...
| Блок кода |
|---|
ESR2(config)# hostname ESR2 ESR2(config)# ESR2(config)# ip vrf l3vpn_service ESR2(config-vrf)# ip protocols bgp max-routes 100 ESR2(config-vrf)# rd 65500:1 ESR2(config-vrf)# route-target export 65500:1 ESR2(config-vrf)# route-target import 65500:1 ESR2(config-vrf)# exit ESR2(config)# ESR2(config)# ESR2(config)# system cpu load-balance mpls passenger ip ESR2(config)# security zone untrusted ESR2(config-zone)# exit ESR2(config)# security zone trusted ESR2(config-zone)# exit ESR2(config)# ESR2(config)# route-map BGP_OUT ESR2(config-route-map)# rule 1 ESR2(config-route-map-rule)# exit ESR2(config-route-map)# exit ESR2(config)# router bgp 65500 ESR2(config-bgp)# router-id 10.12.0.2 ESR2(config-bgp)# neighbor 10.12.0.1 ESR2(config-bgp-neighbor)# remote-as 65500 ESR2(config-bgp-neighbor)# update-source 10.12.0.2 ESR2(config-bgp-neighbor)# address-family vpnv4 unicast ESR2(config-bgp-neighbor-af)# send-community extended ESR2(config-bgp-neighbor-af)# enable ESR2(config-bgp-neighbor-af)# exit ESR2(config-bgp-neighbor)# enable ESR2(config-bgp-neighbor)# exit ESR2(config-bgp)# enable ESR2(config-bgp)# vrf l3vpn_service ESR2(config-bgp-vrf)# neighbor 10.10.0.6 ESR2(config-bgp-vrf-neighbor)# remote-as 65502 ESR2(config-bgp-vrf-neighbor)# address-family ipv4 unicast ESR2(config-bgp-neighbor-af-vrf)# route-map BGP_OUT out ESR2(config-bgp-neighbor-af-vrf)# enable ESR2(config-bgp-neighbor-af-vrf)# exit ESR2(config-bgp-vrf-neighbor)# enable ESR2(config-bgp-vrf-neighbor)# exit ESR2(config-bgp-vrf)# address-family ipv4 unicast ESR2(config-bgp-vrf-af)# redistribute bgp 65500 route-map BGP_OUT ESR2(config-bgp-vrf-af)# exit ESR2(config-bgp-vrf)# enable ESR2(config-bgp-vrf)# exit ESR2(config-bgp)# exit ESR2(config)# ESR2(config)# router ospf 1 ESR2(config-ospf)# router-id 10.12.0.2 ESR2(config-ospf)# area 0.0.0.0 ESR2(config-ospf-area)# enable ESR2(config-ospf-area)# exit ESR2(config-ospf)# enable ESR2(config-ospf)# exit ESR2(config)# ESR2(config)# interface gigabitethernet 1/0/1 ESR2(config-if-gi)# security-zone untrusted ESR2(config-if-gi)# ip address 192.0.2.2/30 ESR2(config-if-gi)# exit ESR2(config)# interface gigabitethernet 1/0/2 ESR2(config-if-gi)# ip vrf forwarding l3vpn_service ESR2(config-if-gi)# description "from CE2" ESR2(config-if-gi)# ip firewall disable ESR2(config-if-gi)# ip address 10.10.0.5/30 ESR2(config-if-gi)# exit ESR2(config)# interface loopback 1 ESR2(config-loopback)# ip address 10.12.0.2/32 ESR2(config-loopback)# ip ospf instance 1 ESR2(config-loopback)# ip ospf ESR2(config-loopback)# exit ESR2(config)# tunnel gre 1 ESR2(config-gre)# key 60 ESR2(config-gre)# ttl 64 ESR2(config-gre)# mtu 1472 ESR2(config-gre)# ip firewall disable ESR2(config-gre)# local address 192.0.2.2 ESR2(config-gre)# remote address 192.0.2.1 ESR2(config-gre)# ip address 10.11.0.2/30 ESR2(config-gre)# ip ospf instance 1 ESR2(config-gre)# ip ospf ESR2(config-gre)# enable ESR2(config-gre)# exit ESR2(config)# ESR2(config)# mpls ESR2(config-mpls)# ldp ESR2(config-ldp)# router-id 10.12.0.2 ESR2(config-ldp)# address-family ipv4 ESR2(config-ldp-af-ipv4)# interface gre 1 ESR2(config-ldp-af-ipv4-if)# exit ESR2(config-ldp-af-ipv4)# exit ESR2(config-ldp)# enable ESR2(config-ldp)# exit ESR2(config-mpls)# forwarding interface gre 1 ESR2(config-mpls)# exit ESR2(config)# security zone-pair untrusted self ESR2(config-zone-pair)# rule 1 ESR2(config-zone-pair-rule)# action permit ESR2(config-zone-pair-rule)# match protocol gre ESR2(config-zone-pair-rule)# enable ESR2(config-zone-pair-rule)# exit ESR2(config-zone-pair)# exit |
После завершения настройки проверим статус сервиса и доступность узлов в сети:
| Блок кода |
|---|
*Конфигурация туннеля GRE*
ESR2# sh tunnels configuration
Tunnel State Description
---------------- -------- ------------------------------
gre 1 Enabled --
ESR2# sh tunnels configuration gre 1
State: Enabled
Description: --
Mode: ip
Bridge group: --
VRF: --
Local address: 192.0.2.2
Remote address: 192.0.2.1
Calculates checksums for outgoing GRE packets: No
Requires that all input GRE packets were checksum: No
key: 60
TTL: 64
DSCP: Inherit
MTU: 1472
Path MTU discovery: Enabled
Don't fragment bit suppression: Disabled
Security zone: --
Multipoint mode: Disabled
Keepalive:
State: Disabled
Timeout: 10
Retries: 6
Destination address: --
*Наличие vpnv4-маршрутов*
SR2# sh bgp vpnv4 unicast all
Status codes: * - valid, > - best, i - internal, S - stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path
----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ----------------
*> 65500:1 10.101.0.0/24 -- -- 34 100 -- 65502 i
*>i 65500:1 10.100.0.0/24 10.12.0.1 -- 16 100 0 65501 i
*Состояние протокола LDP*
ESR2# sh mpls ldp neighbor
Peer LDP ID: 10.12.0.1; Local LDP ID 10.12.0.2
State: Operational
TCP connection: 10.12.0.1:646 - 10.12.0.2:46444
Messages sent/received: 60/60
Uptime: 00:53:59
LDP discovery sources:
gre 1
ESR2# sh mpls forwarding-table
Local Outgoing Prefix Outgoing Next Hop
label label or tunnel ID Interface
-------- -------- ------------------------------------------- ---------------- ---------------------------------------
35 imp-null 10.12.0.1/32 gre 1 10.11.0.1
*Доступность узлов в сети*
CE2# ping 10.100.0.1 source ip 10.101.0.1 detailed
PING 10.100.0.1 (10.100.0.1) from 10.101.0.1 : 56 bytes of data.
64 bytes from 10.100.0.1: icmp_seq=1 ttl=0 time=1.32 ms
64 bytes from 10.100.0.1: icmp_seq=2 ttl=0 time=1.12 ms
64 bytes from 10.100.0.1: icmp_seq=3 ttl=0 time=1.14 ms
64 bytes from 10.100.0.1: icmp_seq=4 ttl=0 time=1.09 ms
64 bytes from 10.100.0.1: icmp_seq=5 ttl=0 time=1.15 ms
|
...