CCIE-MPLS VPN-实验手册(下卷)
来源:互联网 发布:国密算法意义 编辑:程序博客网 时间:2024/05/14 05:55
10:跨域的MPLSVPN (Option A)
10.1 实验拓扑
10.1 实验需求
a.
b.
c.
VRF NAME VPN
VRF RD : 100:100
VRF RT : 100:100
d.
10.2 实验步骤
步骤1:完成AS1与AS 2内P-NETWORK配置
例如:底层协议的创建
!!注意
这里最好将R2 配置路由反射器
此时管理员应该做如下查看:
(1)
R2
show ip bgp vpnv4 all summary
BGP router identifier 2.2.2.2, local AS number1
BGP table version is 1, main routing table version1
Neighbor
1.1.1.1
3.3.3.3
(2)
R5#show ip bgp vpnv4 all summary
BGP router identifier 5.5.5.5, local AS number2
BGP table version is 1, main routing table version1
Neighbor
4.4.4.4
6.6.6.6
确认R2 与R5 和直连设备建立了LDP 邻接关系
R2#show mpls ldp neighbor
…………………………………………………………………………
…………………………………………………………………………
R5#show mpls ldp neighbor
…………………………………………………………………………
步骤2:在R1R6 上按题目要求创建VRF ,并且和R7 R8 形成BGP 的EBGP 对等体关系
R1
ip vrf VPN
rd 100:100
route-target 100:100
exi
!
int fa 0/0
ip vrf forward VPN
ip add 31.31.17.1 255.255.255.0
no sh
!
router bgp 1
address –family ipv4 vrf VPN
neighbor 31.31.17.7 remote 7
!
R7
en
conf t
int lo 0
ip add 7.7.7.7 255.255.255.0
!
int fa 0/0
ip add 31.31.17.7 255.255.255.0
no sh
!
router bgp 7
bgp router-id 7.7.7.7
neighbor 31.31.17.1 remote 1
network 7.7.7.0 mask 255.255.255.0
R6
ip vrf VPN
rd 100:100
route-target 100:100
exi
!
int fa 0/0
ip vrf forward VPN
ip add 31.31.68.6 255.255.255.0
no sh
!
router bgp 2
address-family ipv4 vrf VPN
neighbor 31.31.68.8 remote 8
!
R8
en
conf t
int lo 0
ip add 8.8.8.8 255.255.255.0
!
int fa 0/0
ip add 31.31.68.8 255.255.255.0
no sh
!
router bgp 8
bgp router-id 8.8.8.8
nei 31.31.68.6 remote 2
net 8.8.8.0 mask 255.255.255.0
此时管理员应该做如下检查:
(1)确认R1与R6 学到对应C-Network网络信息
R1#show ip bgp vpnv4 all
BGP table version is 2, local router ID is1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*> 7.7.7.0/24
R6#show ip bgp vpnv4 all
BGP table version is 2, local router ID is6.6.6.6
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*> 8.8.8.0/24
步骤3:在R3R4 上实现BACK TO BACK 的跨域MPLS VPN 配置
R3
ip vrf VPN
rd 100:100
route-target 100:100
!
int fa 0/1
ip vrf forward VPN
ip add 31.31.34.3 255.255.255.0
no sh
!
router bgp 1
address-family ipv4 vrf VPN
nei 31.31.34.4 remote 2
!
R4
ip vrf VPN
rd 100:100
route-target 100:100
!
int fa 0/1
ip vrf forward VPN
ip add 31.31.34.4 255.255.255.0
no sh
!
router bgp 2
address-family ipv4 vrf VPN
nei 31.31.34.3 remote 1
!
end
10.4 校验
(1) 查看R1 ~R6 所有设备的MP-BGP 转发表
R1#show ip bgp vpnv4 all
BGP table version is 4, local router ID is1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*> 7.7.7.0/24
*>i8.8.8.0/24
R2#show ip bgp vpnv4 all
BGP table version is 3, local router ID is2.2.2.2
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*>i8.8.8.0/24
R3#show ip bgp vpnv4 all
BGP table version is 4, local router ID is3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*>i7.7.7.0/24
*> 8.8.8.0/24
R4#show ip bgp vpnv4 all
BGP table version is 4, local router ID is4.4.4.4
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*> 7.7.7.0/24
*>i8.8.8.0/24
R5#show ip bgp vpnv4 all
BGP table version is 3, local router ID is5.5.5.5
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*>i8.8.8.0/24
R6#show ip bgp vpnv4 all
BGP table version is 4, local router ID is6.6.6.6
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100 (default for vrfVPN)
*>i7.7.7.0/24
*> 8.8.8.0/24
通过如上输出画面必须确认所有设备都学习了VPNV4 路由
(2)校验R1~R6IGP 标签及VPN标签
IGP标签
R6#show mpls forwarding-table
Local
Label
600
601
602
603
R5#show mpls forwarding-table
Local
Label
500
501
R4#show mpls forwarding-table
Local
Label
400
401
402
403
R3#show mpls forwarding-table
Local
Label
300
301
302
303
R2#show mpls forwarding-table
Local
Label
200
201
R1#show mpls forwarding-table
Local
Label
100
101
102
103
VPN标签
R6#show ip bgp vpnv4 all label | in 7.7.7.0
R5#show ip bgp vpnv4 all label | in 7.7.7.0
R4#show ip bgp vpnv4 all label | in 7.7.7.0
R3#show ip bgp vpnv4 all label | in 7.7.7.0
R2#show ip bgp vpnv4 all label | in 7.7.7.0
R1#show ip bgp vpnv4 all label | in 7.7.7.0
10.5 思考题
(1)描述BACKTO BACK 的实施流程?
(2)描述BACKTO BACK 的IGP 标签分配分发过程及VPN 标签分配分发过程?
(3)描述数据包由R8起源去向R7的整个传递过程?
11:跨域的MPLSVPN (Option B -2a)
11.1 实验拓扑
11.2实验需求
a.
b.
c.
VRF NAME VPN
VRF RD : 100:100
VRF RT : 100:100
d.
11.3实验步骤
步骤1:完成AS1与AS 2内P-NETWORK配置
例如:底层协议的创建
!!注意
这里最好将R2 配置路由反射器
此时管理员完成了AS 1 与AS 2的P-NETWORK配置,应该查看R3 与R4的MP-BGPVRF 转发表,确认R3 R4 是否能够学习到当前AS的C-Network路由,现象如下:
R3#show ip bgp vpnv4 all
R3#
R4#show ip bgp vpnv4 all
R4#
步骤2:为了R3与R4 学习各自AS 内C-NEWTORK 路由,我们关闭ROUTE-TARGET FILLTER 功能
R3
router bgp 1
no bgp default route-target filter
R4
router bgp 2
no bgp default route-target filter
!!注意
管理员最好在R2 R5 上输入如下命令,使得R3 R4 能够立刻获得VPNV4 路由更新,并学习:
clear ip bgp * vpnv4 unicast out
此时管理员应该查看R3 与R4的MP-BGP转发表,确认已经学习到各自AS C-Network网络信息,现象如下:
R3#show ip bgp vpnv4 all
BGP table version is 7, local router ID is3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
R4#show ip bgp vpnv4 all
BGP table version is 7, local router ID is4.4.4.4
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i8.8.8.0/24
步骤3:为了使得不同AS的VPNV4路由更新能够交换,我们在ASBR 上创建MP-BGP的EBGP对等体关系(最好采用直连网络)
R3
router bgp 1
neighbor 31.31.34.4 remote 2
address-family vpnv4 unicast
neighbor 31.31.34.4 ac
R4
router bgp 2
nei 31.31.34.3 remote 1
address-family vpnv4 unicast
neighbor 31.31.34.3 ac
此时管理员应该做如下检查:
(1)确认R3R4 建立了MP-BGP EBGP 对等体关系
R3#show ip bgp vpnv4 all summary
BGP router identifier 3.3.3.3, local AS number1
BGP table version is 8, main routing table version8
2 network entries using 288 bytes of memory
2 path entries using 104 bytes of memory
2/2 BGP path/bestpath attribute entries using 264 bytes ofmemory
1 BGP rrinfo entries using 24 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
1 BGP extended community entries using 24 bytes ofmemory
0 BGP route-map cache entries using 0 bytes ofmemory
0 BGP filter-list cache entries using 0 bytes ofmemory
BGP using 752 total bytes of memory
BGP activity 4/2 prefixes, 4/2 paths, scan interval 60secs
Neighbor
2.2.2.2
31.31.34.4
R4#show ip bgp vpnv4 all summary
BGP router identifier 4.4.4.4, local AS number2
BGP table version is 10, main routing table version10
2 network entries using 288 bytes of memory
2 path entries using 104 bytes of memory
2/2 BGP path/bestpath attribute entries using 264 bytes ofmemory
1 BGP rrinfo entries using 24 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
1 BGP extended community entries using 24 bytes ofmemory
0 BGP route-map cache entries using 0 bytes ofmemory
0 BGP filter-list cache entries using 0 bytes ofmemory
BGP using 752 total bytes of memory
BGP activity 4/2 prefixes, 4/2 paths, scan interval 60secs
Neighbor
5.5.5.5
31.31.34.3
(2)确认R3R4 R2 R5 学习了对端AS 的C-NETWORK 路由
R3#show ip bgp vpnv4 all
BGP table version is 8, local router ID is3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*>8.8.8.0/24
R2#show ip bgp vpnv4 all
BGP table version is 4, local router ID is2.2.2.2
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*i8.8.8.0/24
R4#show ip bgp vpnv4 all
BGP table version is 10, local router ID is4.4.4.4
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>7.7.7.0/24
*>i8.8.8.0/24
R4#show ip bgp vpnv4 all
BGP table version is 16, local router ID is4.4.4.4
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>7.7.7.0/24
*>i8.8.8.0/24
R5#show ip bgp vpnv4 all
BGP table version is 7, local router ID is5.5.5.5
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*i7.7.7.0/24
*>i8.8.8.0/24
步骤4:在R3R4 上针对各自AS 内RR 配置NEXT-HOP-SELF
R3
router bgp 1
address-family vpnv4 unicast
neighbor 2.2.2.2 next-hop-self
R4
router bgp 2
address-family vpnv4 unicast
neighbor 5.5.5.5 next-hop-self
此时管理员必须检查R2 R5 MP-BGP VRF 转发表,关注对端AS路由信息:
R2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is2.2.2.2
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*>i8.8.8.0/24
R5#show ip bgp vpnv4 all
BGP table version is 9, local router ID is5.5.5.5
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 100:100
*>i7.7.7.0/24
*>i8.8.8.0/24
11.3
(1)
R6#show ip bgp vpnv4 all | in 7.7.7.0 //查看MP-BGPVRF 转发表中特定网络下一跳
*>i7.7.7.0/24
R6#show mpls forwarding
Local
Label
600
R6#show ip bgp vpnv4 all label | in 7.7.7.0 //查看特定VPNV4网络的栈底标签
(2)
R6#ping vrf VPN 7.7.7.7 so 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2seconds:
Packet sent with a source address of 8.8.8.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max= 268/291/364 ms
11.4思考题
(1)
12:跨域的MPLSVPN (Option B - 2b)
12.1 实验拓扑
(同上)
12.2 实验需求
a.R1 R2 R3 组成P-NETWORK R1 R2 R3 位于AS 1,底层协议采用EIGRP,AS号为1,R1R2 R3启用LDP,R1R2,R2R3 形成BGP 与MP-BGP 的IBGP PEER 关系。
b.R4 R5 R6 组成P-NETWORK R4 R5 R6 位于AS 2,底层协议采用EIGRP,AS号为2,R4
c.R1 与R6 扮演PE 设备,按如下需求创建VRF:
VRF NAME VPN
VRF RD : 100:100
VRF RT : 100:100
d.R7 与R8 扮演CE,要求R7R8 最终能够PING 通对方LOOPBACK 网络
12.3配置步骤
步骤1:完成AS1与AS 2内P-NETWORK配置
例如:底层协议的创建
!!注意
这里最好将R2 配置路由反射器
步骤2:在R3R4 上关闭RT 过滤,为了学习各自AS 内C-NETWORK 网路的路由信息
R3 R4
router bgp
no bgp default route-target filter
步骤3:在R3R4 上建立MP-BGP EBGP 对等体关系
R3
router bgp 1
neighbor 31.31.34.4 remote 2
address-family vpnv4 unicast
neighbor 31.31.34.4 ac
R4
router bgp 2
neighbor 31.31.34.3 remote 1
address-family vpnv4 unicast
neighbor 31.31.34.3 ac
步骤4:在R3R4 上将直连网络宣告进底层协议
R3
access-list 1 permit 31.31.34.0 0.0.0.255
route-map CON per 10
match ip add 1
!
router eigrp 1
redistribute conn route-map CON
R4
access-list 1 permit 31.31.34.0 0.0.0.255
route-map CON per 10
match ip add 1
!
router eigrp 2
redistribute conn route-map CON
12.4 校验
(1) R7 与R8 必须PING 通对方loopback 0 网络
13:跨域的MPLSVPN (Option B -2c)
13.1 实验拓扑
(同上)
13.2 实验需求
a.R1 R2 R3 组成P-NETWORK R1 R2 R3 位于AS 1,底层协议采用EIGRP,AS号为1,R1R2 R3启用LDP,R1R2,R2R3 形成BGP 与MP-BGP 的IBGP PEER 关系。
b.R4 R5 R6 组成P-NETWORK R4 R5 R6 位于AS 2,底层协议采用EIGRP,AS号为2,R4
c.R1 与R6 扮演PE 设备,按如下需求创建VRF:
VRF NAME VPN
VRF RD : 100:100
VRF RT : 100:100
d.R7 与R8 扮演CE,要求R7R8 最终能够PING 通对方LOOPBACK 网络
13.3配置步骤
步骤1:完成不同AS内P-NETWORK 配置
!!注意
R2 与R5 依旧需要配置为MP-BGP 的RR
R3 与R4 依旧需要关闭RT 过滤功能
此时管理员完成如上配置后,应该发现R3 可以学习AS 1 内C-NETWORK 网络信息
但是两个AS 不去共享路由信息
步骤2:在R3R4 上完成抵达对方LOOPBACK 0 接口的静态路由
R3
ip route 4.4.4.0 255.255.255.0 fa 0/031.31.34.4
R4
ip route 3.3.3.0 255.255.255.0 fa 0/031.31.34.3
步骤3:在R3R4 间启用MPLS
R3
int fa 0/0
mpls ip
R4
int fa 0/0
mpls ip
步骤4:R3与R4 建立MP-BGP EBGP 对等体关系
R3
router bgp 1
nei 4.4.4.4 remote 2
nei 4.4.4.4 up lo 0
nei 4.4.4.4 ebgp 255
add vpnv4 uni
nei 4.4.4.4 ac
R3
router bgp 2
nei 3.3.3.3 remote 1
nei 3.3.3.3 up lo 0
nei 3.3.3.3 ebgp 255
address vpnv4 unicast
nei 3.3.3.3 ac
步骤5:将静态路由重分发进底层协议
为了让RR 上看到对端AS 内C-NETWORK 路由下一跳可达
R3
router eigrp 1
redistribute static
R4
router eigrp 2
redistribute static
13.4 校验
(1)在CE设备上PING通对端CE
14:跨域的MPLSVPN (Option C)
14.1 实验拓扑
14.2 实验需求
a.R1 R2 R3 组成P-NETWORK R1 R2 R3 位于AS 1,底层协议采用EIGRP,AS号为1,R1R2 R3启用LDP,R1R2,R2R3 形成BGP 与MP-BGP 的IBGP PEER 关系。
b.R4 R5 R6 组成P-NETWORK R4 R5 R6 位于AS 2,底层协议采用EIGRP,AS号为2,R4
c.R1 与R6 扮演PE 设备,按如下需求创建VRF:
VRF NAME VPN
VRF RD : 100:100
VRF RT : 100:100
d.R7 与R8 扮演CE,要求R7R8 最终能够PING 通对方LOOPBACK 网络
14.3 实验步骤
步骤1:完成不同AS的P-NETWORK 及C-NETWORK 配置
此时管理员应该发现R3 与R4 只学习各自AS 所包含的C-NETWORK 网络信息
步骤2:完成R3与R4的BGPEBGP 对等体关系的建立,于此同时完成标签的发送工作
R3
router bgp 1
neighbor 31.31.34.4 remote 2
neighbor 31.31.34.4 send-label //将AS1的网络标签信息发送给指定对等体
R4
router bgp 2
neighbor 31.31.34.3 remote 1
neighbor 31.31.34.3 send-label
此时管理员一定要确认R3 R4 完成了BGP 的EBGP PEER的关系建立
步骤3:在R3R4 上将各自AS内的PE及RR设备的LOOPBACK0 地址宣告进BGP
因为R2 与R5 会利用对端设备LOOPBACK 0 接口地址建立MP-BGP EBGP关系,为了对等体地址可达,必须完成这类宣告
因为最终在R1 与R6 上看到抵达对方AS的C-NETWORK网络下一跳是对端PE 设备IP,所以为了下一跳可达必须完成这些宣告
R3
router bgp 1
net 1.1.1.0 mask 255.255.255.0
net 2.2.2.0 mask 255.255.255.0
nei 2.2.2.2 next-hop-self
R4
router bg 2
net 5.5.5.0 mask 255.255.255.0
net 6.6.6.0 mask 255.255.255.0
nei 5.5.5.5 next-hop-self
此时管理员应该在R2 R1 以及R5 R6 上利用”show ip bgp “命令,确认学习到被宣告的网络
步骤4:完成RR之间的MP-BGP EBGP 对等体关系
为了不同的AS 能够交换VPNV4 路由更新
R2
router bgp 1
nei 5.5.5.5 remote 2
nei 5.5.5.5 up lo 0
nei 5.5.5.5 ebgp 255
add vpnv4 u
nei 5.5.5.5 ac
nei 5.5.5.5 next-hop-un
R5
router bgp 2
nei 2.2.2.2 remote 1
nei 2.2.2.2 up lo 0
nei 2.2.2.2 ebgp 255
add vpnv4 u
nei 2.2.2.2 ac
nei 2.2.2.2 next-hop-un
R3
router bgp 1
neighbor 31.31.34.4 wei 1 //这里为了使得R3R4 抵达对端AS RR LOOPBACK 0 网络走R3 R4 才做此修改
R4
router bgp 2
nei 31.31.34.3 wei 1
此时管理员应该利用”show ip bgp vpnv4 allsummary”来确认MP-BGPPEER 关系建立,其实管理员应该利用”show ip bgp vpnv4 all“确认AS1 与AS 2 交换了VPNV4 更新
步骤5:在R3R4 上将学习到的对端AS 内的PE 及RR路由重分发进底层协议
是了让AS 2 与AS 1 内所有设备可以学习到对端AS 的PE 路由,让LDP 对对端PE 网络进行标签的分配
R3
access-list 1 permit 5.5.5.0 0.0.0.255
access-list 1 permit 6.6.6.0 0.0.0.255
!
route-map CON per 10
ma ip add 1
!
router egirp 1
redis bgp 1 route-map CON me 10000 100 255 11500
R4
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 1 permit 2.2.2.0 0.0.0.255
!
route-map CON per 10
ma ip add 1
!
router egirp 2
redis bgp 2 route-map CON me 10000 100 255 11500
R2
router ei 1
distance eigrp 90 19
R3
router ei 2
distance eigrp 90 19
14.4 校验
(1)两端C-NETWORK相互PING 通
14.5 思考题
(1)阐述整个配置流程?
(2)标签分配,分发关联过程?
- CCIE-MPLS VPN-实验手册(下卷)
- CCIE-MPLS VPN-实验手册(上卷)
- CCIE-MPLS VPN-实验手册(中卷)
- CCIE-MPLS基础篇-实验手册
- CCIE自学-by闫辉NP视频MPLS-VPN综合实验实验过程详解
- [CCIE笔记]MPLS(1)
- mpls vpn剩余笔记
- MPLS/VPN 实验: ISIS/EIGRP
- CCIE自学-by闫辉NP视频:MPLS-VPN小结
- 自制mpls ldp实验
- MPLS VPN随堂笔记1
- MPLS VPN随堂笔记2
- MPLS VPN随堂笔记3
- CCNP-BGP/MPLS VPN配置实验
- MPLS /VPN 实验一:OSPF / STATIC
- MPLS /vpn实验之,OSPF/RIPV2
- 详解 mpls vpn 的实现
- MPLS 和 VPN体系结构 (卷一) ---MPLS/VPN
- 【★】百度网盘背后的真实策略!
- 即时作图新工具—ProcessOn【推荐】…
- PCL:1.7.2使用时的一个问题(core dumped与-std=c++11)
- ssm框架的搭建
- mysql分页查询语句怎么写?
- CCIE-MPLS VPN-实验手册(下卷)
- 洛谷P1297--网线切割_题解
- 浅谈微博与贴吧!
- POI文档
- 生成树的冗余与负载分担技术
- 获取两个日期之间的日期形成一个集合
- 数据分组协议号大全
- MPLS LDP随堂笔记1
- Git 常用命令