MPLS L3 ××× 实验一(配置)
实验拓扑:
实验一说明:
实验使用了6台路由器,R1、R2、R3、R4、R5、R6、R7(其中R4作为FR-SW)
在上一基础上增加了:
7、R4模拟帧中继交换机,在R2(P)、R1(PE1)、R3(PE2)上各使用了一个多点子接口在逻辑上互联骨干网,骨干ospf在R2的多点子接口下类型为点到多点,在R1和R3的多点子接口下用的均为点到点类型;
8、为了模拟PE到CE端采用不同路由协议的运行情况,将riv2、eigrp、ospf、bgp均配置在
了R5(CE1)和R1(PE1)上,因为是实验环境,故在R2(PE1)与R5(CE1)之间,启用了另一条
以太网链路(拓扑中实 际上每个连接点均为两条链路,为了实验的方便一条用的是串行
链路,一条是以太链路)通过在R5(CE1)和R1(PE1)上的以太口上各划分出三个子接口来
建立三条逻辑链路,分别运行ripv2、eigrp、ebgp,以测试在PE到CE之间使用不同路由协
议的功能及可能出现的问题;
下一次会增加一个站点同时连接2个PE(使用ospf)时观察downbit位的设置,并加入跨域的情况,可能以后会总有[待续],因为实验的乐趣和对知识的理解是永久的.
一、实验一路由器(5台)配置:
(配置后附有操作vrf时常用的几个命令. R7(CE2)配置很简单,未附上)
R4_FR-SW
!
frame-relay switching //帧中继交换机配置
!
interface Serial1/1
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 102 interface Serial1/2 201
!
interface Serial1/2
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 201 interface Serial1/1 102
frame-relay route 203 interface Serial1/3 302
!
interface Serial1/3
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 302 interface Serial1/2 203
!
R1_PE1 配置:
!
ip cef
no ip domain lookup
!
!
ip vrf smcat_***01 //在R1(PE1)和R3(PE2)上建立×××的路由转发表
rd 10:100
route-target export 10:100
route-target import 11:100
route-target import 12:100
route-target import 13:100
!
ip vrf smcat_***05
rd 5:100
route-target export 5:100
route-target import 12:100
!
ip vrf smcat_***06
rd 6:100
route-target export 6:100
route-target import 13:100
!
ip vrf smcat_***07
rd 7:100
route-target export 7:100
route-target import 12:100
route-target import 13:100
!
mpls label protocol ldp
no mpls ip propagate-ttl
//关闭PE上的TTL传播,对ping、tracert等应用时隐藏骨干区域的核心P路由器
!
key chain pe-ce_auth
key 10
key-string pe-ce_ripv2
key 20
key-string pe-ce_eigrp
!
interface Loopback0
ip address 1.1.1 .1 255.255.255.255
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding smcat_***01 //绑定vrf后,即改变了接口的从属关系,原有IP 地址会被清除,需要重新配置
ip address 1.1.1 .10 255.255.255.255
ip ospf network point-to-point
!
interface Loopback7
ip vrf forwarding smcat_***07
ip address 1.1.1 .7 255.255.255.255
!
interface Ethernet0/3.1
encapsulation dot1Q 5
ip vrf forwarding smcat_***05
ip address 191.168.1.2 255.255.255.252
!
interface Ethernet0/3.2
encapsulation dot1Q 6
ip vrf forwarding smcat_***06
ip address 191.168.1.6 255.255.255.252
!
interface Ethernet0/3.3
encapsulation dot1Q 7
ip vrf forwarding smcat_***07
ip address 191.168.1.10 255.255.255.252
!
interface Serial1/0
ip address 172.16.1.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
mpls label protocol ldp //PE上只须在连接核心的端口启用mpls ip
mpls ip
serial restart-delay 0
!
interface Serial1/1
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/1.1 multipoint
ip address 171.16.1.1 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-point
ip ospf hello-interval 30
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.2 102 broadcast
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3 //s1/3口连接R5(CE1)的 ××× 客户
ip vrf forwarding smcat_***01
ip address 192.168.1.2 255.255.255.252
serial restart-delay 0
!
router eigrp 100 //在PE1和CE1 的*** smcat_***06之间运行eigrp
no auto-summary
!
address-family ipv4 vrf smcat_***06
redistribute bgp 100 metric 10000 100 1 255 1500
network 191.168.1.4 0.0.0 .3
no auto-summary
autonomous-system 15
neighbor 191.168.1.5 Ethernet0/3.2
exit-address-family
!
router ospf 10 vrf smcat_***01 //在PE1和CE1 的*** smcat_***01之间运行ospf
router-id 1.1.1 .10
log-adjacency-changes
area 0 authentication message-digest //为PE1和CE1之间的OSPF做区域认证
area 0 sham-link 1.1.1 .10 3.3.3.10 cost 5
redistribute bgp 100 metric 10 subnets //在特定 vrf与MP-BGP之间做双向重发布
network 192.168.1.0 0.0.0 .3 area 0
!
router ospf 100 //实际城域网中,骨干IGP用IS-IS协议可使核心网具有更好的扩展性
router-id 1.1.1 .1
log-adjacency-changes
area 0 authentication message-digest
network 1.1.1 .1 0.0.0.0 area 0
network 171.16.1.0 0.0.0 .7 area 0
network 172.16.1.0 0.0.0 .3 area 0
!
router rip //在PE1和CE1 的*** smcat_***05之间运行ripv2
version 2
no auto-summary
!
address-family ipv4 vrf smcat_***05
redistribute bgp 100 metric 2
network 191.168.0.0
neighbor 191.168.1.1 //用单播穿透被动接口
no auto-summary
version 2
exit-address-family
!
router bgp 100
bgp router-id 1.1.1 .1
no bgp default ipv4-unicast
//BGP默认只支持IPV4地址,关闭后启用多协议功能,使其支持×××V4 地址族
bgp log-neighbor-changes
neighbor nei-R3 peer-group
//虽然只有一个PE邻居,但使用了BGP对等体组配置, 更新源用环回口loop0
neighbor nei-R3 remote-as 100
neighbor nei-R3 password bgp100
//为\PE上bgp之间的tcp连接做认证,是MD5的
neighbor nei-R3 update-source Loopback0
neighbor 3.3.3 .3 peer-group nei-R3
!
address-family ipv4
neighbor 3.3.3 .3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor nei-R3 send-community extended
neighbor 3.3.3 .3 activate
exit-address-family
!
address-family ipv4 vrf smcat_***07
//在PE1和CE1 的*** smcat_***07之间运行ebgp
neighbor 5.5.5 .5 remote-as 65001
neighbor 5.5.5 .5 ebgp-multihop 255
//用环回口作ebgp的更新源时必须用多跳配置,此处设置为了最大值255
neighbor 5.5.5 .5 update-source Loopback7
neighbor 5.5.5 .5 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***06
redistribute eigrp 15 metric 60
//在特定vrf与MP-BGP里的ipv4地址族下对应的vrf之间做双向重发布
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***05
redistribute rip metric 2
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***01
redistribute ospf 10 vrf smcat_***01 metric 10
no synchronization
network 1.1.1 .10 mask 255.255.255.255
exit-address-family
!
ip http server
no ip http secure-server
ip route vrf smcat_***07 5.5.5 .5 255.255.255.255 191.168.1.9
!
mpls ldp router-id Loopback0
!
R2_P配置:
!
ip cef
no ip domain lookup
!
mpls label protocol ldp
!
interface Loopback0
ip address 2.2.2 .2 255.255.255.255
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
shutdown
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.1.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
shutdown
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/2
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/2.1 multipoint
ip address 171.16.1.2 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-multipoint
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.1 201 broadcast
frame-relay map ip 171.16.1.3 203 broadcast
no frame-relay inverse-arp
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 2.2.2 .2
log-adjacency-changes
area 0 authentication message-digest
network 2.2.2 .2 0.0.0.0 area 0
network 171.16.1.0 0.0.0 .7 area 0
network 172.16.1.0 0.0.0 .3 area 0
network 172.16.1.4 0.0.0 .3 area 0
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0
!
R3_PE2 配置
!
ip cef
no ip domain lookup
!
ip vrf smcat_***01
rd 11:100
route-target export 11:100
route-target import 10:100
route-target import 13:100
!
ip vrf smcat_***02
rd 12:100
route-target export 12:100
route-target import 10:100
!
ip vrf smcat_***03
rd 13:100
route-target export 13:100
route-target import 10:100
route-target import 11:100
!
mpls label protocol ldp
no mpls ip propagate-ttl
!
interface Loopback0
ip address 3.3.3 .3 255.255.255.255
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding smcat_***01
ip address 3.3.3 .10 255.255.255.255
ip ospf network point-to-point
!
interface Loopback12
ip vrf forwarding smcat_***02
ip address 12.1.1 .1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback13
ip vrf forwarding smcat_***03
ip address 13.1.1 .1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip vrf forwarding smcat_***01
ip address 192.168.1.6 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.1.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/3
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/3.1 multipoint
ip address 171.16.1.3 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-point
ip ospf hello-interval 30
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.2 302 broadcast
!
router ospf 10 vrf smcat_***01
router-id 3.3.3 .10
log-adjacency-changes
area 0 authentication message-digest
area 0 sham-link 3.3.3 .10 1.1.1.10 cost 5
redistribute bgp 100 metric 1010 subnets
network 192.168.1.4 0.0.0 .3 area 0
!
router ospf 12 vrf smcat_***02
log-adjacency-changes
redistribute connected subnets
redistribute bgp 100 metric 1012 subnets
network 12.1.1 .0 0.0.0.255 area 0
!
router ospf 13 vrf smcat_***03
log-adjacency-changes
redistribute bgp 100 metric 1013 subnets
network 13.1.1 .0 0.0.0.255 area 0
!
router ospf 100
router-id 3.3.3 .3
log-adjacency-changes
area 0 authentication message-digest
network 3.3.3 .3 0.0.0.0 area 0
network 171.16.1.0 0.0.0 .7 area 0
network 172.16.1.4 0.0.0 .3 area 0
!
router bgp 100
bgp router-id 3.3.3 .3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor nei-R1 peer-group
neighbor nei-R1 remote-as 100
neighbor nei-R1 password bgp100
neighbor nei-R1 update-source Loopback0
neighbor 1.1.1 .1 peer-group nei-R1
!
address-family ipv4
neighbor 1.1.1 .1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor nei-R1 send-community extended
neighbor 1.1.1 .1 activate
exit-address-family
!
address-family ipv4 vrf smcat_***03
redistribute ospf 13 vrf smcat_***03 metric 1310
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***02
redistribute ospf 12 vrf smcat_***02 metric 1210
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***01
redistribute ospf 10 vrf smcat_***01 metric 1110
no synchronization
network 3.3.3 .10 mask 255.255.255.255
exit-address-family
!
mpls ldp router-id Loopback0
!
R5_CE1
!
hostname R5_CE1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$27vC$umGqRRRDIgJQlUFv5qnE.0
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
key chain ce-pe_auth
key 10
key-string pe-ce_ripv2
key 20
key-string pe-ce_eigrp
!
interface Loopback0
ip address 5.5.5 .5 255.255.255.255
!
interface Loopback1
ip address 10.1.1 .1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback5
ip address 10.50.1 .1 255.255.255.0
!
interface Loopback6
ip address 10.60.1.1 255.255.255.0
!
interface Loopback7
ip address 10.70.1.1 255.255.255.0
!
interface Ethernet0/3.1
encapsulation dot1Q 5
ip address 191.168.1.1 255.255.255.252
!
interface Ethernet0/3.2
encapsulation dot1Q 6
ip address 191.168.1.5 255.255.255.252
!
interface Ethernet0/3.3
encapsulation dot1Q 7
ip address 191.168.1.9 255.255.255.252
!
interface Serial1/2
ip address 192.168.1.9 255.255.255.252
ip ospf cost 1600
serial restart-delay 0
!
interface Serial1/3
ip address 192.168.1.1 255.255.255.252
serial restart-delay 0
!
router eigrp 15
network 10.60.1.0 0.0.0 .255
network 191.168.1.4 0.0.0 .3
no auto-summary
neighbor 191.168.1.6 Ethernet0/3.2
!
router ospf 10
router-id 5.5.5 .5
log-adjacency-changes
area 0 authentication message-digest
network 10.10.1 .0 0.0.0.255 area 5
network 192.168.1.0 0.0.0 .3 area 0
network 192.168.1.8 0.0.0 .3 area 0
!
router rip
version 2
passive-interface default //被动状态可以隔离广播和组播,不隔离单播
network 10.0.0 .0
network 191.168.0.0
neighbor 191.168.1.2 //用单播穿透被动接口
distribute-list prefix 50 out Ethernet0/3.1
no auto-summary
!
router bgp 65001
no synchronization
bgp router-id 5.5.5 .5
bgp log-neighbor-changes
redistribute connected metric 70 route-map dis_list
//使用路由图方式重分发直连路由进bgp
neighbor 1.1.1 .7 remote-as 100
neighbor 1.1.1 .7 ebgp-multihop 255
neighbor 1.1.1 .7 update-source Loopback0
no auto-summary
!
ip http server
no ip http secure-server
ip route 1.1.1 .7 255.255.255.255 191.168.1.10
!
ip prefix-list 50 seq 5 permit 10.50.0 .0/16 le 32
ip prefix-list 50 seq 10 deny 0.0.0 .0/0 le 32
!
ip access-list extended dis_list
permit ip 10.70.1.0 0.0.0 .255 any
!
route-map dis_list permit 10
//using a route-map and a extended name ACL for redistri
match ip address dis_list
set tag 7
!
二、操作vrf时常用的几个命令:
R1_PE1#sh ip vrf brief
R1_PE1#sh ip vrf det
R1_PE1#sh ip vrf det smcat_***05
R1_PE1#clear ip route vrf smcat_***05 *
R1_PE1#sh ip route vrf smcat_***05
R1_PE1#sh ip rip da vrf smcat_***05
R1_PE1#sh ip eigrp vrf smcat_***06 nei
R1_PE1#clear ip bgp *
R1_PE1#sh ip bgp ***v4 vrf smcat_***07
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei
R1_PE1#sh ip route vrf smcat_***05 //过滤前
Routing Table: smcat_***05
Gateway of last resort is not set
191.168.0.0/30 is subnetted, 3 subnets
R 191.168.1.4 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
C 191.168.1.0 is directly connected, Ethernet0/3.1
R 191.168.1.8 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
10.0.0 .0/24 is subnetted, 4 subnets
R 10.1.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R 10.60.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:25, Ethernet0/3.1
R 10.70.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R1_PE1#
Routing Table: smcat_***05
Gateway of last resort is not set
191.168.0.0/30 is subnetted, 3 subnets
R 191.168.1.4 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/
R 191.168.1.8 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R 10.1.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R 10.60.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:25, Ethernet0/3.1
R 10.70.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R1_PE1#
R1_PE1#sh ip route vrf smcat_***05 //过滤后
Routing Table: smcat_***05
Gateway of last resort is not set
191.168.0.0/30 is subnetted, 1 subnets
C 191.168.1.0 is directly connected, Ethernet0/3.1
10.0.0 .0/24 is subnetted, 1 subnets
R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:17, Ethernet0/3.1
R1_PE1#
Routing Table: smcat_***05
Gateway of last resort is not set
191.168.0.0/30 is subnetted, 1 subnets
C 191.168.1.0 is directly connected, Ethernet0/3.1
R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:17, Ethernet0/3.1
R1_PE1#
R1_PE1#sh ip rip da vrf smcat_***05
10.0.0 .0/8 auto-summary
10.50.1.0/24
[1] via 191.168.1.1, 00:00:20, Ethernet0/3.1
191.168.0.0/16 auto-summary
191.168.1.0/30 directly connected, Ethernet0/3.1
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei
IP-EIGRP neighbors for process 15
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 191.168.2.1 Et0/3.2 11 00:00:49 319 1914 0 3
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei det
IP-EIGRP neighbors for process 15
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 191.168.2.1 Et0/3.2 13 00:01:11 319 1914 0 3
Static neighbor
Version 12.4/1.2, Retrans: 0, Retries: 0
R1_PE1#
10.50.1.0/24
[1] via 191.168.1.1, 00:00:20, Ethernet0/3.1
191.168.0.0/16 auto-summary
191.168.1.0/30 directly connected, Ethernet0/3.1
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei
IP-EIGRP neighbors for process 15
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 191.168.2.1 Et0/3.2 11 00:00:49 319 1914 0 3
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei det
IP-EIGRP neighbors for process 15
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 191.168.2.1 Et0/3.2 13 00:01:11 319 1914 0 3
Static neighbor
Version 12.4/1.2, Retrans: 0, Retries: 0
R1_PE1#
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 su
BGP router identifier1.1.1 .1, local AS number 100
BGP table version is 38, main routing table version 38
1 network entries using 137 bytes of memory
1 path entries using 68 bytes of memory
10/8 BGP path/bestpath attribute entries using 1240 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
7 BGP extended community entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1741 total bytes of memory
BGP activity 19/6 prefixes, 19/6 paths, scan interval 15 secs
BGP router identifier
BGP table version is 38, main routing table version 38
1 network entries using 137 bytes of memory
1 path entries using 68 bytes of memory
10/8 BGP path/bestpath attribute entries using 1240 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
7 BGP extended community entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1741 total bytes of memory
BGP activity 19/6 prefixes, 19/6 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
5.5.5 .5 4 65001 6 5 38 0 0 00:01:47 1
R1_PE1#
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei
BGP neighbor is5.5.5 .5, vrf smcat_***07, remote AS 65001, external link
BGP version 4, remote router ID 5.5.5.5
BGP state = Established, up for 00:01:51
Last read 00:00:51, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
[待续]BGP neighbor is
BGP version 4, remote router ID 5.5.5.5
BGP state = Established, up for 00:01:51
Last read 00:00:51, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
