MPLS VPN的配置示例.docx
- 文档编号:3257645
- 上传时间:2022-11-21
- 格式:DOCX
- 页数:17
- 大小:68.54KB
MPLS VPN的配置示例.docx
《MPLS VPN的配置示例.docx》由会员分享,可在线阅读,更多相关《MPLS VPN的配置示例.docx(17页珍藏版)》请在冰豆网上搜索。
MPLSVPN的配置示例
MPLSVPN的配置示例(2009-07-2323:
11:
10)
标签:
it分类:
IT
介绍
MPLS准许多个Site通过ServiceProvider的网络透明互联。
一个ISP的网络可以支持多个不同的IPVPN,每个VPN对客户来说,是个单独的私有网络,和其它的客户都是独立的。
在一个VPN里面,每个site可以发送IP包给同一个VPN里的其它Site。
换句话来说,MPLS/VPN对于客户来说,相当于一个透明的三层传输网络,以前可以通过租用LeasedLine互联,现在可以租用MPLS/VPN链路互联。
每个VPN和一个或多个VRF(VPNRoutingorforwardinginstance)关联。
一个VRF包括一个路由表、一个CEF表和一组使用这个转发表的接口。
路由器为每个VRF维护着独立的路由表和CEF表。
这可以防止信息被发送到VPN之外,并且每个VPN可以使用重叠的IP地址。
路由器通过MP-BGP的扩展community标签来分发VPN路由信息
实验环境
本例在下面的软件和硬件环境下实现:
P和PE路由器
·CiscoIOS.Release12.2(6h),支持MPLSVPNfeature.
·P路由器:
Cisco7200系列路由器.
·PE路由器:
Cisco2691,或者3640系列路由器.
C和CE路由器
·任何可以和PE交换路由信息的路由器都可以作为C和CE路由器.
缩写约定
·P-Provider'scorerouter.
·PE-Provider'sedgerouter.
·CE-Customer'sedgerouter.
·C-Customer'srouter.
我们将用下面的拓扑图进行举例说明:
配置
网络拓扑图
本文档使用下面的拓扑图,网络中有3台P路由器、2台PE路由器(Pescara和Pesaro),2个
VPN客户分别是Customer_A和Customer_B:
配置
网络拓扑图
本文档使用下面的拓扑图,网络中有3台P路由器、2台PE路由器(Pescara和Pesaro),2个
VPN客户分别是Customer_A和Customer_B:
配置过程
启用ipcef
使用下面的过程启用ipcef.,为了提高性能,可以在支持的路由器上使用ipcefdistributed命令。
当在接口上配置了MPLS后(在接口上配置tag-switchingip).,还要在PE上完成下面的步骤:
1.在路由器上为每个相连的VPN创建一个VRF,使用命令ipvrf
配置ipvrf的时候:
o为每个VPN指定正确的RD.这是为了扩展IP地址之用,以便你可以识别IP地址属于哪个VPN.
rd
o配置MP-BGP的扩展communities的import和export值.这是用于过滤import和export过程的.
route-target[export|import|both] extendedcommunity> 2.在VPN各自的接口下使用ipvrfforwarding 3.配置PE-CE间使用的路由协议,可是使用静态路由或者动态路由(RIP、OSPF、BGP). 配置MP-BGP 在PE路由器之间配置MP-BGP.有几种办法来配置BGP,例如路由反射器或者联盟.我们这儿使用直连的邻居进行举例. 1.声明彼此的邻居 2.为这台PE上的每个VPN配置address-familyipv4vrf 如果需要的话,完成下面的步骤 o重分布静态、RIP、或者OSPF路由 o重分布直连的路由 oActivate和CE路由器间的BGP邻居 3.进入address-familyvpnv4模式,完成下面的配置: oActivatetheneighbors.Activate邻居 o指定必须使用扩展community,这是必须的. 配置 本例中的5台路由器配置如下: Pescara Currentconfiguration: ! version12.2 ! hostnamePescara ! ipcef ! ! ---Customer_A的配置. ipvrfCustomer_A ! ---启用Customer_A的VPN路由和转发表(VRF). rd100: 110 ! ---Routedistinguishercreatesroutingandforwarding ! ---tablesforaVRF. route-targetexport100: 1000 ! ---Createslistsofimportandexportroute-targetextended ! ---communitiesforthespecifiedVRF. route-targetimport100: 1000 ! ! ---Customer_B配置. ipvrfCustomer_B rd100: 120 route-targetexport100: 2000 route-targetimport100: 2000 ! interfaceLoopback0 ipaddress10.10.10.4255.255.255.255 iprouterisis ! ---Customer_A的配置. interfaceLoopback101 ipvrfforwardingCustomer_A ! ---将一个接口或者自接口和一个VRF实例关联起来. ipaddress200.0.4.1255.255.255.0 ! ---Loopback101和102使用相同的IP地址200.0.4.1.这是准许的,因为它们属于2个不用 客户的VRF noipdirected-broadcast ! ! ---Customer_B的配置. interfaceLoopback102 ipvrfforwardingCustomer_B ipaddress200.0.4.1255.255.255.0 ! ---Loopback101和102使用相同的IP地址200.0.4.1.这是准许的,因为它们属于2个不用 客户的VRF noipdirected-broadcast ! interfaceSerial2/0 noipaddress noipdirected-broadcast encapsulationframe-relay nofair-queue ! interfaceSerial2/0.1point-to-point descriptionlinktoPauillac bandwidth512 ipaddress10.1.1.14255.255.255.252 noipdirected-broadcast iprouterisis tag-switchingip frame-relayinterface-dlci401 ! routerisis net49.0001.0000.0000.0004.00 is-typelevel-1 ! routerbgp100 bgplog-neighbor-changes ! ---启用BGP邻居关系中断的记录. neighbor10.10.10.6remote-as100 neighbor10.10.10.6update-sourceLoopback0 ! ---配置BGP邻居. ! ! ---CustomerAandBcommands. address-familyvpnv4 ! ---进入address-familyvpnv4配置模式,配置和PE/P路由器间的MP-BGP路由会话。 neighbor10.10.10.6activate neighbor10.10.10.6send-communityboth ! ---SendsthecommunityattributetoaBGPneighbor. exit-address-family ! ! ---CustomerBcommands. address-familyipv4vrfCustomer_B ! ---进入address-familyipv4的配置模式下,配置和CE间的路由会话, redistributeconnected noauto-summary nosynchronization exit-address-family ! ! ---CustomerAcommands. address-familyipv4vrfCustomer_A redistributeconnected noauto-summary nosynchronization exit-address-family ! ipclassless ! end Pesaro Currentconfiguration: ! version12.1 ! hostnamePesaro ! ! ---CustomerAcommands. ipvrfCustomer_A rd100: 110 route-targetexport100: 1000 route-targetimport100: 1000 ! ! ---CustomerBcommands. ipvrfCustomer_B rd100: 120 route-targetexport100: 2000 route-targetimport100: 2000 ! ipcef ! interfaceLoopback0 ipaddress10.10.10.6255.255.255.255 iprouterisis ! ---CustomerAcommands. interfaceLoopback101 ipvrfforwardingCustomer_A ipaddress200.0.6.1255.255.255.0 ! ! ---CustomerBcommands. interfaceLoopback102 ipvrfforwardingCustomer_B ipaddress200.0.6.1255.255.255.0 ! ! ---CustomerAcommands. interfaceLoopback111 ipvrfforwardingCustomer_A ipaddress200.1.6.1255.255.255.0 ! interfaceSerial0/0 noipaddress encapsulationframe-relay noipmroute-cache random-detect ! interfaceSerial0/0.1point-to-point descriptionlinktoPomerol bandwidth512 ipaddress10.1.1.22255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci603 ! routerisis net49.0001.0000.0000.0006.00 is-typelevel-1 ! routerbgp100 neighbor10.10.10.4remote-as100 neighbor10.10.10.4update-sourceLoopback0 ! ! ---CustomerBcommands. address-familyipv4vrfCustomer_B redistributeconnected noauto-summary nosynchronization exit-address-family ! ! ---CustomerAcommands. address-familyipv4vrfCustomer_A redistributeconnected noauto-summary nosynchronization exit-address-family ! ! ---CustomerAandBcommands. address-familyvpnv4 neighbor10.10.10.4activate neighbor10.10.10.4send-communityboth exit-address-family ! ipclassless ! end Pomerol Currentconfiguration: ! version12.0 ! hostnamePomerol ! ipcef ! interfaceLoopback0 ipaddress10.10.10.3255.255.255.255 iprouterisis ! interfaceSerial0/1 noipaddress noipdirected-broadcast encapsulationframe-relay random-detect ! interfaceSerial0/1.1point-to-point descriptionlinktoPauillac ipaddress10.1.1.6255.255.255.252 noipdirected-broadcast iprouterisis tag-switchingmtu1520 tag-switchingip frame-relayinterface-dlci301 ! interfaceSerial0/1.2point-to-point descriptionlinktoPulligny ipaddress10.1.1.9255.255.255.252 noipdirected-broadcast iprouterisis tag-switchingip frame-relayinterface-dlci303 ! interfaceSerial0/1.3point-to-point descriptionlinktoPesaro ipaddress10.1.1.21255.255.255.252 noipdirected-broadcast iprouterisis tag-switchingip frame-relayinterface-dlci306 ! routerisis net49.0001.0000.0000.0003.00 is-typelevel-1 ! ipclassless ! end Pulligny Currentconfiguration: ! version12.1 ! hostnamePulligny ! ! ipcef ! ! interfaceLoopback0 ipaddress10.10.10.2255.255.255.255 ! interfaceSerial0/1 noipaddress encapsulationframe-relay random-detect ! interfaceSerial0/1.1point-to-point descriptionlinktoPauillac ipaddress10.1.1.2255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci201 ! interfaceSerial0/1.2point-to-point descriptionlinktoPomerol ipaddress10.1.1.10255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci203 ! routerisis passive-interfaceLoopback0 net49.0001.0000.0000.0002.00 is-typelevel-1 ! ipclassless ! end Pauillac Currentconfiguration: ! version12.1 ! hostnamepauillac ! ipcef ! interfaceLoopback0 ipaddress10.10.10.1255.255.255.255 iprouterisis ! interfaceSerial0/0 noipaddress encapsulationframe-relay noipmroute-cache tag-switchingip nofair-queue ! interfaceSerial0/0.1point-to-point descriptionlinktoPomerol bandwith512 ipaddress10.1.1.1255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci102 ! interfaceSerial0/0.2point-to-point descriptionlinktoPullignyipaddress10.1.1.5255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci103 ! interfaceSerial0/0.3point-to-point descriptionlinktoPescara bandwidth512 ipaddress10.1.1.13255.255.255.252 iprouterisis tag-switchingip frame-relayinterface-dlci104 ! routerisis net49.0001.0000.0000.0001.00 is-typelevel-1 ! ipclassless ! end 检验 本节讲述了如何检查你的配置是否工作正常. ·showipvrf-VerifiesthatthecorrectVRFexists. ·showipvrfinterfaces-Verifiestheactivatedinterfaces. ·showiproutevrfCustomer_A-VerifiestheroutinginformationonthePErouters. ·traceroutevrfCustomer_A200.0.6.1-VerifiestheroutinginformationonthePErouters. ·showipbgpvpnv4tag-VerifiestheBGP. ·showipcefvrfCustomer_A200.0.6.1detail-VerifiestheroutinginformationonthePErouters. 更多的排错命令详见: MPLSVPNSolutionTroubleshootingGuide. 下面的输出是命令showipvrf的结果 Pescara#showipvrf NameDefaultRDInterfaces Customer_A100: 110Loopback101 Customer_B100: 120Loopback102 下面的输出是命令showipvrfinterfaces的结果. Pesaro#showipvrfinterfaces InterfaceIP-AddressVRFProtocol Loopback101200.0.6.1Customer_Aup Loopback111200.1.6.1Customer_Aup Loopback102200.0.6.1Customer_Bup 下面的showiproutevrf命令的结果显示在2个VPNl里面都有相同的网段200.0.6.0/24.这是因为两个VPN客户Customer_A和Customer_B使用了重叠的IP地址. Pescara#showiproutevrfCustomer_A Codes: C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2 E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea *-candidatedefault,U-per-userstaticroute,o-ODR Gatewayoflastresortisnotset C200.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- MPLS VPN的配置示例 VPN 配置 示例