华为mpls vpn跨域方案c-2无RR

yenggd2023-12-24 23:58

重要的几点注意:

1、r2和r5上面不需要跑bgp,只开mpls ldp负责传递标签

2、r3和r4上面不需要跑vpnv4路由,只传标签就可以了。所以不要和自己as内的对端建立vpnv4路由,减轻压力。

3、2个asbr不用和自己的pe上建立bgp邻居,只要在igp协议里面导入bgp就可以了

4、但是2个asbr上面的全局mpls下要开启lsp-trigger bgp-label-route //为bgp构建标签

5、r1和r6使用的是vpnv4路由,vpnv4路由的特点是它会自动进入mpls vpn隧道,所以r2和r5上面不存在mpls黑洞路由。

7、2个asbr之间都要互相开启发送标签能力,并用策略路由加上标签。

以下关键配置

R1:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0000.0001.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.1 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.17.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

isis enable 1

bgp 100

peer 6.6.6.6 as-number 200

peer 6.6.6.6 ebgp-max-hop 255

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

ipv4-family vpnv4

policy vpn-target

peer 6.6.6.6 enable

ipv4-family vpn-instance a

peer 10.0.17.7 as-number 60000

R2:

mpls lsr-id 2.2.2.2

mpls

mpls ldp

isis 1

network-entity 49.0000.0000.0002.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.12.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 1

R3

mpls lsr-id 3.3.3.3

mpls

lsp-trigger bgp-label-route //为bgp构建标签

mpls ldp

isis 1

network-entity 49.0000.0000.0003.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 1

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 10.0.34.4 as-number 200

ipv4-family unicast

undo synchronization

network 1.1.1.1 255.255.255.255

peer 10.0.34.4 enable

peer 10.0.34.4 route-policy labe2 export

peer 10.0.34.4 label-route-capability

route-policy labe2 permit node 10

apply mpls-label

R4

mpls lsr-id 4.4.4.4

mpls

lsp-trigger bgp-label-route //为bgp构建标签

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0004.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 10.0.45.4 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 1

bgp 200

peer 10.0.34.3 as-number 100

ipv4-family unicast

undo synchronization

network 6.6.6.6 255.255.255.255

peer 10.0.34.3 enable

peer 10.0.34.3 route-policy asbr export

peer 10.0.34.3 label-route-capability

route-policy asbr permit node 10

apply mpls-label

R5

mpls lsr-id 5.5.5.5

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0005.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.45.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

isis enable 1

R6:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 6.6.6.6

mpls

mpls ldp

isis 1

network-entity 49.0001.0000.0000.0006.00

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

isis enable 1

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.68.6 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

isis enable 1

bgp 200

peer 1.1.1.1 as-number 100

peer 1.1.1.1 ebgp-max-hop 255

peer 1.1.1.1 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.1 enable

ipv4-family vpn-instance a

peer 10.0.68.8 as-number 60001

相关推荐
东方-教育技术博主1 天前
大模型的服务器部署
运维·服务器
有趣的我1 天前
链表的查找、定位、反转、连接等
网络·链表
数字哨兵(和中)1 天前
和中科技分享高危漏洞CVE-2025-51482修复方法
运维·服务器·网络·安全
chenyuhao20241 天前
Linux系统编程:进程控制
linux·运维·服务器·开发语言·c++·后端
峰顶听歌的鲸鱼1 天前
14.docker:镜像
运维·笔记·docker·容器·学习方法
专业开发者1 天前
Bluetooth® Mesh网络中的设备管理
网络·物联网
java_logo1 天前
Apache RocketMQ Docker 容器化部署指南
运维·docker·容器·kafka·kubernetes·apache·rocketmq
落羽的落羽1 天前
【Linux系统】进程终止、进程等待与进程替换的概念与实现
linux·服务器·c++·人工智能·深度学习·机器学习·游戏引擎
qq_479875431 天前
C++ 网络编程中的 Protobuf 消息分发 (Dispatcher) 设计模式
网络·c++·设计模式
Tandy12356_1 天前
手写TCP/IP协议——IP层输出处理
c语言·网络·c++·tcp/ip·计算机网络
热门推荐
01GitHub 镜像站点02【超详细教程】手把手教你从微软官网免费下载Windows 10官方原版ISO镜像(2025最新版)03【AutoGLM部署】本地私有化部署AI手机Agent04UV安装并设置国内源05安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)06Open-AutoGLM Windows 安装部署教程07Linux下V2Ray安装配置指南08BongoCat - 跨平台键盘猫动画工具09React CVE-2025-55182漏洞排查与修复指南10在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)