MPLS L3 ××× 實驗一(配置)
- 2020 年 1 月 12 日
- 筆記
MPLS L3 ××× 實驗一(配置)
實驗拓撲:
實驗一說明:
實驗使用了6台路由器,R1、R2、R3、R4、R5、R6、R7(其中R4作為FR-SW)
在上一基礎上增加了:
1、R4模擬幀中繼交換機,在R2(P)、R1(PE1)、R3(PE2)上各使用了一個多點子接口在邏輯上互聯骨幹網,骨幹ospf在R2的多點子接口下類型為點到多點,在R1和R3的多點子接口下用的均為點到點類型;
2、為了模擬PE到CE端採用不同路由協議的運行情況,將riv2、eigrp、ospf、bgp均配置在了R5(CE1)和R1(PE1)上,因為是實驗環境,故在R2(PE1)與R5(CE1)之間,啟用了另一條以太網鏈路(拓撲中實 際上每個連接點均為兩條鏈路,為了實驗的方便一條用的是串行鏈路,一條是以太鏈路)通過在R5(CE1)和R1(PE1)上的以太口上各劃分出三個子接口來建立三條邏輯鏈路,分別運行ripv2、eigrp、ebgp,以測試在PE到CE之間使用不同路由協議的功能及可能出現的問題;下一次會增加一個站點同時連接2個PE(使用ospf)時觀察downbit位的設置,並加入跨域的情況,可能以後會總有[待續],因為實驗的樂趣和對知識的理解是永久的.
一、實驗一路由器(5台)配置:
(配置後附有操作vrf時常用的幾個命令. R7(CE2)配置很簡單,未附上)
R4_FR-SW
!
frame-relay switching //幀中繼交換機配置
!
interface Serial1/1
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 102 interface Serial1/2 201
!
interface Serial1/2
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 201 interface Serial1/1 102
frame-relay route 203 interface Serial1/3 302
!
interface Serial1/3
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
frame-relay intf-type dce
frame-relay route 302 interface Serial1/2 203
!
R1_PE1 配置:
!
ip cef
no ip domain lookup
!
!
ip vrf smcat_***01 //在R1(PE1)和R3(PE2)上建立×××的路由轉發表
rd 10:100
route-target export 10:100
route-target import 11:100
route-target import 12:100
route-target import 13:100
!
ip vrf smcat_***05
rd 5:100
route-target export 5:100
route-target import 12:100
!
ip vrf smcat_***06
rd 6:100
route-target export 6:100
route-target import 13:100
!
ip vrf smcat_***07
rd 7:100
route-target export 7:100
route-target import 12:100
route-target import 13:100
!
mpls label protocol ldp
no mpls ip propagate-ttl
//關閉PE上的TTL傳播,對ping、tracert等應用時隱藏骨幹區域的核心P路由器
!
key chain pe-ce_auth
key 10
key-string pe-ce_ripv2
key 20
key-string pe-ce_eigrp
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding smcat_***01 //綁定vrf後,即改變了接口的從屬關係,原有IP 地址會被清除,需要重新配置
ip address 1.1.1.10 255.255.255.255
ip ospf network point-to-point
!
interface Loopback7
ip vrf forwarding smcat_***07
ip address 1.1.1.7 255.255.255.255
!
interface Ethernet0/3.1
encapsulation dot1Q 5
ip vrf forwarding smcat_***05
ip address 191.168.1.2 255.255.255.252
!
interface Ethernet0/3.2
encapsulation dot1Q 6
ip vrf forwarding smcat_***06
ip address 191.168.1.6 255.255.255.252
!
interface Ethernet0/3.3
encapsulation dot1Q 7
ip vrf forwarding smcat_***07
ip address 191.168.1.10 255.255.255.252
!
interface Serial1/0
ip address 172.16.1.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
mpls label protocol ldp //PE上只須在連接核心的端口啟用mpls ip
mpls ip
serial restart-delay 0
!
interface Serial1/1
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/1.1 multipoint
ip address 171.16.1.1 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-point
ip ospf hello-interval 30
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.2 102 broadcast
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3 //s1/3口連接R5(CE1)的 ××× 客戶
ip vrf forwarding smcat_***01
ip address 192.168.1.2 255.255.255.252
serial restart-delay 0
!
router eigrp 100 //在PE1和CE1 的*** smcat_***06之間運行eigrp
no auto-summary
!
address-family ipv4 vrf smcat_***06
redistribute bgp 100 metric 10000 100 1 255 1500
network 191.168.1.4 0.0.0.3
no auto-summary
autonomous-system 15
neighbor 191.168.1.5 Ethernet0/3.2
exit-address-family
!
router ospf 10 vrf smcat_***01 //在PE1和CE1 的*** smcat_***01之間運行ospf
router-id 1.1.1.10
log-adjacency-changes
area 0 authentication message-digest //為PE1和CE1之間的OSPF做區域認證
area 0 sham-link 1.1.1.10 3.3.3.10 cost 5
redistribute bgp 100 metric 10 subnets //在特定 vrf與MP-BGP之間做雙向重發佈
network 192.168.1.0 0.0.0.3 area 0
!
router ospf 100 //實際城域網中,骨幹IGP用IS-IS協議可使核心網具有更好的擴展性
router-id 1.1.1.1
log-adjacency-changes
area 0 authentication message-digest
network 1.1.1.1 0.0.0.0 area 0
network 171.16.1.0 0.0.0.7 area 0
network 172.16.1.0 0.0.0.3 area 0
!
router rip //在PE1和CE1 的*** smcat_***05之間運行ripv2
version 2
no auto-summary
!
address-family ipv4 vrf smcat_***05
redistribute bgp 100 metric 2
network 191.168.0.0
neighbor 191.168.1.1 //用單播穿透被動接口
no auto-summary
version 2
exit-address-family
!
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
//BGP默認只支持IPV4地址,關閉後啟用多協議功能,使其支持×××V4 地址族
bgp log-neighbor-changes
neighbor nei-R3 peer-group
//雖然只有一個PE鄰居,但使用了BGP對等體組配置, 更新源用環回口loop0
neighbor nei-R3 remote-as 100
neighbor nei-R3 password bgp100
//為PE上bgp之間的tcp連接做認證,是MD5的
neighbor nei-R3 update-source Loopback0
neighbor 3.3.3.3 peer-group nei-R3
!
address-family ipv4
neighbor 3.3.3.3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor nei-R3 send-community extended
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv4 vrf smcat_***07
//在PE1和CE1 的*** smcat_***07之間運行ebgp
neighbor 5.5.5.5 remote-as 65001
neighbor 5.5.5.5 ebgp-multihop 255
//用環回口作ebgp的更新源時必須用多跳配置,此處設置為了最大值255
neighbor 5.5.5.5 update-source Loopback7
neighbor 5.5.5.5 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***06
redistribute eigrp 15 metric 60
//在特定vrf與MP-BGP里的ipv4地址族下對應的vrf之間做雙向重發佈
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***05
redistribute rip metric 2
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***01
redistribute ospf 10 vrf smcat_***01 metric 10
no synchronization
network 1.1.1.10 mask 255.255.255.255
exit-address-family
!
ip http server
no ip http secure-server
ip route vrf smcat_***07 5.5.5.5 255.255.255.255 191.168.1.9
!
mpls ldp router-id Loopback0
!
R2_P配置:
!
ip cef
no ip domain lookup
!
mpls label protocol ldp
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
shutdown
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.1.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
shutdown
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/2
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/2.1 multipoint
ip address 171.16.1.2 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-multipoint
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.1 201 broadcast
frame-relay map ip 171.16.1.3 203 broadcast
no frame-relay inverse-arp
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication message-digest
network 2.2.2.2 0.0.0.0 area 0
network 171.16.1.0 0.0.0.7 area 0
network 172.16.1.0 0.0.0.3 area 0
network 172.16.1.4 0.0.0.3 area 0
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0
!
R3_PE2 配置
!
ip cef
no ip domain lookup
!
ip vrf smcat_***01
rd 11:100
route-target export 11:100
route-target import 10:100
route-target import 13:100
!
ip vrf smcat_***02
rd 12:100
route-target export 12:100
route-target import 10:100
!
ip vrf smcat_***03
rd 13:100
route-target export 13:100
route-target import 10:100
route-target import 11:100
!
mpls label protocol ldp
no mpls ip propagate-ttl
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding smcat_***01
ip address 3.3.3.10 255.255.255.255
ip ospf network point-to-point
!
interface Loopback12
ip vrf forwarding smcat_***02
ip address 12.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback13
ip vrf forwarding smcat_***03
ip address 13.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip vrf forwarding smcat_***01
ip address 192.168.1.6 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.1.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 superbackbone
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/3
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no frame-relay inverse-arp
frame-relay lmi-type q933a
!
interface Serial1/3.1 multipoint
ip address 171.16.1.3 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 super_backbone
ip ospf network point-to-point
ip ospf hello-interval 30
mpls label protocol ldp
mpls ip
frame-relay map ip 171.16.1.2 302 broadcast
!
router ospf 10 vrf smcat_***01
router-id 3.3.3.10
log-adjacency-changes
area 0 authentication message-digest
area 0 sham-link 3.3.3.10 1.1.1.10 cost 5
redistribute bgp 100 metric 1010 subnets
network 192.168.1.4 0.0.0.3 area 0
!
router ospf 12 vrf smcat_***02
log-adjacency-changes
redistribute connected subnets
redistribute bgp 100 metric 1012 subnets
network 12.1.1.0 0.0.0.255 area 0
!
router ospf 13 vrf smcat_***03
log-adjacency-changes
redistribute bgp 100 metric 1013 subnets
network 13.1.1.0 0.0.0.255 area 0
!
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
area 0 authentication message-digest
network 3.3.3.3 0.0.0.0 area 0
network 171.16.1.0 0.0.0.7 area 0
network 172.16.1.4 0.0.0.3 area 0
!
router bgp 100
bgp router-id 3.3.3.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor nei-R1 peer-group
neighbor nei-R1 remote-as 100
neighbor nei-R1 password bgp100
neighbor nei-R1 update-source Loopback0
neighbor 1.1.1.1 peer-group nei-R1
!
address-family ipv4
neighbor 1.1.1.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor nei-R1 send-community extended
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv4 vrf smcat_***03
redistribute ospf 13 vrf smcat_***03 metric 1310
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***02
redistribute ospf 12 vrf smcat_***02 metric 1210
no synchronization
exit-address-family
!
address-family ipv4 vrf smcat_***01
redistribute ospf 10 vrf smcat_***01 metric 1110
no synchronization
network 3.3.3.10 mask 255.255.255.255
exit-address-family
!
mpls ldp router-id Loopback0
!
R5_CE1
!
hostname R5_CE1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$27vC$umGqRRRDIgJQlUFv5qnE.0
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
key chain ce-pe_auth
key 10
key-string pe-ce_ripv2
key 20
key-string pe-ce_eigrp
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback5
ip address 10.50.1.1 255.255.255.0
!
interface Loopback6
ip address 10.60.1.1 255.255.255.0
!
interface Loopback7
ip address 10.70.1.1 255.255.255.0
!
interface Ethernet0/3.1
encapsulation dot1Q 5
ip address 191.168.1.1 255.255.255.252
!
interface Ethernet0/3.2
encapsulation dot1Q 6
ip address 191.168.1.5 255.255.255.252
!
interface Ethernet0/3.3
encapsulation dot1Q 7
ip address 191.168.1.9 255.255.255.252
!
interface Serial1/2
ip address 192.168.1.9 255.255.255.252
ip ospf cost 1600
serial restart-delay 0
!
interface Serial1/3
ip address 192.168.1.1 255.255.255.252
serial restart-delay 0
!
router eigrp 15
network 10.60.1.0 0.0.0.255
network 191.168.1.4 0.0.0.3
no auto-summary
neighbor 191.168.1.6 Ethernet0/3.2
!
router ospf 10
router-id 5.5.5.5
log-adjacency-changes
area 0 authentication message-digest
network 10.10.1.0 0.0.0.255 area 5
network 192.168.1.0 0.0.0.3 area 0
network 192.168.1.8 0.0.0.3 area 0
!
router rip
version 2
passive-interface default //被動狀態可以隔離廣播和組播,不隔離單播
network 10.0.0.0
network 191.168.0.0
neighbor 191.168.1.2 //用單播穿透被動接口
distribute-list prefix 50 out Ethernet0/3.1
no auto-summary
!
router bgp 65001
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
redistribute connected metric 70 route-map dis_list
//使用路由圖方式重分發直連路由進bgp
neighbor 1.1.1.7 remote-as 100
neighbor 1.1.1.7 ebgp-multihop 255
neighbor 1.1.1.7 update-source Loopback0
no auto-summary
!
ip http server
no ip http secure-server
ip route 1.1.1.7 255.255.255.255 191.168.1.10
!
ip prefix-list 50 seq 5 permit 10.50.0.0/16 le 32
ip prefix-list 50 seq 10 deny 0.0.0.0/0 le 32
!
ip access-list extended dis_list
permit ip 10.70.1.0 0.0.0.255 any
!
route-map dis_list permit 10
//using a route-map and a extended name ACL for redistri
match ip address dis_list
set tag 7
!
二、操作vrf時常用的幾個命令:
R1_PE1#sh ip vrf brief
R1_PE1#sh ip vrf det
R1_PE1#sh ip vrf det smcat_***05
R1_PE1#clear ip route vrf smcat_***05 *
R1_PE1#sh ip route vrf smcat_***05
R1_PE1#sh ip rip da vrf smcat_***05
R1_PE1#sh ip eigrp vrf smcat_***06 nei
R1_PE1#clear ip bgp *
R1_PE1#sh ip bgp ***v4 vrf smcat_***07
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei
R1_PE1#sh ip route vrf smcat_***05 //過濾前 Routing Table: smcat_***05 Gateway of last resort is not set 191.168.0.0/30 is subnetted, 3 subnets R 191.168.1.4 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1 C 191.168.1.0 is directly connected, Ethernet0/3.1 R 191.168.1.8 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1 10.0.0.0/24 is subnetted, 4 subnets R 10.1.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1 R 10.60.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1 R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:25, Ethernet0/3.1 R 10.70.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1 R1_PE1#
R1_PE1#sh ip route vrf smcat_***05 //過濾後 Routing Table: smcat_***05 Gateway of last resort is not set 191.168.0.0/30 is subnetted, 1 subnets C 191.168.1.0 is directly connected, Ethernet0/3.1 10.0.0.0/24 is subnetted, 1 subnets R 10.50.1.0 [120/1] via 191.168.1.1, 00:00:17, Ethernet0/3.1 R1_PE1#
R1_PE1#sh ip rip da vrf smcat_***05 10.0.0.0/8 auto-summary 10.50.1.0/24 [1] via 191.168.1.1, 00:00:20, Ethernet0/3.1 191.168.0.0/16 auto-summary 191.168.1.0/30 directly connected, Ethernet0/3.1 R1_PE1# R1_PE1#sh ip eigrp vrf smcat_***06 nei IP-EIGRP neighbors for process 15 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 191.168.2.1 Et0/3.2 11 00:00:49 319 1914 0 3 R1_PE1# R1_PE1#sh ip eigrp vrf smcat_***06 nei det IP-EIGRP neighbors for process 15 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 191.168.2.1 Et0/3.2 13 00:01:11 319 1914 0 3 Static neighbor Version 12.4/1.2, Retrans: 0, Retries: 0 R1_PE1#
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 su BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 38, main routing table version 38 1 network entries using 137 bytes of memory 1 path entries using 68 bytes of memory 10/8 BGP path/bestpath attribute entries using 1240 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 7 BGP extended community entries using 272 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1741 total bytes of memory BGP activity 19/6 prefixes, 19/6 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 5.5.5.5 4 65001 6 5 38 0 0 00:01:47 1
R1_PE1#
R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei BGP neighbor is 5.5.5.5, vrf smcat_***07, remote AS 65001, external link BGP version 4, remote router ID 5.5.5.5 BGP state = Established, up for 00:01:51 Last read 00:00:51, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received
