1 / 13

MPLS VPN 典型配置案例(二)

技能大赛 - 网络技术赛 ——. MPLS VPN 典型配置案例(二). 版权说明. 本文档来自新华三大学,若作者对本资料使用持有异议,请及时与本网站联系,我们将在第一时间处理. 上述配置完成后, PE 1 、 P 、 PE 2 之间应能建立 LDP 会话,执行 display mpls ldp session 命令可以看到显示结果中 Session State 项为 Operational 。执行 display mpls ldp lsp 命令,可以看到 LDP LSP 的建立情况。 以 PE 1 为例: [PE1] display mpls ldp session

cbartley
Download Presentation

MPLS VPN 典型配置案例(二)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 技能大赛-网络技术赛—— MPLS VPN典型配置案例(二)

  2. 版权说明 本文档来自新华三大学,若作者对本资料使用持有异议,请及时与本网站联系,我们将在第一时间处理

  3. 上述配置完成后,PE 1、P、PE 2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Session State项为Operational。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。 以PE 1为例: [PE1] display mpls ldp session                LDP Session(s) in Public Network ----------------------------------------------------------------  Peer-ID         Status        LAM  SsnRole  FT   MD5  KA-Sent/Rcv  ---------------------------------------------------------------  2.2.2.9:0       Operational   DU   Passive  Off  Off  5/5  ---------------------------------------------------------------  LAM : Label Advertisement Mode         FT  : Fault Tolerance [PE1] display mpls ldp lsp                               LDP LSP Information  ------------------------------------------------------------------  SN  DestAddress/Mask   In/OutLabel  Next-Hop     In/Out-Interface  ------------------------------------------------------------------  1   1.1.1.9/32         3/NULL       127.0.0.1     POS5/0/InLoop0  2   2.2.2.9/32         NULL/3       172.1.1.2     -------/POS5/0  3   3.3.3.9/32         NULL/1024    172.1.1.2     -------/POS5/0 ------------------------------------------------------------------  A '*' before an LSP means the LSP is not established  A '*' before a Label means the USCB or DSCB is stale

  4. (3)        在PE设备上配置VPN实例,将CE接入PE # 配置PE 1。 [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface ethernet 1/1 [PE1-Ethernet1/1] ip binding vpn-instance vpn1 [PE1-Ethernet1/1] ip address 10.1.1.2 24 [PE1-Ethernet1/1] quit [PE1] interface ethernet 1/2 [PE1-Ethernet1/2] ip binding vpn-instance vpn2 [PE1-Ethernet1/2] ip address 10.2.1.2 24 [PE1-Ethernet1/2] quit

  5. # 配置PE 2。 [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface ethernet 1/1 [PE2-Ethernet1/1] ip binding vpn-instance vpn1 [PE2-Ethernet1/1] ip address 10.3.1.2 24 [PE2-Ethernet1/1] quit [PE2] interface ethernet 1/2 [PE2-Ethernet1/2] ip binding vpn-instance vpn2 [PE2-Ethernet1/2] ip address 10.4.1.2 24 [PE2-Ethernet1/2] quit

  6. # 按图配置各CE的接口IP地址,配置过程略。 配置完成后,在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。 以PE 1和CE 1为例: [PE1] display ip vpn-instance   Total VPN-Instances configured : 2   VPN-Instance Name      RD          Create Time   vpn1                  100:1        2006/08/13 09:32:45   vpn2                  100:2        2006/08/13 09:42:59 [PE1] ping -vpn-instance vpn1 10.1.1.1   PING 10.1.1.1: 56  data bytes, press CTRL_C to break     Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms     Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms     Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms     Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms     Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms   --- 10.1.1.1 ping statistics ---     5 packet(s) transmitted     5 packet(s) received     0.00% packet loss     round-trip min/avg/max = 3/23/56 ms

  7. (4)        在PE与CE之间建立EBGP对等体,引入VPN路由 # 配置CE 1。 <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit 另外3个CE设备(CE 2~CE 4)配置与CE 1设备配置类似,配置过程省略。 # 配置PE 1。 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit PE 2的配置与PE 1类似,配置过程省略。

  8. 配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。 以PE 1与CE 1的对等体关系为例: [PE1] display bgp vpnv4 vpn-instance vpn1 peer  BGP local router ID : 1.1.1.9  Local AS number : 100  Total number of peers : 1            Peers in established state : 1   Peer      AS   MsgRcvd MsgSent OutQ  PrefRcv   Up/Down    State   10.1.1.1  65410 11      9       0     1         00:06:37   Established

  9. (5)        在PE之间建立MP-IBGP对等体 # 配置PE 1。 [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # 配置PE 2。 [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

  10. 配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。 [PE1] display bgp peer  BGP local router ID : 1.1.1.9  Local AS number : 100  Total number of peers : 1          Peers in established state : 1   Peer        AS  MsgRcvd  MsgSent  OutQ   PrefRcv   Up/Down  State   3.3.3.9     100        2        6     0         0   00:00:12 Established

  11. (6)        配置完成后的检验 在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由。 以PE 1为例: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1          Destinations : 3        Routes : 3 Destination/Mask  Proto  Pre  Cost     NextHop         Interface 10.1.1.0/24       Direct 0    0        10.1.1.2        Eth1/1 10.1.1.2/32       Direct 0    0        127.0.0.1       InLoop0 10.3.1.0/24       BGP    255  0        3.3.3.9         NULL0 [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2          Destinations : 3        Routes : 3 Destination/Mask  Proto  Pre  Cost      NextHop         Interface 10.2.1.0/24       Direct 0    0         10.2.1.2        Eth1/2 10.2.1.2/32       Direct 0    0         127.0.0.1       InLoop0 10.4.1.0/24       BGP    255  0         3.3.3.9         NULL0

  12. 同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。 例如:CE 1能够Ping通CE 3(10.3.1.1),但不能Ping通CE 4(10.4.1.1)。 [CE1] ping 10.3.1.1   PING 10.3.1.1: 56  data bytes, press CTRL_C to break     Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms     Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms     Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms     Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms     Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms   --- 10.3.1.1 ping statistics ---     5 packet(s) transmitted     5 packet(s) received     0.00% packet loss     round-trip min/avg/max = 34/48/72 ms 

  13. [CE1] ping 10.4.1.1   PING 10.4.1.1: 56  data bytes, press CTRL_C to break     Request time out     Request time out     Request time out     Request time out     Request time out   --- 10.4.1.1 ping statistics ---     5 packet(s) transmitted     0 packet(s) received     100.00% packet loss

More Related