/32 can be learned.
Routing table of VPN instance vpn2
<MCE>display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn2
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.4.0/24 Direct 0 0 D 10.0.4.1 GigabitEthernet0/0/2
10.0.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.101.0/24 Direct 0 0 D 10.0.101.2 GigabitEthernet0/0/0.20
10.0.101.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.20
10.0.101.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.20
40.40.40.40/32 OSPF 10 1 D 10.0.4.2 GigabitEthernet0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The result shows that the route 40.40.40.40/32 can be learned.
(2) Configure the routing protocol between the company branch and PE
Configuration of PE1:
[PE1]ospf 100 vpn-instance vpn1
[PE1-ospf-100]area 0
[PE1-ospf-100-area-0.0.0.0]network 10.0.11.0 0.0.0.255
[PE1]ospf 200 vpn-instance vpn2
[PE1-ospf-200]area 0
[PE1-ospf-200-area-0.0.0.0]network 10.0.13.0 0.0.0.255
Configuration of CE1:
[CE1]ospf 100
[CE1-ospf-100]area 0
[CE1-ospf-100-area-0.0.0.0]network 10.10.10.10 0.0.0.0
[CE1-ospf-100-area-0.0.0.0]network 10.0.11.0 0.0.0.255
Configuration of CE3:
[CE3]ospf 200
[CE3-ospf-200]area 0
[CE3-ospf-200-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[CE3-ospf-200-area-0.0.0.0]network 30.30.30.30 0.0.0.0
Step 6: Configure mp-bgp between PEs
(1) Configure the neighbor relationship of MP-BGP
Configuration of PE1:
[PE1]bgp 100
[PE1-bgp]peer 3.3.3.3 as-number 100
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
Configuration of PE2:
[PE2]bgp 100
[PE2-bgp]peer 1.1.1.1 as-number 100
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
Check whether the vpnv4 neighbor of PE1 is established:
[PE1]display bgp vpnv4 all peer
BGP local router ID : 12.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 2 3 0 00:00:49 Established 0
(2) The PE imports the ospf route learned from the CE into BGP, passes it to the peer PE through MP-BGP, and imports the BGP route into ospf, and publishes it to the CE device.
Configuration of PE1:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]import-route ospf 100
[PE1-bgp-vpn1]q
[PE1-bgp]ipv4-family vpn-instance vpn2
[PE1-bgp-vpn2]import-route ospf 200
[PE1]ospf 100
[PE1-ospf-100]import-route bgp
[PE1]ospf 200
[PE1-ospf-200]import-route bgp
Configuration of PE2:
[PE2]bgp 100
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]import-route ospf 100
[PE2-bgp-vpn1]q
[PE2-bgp]ipv4-family vpn-instance vpn2
[PE2-bgp-vpn2]import-route ospf 200
[PE2]ospf 100
[PE2-ospf-100]import-route bgp
[PE2]ospf 200
[PE2-ospf-200]import-route bgp
View the BGP vpnv4 route of PE2:
View the routing table of the vpn instance vpn1
[PE2]display bgp vpnv4 vpn-instance vpn1 routing-table
BGP Local router ID is 23.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn1, Router ID 23.1.1.2:
Total Number of Routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.2.0/24 0.0.0.0 3 0 ?
*>i 10.0.11.0/24 1.1.1.1 0 100 0 ?
*> 10.0.100.0/24 0.0.0.0 0 0 ?
*>i 10.10.10.10/32 1.1.1.1 2 100 0 ?
*> 20.20.20.20/32 0.0.0.0 3 0 ?
The result shows that it contains routing information of CE1 (10.10.10.10) and CE2 (20.20.20.20).
View the routing table of the vpn instance vpn2
[PE2]display bgp vpnv4 vpn-instance vpn2 routing-table
BGP Local router ID is 23.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn2, Router ID 23.1.1.2:
Total Number of Routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.4.0/24 0.0.0.0 3 0 ?
*>i 10.0.13.0/24 1.1.1.1 0 100 0 ?
*> 10.0.101.0/24 0.0.0.0 0 0 ?
*>i 30.30.30.30/32 1.1.1.1 2 100 0 ?
*> 40.40.40.40/32 0.0.0.0 3 0 ?
The result shows that it contains routing information of CE3 (30.30.30.30) and CE4 (40.40.40.40).
Taking the site of VPN instance vpn1 as an example, check the routing tables of CE1 and CE2:
<CE1>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 4 D 10.0.11.1 GigabitEthernet0/0/0
10.0.11.0/24 Direct 0 0 D 10.0.11.2 GigabitEthernet0/0/0
10.0.11.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.100.0/24 O_ASE 150 1 D 10.0.11.1 GigabitEthernet0/0/0
10.10.10.10/32 Direct 0 0 D 127.0.0.1 LoopBack0
20.20.20.20/32 OSPF 10 4 D 10.0.11.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<CE2>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.2 GigabitEthernet0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.0/24 O_ASE 150 1 D 10.0.2.1 GigabitEthernet0/0/0
10.0.100.0/24 OSPF 10 2 D 10.0.2.1 GigabitEthernet0/0/0
10.10.10.10/32 OSPF 10 4 D 10.0.2.1 GigabitEthernet0/0/0
20.20.20.20/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The result shows that CE1 can learn the route 20.20.20.20/32 of CE2, but CE2 cannot learn the route 10.10.10.10/32 of CE1.
View the routing table of the MCE vpn instance,
[MCE]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The results show that MCE does not have routing information for 10.10.10.10/32. But the ospf neighbor relationship with PE2 can be established normally.
Check lsdb of ospf 100 of MCE.
[MCE]display ospf 100 lsdb
OSPF Process 100 with Router ID 10.0.100.2
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.2.2 10.0.2.2 494 48 80000004 1
Router 10.0.100.2 10.0.100.2 489 48 80000008 1
Router 10.0.100.1 10.0.100.1 599 36 80000005 1
Network 10.0.2.1 10.0.100.2 489 32 80000002 0
Network 10.0.100.1 10.0.100.1 599 32 80000002 0
Sum-Net 10.10.10.10 10.0.100.1 134 28 80000001 2
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.0.11.0 10.0.100.1 134 36 80000001 1
The results show that the type 3 lsa of 10.10.10.10 can be learned, but the ospf route of 10.10.10.10/32 is not generated. The reason is that in order to prevent loops, the OSPF multi-instance process uses an unused bit in the LSA Options field as a flag bit, which is called the DN bit. When the device receives the lsa with the DN set, it will perform the action of receiving without counting, so this function needs to be disabled in the ospf process.
Disable the loop detection function in MCE
[MCE]ospf 100
[MCE-ospf-100]vpn-instance-capability simple// Used to disable routing loop detection and directly perform routing calculation.
[MCE]ospf 200
[MCE-ospf-200]vpn-instance-capability simple
View the routing table of the MCE VPN instance vpn1 again
[MCE]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.11.0/24 O_ASE 150 1 D 10.0.100.1 GigabitEthernet0/0/0.10
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.10.10.10/32 OSPF 10 3 D 10.0.100.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The result shows that the routing information of 10.10.10.10/32 can be learned normally.
View the routing table of CE2
<CE2>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.2 GigabitEthernet0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.0/24 O_ASE 150 1 D 10.0.2.1 GigabitEthernet0/0/0
10.0.100.0/24 OSPF 10 2 D 10.0.2.1 GigabitEthernet0/0/0
10.10.10.10/32 OSPF 10 4 D 10.0.2.1 GigabitEthernet0/0/0
20.20.20.20/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The results show that the routing information of 10.10.10.10/32 can also be learned normally.
Step 7: Test the experimental results
<CE1>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Reply from 20.20.20.20: bytes=56 Sequence=1 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=2 ttl=251 time=40 ms
Reply from 20.20.20.20: bytes=56 Sequence=3 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=4 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=5 ttl=251 time=40 ms
--- 20.20.20.20 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/46/50 ms
<CE1>ping 40.40.40.40
PING 40.40.40.40: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 40.40.40.40 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
CE1 can normally access CE2, but cannot access CE4.
<CE3>ping 40.40.40.40
PING 40.40.40.40: 56 data bytes, press CTRL_C to break
Reply from 40.40.40.40: bytes=56 Sequence=1 ttl=251 time=60 ms
Reply from 40.40.40.40: bytes=56 Sequence=2 ttl=251 time=50 ms
Reply from 40.40.40.40: bytes=56 Sequence=3 ttl=251 time=50 ms
Reply from 40.40.40.40: bytes=56 Sequence=4 ttl=251 time=40 ms
Reply from 40.40.40.40: bytes=56 Sequence=5 ttl=251 time=40 ms
--- 40.40.40.40 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
<CE3>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 20.20.20.20 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
CE3 cannot access CE2, but can access CE4.
The results are consistent with the experimental requirements.