实验要求:
实验手绘图:
构建网络拓扑图:
ISP公网配置
ISP部分
先将R2/R3/R4路由器的公网接口IP配置,注意,由于实验的目的是R1与R5的MPLS VPN(专用网络),所以R1的0/0/0和0/0/2口不属于公网范围,同理R4的0/0/1和0/0/2口也一样。所以此时不能配置在公网中。
IGP部分
配置完成 后,配置公网的OSPF和MPLS环境
R1/R2/R3成功建立OSPF邻居
R1/R2/R3建立MPLS邻居
[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]int g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
[r4]mpls lsr
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4-mpls-ldp]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
配置私有路由
配置MPLS VPN
我们先对a公司进行配置完成要求1
将R2接口0/0/0绑定在名为a的vrf 私有路由空间中:做此步骤的目的就是由于实验目的是在A1A2和B1B2两个公司间建立MPLS VPN(专用网络),不能让它访问到公网中,所以A公司接口弄在私有路由空间中,与对面的A公司之间能够不通过公用网络实现互相访问。
[r2]ip vpn-instance a
[r2-vpn-instance-a]ipv4-family
[r2-vpn-instance-a-af-ipv4]route-distinguisher 1:1
[r2-vpn-instance-a-af-ipv4]vpn-target 1:1
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-a-af-ipv4]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
配置完成后,我们可以看到R2的公有路由表中没有0/0/0接口的路由
0/0/0接口的路由成功配置在R2绑定的私有路由表中
如果想要在R2上去ping192.168.2.1,不能直接ping,直接ping的话测试将在公有路由表中查询。
我们需要通过私有空间a中去ping该路由
[r2]ping -vpn-instance a 192.168.2.1
R4也是同理
[r4]ip vpn-instance a
[r4-vpn-instance-a]ipv4-fa
[r4-vpn-instance-a]ipv4-family
[r4-vpn-instance-a-af-ipv4]rou
[r4-vpn-instance-a-af-ipv4]route-distinguisher 1:1
[r4-vpn-instance-a-af-ipv4]vpn
[r4-vpn-instance-a-af-ipv4]vpn-target 1:1
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a-af-ipv4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip bi
[r4-GigabitEthernet0/0/1]ip binding vpn
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip add
[r4-GigabitEthernet0/0/1]ip address 192.168.3.1 24
Feb 5 16:56:11-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
PE与PE之间建立MP-BGP邻居关系
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface lo0
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface lo0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
CE端与PE端交互路由
A公司我们用静态路由的方法
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2
[r2]ip route-static vpn-instance a 192.168.1.0 24 192.168.2.1
[r5]ip route-static 192.168.1.0 24 192.168.3.1
[r5]ip route-static 192.168.2.0 24 192.168.3.1
[r4]ip route-static vpn-instance a 192.168.4.0 24 192.168.3.2
将本地vrf空间内的静态和直连路由重发布到BGP协议传递到对端的PE
[r2]bgp 1
[r2-bgp]ipv4-family
[r2-bgp]ipv4 vpn-instance a
[r2-bgp-a]import-route static
[r2-bgp-a]import-route direct
[r4]bgp 1
[r4-bgp]ipv4-family
[r4-bgp]ipv4 vpn-instance a
[r4-bgp-a]import-route static
[r4-bgp-a]import-route direct
<r4>display bgp vpnv4 vpn-instance a routing-table 查看mp-bpg的BGP表
R2和R4上成功获取了对端的路由
我们对B公司采取同样的配置方法完成要求2,不过B公司的CE和PE端采用的是RIP和OSPF动态获取路由协议。
配置MPLS VPN
注:在关联到vrf空间前不能配置接口ip,否则该地址的直连路由将进入公有路由表;
[r2]ip vpn-instance b
[r2-vpn-instance-b]ip v
[r2-vpn-instance-b]ipv
[r2-vpn-instance-b]ipv4-family
[r2-vpn-instance-b-af-ipv4]rou
[r2-vpn-instance-b-af-ipv4]routing-table
[r2-vpn-instance-b-af-ipv4]route-distinguisher 2:2
[r2-vpn-instance-b-af-ipv4]vp
[r2-vpn-instance-b-af-ipv4]vpn-target 2:2
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b-af-ipv4]int g0/0/2
[r2-GigabitEthernet0/0/2]ip bind
[r2-GigabitEthernet0/0/2]ip binding v
[r2-GigabitEthernet0/0/2]ip binding vpn-instance b
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/2]ip add 192.168.2.2 24
Feb 5 17:55:59-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[r2-GigabitEthernet0/0/2]display ip routing-table vpn-instance b 查看空间内私有路由表
将R6的接口IP配置与R1相同。即使配置相同,由于我们采用了私有路由表的技术,它和R1之间也不会造成影响。
[r2]ping-vpn-instance b 192.168.2.1 正常测试将在公有路由表中查询记录;该命令为基于VRF空间
a进行路由查询
由于PE与PE之间我们已经建立好了MP-BGP邻居关系
接下里我们进行
CE与PE端交互路由
B公司我们采用RIP和OSPF协议交互路由
B1使用RIP协议交互
B2使用OSPF交互
由于R4中公用网络已经用了OSPF 1进程,所以在这里我们不能使用OSPF 1
在PE端进行双向重发布
R2和R4成功学到了彼此的路由
R7上 配置按照题目要求环回接口应该是192.168.4.2,这里我们配置错误进行重新配置和宣告
最终我们可以发现,虽然AB公司R5和R7是同一个网段,但无法互相访问。
要求1.2已完成
要求3:
R7可以访问R2/R3/R4的环回
在R7中宣告5.2
在R4的OSPF1中宣告5.1
ping 4.4.4.4
ping 3.3.3.3
ping 2.2.2.2 ..
要求3完成
本次实验完成!