mpls vpn主备链路双出口配置案例

注意：必须要建立ospf伪连接sham-link，如果不建立，改了开销它默认也不会走mpls vpn链路

R1：

router id 1.1.1.1

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

ip vpn-instance b

ipv4-family

route-distinguisher 2:2

vpn-target 200:200 export-extcommunity

vpn-target 200:200 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0001.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.1 255.255.255.0

isis enable 1

ospf enable 2 area 0.0.0.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.14.1 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2

ip binding vpn-instance b

ip address 10.0.15.1 255.255.255.0

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

interface LoopBack1

ip binding vpn-instance a

ip address 11.1.1.1 255.255.255.255 //用于建立ospf跨跳伪连接

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance a

network 11.1.1.1 255.255.255.255

//这个必须得在这里发布要建立ospf伪连接的网段，在接口下发布没用

import-route ospf 1

ipv4-family vpn-instance b

peer 10.0.15.5 as-number 200

ospf 1 vpn-instance a

import-route bgp

area 0.0.0.0

sham-link 11.1.1.1 33.1.1.1 //用单播跨跳建立ospf伪连接

R2：

mpls lsr-id 2.2.2.2

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0002.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.2 255.255.255.0

isis enable 1

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

isis enable 1

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 3.3.3.3 enable

ipv4-family vpnv4

undo policy vpn-target

//关闭vpn实例路由过滤，如果本设备上有两边的vpn实力，则它不关也不会过滤。

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

R3

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

ip vpn-instance b

ipv4-family

route-distinguisher 2:2

vpn-target 200:200 export-extcommunity

vpn-target 200:200 import-extcommunity

mpls lsr-id 3.3.3.3

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0003.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

isis enable 1

ospf enable 2 area 0.0.0.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.36.3 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2

ip binding vpn-instance b

ip address 10.0.37.3 255.255.255.0

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

interface LoopBack1

ip binding vpn-instance a

ip address 33.1.1.1 255.255.255.255

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance a

network 33.1.1.1 255.255.255.255

import-route ospf 1

ipv4-family vpn-instance b

import-route static

ospf 1 vpn-instance a

import-route bgp

area 0.0.0.0

sham-link 33.1.1.1 11.1.1.1

ip route-static vpn-instance b 7.7.7.0 255.255.255.0 10.0.37.7

R4

router id 4.4.4.4

interface GigabitEthernet0/0/0

ip address 10.0.14.4 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/1

ip address 10.0.46.4 255.255.255.0

ospf cost 100 //改开销让优先走mpls 高速链路

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

R5

interface GigabitEthernet0/0/0

ip address 10.0.15.5 255.255.255.0

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.0

bgp 200

peer 10.0.15.1 as-number 100

ipv4-family unicast

undo synchronization

network 5.5.5.0 255.255.255.0

peer 10.0.15.1 enable

R6：

router id 6.6.6.6

interface GigabitEthernet0/0/0

ip address 10.0.36.6 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/1

ip address 10.0.46.6 255.255.255.0

ospf cost 100

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

ospf 1

area 0.0.0.0

network 6.6.6.6 0.0.0.0

network 10.0.46.6 0.0.0.0

R7

interface GigabitEthernet0/0/0

ip address 10.0.37.7 255.255.255.0

interface LoopBack0

ip address 7.7.7.7 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.37.3

扩展团体属性RT：

router id：<10.0.36.3 : 0> 用于描述VRF下ospf的进程ID

domain id：<0.0.0.0 : 0> 前四个0表示ospf路由域

OSPF RT <0.0.0.0 : 1 : 0> ：前面四个0表示从ospf哪个区域学到的，1表示ospf的lsdb类型，1 2 3 4 5 7，最后个0表示是ospf的type1路由，如果是1就代表是type2路由。