CCIE-MPLS VPN-实验手册（上卷）

看完了看完了看完了，豪爽豪爽豪爽，一个月了，写得挺棒。总共14个mplsvpn的实验，为留下学习的痕迹，原封不动献出。

CCIE实验手册

（路由部分-MPLSVPN基础篇）

 

 

[CCIE] JUSTECH思科教学小组    著

 

 

 

 

 

 

 

 

 

 

 

 

JUSTECH网络科技有限公司

目录

1:MPLS VPN 基础实验

1.1 实验拓扑

1.2 实验需求

1.3 配置步骤

1.4 校验

2：MPLSVPN PE CE 间动态路由协议+UNTAG 实验

2.1 实验拓扑

2.2 实验需求

2.3 实验步骤

2.5 校验

2.6 思考题：

3：MPLSVPN RT 设计实验

3.1 实验拓扑

3.3 实验需求

3.4 实验步骤

3.4 校验：

3.5 思考题

4：MPLSVPN 中VRF IMPORT MAP 实验

4.1 实验拓扑

4.2 实验需求

4.3 实验步骤

4.4 校验

4.5 思考题

5：MPLSVPN PE CE OSPF 实验1

5.1 实验拓扑

5.2 实验需求

5.2 实验步骤

5.4 校验

6：MPLSVPN PE CE OSPF Domain-id 实验

6.1 实验拓扑

6.2 实验需求

6.3 实验步骤

6.4 校验

7：MPLSVPN PE CE OSPF 虚链路实验

7.1 实验拓扑

7.2 实验需求

7.3 实验步骤

7.4 校验

7.5 思考题

8：MPLSVPN Sham-link(伪链路)实验

8.1 实验拓扑

8.2 实验需求

8.3 实验步骤

8.4 校验

9：MPLS-VPNSHAM-LINK 疑难解析实验

9.1 实验拓扑

9.2 实验需求

9.3 实验步骤

9.4 校验

9.5思考题

10：跨域的MPLSVPN (Option A)

10.1 实验拓扑

10.1 实验需求

10.2 实验步骤

10.4 校验

10.5 思考题

11：跨域的MPLSVPN (Option B -2a)

11.1     实验拓扑

11.2实验需求

11.3实验步骤

11.4思考题

12:跨域的MPLSVPN （Option B - 2b）

12.1 实验拓扑

12.2 实验需求

12.3配置步骤

12.4 校验

13：跨域的MPLSVPN  (OptionB -2c)

13.1 实验拓扑

13.2 实验需求

13.4 校验

14：跨域的MPLSVPN （Option C）

14.1 实验拓扑

14.2 实验需求

14.3 实验步骤

14.4 校验

14.5 思考题

 

 

 

 

 

 

 

 

 

 

1:MPLS VPN 基础实验

 

1.1实验拓扑

1.2 实验需求

a.R1 R2 R3 的直连网络及loopback 0网络被宣告进EIGRP1

b.R1 R2 R3 的直连网络启用MPLS，要求按如下需求完成MPLS的配置：

MPLS 标签分配分发协议：LDP

MPLS LDP ROUTER-ID: loopback 0

R1 MPLS 标签取值范围上100~199

R2                    200~299

R3                    300~399

c.要求R1与R3 建立位于BGP AS 13 内的IBGP 对等体关系，并且激活MP-BGP 对等体关系

d.要求R1与R3 作为PE 设备创建VRF 参数如下:

VRF KFC                     VRF M

RD 1:1                      RD 2:2

ROUTE-TARGET 1:1            ROUTE-TARGET 2:2

e.要求通过适当的配置使得KFC站点所包含的C-NETWORK 可以相互通讯，同样M 站点所包含的C-NETWORK 网络可以相互通讯

 

 

1.3 配置步骤

 

步骤1：完成P-NETWORK中基础配置

只包含接口IP及EIGRP

 

此时完成如上配置，管理员应该确认R1 R2 R3 可以分别抵达对方LOOPBACK 0 网络，因为该网络一会会被当做LDP 的ROUTER-ID 及BGP ROUTER-ID

 

步骤2：根据需求完成MPLS的配置

 

R1

Mpls label protocol ldp

Mpls label range 100 199

Mpls ldp router-id lo 0

Int e0/0

Mpls ip

 

 

R2

Mpls label protocol ldp

Mpls label range 200 299

Mpls ldp router-id lo 0

Int range e0/0 -1

Mpls ip

 

R3

Mpls label protocol ldp

Mpls label range 300 399

Mpls ldp router-id lo 0

Int  e0/1

Mpls ip

 

此时管理员完成如上配置，应该确认LDP 的邻接关系已经形成，利用”show mpls ldpneighbor”命令，现象如下：

 

R2#show mpls ldp neighbor

   Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0

       TCP connection: 1.1.1.1.646 - 2.2.2.2.55979

       State: Oper; Msgs sent/rcvd: 8/8;Downstream

       Up time: 00:00:47

       LDP discovery sources:

         Ethernet0/0, Src IP addr: 31.31.12.1

       Addresses bound to peer LDP Ident:

         31.31.12.1     1.1.1.1        

   Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

       TCP connection: 3.3.3.3.26969 - 2.2.2.2.646

       State:Oper; Msgs sent/rcvd: 8/8; Downstream

       Up time: 00:00:34

       LDP discovery sources:

         Ethernet0/1, Src IP addr: 31.31.23.3

       Addresses bound to peer LDP Ident:

         31.31.23.3     3.3.3.3     

 

步骤3：完成R1与R3的BGP及MP-BGP 的对等体关系建立

R1

Router bgp 13

Bgp router-id 1.1.1.1

Neighbor 3.3.3.3 remote 13

Nei 3.3.3.3 up lo 0

no bgp default ipv4-unicast //阻止BGP进程建立BGPV4 对等体关系

Address-family vpnv4 unicast

Neighbor 3.3.3.3 ac

neighbor 3.3.3.3 send-community extended //该命令行事系统自行配置的，含义为发送MP-BGP拓展团体属性，其实就是说RDRT 及栈底标签可以被当做路由更新的一部分发送出去

 

R3

Router bgp 13

Bgp router-id 3.3.3.3

Nei 1.1.1.1 remote 13

Nei 1.1.1.1 up lo 0

no bgp default ipv4-unicast

Add vpnv un

Nei 1.1.1.1 ac

neighbor 3.3.3.3 send-community extended

 

此时管理员完成如上配置，必须确认MP-BGP 对等体关系建立完毕，现象如下：

R1#show ip bgp vpnv4 all summary //该命令用于查看MP-BGP对等体关系是否建立

BGP router identifier 1.1.1.1, local AS number13

BGP table version is 1, main routing table version1

 

Neighbor       V   AS MsgRcvd MsgSent  TblVer  InQOutQ Up/Down State/PfxRcd

3.3.3.3        4   13      2      2       0   0   0 00:00:08       0

 

R3#show ip bgp vpnv4 all summary

BGP router identifier 3.3.3.3, local AS number13

BGP table version is 1, main routing table version1

 

Neighbor       V   AS MsgRcvd MsgSent  TblVer  InQOutQ Up/Down State/PfxRcd

1.1.1.1        4   13      2      2       0   0   0 00:00:24       0

 

步骤4：在PE设备上创建VRF

 R1

Ip vrf KFC

Rd 1:1

Route-target 1:1

Exit

Ip vrf M

Rd 2:2

Route-target 2:2

 

R3

Ip vrf KFC

Rd 1:1

Route-target 1:1

Exit

Ip vrf M

Rd 2:2

Route-target 2:2

 

步骤5：在PE设备上将指定接口划入特定VRF

 

R1

Interface s1/0

Ip vrf forward KFC

Ip add 31.31.14.1 255.255.255.0

No sh

!

Int s1/1

Ip vrf for M

Ip add 31.31.15.1 255.255.255.0

No sh

 

R3

Int s1/1

Ip vrf for KFC

Ip add 31.31.37.3 255.255.255.0

No sh

!

Int s0/0

Ip vrf for M

Ip add 31.31.36.3 255.255.255.0

No sh

 

此时管理员完成如上配置后应做如下检查：

(1)检查当前设备VRF配置

R1#show ip vrf

 Name                            Default RD         Interfaces

 KFC                             1:1                Se1/0

 M                               2:2                Se1/1

 

 

R3#show ip vrf

 Name                            Default RD         Interfaces

 KFC                             1:1                Se1/1

 M                               2:2                Se1/0

 

步骤6：在R1R3 上用静态路由往VRF 表中注入路由

 

R1

ip route vrf KFC 10.1.1.0 255.255.255.0Serial1/0

ip route vrf KFC 44.44.44.0 255.255.255.0Serial1/0

ip route vrf M 10.1.1.0 255.255.255.0 Serial1/1

ip route vrf M 55.55.55.0 255.255.255.0Serial1/1

 

R3

ip route vrf KFC 10.2.2.0 255.255.255.0Serial1/1

ip route vrf KFC 77.77.77.0 255.255.255.0Serial1/1

ip route vrf M 10.2.2.0 255.255.255.0 Serial1/0

ip route vrf M 66.66.66.0 255.255.255.0Serial1/0

 

步骤7：在R1R3 上完成MP-BGP 下的IGPS VRF 进MP-BGP VRF

R1

Router bgp 13

Address-family ipv4 vrf KFC

Redistribute static

Exit

Address-family ipv4 vrf M

Redistribute static

R3

Router bgp 13

Address-family ipv4 vrf KFC

Redistribute static

Exit

Address-family ipv4 vrf M

Redistribute static

 

步骤8：完成CE设备配置

此处管理员除了根据拓扑需求完成基本的配置，别忘记在CE 设备添加缺省路由，下一跳指向PE设备。

 

1.4 校验

(1) 在R1 R3 上查看对应VRF 表项中的静态路由

需要确认C-NETWORK 的网络被以静态路由的形式注入VRF 表

 

R1#show ip route vrf KFC static

    10.0.0.0/24 is subnetted, 2 subnets

S      10.1.1.0 is directly connected, Serial1/0

    44.0.0.0/24 is subnetted, 1 subnets

S      44.44.44.0 is directly connected, Serial1/0

 

R1#show ip route vrf M static

    55.0.0.0/24 is subnetted, 1 subnets

S      55.55.55.0 is directly connected, Serial1/1

    10.0.0.0/24 is subnetted, 2 subnets

S      10.1.1.0 is directly connected, Serial1/1

 

R3#show ip route vrf KFC static

    77.0.0.0/24 is subnetted, 1 subnets

S      77.77.77.0 is directly connected, Serial1/1

    10.0.0.0/24 is subnetted, 2 subnets

S      10.2.2.0 is directly connected, Serial1/1

R3#show ip route vrf M static

    66.0.0.0/24 is subnetted, 1 subnets

S      66.66.66.0 is directly connected, Serial1/0

    10.0.0.0/24 is subnetted, 2 subnets

S      10.2.2.0 is directly connected, Serial1/0

 

假设此时管理员需要在PE 设备上确认某个VRF的C-NETWORK网络可达性，我们建立利用如下命令：

R1#ping vrf KFC44.44.44.44 

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max= 32/52/80 ms

R1#

 

(2)确认IGPS的VRF条目被成功的注入MP-BGP 的VRF表中

 

R1#show ip bgp vpnv4 all

BGP table version is 17, local router ID is1.1.1.1

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

RouteDistinguisher: 1:1 (default for vrf KFC) //描述VRFKFC 转发表项

*>10.1.1.0/24     0.0.0.0                 0        32768 ?

*>i10.2.2.0/24     3.3.3.3                 0   100     0 ?

*>44.44.44.0/24   0.0.0.0                  0        32768 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 ?

Route Distinguisher: 2:2 (default for vrf M)

*> 10.1.1.0/24     0.0.0.0                 0        32768 ?

*>i10.2.2.0/24     3.3.3.3                 0   100     0 ?

*> 55.55.55.0/24   0.0.0.0                 0        32768 ?

*>i66.66.66.0/24   3.3.3.3                 0   100     0 ?

 

(3)在PE设备上查看MP-BGP 给BGP 条目分配的栈底标签

R1#show ip bgp vpnv4 all labels

  Network         Next Hop     In label/Out label

Route Distinguisher: 1:1 (KFC)

  10.1.1.0/24     0.0.0.0        103/nolabel

  10.2.2.0/24     3.3.3.3        nolabel/305

  44.44.44.0/24   0.0.0.0        104/nolabel

  77.77.77.0/24   3.3.3.3        nolabel/306

 

Route Distinguisher: 2:2 (M)

  10.1.1.0/24     0.0.0.0        105/nolabel

  10.2.2.0/24     3.3.3.3        nolabel/303

  55.55.55.0/24   0.0.0.0        106/nolabel

  66.66.66.0/24   3.3.3.3        nolabel/304

 

In label 字段：其对应的值是当前PE 设备BGP 给特定网络分配的本地栈底标签

 

Out label 字段：其对应的值是对端PE设备BGP给特定网络分配的远程栈底标签

 

！！注意

当数据包去向特定网络需要栈底标签时，一定使用的是远程栈底标签。

 

(4)查看MP-BGP发送的VPNV4 路由更新

 

R1#show ip bgp vpnv4 all 10.1.1.0

BGP routing tableentry for 1:1:10.1.1.0/24, version 4

Paths: (1 available, best #1, table KFC)

 Advertised to update-groups:

    1        

 Local

   0.0.0.0 from 0.0.0.0 (1.1.1.1)

     Origin incomplete, metric 0, localpref 100, weight 32768, valid,sourced, best

     Extended Community: RT:1:1

     mpls labels in/out 103/nolabel

BGP routing tableentry for 2:2:10.1.1.0/24, version 8

Paths: (1 available, best #1, table M)

 Advertised to update-groups:

    1        

 Local

   0.0.0.0 from 0.0.0.0 (1.1.1.1)

     Origin incomplete, metric 0, localpref 100, weight 32768, valid,sourced, best

     Extended Community: RT:2:2

     mpls labels in/out 105/nolabel

 

(5)查看P-NETWORK中PE 及P 设备的MPLS 标签转发信息库(LFIB)

 

R1#show mpls forwarding-table

Local Outgoing   Prefix           Bytes tag Outgoing   NextHop   

tag   tag or VC   orTunnel Id     switched  interface             

100   Pop tag    2.2.2.0/24       0         Et0/0     31.31.12.2  

101   201         3.3.3.0/24       0         Et0/0     31.31.12.2  

102   Pop tag    31.31.23.0/24    0         Et0/0     31.31.12.2  

103   Untagged   10.1.1.0/24[V]   1040      Se1/0     point2point 

104   Untagged   44.44.44.0/24[V]  0         Se1/0     point2point 

105   Untagged   10.1.1.0/24[V]   0         Se1/1     point2point 

106   Untagged   55.55.55.0/24[V]  0         Se1/1     point2point 

 

R2#show mpls forwarding-table

Local Outgoing   Prefix           Bytes tag Outgoing   NextHop   

tag   tag or VC   orTunnel Id     switched  interface             

200   Pop tag     1.1.1.0/24       9385      Et0/0     31.31.12.1  

201   Poptag     3.3.3.0/24       11742     Et0/1     31.31.23.3 

 

 

R3#show mpls forwarding-table

Local Outgoing   Prefix           Bytes tag Outgoing   NextHop   

tag   tag or VC   orTunnel Id     switched  interface             

300   200        1.1.1.0/24       0         Et0/1     31.31.23.2  

301   Pop tag    2.2.2.0/24       0         Et0/1     31.31.23.2  

302   Pop tag    31.31.12.0/24    0         Et0/1     31.31.23.2  

303   Untagged   10.2.2.0/24[V]   0         Se1/0     point2point 

304   Untagged   66.66.66.0/24[V]  0         Se1/0     point2point 

305   Untagged   10.2.2.0/24[V]   520       Se1/1     point2point 

306   Untagged   77.77.77.0/24[V]  520       Se1/1     point2point 

 

 

 

2：MPLSVPN PE CE 间动态路由协议+UNTAG 实验

 

2.1 实验拓扑

 

2.2 实验需求

a.R1 R2 R3 组成P-NETWORK，底层协议采用OSPF，R1R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF。

b.R1 R2 R3 启用MPLS，R1R2 R3 的标签分配取值范围如下：

R1：100199

R2：200299

R3：300399

c.R1 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。

d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47，VRFR56。

e.按拓扑要求在R1R4 间启用RIPV2，R1R5 间启用EIGRP，R3R6间启用OSPF，R3R7 间启用BGP。

f.要求完成MPLSVPN 的配置，使得R4 R7 可以相互通讯，R5 R6 可以相互通讯。

 

2.3 实验步骤

 

步骤1：完成所有CE设备的配置

 

步骤2：完成P-NETWORK的配置

例如：底层协议OSPF

     MPLS

     MP-BGP

 

此时完成如上配置后，管理员应该做如下检查：

(1)   LDP 的邻接关系是否建立？
show mpls ldp neighbor

(2)   MP-BGP的对等体关系是否建立？
show ip bgp vpnv4 all summary

(3)   关注R1 R2 R3 的loopback 0口网络在R1R2 R3 路由表中的状态
R2#show ip route ospf  

    1.0.0.0/32 is subnetted, 1 subnets

O      1.1.1.1 [110/11] via 31.31.12.1, 00:03:15, Ethernet1/0

    3.0.0.0/32 is subnetted, 1 subnets

O      3.3.3.3 [110/11] via 31.31.23.3, 00:03:15, Ethernet1/1

 

步骤3：在PE设备上创建VRF

 

R1

 

Ip vrf R47

Rd 4:7

Route-target 4:7

!

Int s0/0

Ip vrf forward R47

Ip add 31.31.14.1 255.255.255.0

No sh

!

ip vrf R56

rd 5:6

route-target 5:6

!

Int s0/1

Ip vrf forward R56

Ip add 31.31.15.1 255.255.255.0

No sh

 

 

R3

 

Ip vrf R47

Rd 4:7

Route-target 4:7

!

Int s0/1

Ip vrf forward R47

Ip add 31.31.37.3 255.255.255.0

No sh

!

ip vrf R56

rd 5:6

route-target 5:6

!

Int s0/0

Ip vrf forward R56

Ip add 31.31.36.3 255.255.255.0

No sh

 

步骤4：完成PE上指定路由协议的配置

 

R1

Router rip

Address-family ipv4 vrf R47

Version 2

No auto-summary

Network 31.0.0.0

Exit

Router eigrp 1

Address-family ipv4 vrf R56

No auto-summary

Autonomous-system 1

Net 31.31.15.1 0.0.0.0

 

此时管理员应该在R1 上检查VRF R47 与VRF R56的路由表，确认PE是否已经通过动态路由协议学习到C-NETWORK 的路由信息，现象如下：

 

R1#show ip route vrf R47 rip

    44.0.0.0/24 is subnetted, 1 subnets

R      44.44.44.0[120/1] via 31.31.14.4, 00:00:25,Serial0/0

 

R1#show ip route vrf R56 eigrp

    55.0.0.0/24 is subnetted, 1 subnets

D      55.55.55.0 [90/2297856] via 31.31.15.5, 00:01:16,Serial0/1

 

R3

 

Router ospf 2 vrf R56

Router-id 33.33.33.33

Network 31.31.36.3 0.0.0.0 a 0

!

Router bgp 13

Address-family ipv4 vrf R47

Neighbor 31.31.37.7 remote 7

Neighbor 31.31.37.7 activate

 

此时完成如上配置后，管理员应该确认R3 透过OSPF 学习到R6的C-NETWORK网络信息，同时R3 也应该透过与R7 的BGP 学习到R7 的C-NETWORK 网络信息，现象如下：

R3#show ip route vrf R56 ospf

 

Routing Table: R56

 

    66.0.0.0/32 is subnetted, 1 subnets

O      66.66.66.66[110/65] via 31.31.36.6, 00:00:59,Serial0/0

 

R3#show ip route vrf R47 bgp

    77.0.0.0/24 is subnetted, 1 subnets

B      77.77.77.0 [20/0] via 31.31.37.7,00:00:07

 

步骤5：完成PE上IGPS 协议到EGPS协议的双向充分发

 

R1

Router bgp 13

Address-family ipv4 vrf R47

Redistribute rip

!

Address-family ipv4 vrf R56

Redistribute eigrp 1

!

Router rip

Address-family ipv4 vrf R47

Redistribute bgp 13 metric 1

!

Router eigrp 1

Address-family ipv4 vrf R56

Redistribute bgp 13 metric 10000 100 255 1 1500

 

R3

Router bgp 13

Address-family ipv4 vrf R56

Redistribute ospf 2

!

Router ospf 2

Redistribute bgp 13 subnets

 

此时管理员完成如上配置后，应该直接检查CE 设备，查看同一站点不同C-NETWORK 路由是否被交换学习，现象如下：

 

R4#show ip route rip

    77.0.0.0/24 is subnetted, 1 subnets

R      77.77.77.0 [120/1] via 31.31.14.1, 00:00:06, Serial0/0

 

R7#show ip route bgp

    44.0.0.0/24 is subnetted, 1 subnets

B      44.44.44.0[20/0] via 31.31.37.3, 00:01:25

    31.0.0.0/24 is subnetted, 2 subnets

B      31.31.14.0 [20/0] via 31.31.37.3, 00:01:25

 

 

R5#show ip route eigrp

    66.0.0.0/32 is subnetted, 1 subnets

D EX   66.66.66.66 [170/2195456] via 31.31.15.1, 00:02:04,Serial0/1

    31.0.0.0/24 is subnetted, 2 subnets

D EX   31.31.36.0 [170/2195456] via 31.31.15.1, 00:02:04,Serial0/1

 

 

R6#show ip route ospf

    55.0.0.0/24 is subnetted, 1 subnets

O E2   55.55.55.0 [110/2297856] via 31.31.36.3, 00:02:05,Serial0/0

    31.0.0.0/24 is subnetted, 2 subnets

O E2   31.31.15.0 [110/1] via 31.31.36.3, 00:02:05, Serial0/0

 

步骤6：记得在P-NETWORK中将参与OSPF 的LOOPBACK 0网络类型进行修改

R1

Interface loopback 0

Ip ospf network point-to-point

R2

Interface loopback 0

Ip ospf network point-to-point

R3

Interface loopback 0

Ip ospf network point-to-point

 

 

2.5 校验

 

(1)   同一站点不同CE 设备PING  对端路由

2.6 思考题：

(1)请问什么时候运行LDP的路由器会给网络分配UNTAG标签？

当前网络只有本地标签没有可用的远端标签，系统分配UNTAG。

 

(2)   请问在该试验中UNTAG 会带来什么问题？

 

 

！！注意

Bgp的配置技巧

routerbgp

bgprouter-id

address-familyipv4 unicast  //创建BGPV4的对等体关系

neighborremote

address-familyvpnv4 unicast  //MP-BGP 对等体关系

neighboractivate

address-familyipv4 multicast  //M-BGP

neighboractive

address-familyipv4 vrf //VRF 的BGP

neighborremote

neighboractivate

 

3：MPLSVPN RT 设计实验

 

3.1 实验拓扑

 

3.3 实验需求

a.R1 R2 R3 组成P-NETWORK，底层协议采用OSPF，R1R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF。

b.R1 R2 R3 启用MPLS，R1R2 R3 的标签分配取值范围如下：

R1：100199

R2：200299

R3：300399

c.R1 R2 ,R2 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。

d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47，VRFR56。

e.按拓扑要求在R1R4 间启用RIPV2，R1R5 间启用EIGRP，R3R6间启用OSPF，R3R7 间启用BGP。

f.要求完成MPLSVPN 的配置，使得R4 R7 可以相互通讯，R5 R6 可以相互通讯。

g.要求R8创建VRF King_of_Router,并且能够学习到R56及R47 站点路由，但是不希望R56 和R47 相互学习路由。且R8的88.88.88.0/24网络能PING通R47 及R56的内网。

 

3.4 实验步骤

步骤1：完成R1 R2 R3 的BGP 与MP-BGP 的配置

R1

Router bgp 13

Neighbor 2.2.2.2 remote 13

Nei 2.2.2.2 up lo 0

Ad v u

Nei 2.2.2.2 ac

Exit

 

R2

Router bgp 13

Neighbor 1.1.1.1 remote 13

Nei 1.1.1.1 up lo 0

Nei 3.3.3.3 remote 13

Nei 3.3.3.3 up lo 0

Ad v u

Nei 1.1.1.1 ac

Nei 3.3.3.3 ac

Exi

 

R3

Router bgp 13

Bgp router-id 3.3.3.3

Nei 2.2.2.2 remote 13

Nei 2.2.2.2 up lo 0

Ad v u

Nei 2.2.2.2 ac

End

 

此时管理员完成如上配置，应该在R2上检查是否与R1R3 建立了MP-BGP 的IBGP-PEER 关系，现象如下：

 

R2#show ip bgp vpnv4 all summary

BGP router identifier 2.2.2.2, local AS number13

BGP table version is 1, main routing table version1

 

Neighbor       V   AS MsgRcvd MsgSent  TblVer  InQOutQ Up/Down State/PfxRcd

1.1.1.1        4   13     10      6       1   0   0 00:02:04       0

3.3.3.3        4   13      9      6       1   0   0 00:02:07       0

 

此时管理员还应该注意R1 与R3 及R2是否能够学到对端VRF路由，现象如下：

 

R1#show ip bgp vpnv4 all

BGP table version is 18, local router ID is1.1.1.1

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24   0.0.0.0                 0        32768 ?

*> 44.44.44.0/24   31.31.14.4              1        32768?

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24   0.0.0.0                 0        32768 ?

*> 55.55.55.0/24   31.31.15.5        2297856        32768 ?

 

R3#show ip bgp vpnv4 all

BGP table version is 19, local router ID is3.3.3.3

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 77.77.77.0/24   31.31.37.7              0            0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.36.0/24   0.0.0.0                 0        32768 ?

*> 66.66.66.66/32  31.31.36.6             65        32768?

 

R2#show ip bgp vpnv4 all

 

R2#

如上现象告诉我们能接收到VPNV4 更新的MP-BGP 设备，如果没有对应的VRF 存在，是忽略这些VPNV4 更新的，而且还证明BGP 的IBGP 水平分割对MP-BGP 也起效。

 

！！注意

R2

Router bgp 13

no bgp default route-target filter//关闭RT过滤功能，当前路由器即便不存在特定的VRF及RT 值，也能接收所有VPNV4 更新条目信息

 

cle ip bgp * vpnv4 unicast out//该命令式MP-BGP的软清除命令。

 

 

步骤2：为了R1R3 能够相互交换路由信息，在R2 上配置MP-BGP 的RR

Router bgp 13

Address-family vpnv4 unicast

Neighbor 1.1.1.1 route-reflector-client

Neighbor 3.3.3.3 route-reflector-client

 

此时，管理员完成如上配置，那么应该到R1 R3 上再次校验MP-BGP VRF 转发表，确认RR已经生效，现象如下：

R1#show ip bgp vpn all

BGP table version is 24, local router ID is1.1.1.1

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24   0.0.0.0                 0        32768 ?

*> 44.44.44.0/24   31.31.14.4              1        32768 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24   0.0.0.0                 0        32768 ?

*>i31.31.36.0/24   3.3.3.3                 0   100     0 ?

*> 55.55.55.0/24   31.31.15.5        2297856        32768 ?

*>i66.66.66.66/32  3.3.3.3                65   100     0 ?

 

R3#show ip bgp vpnv4 all

BGP table version is 27, local router ID is3.3.3.3

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             rRIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*>i31.31.14.0/24   1.1.1.1                 0   100     0 ?

*>i44.44.44.0/24   1.1.1.1                 1   100     0 ?

*> 77.77.77.0/24   31.31.37.7              0            0 7 i

Route Distinguisher: 5:6 (default for vrf R56)

*>i31.31.15.0/24   1.1.1.1                 0   100     0 ?

*> 31.31.36.0/24   0.0.0.0                 0        32768 ?

*>i55.55.55.0/24   1.1.1.1           2297856   100     0 ?

*> 66.66.66.66/32  31.31.36.6             65        32768 ?

 

R2#show ip bgp vpnv4 all

BGP table version is 22, local router ID is2.2.2.2

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7

*>i31.31.14.0/24   1.1.1.1                 0   100     0 ?

*>i44.44.44.0/24   1.1.1.1                 1   100     0 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 7 i

Route Distinguisher: 5:6

*>i31.31.15.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.36.0/24   3.3.3.3                 0   100     0 ?

*>i55.55.55.0/24   1.1.1.1           2297856   100     0 ?

*>i66.66.66.66/32  3.3.3.3                65   100     0 ?

 

步骤3：在R2上完成VRF 的创建

R2

Ip vrf King_of_Routing

Rd 184:184

Route-target import 4:7

Route-target import 5:6

Route-target export 4:7

Route-target export 5:6

Exi

Int e1/2

Ip vrf forward King_of_Routing

Ip add 31.31.28.2 255.255.255.0

 

步骤4：在R2与R8上创建RIPV2用于交换路由更新

R2

Router rip

Address-family ipv4 vrf King_of_Routing

No auto-summary

Network 31.0.0.0

Redistribute bgp 13 metric 1

!

Router bgp 13

Address-family ipv4 vrf King_of_Routing

Redistribute rip

 

R8

Int e1/2

Ip add 31.31.28.8 255.255.255.0

No sh

!

Int lo 0

Ip add 88.88.88.88 255.255.255.0

No sh

!

Router rip

Ver 2

No auto

Net 31.0.0.0

Net 88.0.0.0

 

3.4 校验：

(1)在R2上检查MP-BGPVRF 转发表

R2#show ip bgp vpnv4 all

BGP table version is 29, local router ID is2.2.2.2

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7

*>i31.31.14.0/24   1.1.1.1                 0   100     0 ?

*>i44.44.44.0/24   1.1.1.1                 1   100     0 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 7 i

Route Distinguisher: 5:6

*>i31.31.15.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.36.0/24   3.3.3.3                 0   100     0 ?

*>i55.55.55.0/24   1.1.1.1           2297856   100     0 ?

*>i66.66.66.66/32  3.3.3.3                65   100     0 ?

RouteDistinguisher: 184:184 (default for vrf King_of_Routing)

*>i31.31.14.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.15.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.36.0/24   3.3.3.3                 0   100     0 ?

*>i44.44.44.0/24   1.1.1.1                 1   100     0 ?

*>i55.55.55.0/24   1.1.1.1           2297856   100     0 ?

*>i66.66.66.66/32  3.3.3.3                65   100     0 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 7 i

*>88.88.88.0/24    0.0.0.0                 0   100     0  i

 

R2#

 

(3)   在 R1 R3 上查看MP-BGP VPNV4 转发表

R1#show ip bgp vpnv4 all

BGP table version is 30, local router ID is1.1.1.1

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*> 31.31.14.0/24   0.0.0.0                 0        32768 ?

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*> 44.44.44.0/24   31.31.14.4              1        32768 ?

*>i77.77.77.0/24   3.3.3.3                 0   100     0 7 i

*>i88.88.88.0/24   2.2.2.2                 0   100     0 ?

Route Distinguisher: 5:6 (default for vrf R56)

*> 31.31.15.0/24   0.0.0.0                 0        32768 ?

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*>i31.31.36.0/24   3.3.3.3                 0   100     0 ?

*> 55.55.55.0/24   31.31.15.5        2297856        32768 ?

*>i66.66.66.66/32  3.3.3.3                65   100     0 ?

*>i88.88.88.0/24   2.2.2.2                 0   100     0 ?

Route Distinguisher: 184:184

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*>i88.88.88.0/24   2.2.2.2                 0   100     0 ?

 

 

R3#show ip bgp vpnv4 all

BGP table version is 33, local router ID is3.3.3.3

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 4:7 (default for vrf R47)

*>i31.31.14.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*>i44.44.44.0/24   1.1.1.1                 1   100     0 ?

*> 77.77.77.0/24   31.31.37.7              0            0 7 i

*>i88.88.88.0/24   2.2.2.2                  0   100     0 ?

Route Distinguisher: 5:6 (default for vrf R56)

*>i31.31.15.0/24   1.1.1.1                 0   100     0 ?

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*> 31.31.36.0/24   0.0.0.0                 0        32768?

*>i55.55.55.0/24   1.1.1.1           2297856   100     0 ?

*> 66.66.66.66/32  31.31.36.6             65        32768 ?

*>i88.88.88.0/24   2.2.2.2                 0   100     0 ?

Route Distinguisher: 184:184

*>i31.31.28.0/24   2.2.2.2                 0   100     0 ?

*>i88.88.88.0/24   2.2.2.2                 0   100     0 ?

 

3.5 思考题

(1)什么时候VRF才把RT EXPORT 值打入VPNV4 更新？

只有当前PE设备从CE设备学习路由时。

 

 

 

 

4：MPLSVPN 中VRF IMPORT MAP 实验

 

4.1 实验拓扑

 

 

4.2 实验需求

a.R1 R2 启用EIGRP 当做底层协议，R1 R2 将本地直连网络及LOOPBACK 0网络宣告进EIGRP。

b.R1 R2 直连网络启用MPLS，标签分配范围如下：
R1 100 199

R2 200 299

c.R1 R2 上创建VRF CCCIE，RD为1:3 、RT 为1:3

d.R2 作为PE 设备与R3 启用RIP，共享C-NETWORK路由信息

e.最终要求在R1的VRF CCIE 中，值看到3.3.3.0/24 网络

 

4.3 实验步骤

 

步骤1：基础配置

例如：底层协议

     MPLS

     MP-BGP

     VRF

     PE-CE 间路由协议及PE上的IGPS和MP-BGP 的相互充分发

 

此时管理员完成如上配置，应该在R1 上利用”show ip bgp vpnv4 all”命令确认R1VRF表中所学习的路由，现象如下：

R1#show ip bgp v al

BGP table version is 4, local router ID is1.1.1.1

Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

  Network          NextHop           Metric LocPrf Weight Path

Route Distinguisher: 1:3 (default for vrf R13)

*>i3.3.3.0/24      2.2.2.2                 1   100     0 ?

*>i31.31.23.0/24   2.2.2.2                 0   100     0 ?

*>i33.33.33.0/24   2.2.2.2                  1   100     0 ?

 

R1#show ip route vrf R13 bgp

 

R1#show ip route vrf R13 bgp

    3.0.0.0/24 is subnetted, 1 subnets

B      3.3.3.0 [200/1] via 2.2.2.2, 00:02:45

B      33.33.33.0[200/1]via 2.2.2.2,00:02:45

B      31.31.23.0[200/1]via 2.2.2.2,00:02:45

 

步骤2：在R1上配置import-map使得R1VRF 表中只装在3.3.3.0 网络信息

Access-list 1 permit 3.3.3.0 0.0.0.255//利用该ACL匹配出ROUTE-MAP 所关心的网络

!

Route-map IM permit 10  //创建名为IM的ROUTE-MAP，第10个策略对ACL1 匹配的网络进行放行

Match ip address 1

Exi

！

Ip vrf R13

Import map IM //在VRF下套用IMPORT-MAP，阻止来自远端PE的路由进入IGPVRF 表

 

4.4 校验

(1) 在R1 上查看3.3.3.0 与33.33.33.0 在BGP 转发表中的区别

 

R1#show ip bgp vpnv4 all 3.3.3.0 //查看MP-BGP转发表中特定条目信息

BGP routing table entry for 1:3:3.3.3.0/24, version5

Paths: (1 available, best #1, tableR13)//含义是可以进入IGPVRF R13

 Not advertised to any peer

 Local

   2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)

     Origin incomplete, metric 1, localpref 100, valid, internal,best

     Extended Community: RT:1:3

     mpls labels in/out nolabel/205

 

R1#show ip bgp vpnv4 all 33.33.33.0

BGP routing table entry for 1:3:33.33.33.0/24, version9

Paths: (1 available, best #1, notable)//不能被注入任何IGPVRF 表

Flag: 0x800

 Not advertised to any peer

 Local

   2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)

     Origin incomplete, metric 1, localpref 100, valid, internal,best

     Extended Community: RT:1:3

     mpls labels in/out nolabel/204

 

(2)查看R1IGP VRF 表，确认是否只学习了3.3.3.0

 

R1#show ip route vrf R13 bgp

    3.0.0.0/24 is subnetted, 1 subnets

B      3.3.3.0 [200/1] via 2.2.2.2, 00:02:45

 

 

4.5 思考题

(1)请解释exportmap的作用？

export map 和import map 的最大不同在于:

export map 可以完成路由泄露，比如当前站点VRF 的export rt value 为1:1，但是我们现在希望特定的路由变成VPNV4更新被发送时，携带export rt value 2:2的信息，那么我们就可以利用acl匹配该网络，并且用ROUTE-MAP对该ACL 匹配的网络做set extended rt 2:2 ，这样该路由就可以被远端import rt 为2:2的VRF学习，达到了路由泄露的目的，但是这里如果不利用  additive关键字，会导致该路由只携带一个RT值，会影响路由的学习。