华为mpls vpn跨域方案c-1无RR

yenggd2023-12-23 4:53

重要的几点注意:

1、r2和r5上面不需要跑bgp,只开mpls ldp负责传递标签

2、r3和r4上面不需要跑vpnv4路由,只传标签就可以了。所以不要和自己as内的对端建立vpnv4路由,减轻压力。

3、r1和r6使用的是vpnv4路由,vpnv4路由的特点是它会自动进入mpls vpn隧道,所以r2和r5上面不存在mpls黑洞路由。

4、asbr之间只建立普通的ebgp邻居,且接口上只开mpls

5、2个asbr之间和各对内的ibgp都要开启发送标签能力,并用策略路由加上标签。

以下关键配置

R1:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0000.0001.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.1 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.17.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 6.6.6.6 as-number 200

peer 6.6.6.6 ebgp-max-hop 255

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

peer 3.3.3.3 label-route-capability

peer 6.6.6.6 enable

ipv4-family vpnv4

policy vpn-target

peer 6.6.6.6 enable

ipv4-family vpn-instance a

peer 10.0.17.7 as-number 60000

R2:

mpls lsr-id 2.2.2.2

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0002.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

R3

mpls lsr-id 3.3.3.3

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0003.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 10.0.34.4 as-number 200

ipv4-family unicast

undo synchronization

network 1.1.1.1 255.255.255.255

peer 1.1.1.1 enable

peer 1.1.1.1 route-policy labe1 export

peer 1.1.1.1 label-route-capability

peer 10.0.34.4 enable

peer 10.0.34.4 route-policy labe2 export

peer 10.0.34.4 label-route-capability

route-policy labe1 permit node 10

if-match mpls-label //只对过来带标签的数据加上标签,不带标签的数据则不加

apply mpls-label

route-policy labe2 permit node 10

apply mpls-label

R4

mpls lsr-id 4.4.4.4

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0004.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 10.0.45.4 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

peer 10.0.34.3 as-number 100

ipv4-family unicast

undo synchronization

network 6.6.6.6 255.255.255.255

peer 6.6.6.6 enable

peer 6.6.6.6 route-policy ibgp export

peer 6.6.6.6 label-route-capability

peer 10.0.34.3 enable

peer 10.0.34.3 route-policy asbr export

peer 10.0.34.3 label-route-capability

route-policy ibgp permit node 10

if-match mpls-label

apply mpls-label

route-policy asbr permit node 10

apply mpls-label

R5

mpls lsr-id 5.5.5.5

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0005.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.45.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

isis enable 1

R6:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 6.6.6.6

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0006.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.68.6 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

isis enable 1

bgp 200

peer 1.1.1.1 as-number 100

peer 1.1.1.1 ebgp-max-hop 255

peer 1.1.1.1 connect-interface LoopBack0

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 4.4.4.4 enable

peer 4.4.4.4 label-route-capability

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

ipv4-family vpn-instance a

peer 10.0.68.8 as-number 60001

相关推荐
Fanmeang36 分钟前
MPLS LDP概述
运维·网络·华为·路由·mpls·标签·ldp
熬了夜的程序员1 小时前
【华为机试】208. 实现 Trie (前缀树)
数据结构·算法·华为od·华为
Menior_1 小时前
【网络基础】深入理解 TCP/IP 协议体系
网络·网络协议·tcp/ip
小明的小名叫小明4 小时前
区块链技术原理(5)-网络
网络·区块链
NorthCastle5 小时前
Docker 网络-单机版
网络·docker·docker网络基础概念·docker网络基础命令
sniper_fandc6 小时前
VirtualBox虚拟机网卡配置
linux·网络·虚拟机
哈基米喜欢哈哈哈9 小时前
计算机网络(一)——TCP
网络·tcp/ip·计算机网络
humors22110 小时前
鸿蒙示例代码使用心得
华为·实战·harmonyos·鸿蒙·项目·huawei·实操
小马哥编程11 小时前
【软考架构】网络规划与设计,三层局域网模型和建筑物综合布线系统PDS
网络·计算机网络·架构·系统架构
zmjjdank1ng11 小时前
Linux 流编辑器 sed 详解
linux·运维·前端·网络·入门
热门推荐
01全球最强模型Grok4,国内已可免费使用!(附教程)02UV安装并设置国内源03Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code04[已解决]VSCode右键菜单消失恢复052025最新国内服务器可用docker源仓库地址大全(2025年8月更新)06🚀Cursor CLI+GPT-5保姆级教程+编程能力测评!Cursor CLI零成本免费使用GPT-5!Claude Code的劲敌来了!从安装到实战演示07GPT-5 使用限制与国内升级全攻略(免费 / Plus / Pro)【2025 最新】08KGG转MP3工具|非KGM文件|解密音频09Cursor 终端“卡死/无响应”问题的解法10OpenAI重返开源!GPT-OSS本地部署完全指南