...
Шаг | Описание | Команда | Ключи |
---|---|---|---|
1 | Настроить протокол LDP (см. раздел Конфигурирование протокола LDP). | ||
2 | Создать object-group типа network. | esr(config)# object-group network <NAME> | <NAME> – имя конфигурируемого списка подсетей, задаётся строкой до 31 символа. |
3 | Описать префиксы, для которых будут назначаться метки. | esr(config-object-group-network)# ip prefix <ADDR/LEN> | <ADDR/LEN> – IP-адрес и маска подсети, задаётся в виде AAA.BBB.CCC.DDD/EE, где каждая часть AAA – DDD принимает значения [0..255] и EE принимает значения [1..32];. |
4 | В контексте настройки LDP применить созданную object-group. | esr(config-ldp)# advertise-labels <NAME> | <NAME> – имя конфигурируемого списка подсетей, задаётся строкой до 31 символа. |
...
Блок кода |
---|
PE1(config)# interface gigabitethernet 1/0/4.100 PE1(config-subif)# bridge-group 10 PE1(config-subif)# exit |
Scroll Pagebreak |
---|
...
Блок кода |
---|
PE1# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *> 65500:1 10.110.0.1/32 -- -- 37 100 -- 65501 i *> 65500:1 10.111.0.1/32 -- -- 35 100 -- 65501 i *>i 65500:1 10.113.0.1/32 10.10.1.2 -- 43 100 0 ? *>i 65500:1 10.114.0.1/32 10.10.1.2 -- 48 100 0 ? CE1# ping 10.113.0.1 source ip 10.110.0.1 detailed PING 10.113.0.1 (10.113.0.1) from 10.110.0.1 : 56 bytes of data. 64 bytes from 10.113.0.1: icmp_seq=1 ttl=0 time=1.31 ms 64 bytes from 10.113.0.1: icmp_seq=2 ttl=0 time=1.14 ms 64 bytes from 10.113.0.1: icmp_seq=3 ttl=0 time=1.08 ms 64 bytes from 10.113.0.1: icmp_seq=4 ttl=0 time=1.06 ms 64 bytes from 10.113.0.1: icmp_seq=5 ttl=0 time=1.16 ms |
Scroll Pagebreak |
---|
В отличие от Option A, между ASBR нет необходимости использовать VRF: при передаче трафика между ASBR будет навешиваться mpls-метка. Данная схема имеет лучшую масштабируемость.
Примечание |
---|
В текущей реализации Option B поддержана только для VPN-IPv4 маршрутов (AFI = 1, SAFI = 128). |
L3VPN
Scroll Pagebreak |
---|
Блок кода | ||
---|---|---|
| ||
ESR(config)# hostname CE1 ESR(config)# ESR(config)# route-map BGP ESR(config-route-map)# rule 1 ESR(config-route-map-rule)# exit ESR(config-route-map)# exit ESR(config)# router bgp 65501 ESR(config-bgp)# neighbor 192.168.1.2 ESR(config-bgp-neighbor)# remote-as 65500 ESR(config-bgp-neighbor)# address-family ipv4 unicast ESR(config-bgp-neighbor-af)# route-map BGP out ESR(config-bgp-neighbor-af)# enable ESR(config-bgp-neighbor-af)# exit ESR(config-bgp-neighbor)# enable ESR(config-bgp-neighbor)# exit ESR(config-bgp)# address-family ipv4 unicast ESR(config-bgp-af)# network 10.110.0.1/32 ESR(config-bgp-af)# exit ESR(config-bgp)# enable ESR(config-bgp)# exit ESR(config)# interface gigabitethernet 1/0/1.100 ESR(config-subif)# ip firewall disable ESR(config-subif)# ip address 192.168.1.1/30 ESR(config-subif)# exit ESR(config)# interface loopback 1 ESR(config-loopback)# ip address 10.110.0.1/32 ESR(config-loopback)# exit ESR(config)# do com ESR(config)# do conf |
...
Блок кода | ||
---|---|---|
| ||
ASBR2(config)# hostname ASBR2 ASBR2(config)# ASBR2(config)# system jumbo-frames ASBR2(config)# ASBR2(config)# route-map VPNv4 ASBR2(config-route-map)# rule 1 ASBR2(config-route-map-rule)# exit ASBR2(config-route-map)# exit ASBR2(config)# router bgp 65500 ASBR2(config-bgp)# router-id 10.11.1.2 ASBR2(config-bgp)# neighbor 10.101.0.2 ASBR2(config-bgp-neighbor)# remote-as 65501 ASBR2(config-bgp-neighbor)# address-family vpnv4 unicast ASBR2(config-bgp-neighbor-af)# route-map VPNv4 out ASBR2(config-bgp-neighbor-af)# send-community extended ASBR2(config-bgp-neighbor-af)# enable ASBR2(config-bgp-neighbor-af)# exit ASBR2(config-bgp-neighbor)# enable ASBR2(config-bgp-neighbor)# exit ASBR2(config-bgp)# neighbor 10.11.1.1 ASBR2(config-bgp-neighbor)# remote-as 65500 ASBR2(config-bgp-neighbor)# update-source 10.11.1.2 ASBR2(config-bgp-neighbor)# address-family vpnv4 unicast ASBR2(config-bgp-neighbor-af)# next-hop-self ASBR2(config-bgp-neighbor-af)# send-community extended ASBR2(config-bgp-neighbor-af)# enable ASBR2(config-bgp-neighbor-af)# exit ASBR2(config-bgp-neighbor)# enable ASBR2(config-bgp-neighbor)# exit ASBR2(config-bgp)# enable ASBR2(config-bgp)# exit ASBR2(config)# ASBR2(config)# router ospf 1 ASBR2(config-ospf)# router-id 10.11.1.2 ASBR2(config-ospf)# area 0.0.0.0 ASBR2(config-ospf-area)# enable ASBR2(config-ospf-area)# exit ASBR2(config-ospf)# enable ASBR2(config-ospf)# exit ASBR2(config)# ASBR2(config)# interface gigabitethernet 1/0/1 ASBR2(config-if-gi)# description "to ASBR1" ASBR2(config-if-gi)# ip firewall disable ASBR2(config-if-gi)# ip address 10.101.0.1/30 ASBR2(config-if-gi)# exit ASBR2(config)# interface gigabitethernet 1/0/2 ASBR2(config-if-gi)# description "to PE2" ASBR2(config-if-gi)# mtu 1522 ASBR2(config-if-gi)# ip firewall disable ASBR2(config-if-gi)# ip address 10.102.0.2/30 ASBR2(config-if-gi)# ip ospf instance 1 ASBR2(config-if-gi)# ip ospf ASBR2(config-if-gi)# exit ASBR2(config)# interface loopback 1 ASBR2(config-loopback)# ip address 10.11.1.2/32 ASBR2(config-loopback)# ip ospf instance 1 ASBR2(config-loopback)# ip ospf ASBR2(config-loopback)# exit ASBR2(config)# mpls ASBR2(config-mpls)# ldp ASBR2(config-ldp)# router-id 10.11.1.2 ASBR2(config-ldp)# address-family ipv4 ASBR2(config-ldp-af-ipv4)# interface gigabitethernet 1/0/2 ASBR2(config-ldp-af-ipv4-if)# exit ASBR2(config-ldp-af-ipv4)# exit ASBR2(config-ldp)# enable ASBR2(config-ldp)# exit ASBR2(config-mpls)# forwarding interface gigabitethernet 1/0/1 ASBR2(config-mpls)# forwarding interface gigabitethernet 1/0/2 ASBR2(config-mpls)# exit ASBR2(config)# do com ASBR2(config)# do conf |
После После завершения настройки проверим распространение маршрутной информации и сетевую доступность узлов:
Блок кода |
---|
PE1# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *>i 65501:2 10.104.0.1/32 10.10.1.2 -- 23 100 0 65500 65513 i *>i 65501:1 10.103.0.1/32 10.10.1.2 -- 19 100 0 65500 65512 i *> 65501:2 10.101.0.1/32 -- -- 29 100 -- 65511 i *> 65501:1 10.100.0.1/32 -- -- 28 100 -- 65510 i ASBR1# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *> 65501:2 10.104.0.1/32 10.101.0.1 -- 24 100 0 65500 65513 i *> 65501:1 10.103.0.1/32 10.101.0.1 -- 20 100 0 65500 65512 i *>i 65501:2 10.101.0.1/32 10.10.1.1 -- 29 100 0 65511 i *>i 65501:1 10.100.0.1/32 10.10.1.1 -- 28 100 0 65510 i ASBR2# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *>i 65501:2 10.104.0.1/32 10.11.1.1 -- 19 100 0 65513 i *>i 65501:1 10.103.0.1/32 10.11.1.1 -- 18 100 0 65512 i *> 65501:2 10.101.0.1/32 10.101.0.2 -- 30 100 0 65501 65511 i *> 65501:1 10.100.0.1/32 10.101.0.2 -- 31 100 0 65501 65510 i PE2# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *> 65501:2 10.104.0.1/32 -- -- 19 100 -- 65513 i *> 65501:1 10.103.0.1/32 -- -- 18 100 -- 65512 i *>i 65501:2 10.101.0.1/32 10.11.1.2 -- 29 100 0 65501 65511 i *>i 65501:1 10.100.0.1/32 10.11.1.2 -- 30 100 0 65501 65510 i CE4# ping 10.104.0.1 source ip 10.101.0.1 detailed PING 10.104.0.1 (10.104.0.1) from 10.101.0.1 : 56 bytes of data. 64 bytes from 10.104.0.1: icmp_seq=1 ttl=0 time=2.25 ms 64 bytes from 10.104.0.1: icmp_seq=2 ttl=0 time=2.08 ms 64 bytes from 10.104.0.1: icmp_seq=3 ttl=0 time=2.15 ms 64 bytes from 10.104.0.1: icmp_seq=4 ttl=0 time=2.12 ms 64 bytes from 10.104.0.1: icmp_seq=5 ttl=0 time=2.09 ms CE1# ping 10.103.0.1 source ip 10.100.0.1 detailed PING 10.103.0.1 (10.103.0.1) from 10.100.0.1 : 56 bytes of data. 64 bytes from 10.103.0.1: icmp_seq=1 ttl=0 time=2.22 ms 64 bytes from 10.103.0.1: icmp_seq=2 ttl=0 time=2.11 ms 64 bytes from 10.103.0.1: icmp_seq=3 ttl=0 time=2.09 ms 64 bytes from 10.103.0.1: icmp_seq=4 ttl=0 time=2.09 ms 64 bytes from 10.103.0.1: icmp_seq=5 ttl=0 time=2.11 ms |
...
Примечание |
---|
При настройке MTU на туннеле необходимо учитывать следующее:
Ниже представлена примерная структура пакета: |
...
Блок кода | ||
---|---|---|
| ||
ESR2(config)# hostname ESR2 ESR2(config)# ESR2(config)# system cpu load-balance mpls passenger ip ESR2(config)# system cpu load-balance mpls passenger ipoe-pw-without-cw ESR2(config)# security zone trusted ESR2(config-zone)# exit ESR2(config)# security zone untrusted ESR2(config-zone)# exit ESR2(config)# ESR2(config)# router ospf 1 ESR2(config-ospf)# area 0.0.0.0 ESR2(config-ospf-area)# enable ESR2(config-ospf-area)# exit ESR2(config-ospf)# enable ESR2(config-ospf)# exit ESR2(config)# ESR2(config)# interface gigabitethernet 1/0/1 ESR2(config-if-gi)# security-zone untrusted ESR2(config-if-gi)# ip address 192.0.2.2/30 ESR2(config-if-gi)# exit ESR2(config)# interface gigabitethernet 1/0/2 ESR2(config-if-gi)# description "From CE2" ESR2(config-if-gi)# mode switchport ESR2(config-if-gi)# exit ESR2(config)# interface loopback 1 ESR2(config-loopback)# ip address 10.100.0.2/32 ESR2(config-loopback)# ip ospf instance 1 ESR2(config-loopback)# ip ospf ESR2(config-loopback)# exit ESR2(config)# tunnel gre 1 ESR2(config-gre)# key 60 ESR2(config-gre)# ttl 64 ESR2(config-gre)# mtu 1458 ESR2(config-gre)# ip firewall disable ESR2(config-gre)# local address 192.0.2.2 ESR2(config-gre)# remote address 192.0.2.1 ESR2(config-gre)# ip address 10.0.0.2/30 ESR2(config-gre)# ip ospf instance 1 ESR2(config-gre)# ip ospf network point-to-point ESR2(config-gre)# ip ospf ESR2(config-gre)# enable ESR2(config-gre)# exit ESR2(config)# ESR2(config)# mpls ESR2(config-mpls)# ldp ESR2(config-ldp)# router-id 10.100.0.2 ESR2(config-ldp)# address-family ipv4 ESR2(config-ldp-af-ipv4)# interface gre 1 ESR2(config-ldp-af-ipv4-if)# exit ESR2(config-ldp-af-ipv4)# exit ESR2(config-ldp)# enable ESR2(config-ldp)# exit ESR2(config-mpls)# l2vpn ESR2(config-l2vpn)# pw-class VPWS ESR2(config-l2vpn-pw-class)# exit ESR2(config-l2vpn)# p2p EoMPLS ESR2(config-l2vpn-p2p)# interface gigabitethernet 1/0/2 ESR2(config-l2vpn-p2p)# pw 100 10.100.0.1 ESR2(config-l2vpn-pw)# pw-class VPWS ESR2(config-l2vpn-pw)# enable ESR2(config-l2vpn-pw)# exit ESR2(config-l2vpn-p2p)# enable ESR2(config-l2vpn-p2p)# exit ESR2(config-l2vpn)# exit ESR2(config-mpls)# forwarding interface gre 1 ESR2(config-mpls)# exit ESR2(config)# security zone-pair untrusted self ESR2(config-zone-pair)# rule 1 ESR2(config-zone-pair-rule)# action deny ESR2(config-zone-pair-rule)# match protocol gre ESR2(config-zone-pair-rule)# enable ESR2(config-zone-pair-rule)# exit ESR2(config-zone-pair)# exit ESR2(config)# do com ESR2(config)# do conf |
Scroll Pagebreak |
---|
...
Примечание |
---|
При настройке MTU на туннеле необходимо учитывать следующее:
Ниже представлена примерная структура пакета: |
Scroll Pagebreak |
---|
Блок кода | ||
---|---|---|
| ||
CE1(config)# hostname CE1 CE1(config)# CE1(config)# route-map BGP_OUT CE1(config-route-map)# rule 1 CE1(config-route-map-rule)# exit CE1(config-route-map)# exit CE1(config)# router bgp 65501 CE1(config-bgp)# neighbor 10.10.0.2 CE1(config-bgp-neighbor)# remote-as 65500 CE1(config-bgp-neighbor)# address-family ipv4 unicast CE1(config-bgp-neighbor-af)# route-map BGP_OUT out CE1(config-bgp-neighbor-af)# enable CE1(config-bgp-neighbor-af)# exit CE1(config-bgp-neighbor)# enable CE1(config-bgp-neighbor)# exit CE1(config-bgp)# address-family ipv4 unicast CE1(config-bgp-af)# network 10.100.0.0/24 CE1(config-bgp-af)# exit CE1(config-bgp)# enable CE1(config-bgp)# exit CE1(config)# CE1(config)# CE1(config)# interface gigabitethernet 1/0/2 CE1(config-if-gi)# description "to ESR1" CE1(config-if-gi)# ip firewall disable CE1(config-if-gi)# ip address 10.10.0.1/30 CE1(config-if-gi)# exit CE1(config)# interface loopback 1 CE1(config-loopback)# ip address 10.100.0.1/24 CE1(config-loopback)# exit |
...
Блок кода |
---|
ESR2(config)# hostname ESR2 ESR2(config)# ESR2(config)# ip vrf l3vpn_service ESR2(config-vrf)# ip protocols bgp max-routes 100 ESR2(config-vrf)# rd 65500:1 ESR2(config-vrf)# route-target export 65500:1 ESR2(config-vrf)# route-target import 65500:1 ESR2(config-vrf)# exit ESR2(config)# ESR2(config)# ESR2(config)# system cpu load-balance mpls passenger ip ESR2(config)# security zone untrusted ESR2(config-zone)# exit ESR2(config)# security zone trusted ESR2(config-zone)# exit ESR2(config)# ESR2(config)# route-map BGP_OUT ESR2(config-route-map)# rule 1 ESR2(config-route-map-rule)# exit ESR2(config-route-map)# exit ESR2(config)# router bgp 65500 ESR2(config-bgp)# router-id 10.12.0.2 ESR2(config-bgp)# neighbor 10.12.0.1 ESR2(config-bgp-neighbor)# remote-as 65500 ESR2(config-bgp-neighbor)# update-source 10.12.0.2 ESR2(config-bgp-neighbor)# address-family vpnv4 unicast ESR2(config-bgp-neighbor-af)# send-community extended ESR2(config-bgp-neighbor-af)# enable ESR2(config-bgp-neighbor-af)# exit ESR2(config-bgp-neighbor)# enable ESR2(config-bgp-neighbor)# exit ESR2(config-bgp)# enable ESR2(config-bgp)# vrf l3vpn_service ESR2(config-bgp-vrf)# neighbor 10.10.0.6 ESR2(config-bgp-vrf-neighbor)# remote-as 65502 ESR2(config-bgp-vrf-neighbor)# address-family ipv4 unicast ESR2(config-bgp-neighbor-af-vrf)# route-map BGP_OUT out ESR2(config-bgp-neighbor-af-vrf)# enable ESR2(config-bgp-neighbor-af-vrf)# exit ESR2(config-bgp-vrf-neighbor)# enable ESR2(config-bgp-vrf-neighbor)# exit ESR2(config-bgp-vrf)# address-family ipv4 unicast ESR2(config-bgp-vrf-af)# redistribute bgp 65500 route-map BGP_OUT ESR2(config-bgp-vrf-af)# exit ESR2(config-bgp-vrf)# enable ESR2(config-bgp-vrf)# exit ESR2(config-bgp)# exit ESR2(config)# ESR2(config)# router ospf 1 ESR2(config-ospf)# router-id 10.12.0.2 ESR2(config-ospf)# area 0.0.0.0 ESR2(config-ospf-area)# enable ESR2(config-ospf-area)# exit ESR2(config-ospf)# enable ESR2(config-ospf)# exit ESR2(config)# ESR2(config)# interface gigabitethernet 1/0/1 ESR2(config-if-gi)# security-zone untrusted ESR2(config-if-gi)# ip address 192.0.2.2/30 ESR2(config-if-gi)# exit ESR2(config)# interface gigabitethernet 1/0/2 ESR2(config-if-gi)# ip vrf forwarding l3vpn_service ESR2(config-if-gi)# description "from CE2" ESR2(config-if-gi)# ip firewall disable ESR2(config-if-gi)# ip address 10.10.0.5/30 ESR2(config-if-gi)# exit ESR2(config)# interface loopback 1 ESR2(config-loopback)# ip address 10.12.0.2/32 ESR2(config-loopback)# ip ospf instance 1 ESR2(config-loopback)# ip ospf ESR2(config-loopback)# exit ESR2(config)# tunnel gre 1 ESR2(config-gre)# key 60 ESR2(config-gre)# ttl 64 ESR2(config-gre)# mtu 1472 ESR2(config-gre)# ip firewall disable ESR2(config-gre)# local address 192.0.2.2 ESR2(config-gre)# remote address 192.0.2.1 ESR2(config-gre)# ip address 10.11.0.2/30 ESR2(config-gre)# ip ospf instance 1 ESR2(config-gre)# ip ospf ESR2(config-gre)# enable ESR2(config-gre)# exit ESR2(config)# ESR2(config)# mpls ESR2(config-mpls)# ldp ESR2(config-ldp)# router-id 10.12.0.2 ESR2(config-ldp)# address-family ipv4 ESR2(config-ldp-af-ipv4)# interface gre 1 ESR2(config-ldp-af-ipv4-if)# exit ESR2(config-ldp-af-ipv4)# exit ESR2(config-ldp)# enable ESR2(config-ldp)# exit ESR2(config-mpls)# forwarding interface gre 1 ESR2(config-mpls)# exit ESR2(config)# security zone-pair untrusted self ESR2(config-zone-pair)# rule 1 ESR2(config-zone-pair-rule)# action permit ESR2(config-zone-pair-rule)# match protocol gre ESR2(config-zone-pair-rule)# enable ESR2(config-zone-pair-rule)# exit ESR2(config-zone-pair)# exit |
После завершения настройки проверим статус сервиса и доступность узлов в сети:
Блок кода |
---|
*Конфигурация туннеля GRE* ESR2# sh tunnels configuration Tunnel State Description ---------------- -------- ------------------------------ gre 1 Enabled -- ESR2# sh tunnels configuration gre 1 State: Enabled Description: -- Mode: ip Bridge group: -- VRF: -- Local address: 192.0.2.2 Remote address: 192.0.2.1 Calculates checksums for outgoing GRE packets: No Requires that all input GRE packets were checksum: No key: 60 TTL: 64 DSCP: Inherit MTU: 1472 Path MTU discovery: Enabled Don't fragment bit suppression: Disabled Security zone: -- Multipoint mode: Disabled Keepalive: State: Disabled Timeout: 10 Retries: 6 Destination address: -- *Наличие vpnv4-маршрутов* SR2# sh bgp vpnv4 unicast all Status codes: * - valid, > - best, i - internal, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Codes Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path ----- --------------------- ------------------ --------------- ---------- ------- ---------- ------ ---------------- *> 65500:1 10.101.0.0/24 -- -- 34 100 -- 65502 i *>i 65500:1 10.100.0.0/24 10.12.0.1 -- 16 100 0 65501 i *Состояние протокола LDP* ESR2# sh mpls ldp neighbor Peer LDP ID: 10.12.0.1; Local LDP ID 10.12.0.2 State: Operational TCP connection: 10.12.0.1:646 - 10.12.0.2:46444 Messages sent/received: 60/60 Uptime: 00:53:59 LDP discovery sources: gre 1 ESR2# sh mpls forwarding-table Local Outgoing Prefix Outgoing Next Hop label label or tunnel ID Interface -------- -------- ------------------------------------------- ---------------- --------------------------------------- 35 imp-null 10.12.0.1/32 gre 1 10.11.0.1 *Доступность узлов в сети* CE2# ping 10.100.0.1 source ip 10.101.0.1 detailed PING 10.100.0.1 (10.100.0.1) from 10.101.0.1 : 56 bytes of data. 64 bytes from 10.100.0.1: icmp_seq=1 ttl=0 time=1.32 ms 64 bytes from 10.100.0.1: icmp_seq=2 ttl=0 time=1.12 ms 64 bytes from 10.100.0.1: icmp_seq=3 ttl=0 time=1.14 ms 64 bytes from 10.100.0.1: icmp_seq=4 ttl=0 time=1.09 ms 64 bytes from 10.100.0.1: icmp_seq=5 ttl=0 time=1.15 ms |
...