MPLS VPN跨域C2 RR反射器方案

墨渊04.2023-09-25 18:42
  • 拓扑设计
  • 拓扑介绍

如图,R9与R10分别是AS100和AS200中的RR反射器;R9与R10建立MP-BGP邻居关系,用于传递VPNV4路由,R1与R6都是PE设备,如果有多个PE设备那么配置起来相对复杂与繁琐,所以现在使用RR反射器进行配置,可以直接将路由传递给多个PE设备,减少配置命令与设备压力。

  • 数据配置

R1

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ip vpn-instance vpn1 ipv4-family route-distinguisher 1:1 vpn-target 1:6 export-extcommunity vpn-target 6:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0001.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip binding vpn-instance vpn1 ip address 17.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/1 ip address 12.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 9.9.9.9 as-number 100 peer 9.9.9.9 connect-interface LoopBack0 # ipv4-family unic peer 9.9.9.9 enable peer 9.9.9.9 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 9.9.9.9 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 |

R3

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| mpls lsr-id 3.3.3.3 mpls lsp-trigger bgp-label-route # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0003.00 import-route bgp # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 23.1.1.3 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 34.1.1.3 255.255.255.0 mpls # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 9.9.9.9 as-number 100 peer 9.9.9.9 connect-interface LoopBack0 peer 34.1.1.4 as-number 200 # ipv4-family unicast undo synchronization network 1.1.1.1 255.255.255.255 network 9.9.9.9 255.255.255.255 peer 9.9.9.9 enable peer 9.9.9.9 label-route-capability peer 34.1.1.4 enable peer 34.1.1.4 route-policy 1 export peer 34.1.1.4 label-route-capability # route-policy 1 permit node 10 apply mpls-label |

R9

|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| mpls lsr-id 9.9.9.9 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0009.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 29.1.1.9 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 9.9.9.9 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 10.10.10.10 as-number 200 peer 10.10.10.10 ebgp-max-hop 255 peer 10.10.10.10 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 1.1.1.1 label-route-capability peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability undo peer 10.10.10.10 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 next-hop-invariable peer 10.10.10.10 enable peer 10.10.10.10 next-hop-invariable |

R4

|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| mpls lsr-id 4.4.4.4 mpls lsp-trigger bgp-label-route # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0004.00 import-route bgp # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 34.1.1.4 255.255.255.0 mpls # interface GigabitEthernet0/0/1 ip address 45.1.1.4 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 200 peer 10.10.10.10 as-number 200 peer 10.10.10.10 connect-interface LoopBack0 peer 34.1.1.3 as-number 100 # ipv4-family unicast undo synchronization network 6.0.0.0 network 6.6.6.6 255.255.255.255 network 10.0.0.0 network 10.10.10.10 255.255.255.255 peer 10.10.10.10 enable peer 10.10.10.10 label-route-capability peer 34.1.1.3 enable peer 34.1.1.3 route-policy 1 export peer 34.1.1.3 label-route-capability # route-policy 1 permit node 10 apply mpls-label |

R6

|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ip vpn-instance vpn1 ipv4-family route-distinguisher 6:6 vpn-target 6:1 export-extcommunity vpn-target 1:6 import-extcommunity # mpls lsr-id 6.6.6.6 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0006.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 56.1.1.6 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance vpn1 ip address 68.1.1.6 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 isis enable 1 # bgp 200 peer 10.10.10.10 as-number 200 peer 10.10.10.10 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.10 enable peer 10.10.10.10 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 10.10.10.10 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 # ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0 |

R10

|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| mpls lsr-id 10.10.10.10 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%% local-user admin service-type http # isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0010.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 15.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.10 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 peer 6.6.6.6 as-number 200 peer 6.6.6.6 connect-interface LoopBack0 peer 9.9.9.9 as-number 100 peer 9.9.9.9 ebgp-max-hop 255 peer 9.9.9.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 4.4.4.4 label-route-capability peer 6.6.6.6 enable peer 9.9.9.9 enable peer 9.9.9.9 next-hop-invariable peer 9.9.9.9 label-route-capability # ipv4-family vpnv4 undo policy vpn-target peer 6.6.6.6 enable peer 6.6.6.6 next-hop-invariable peer 9.9.9.9 enable peer 9.9.9.9 next-hop-invariable # |

  • 路由传递

如图,7.7.7.7的路由传递给R6时,首先R1把R7的路由引入到MP-BGP中,MP-BGP会为这个VRF实例分配一个内层标签会被VPNV4路由携带。这条路由被R1传递给MP-IBGP邻居R9(也就是反射器),因为反射器配置了不检查RT值功能,所以他可以接收这条路由,并把这条路由继续传递给R10设备,R10也是一台RR设备,它同时也配置了不检查RT值功能,所以他也可以收到这条路由,并把路由反射给了R6设备,R6设备根据内层标签将路由传递给了VRF实例。

  • 数据转发
  1. R1设备查看FIB表,发现去往目的地址8.8.8.8是有隧道ID,也就意味着去往这条路由需要迭代到隧道。
  2. 在FIB表中可以看到需要迭代到去往6.6.6.6的隧道,于是按照MPLS表封装内层标签1025,并往下一跳R2转发。
  3. 现在R2设备收到了MPLS标签为1025的数据包并按照封装为1028标签继续向R3传递,R3会把LDP产生的标签弹掉之后封装策略产生的标签1028进行跨域
  4. 跨域之后继续按照隧道的标签依次传递,最终流量转发成功
相关推荐
weixin_4426434236 分钟前
推荐FileLink数据跨网摆渡系统 — 安全、高效的数据传输解决方案
服务器·网络·安全·filelink数据摆渡系统
阑梦清川1 小时前
JavaEE初阶---网络原理(五)---HTTP协议
网络·http·java-ee
FeelTouch Labs2 小时前
Netty实现WebSocket Server是否开启压缩深度分析
网络·websocket·网络协议
长弓三石4 小时前
鸿蒙网络编程系列44-仓颉版HttpRequest上传文件示例
前端·网络·华为·harmonyos·鸿蒙
xianwu5434 小时前
反向代理模块
linux·开发语言·网络·git
follycat4 小时前
[极客大挑战 2019]HTTP 1
网络·网络协议·http·网络安全
xiaoxiongip6665 小时前
HTTP 和 HTTPS
网络·爬虫·网络协议·tcp/ip·http·https·ip
JaneJiazhao5 小时前
HTTPSOK:智能SSL证书管理的新选择
网络·网络协议·ssl
CXDNW5 小时前
【网络面试篇】HTTP(2)(笔记)——http、https、http1.1、http2.0
网络·笔记·http·面试·https·http2.0
无所谓จุ๊บ6 小时前
树莓派开发相关知识十 -小试服务器
服务器·网络·树莓派
热门推荐
01【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总02(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04【AIGC】重塑未来的科技巨轮05全面解析:构建基于深度学习的安全帽检测系统(UI界面+YOLO代码+数据集)06【经验分享】Ubuntu22.04安装微信(linux官方版)07基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测08Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO09RAG 实践- Ollama+RagFlow 部署本地知识库10【TC3xx芯片】TC3xx芯片电源管理系统PMS详解