目录
- 实验条件
- 环境配置
- 开始配置
-
- 配置交换机,隔离R1、R7
- 配置VRF
- 配置各小区域的路由协议
- 配置MPLS区域的协议
-
- 配置MPLS协议(R2到R5)
- [R2 和 R5 之间配置MP-BGP协议](#R2 和 R5 之间配置MP-BGP协议)
- 配置VRF,RT
- 重分布路由
- 验证路由
- 验证效果
-
- R1访问R6,R1访问R8
- R7访问R6,R7访问R1
- [关闭IP TTL复制功能,再次观察效果](#关闭IP TTL复制功能,再次观察效果)
实验条件
网络拓朴
实验目标
- 让A1、A2可以互相访问
- 让B1、B2可以互相访问
- A、B之间不可以互访
环境配置
在我的资源里可以下载(就在这篇文章的开头也可以下载)
开始配置
配置交换机,隔离R1、R7
java
SW:
vlan 12,27
interface e0/0
switchport mode access
switchport access vlan 12
interface e0/1
switchport mode access
switchport access vlan 27
interface e0/2
switchport trunk encapsulation dot1q
switchport mode trunk
R2:
default interface e0/0
interface e0/0.12
encapsulation dot1Q 12
interface e0/0.27
encapsulation dot1Q 27与SW的Trunk口相连的E0/0需要创建子接口,并且指定封装的VLAN_ID,否则无法通信(R2是路由器,所以e0/0口发出的包是不带VLAN,ID标识的,这样的话,到交换机之后该包就无法投递到对应的VLAN去了,所以需要指定封装的VLAN_ID)
配置VRF
配置了VRF后,ip地址会被重置需要重配,所以地址在这里配置
java
R2:
ip vrf Area-A
rd 12345:12
ip vrf Area-B
rd 12345:27
interface e0/0.12
ip vrf forwarding Area-A
ip address 12.1.1.2 255.255.255.0
interface e0/0.27
ip vrf forwarding Area-B
ip address 27.1.1.2 255.255.255.0
java
R5:
ip vrf Area-A
rd 12345:56
ip vrf Area-B
rd 12345:58
interface e0/0
ip vrf forwarding Area-A
ip address 56.1.1.5 255.255.255.0
interface e0/2
ip vrf forwarding Area-B
ip address 58.1.1.5 255.255.255.0 配置各小区域的路由协议
配置IGP协议时,要建立邻居的两台路由器需要对他们所在的共同的网段进行声明(否则的话是不会建立邻居的,即只声明lo0路由那么是不会有邻居,也不会交换路由的),只有被声明的接口(网段)才会发出Hello包去建邻居。这点需要注意一下
RIP协议
java
R1:
conf t
router rip
network 1.1.1.1
network 12.0.0.0
R2:
conf t
router rip
address-family ipv4 vrf Area-A
network 2.2.2.2
network 12.0.0.0OSPF协议
java
R2:
conf t
router ospf 27 vrf Area-B
router-id 2.2.2.22
network 2.2.2.2 0.0.0.0 area 0
network 27.1.1.0 0.0.0.255 area 0
R7:
conf t
interface e0/1
ip address 27.1.1.7 255.255.255.0
no shutdown
interface lo0
ip address 7.7.7.7 255.255.255.255
no shutdown
router ospf 27
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 27.1.1.0 0.0.0.255 area 0EIGRP协议
java
R5:
conf t
router eigrp NAME_mode
address-family ipv4 vrf Area-A autonomous-system 56
network 5.5.5.5 0.0.0.0
network 56.1.1.0 0.0.0.255
R6:
conf t
router eigrp 56
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0
network 56.1.1.0 0.0.0.255BGP协议
java
R5:
conf t
router bgp 25
bgp router-id 5.5.5.5
address-family ipv4 vrf Area-B
neighbor 58.1.1.8 remote-as 58
neighbor 58.1.1.8 next-hop-self
neighbor 58.1.1.8 activate
R8:
conf t
interface lo0
ip address 8.8.8.8 255.255.255.255
no shutdown
router bgp 58
bgp router-id 8.8.8.8
neighbor 58.1.1.5 remote-as 25
neighbor 58.1.1.5 next-hop-self
network 8.8.8.8 mask 255.255.255.255
network 58.1.1.0 mask 255.255.255.0 配置MPLS区域的协议
配置MPLS协议(R2到R5)
MPLS区域内各个路由器分配不同的标签段,便于观察标签交换的过程。
java
R2:
conf t
mpls ldp router-id lo0
mpls label range 200 299
interface e0/1
mpls ip
R3:
mpls ldp router-id Loopback0
mpls label range 300 399
router ospf 1
mpls ldp autoconfig
router-id 3.3.3.3
network 0.0.0.0 255.255.255.255 area 0
R4:
mpls ldp router-id Loopback0
mpls label range 400 499
router ospf 1
mpls ldp autoconfig
router-id 4.4.4.4
network 0.0.0.0 255.255.255.255 area 0
R5:
conf t
mpls ldp router-id lo0
mpls label range 500 599
interface e0/1
mpls ipR2 和 R5 之间配置MP-BGP协议
java
R2:
conf t
router bgp 25
bgp router-id 2.2.2.2
no bgp default ipv4-unicast
neighbor 5.5.5.5 remote-as 25
neighbor 5.5.5.5 update-source lo 0
address-family vpnv4
neighbor 5.5.5.5 activate
R5:
conf t
router bgp 25
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 25
neighbor 2.2.2.2 update-source lo 0
address-family vpnv4
neighbor 2.2.2.2 activate验证邻居关系
java
R2#show ip bgp all summary
For address family: VPNv4 Unicast
BGP router identifier 2.2.2.2, local AS number 25
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
5.5.5.5 4 25 13 13 1 0 0 00:08:55 0
R2#
R5#show ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 5.5.5.5, local AS number 25
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
2 path entries using 168 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 640 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
58.1.1.8 4 58 97 97 3 0 0 01:25:41 2
For address family: VPNv4 Unicast
BGP router identifier 5.5.5.5, local AS number 25
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 25 13 13 1 0 0 00:09:05 0
58.1.1.8 4 58 0 0 1 0 0 never (NoNeg)配置VRF,RT
PE之间只可以传递BGP的VPNv4路由,所以现在必须让IPv4路由带上RD值和RT属性才能成为VPNv4路由,接下来应该在PE路由器上为各VRF设置RD和RT,为了方便抓包分辨路由方向,不同方向配置不同的RT值,现在规化RT值如下:
java
R2:
VRF Aera-A:RD----12345:12 RT----export 12:56 import 56:12
VRF Aera-B:RD----12345:27 RT----export 27:58 import 58:27
R5:
VRF Aera-A:RD----12345:56 RT----export 56:12 import 12:56
VRF Aera-B:RD----12345:58 RT----export 58:27 import 27:58配置如下:
java
R2:
ip vrf Area-A
rd 12345:12
route-target export 12:56
route-target import 56:12
ip vrf Area-B
rd 12345:27
route-target export 27:58
route-target import 58:27
R5:
ip vrf Area-A
rd 12345:56
route-target export 56:12
route-target import 12:56
ip vrf Area-B
rd 12345:58
route-target export 58:27
route-target import 27:58重分布路由
On R2: RIP<->BGP 25
把RIP的路由重分布进BGP,再把BGP的路由重分布进RIP中
java
R2:
conf t
router bgp 25
address-family ipv4 vrf Area-A
redistribute rip
router rip
!
address-family ipv4 vrf Area-A
redistribute bgp 25 metric 5On R2: OSPF 27 <->BGP 25
java
R2:
conf t
router bgp 25
address-family ipv4 vrf Area-B
redistribute ospf 27
router ospf 27 vrf Area-B
redistribute bgp 25 subnetsOn R5: EIGRP <->BGP 25
java
R5:
conf t
router bgp 25
address-family ipv4 vrf Area-A
redistribute eigrp 56
router eigrp NAME_mode
address-family ipv4 unicast vrf Area-A autonomous-system 56
topology base
redistribute bgp 25 metric 10000 10 255 1 1500
exit-af-topology验证路由
R2上的BGP路由
java
R2#show ip bgp vpnv4 vrf Area-A
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12 (default for vrf Area-A)
*> 1.0.0.0 12.1.1.1 1 32768 ?
*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?
*> 12.1.1.0/24 0.0.0.0 0 32768 ?
*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?
R2#show ip bgp vpnv4 vrf Area-B
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:27 (default for vrf Area-B)
*> 7.7.7.7/32 27.1.1.7 11 32768 ?
*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i
*> 27.1.1.0/24 0.0.0.0 0 32768 ?
*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 i
R2#show ip bgp all
For address family: IPv4 Unicast
For address family: VPNv4 Unicast
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12 (default for vrf Area-A)
*> 1.0.0.0 12.1.1.1 1 32768 ?
*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?
*> 12.1.1.0/24 0.0.0.0 0 32768 ?
*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?
Route Distinguisher: 12345:27 (default for vrf Area-B)
*> 7.7.7.7/32 27.1.1.7 11 32768 ?
*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i
*> 27.1.1.0/24 0.0.0.0 0 32768 ?
*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 i
Route Distinguisher: 12345:56
*>i 6.6.6.6/32 5.5.5.5 3584000 100 0 ?
*>i 56.1.1.0/24 5.5.5.5 0 100 0 ?
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:58
*>i 8.8.8.8/32 5.5.5.5 0 100 0 58 i
*>i 58.1.1.0/24 5.5.5.5 0 100 0 58 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: VPNv4 Multicast
For address family: MVPNv4 UnicastR5的路由表信息
java
R5#show ip bgp vpnv4 vrf Area-A
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:56 (default for vrf Area-A)
*>i 1.0.0.0 2.2.2.2 1 100 0 ?
*> 6.6.6.6/32 56.1.1.6 3584000 32768 ?
*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?
*> 56.1.1.0/24 0.0.0.0 0 32768 ?
R5#show ip bgp vpnv4 vrf Area-B
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:58 (default for vrf Area-B)
*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?
*> 8.8.8.8/32 58.1.1.8 0 0 58 i
*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?
r> 58.1.1.0/24 58.1.1.8 0 0 58 i
R5#show ip bgp all
For address family: IPv4 Unicast
For address family: VPNv4 Unicast
......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 12345:12
*>i 1.0.0.0 2.2.2.2 1 100 0 ?
*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 12345:27
*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?
*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 12345:56 (default for vrf Area-A)
*>i 1.0.0.0 2.2.2.2 1 100 0 ?
*> 6.6.6.6/32 56.1.1.6 3584000 32768 ?
*>i 12.1.1.0/24 2.2.2.2 0 100 0 ?
*> 56.1.1.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 12345:58 (default for vrf Area-B)
*>i 7.7.7.7/32 2.2.2.2 11 100 0 ?
Network Next Hop Metric LocPrf Weight Path
*> 8.8.8.8/32 58.1.1.8 0 0 58 i
*>i 27.1.1.0/24 2.2.2.2 0 100 0 ?
r> 58.1.1.0/24 58.1.1.8 0 0 58 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: VPNv4 Multicast
For address family: MVPNv4 UnicastArea-A区域之间的路由有了
Area-B区域之间的路由也有了,接下来验证网络
验证效果
R1访问R6,R1访问R8
java
R1#traceroute 6.6.6.6 source lo 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 12.1.1.2 1 msec 1 msec 0 msec
2 23.1.1.3 [MPLS: Labels 300/506 Exp 0] 1 msec 1 msec 1 msec
3 34.1.1.4 [MPLS: Labels 400/506 Exp 0] 0 msec 1 msec 0 msec
4 56.1.1.5 [MPLS: Label 506 Exp 0] 1 msec 0 msec 1 msec
5 56.1.1.6 0 msec * 1 msec
R1#ping 8.8.8.8 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
R1#ping 7.7.7.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)R1和R6相通,和R8、R7不通
R7访问R6,R7访问R1
java
R7#traceroute 8.8.8.8 source lo 0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 27.1.1.2 0 msec 1 msec 0 msec
2 23.1.1.3 [MPLS: Labels 300/508 Exp 0] 1 msec 1 msec 1 msec
3 34.1.1.4 [MPLS: Labels 400/508 Exp 0] 1 msec 0 msec 1 msec
4 58.1.1.5 [MPLS: Label 508 Exp 0] 1 msec 0 msec 0 msec
5 58.1.1.8 1 msec * 2 msec
R7#ping 1.1.1.1 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
.....
Success rate is 0 percent (0/5)
R7#ping 6.6.6.6 source lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
.....
Success rate is 0 percent (0/5)R7和R8相通,和R1、R6不通 ,达到实验的目的。
关闭IP TTL复制功能,再次观察效果
java
R2:
conf t
no mpls ip propagate-ttl
R5:
conf t
no mpls ip propagate-ttl检查效果
java
R1#traceroute 6.6.6.6 source lo 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 12.1.1.2 0 msec 1 msec 0 msec
2 56.1.1.5 [MPLS: Label 506 Exp 0] 1 msec 1 msec 0 msec
3 56.1.1.6 1 msec * 2 msec
R7#traceroute 8.8.8.8 source lo 0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 27.1.1.2 1 msec 0 msec 1 msec
2 58.1.1.5 [MPLS: Label 508 Exp 0] 1 msec 1 msec 1 msec
3 58.1.1.8 0 msec * 2 msec