华为mpls vpn跨域方案c-1无RR

yenggd2023-12-23 4:53

重要的几点注意:

1、r2和r5上面不需要跑bgp,只开mpls ldp负责传递标签

2、r3和r4上面不需要跑vpnv4路由,只传标签就可以了。所以不要和自己as内的对端建立vpnv4路由,减轻压力。

3、r1和r6使用的是vpnv4路由,vpnv4路由的特点是它会自动进入mpls vpn隧道,所以r2和r5上面不存在mpls黑洞路由。

4、asbr之间只建立普通的ebgp邻居,且接口上只开mpls

5、2个asbr之间和各对内的ibgp都要开启发送标签能力,并用策略路由加上标签。

以下关键配置

R1:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0000.0001.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.1 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.17.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 6.6.6.6 as-number 200

peer 6.6.6.6 ebgp-max-hop 255

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

peer 3.3.3.3 label-route-capability

peer 6.6.6.6 enable

ipv4-family vpnv4

policy vpn-target

peer 6.6.6.6 enable

ipv4-family vpn-instance a

peer 10.0.17.7 as-number 60000

R2:

mpls lsr-id 2.2.2.2

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0002.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

R3

mpls lsr-id 3.3.3.3

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0003.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 10.0.34.4 as-number 200

ipv4-family unicast

undo synchronization

network 1.1.1.1 255.255.255.255

peer 1.1.1.1 enable

peer 1.1.1.1 route-policy labe1 export

peer 1.1.1.1 label-route-capability

peer 10.0.34.4 enable

peer 10.0.34.4 route-policy labe2 export

peer 10.0.34.4 label-route-capability

route-policy labe1 permit node 10

if-match mpls-label //只对过来带标签的数据加上标签,不带标签的数据则不加

apply mpls-label

route-policy labe2 permit node 10

apply mpls-label

R4

mpls lsr-id 4.4.4.4

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0004.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 10.0.45.4 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

peer 10.0.34.3 as-number 100

ipv4-family unicast

undo synchronization

network 6.6.6.6 255.255.255.255

peer 6.6.6.6 enable

peer 6.6.6.6 route-policy ibgp export

peer 6.6.6.6 label-route-capability

peer 10.0.34.3 enable

peer 10.0.34.3 route-policy asbr export

peer 10.0.34.3 label-route-capability

route-policy ibgp permit node 10

if-match mpls-label

apply mpls-label

route-policy asbr permit node 10

apply mpls-label

R5

mpls lsr-id 5.5.5.5

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0005.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.45.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

isis enable 1

R6:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 6.6.6.6

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0006.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.68.6 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

isis enable 1

bgp 200

peer 1.1.1.1 as-number 100

peer 1.1.1.1 ebgp-max-hop 255

peer 1.1.1.1 connect-interface LoopBack0

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 4.4.4.4 enable

peer 4.4.4.4 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

ipv4-family vpn-instance a

peer 10.0.68.8 as-number 60001

相关推荐
米羊12116 分钟前
已有安全措施确认(上)
大数据·网络
ManThink Technology1 小时前
如何使用EBHelper 简化EdgeBus的代码编写?
java·前端·网络
御承扬2 小时前
鸿蒙NDK UI之文本自定义样式
ui·华为·harmonyos·鸿蒙ndk ui
大雷神2 小时前
HarmonyOS智慧农业管理应用开发教程--高高种地--第29篇:数据管理与备份
华为·harmonyos
珠海西格电力科技2 小时前
微电网能量平衡理论的实现条件在不同场景下有哪些差异?
运维·服务器·网络·人工智能·云计算·智慧城市
QT.qtqtqtqtqt2 小时前
未授权访问漏洞
网络·安全·web安全
半壶清水3 小时前
[软考网规考点笔记]-软件开发、项目管理与知识产权核心知识与真题解析
网络·笔记·压力测试
JMchen1233 小时前
Android后台服务与网络保活:WorkManager的实战应用
android·java·网络·kotlin·php·android-studio
yuanmenghao3 小时前
Linux 性能实战 | 第 7 篇 CPU 核心负载与调度器概念
linux·网络·性能优化·unix
那就回到过去3 小时前
MPLS多协议标签交换
网络·网络协议·hcip·mpls·ensp
热门推荐
01GitHub 镜像站点02Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services03openclaw配置教程(linux+局域网ollama)04OpenClaw Chrome扩展使用教程 - 浏览器中继控制05Linux下V2Ray安装配置指南06UV安装并设置国内源07Claude Code Skills 实用使用手册08让 Trae IDE 智能体 “读懂”文档 Excel+PDF+DOCX :mcp-documents-reader 工具使用指南09一文了解国产算子编程语言 TileLang,TileLang 对国产开源生态的影响与启示10Vue-skills的中文文档