MPLS L3 ××× 实验一(配置)

发布时间：2019-09-06 08:52:01编辑：auto阅读（1584）

MPLS L3 ××× 实验一(配置)

实验拓扑：

                  

      

实验一说明：

   实验使用了6台路由器,R1、R2、R3、R4、R5、R6、R7(其中R4作为FR-SW)

在上一基础上增加了：

7、R4模拟帧中继交换机，在R2(P)、R1(PE1)、R3(PE2)上各使用了一个多点子接口在逻辑上互联骨干网，骨干ospf在R2的多点子接口下类型为点到多点，在R1和R3的多点子接口下用的均为点到点类型；

8、为了模拟PE到CE端采用不同路由协议的运行情况，将riv2、eigrp、ospf、bgp均配置在

   了R5(CE1)和R1(PE1)上，因为是实验环境，故在R2(PE1)与R5(CE1)之间，启用了另一条

   以太网链路(拓扑中实 际上每个连接点均为两条链路,为了实验的方便一条用的是串行

   链路，一条是以太链路)通过在R5(CE1)和R1(PE1)上的以太口上各划分出三个子接口来

   建立三条逻辑链路,分别运行ripv2、eigrp、ebgp,以测试在PE到CE之间使用不同路由协

   议的功能及可能出现的问题；

 

　 下一次会增加一个站点同时连接2个PE(使用ospf)时观察downbit位的设置,并加入跨域的情况，可能以后会总有[待续]，因为实验的乐趣和对知识的理解是永久的.

 

一、实验一路由器(5台)配置：

      (配置后附有操作vrf时常用的几个命令. R7(CE2)配置很简单,未附上)

R4_FR-SW 

!

frame-relay switching               //帧中继交换机配置

!

interface Serial1/1

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

 frame-relay intf-type dce

 frame-relay route 102 interface Serial1/2 201

!

interface Serial1/2

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

 frame-relay intf-type dce

 frame-relay route 201 interface Serial1/1 102

 frame-relay route 203 interface Serial1/3 302

!

interface Serial1/3

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

 frame-relay intf-type dce

 frame-relay route 302 interface Serial1/2 203

!

R1_PE1 配置：

!

ip cef

no ip domain lookup

!

!

ip vrf smcat_***01        //在R1(PE1)和R3(PE2)上建立×××的路由转发表

 rd 10:100

 route-target export 10:100

 route-target import 11:100

 route-target import 12:100

 route-target import 13:100

!

ip vrf smcat_***05

 rd 5:100

 route-target export 5:100

 route-target import 12:100

!

ip vrf smcat_***06

 rd 6:100

 route-target export 6:100

 route-target import 13:100

!

ip vrf smcat_***07

 rd 7:100

 route-target export 7:100

 route-target import 12:100

 route-target import 13:100

!

mpls label protocol ldp

no mpls ip propagate-ttl     

//关闭PE上的TTL传播,对ping、tracert等应用时隐藏骨干区域的核心P路由器

!

key chain pe-ce_auth

 key 10

   key-string pe-ce_ripv2

 key 20

   key-string pe-ce_eigrp

!

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

 ip ospf network point-to-point

!

interface Loopback1

 ip vrf forwarding smcat_***01   //绑定vrf后,即改变了接口的从属关系,原有IP 地址会被清除,需要重新配置

 ip address 1.1.1.10 255.255.255.255

 ip ospf network point-to-point

!

interface Loopback7

 ip vrf forwarding smcat_***07

 ip address 1.1.1.7 255.255.255.255

!

interface Ethernet0/3.1

 encapsulation dot1Q 5

 ip vrf forwarding smcat_***05

 ip address 191.168.1.2 255.255.255.252

!

interface Ethernet0/3.2

 encapsulation dot1Q 6

 ip vrf forwarding smcat_***06

 ip address 191.168.1.6 255.255.255.252

!        

interface Ethernet0/3.3

 encapsulation dot1Q 7

 ip vrf forwarding smcat_***07

 ip address 191.168.1.10 255.255.255.252

!

interface Serial1/0

 ip address 172.16.1.1 255.255.255.252

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 superbackbone

 mpls label protocol ldp           //PE上只须在连接核心的端口启用mpls ip

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

!

interface Serial1/1.1 multipoint

 ip address 171.16.1.1 255.255.255.248

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 super_backbone

 ip ospf network point-to-point

 ip ospf hello-interval 30

 mpls label protocol ldp

 mpls ip

 frame-relay map ip 171.16.1.2 102 broadcast

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3                           //s1/3口连接R5(CE1)的 ××× 客户

 ip vrf forwarding smcat_***01

 ip address 192.168.1.2 255.255.255.252

 serial restart-delay 0

!

router eigrp 100               //在PE1和CE1 的*** smcat_***06之间运行eigrp

 no auto-summary

 !

 address-family ipv4 vrf smcat_***06

  redistribute bgp 100 metric 10000 100 1 255 1500

  network 191.168.1.4 0.0.0.3

  no auto-summary

  autonomous-system 15

  neighbor 191.168.1.5 Ethernet0/3.2

 exit-address-family

!

router ospf 10 vrf smcat_***01     //在PE1和CE1 的*** smcat_***01之间运行ospf

 router-id 1.1.1.10

 log-adjacency-changes

 area 0 authentication message-digest       //为PE1和CE1之间的OSPF做区域认证

 area 0 sham-link 1.1.1.10 3.3.3.10 cost 5

 redistribute bgp 100 metric 10 subnets    //在特定 vrf与MP-BGP之间做双向重发布

 network 192.168.1.0 0.0.0.3 area 0

!

router ospf 100   //实际城域网中,骨干IGP用IS-IS协议可使核心网具有更好的扩展性

 router-id 1.1.1.1

 log-adjacency-changes

 area 0 authentication message-digest

 network 1.1.1.1 0.0.0.0 area 0

 network 171.16.1.0 0.0.0.7 area 0

 network 172.16.1.0 0.0.0.3 area 0

!

router rip                      //在PE1和CE1 的*** smcat_***05之间运行ripv2

 version 2

 no auto-summary

 !

 address-family ipv4 vrf smcat_***05

  redistribute bgp 100 metric 2

  network 191.168.0.0

  neighbor 191.168.1.1          //用单播穿透被动接口

  no auto-summary

  version 2

 exit-address-family

!

router bgp 100 

 bgp router-id 1.1.1.1

 no bgp default ipv4-unicast   

//BGP默认只支持IPV4地址,关闭后启用多协议功能,使其支持×××V4 地址族

 bgp log-neighbor-changes

 neighbor nei-R3 peer-group   

//虽然只有一个PE邻居,但使用了BGP对等体组配置, 更新源用环回口loop0

 neighbor nei-R3 remote-as 100

 neighbor nei-R3 password bgp100    

//为\PE上bgp之间的tcp连接做认证,是MD5的

 neighbor nei-R3 update-source Loopback0

 neighbor 3.3.3.3 peer-group nei-R3

 !

 address-family ipv4

  neighbor 3.3.3.3 activate

  no auto-summary

  no synchronization

 exit-address-family

 !

 address-family ***v4

  neighbor nei-R3 send-community extended

  neighbor 3.3.3.3 activate

 exit-address-family

 !

 address-family ipv4 vrf smcat_***07   

//在PE1和CE1 的*** smcat_***07之间运行ebgp

  neighbor 5.5.5.5 remote-as 65001

  neighbor 5.5.5.5 ebgp-multihop 255  

//用环回口作ebgp的更新源时必须用多跳配置,此处设置为了最大值255

  neighbor 5.5.5.5 update-source Loopback7

  neighbor 5.5.5.5 activate

  no synchronization

 exit-address-family

 !

 address-family ipv4 vrf smcat_***06

  redistribute eigrp 15 metric 60   

//在特定vrf与MP-BGP里的ipv4地址族下对应的vrf之间做双向重发布

  no synchronization

 exit-address-family

 !

 address-family ipv4 vrf smcat_***05

  redistribute rip metric 2

  no synchronization

 exit-address-family

 !

 address-family ipv4 vrf smcat_***01

  redistribute ospf 10 vrf smcat_***01 metric 10

  no synchronization

  network 1.1.1.10 mask 255.255.255.255

 exit-address-family

!

ip http server

no ip http secure-server

ip route vrf smcat_***07 5.5.5.5 255.255.255.255 191.168.1.9

!

mpls ldp router-id Loopback0

!

R2_P配置：

!

ip cef

no ip domain lookup

!

mpls label protocol ldp

!

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Serial1/0

 ip address 172.16.1.2 255.255.255.252

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 superbackbone

 shutdown

 mpls label protocol ldp

 mpls ip

 serial restart-delay 0

!

interface Serial1/1

 ip address 172.16.1.6 255.255.255.252

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 superbackbone

 shutdown

 mpls label protocol ldp

 mpls ip

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

!

interface Serial1/2.1 multipoint

 ip address 171.16.1.2 255.255.255.248

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 super_backbone

 ip ospf network point-to-multipoint

 mpls label protocol ldp

 mpls ip

 frame-relay map ip 171.16.1.1 201 broadcast

 frame-relay map ip 171.16.1.3 203 broadcast

 no frame-relay inverse-arp

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

router ospf 100

 router-id 2.2.2.2

 log-adjacency-changes

 area 0 authentication message-digest

 network 2.2.2.2 0.0.0.0 area 0

 network 171.16.1.0 0.0.0.7 area 0

 network 172.16.1.0 0.0.0.3 area 0

 network 172.16.1.4 0.0.0.3 area 0

!

ip http server

no ip http secure-server

!

mpls ldp router-id Loopback0

!

R3_PE2 配置

!

ip cef

no ip domain lookup

!

ip vrf smcat_***01

 rd 11:100

 route-target export 11:100

 route-target import 10:100

 route-target import 13:100

!

ip vrf smcat_***02

 rd 12:100

 route-target export 12:100

 route-target import 10:100

!

ip vrf smcat_***03

 rd 13:100

 route-target export 13:100

 route-target import 10:100

 route-target import 11:100

!

mpls label protocol ldp

no mpls ip propagate-ttl

!

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

 ip ospf network point-to-point

!

interface Loopback1

 ip vrf forwarding smcat_***01

 ip address 3.3.3.10 255.255.255.255

 ip ospf network point-to-point

!

interface Loopback12

 ip vrf forwarding smcat_***02

 ip address 12.1.1.1 255.255.255.0

 ip ospf network point-to-point

!

interface Loopback13

 ip vrf forwarding smcat_***03

 ip address 13.1.1.1 255.255.255.0

 ip ospf network point-to-point

!

interface Serial1/0

 ip vrf forwarding smcat_***01

 ip address 192.168.1.6 255.255.255.252

 serial restart-delay 0

!

interface Serial1/1

 ip address 172.16.1.5 255.255.255.252

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 superbackbone

 mpls label protocol ldp

 mpls ip

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 encapsulation frame-relay IETF

 serial restart-delay 0

 no frame-relay inverse-arp

 frame-relay lmi-type q933a

!

interface Serial1/3.1 multipoint

 ip address 171.16.1.3 255.255.255.248

 ip ospf authentication message-digest

 ip ospf message-digest-key 10 md5 super_backbone

 ip ospf network point-to-point

 ip ospf hello-interval 30

 mpls label protocol ldp

 mpls ip

 frame-relay map ip 171.16.1.2 302 broadcast

!

router ospf 10 vrf smcat_***01

 router-id 3.3.3.10

 log-adjacency-changes

 area 0 authentication message-digest

 area 0 sham-link 3.3.3.10 1.1.1.10 cost 5

 redistribute bgp 100 metric 1010 subnets

 network 192.168.1.4 0.0.0.3 area 0

!

router ospf 12 vrf smcat_***02

 log-adjacency-changes

 redistribute connected subnets

 redistribute bgp 100 metric 1012 subnets

 network 12.1.1.0 0.0.0.255 area 0

!

router ospf 13 vrf smcat_***03

 log-adjacency-changes

 redistribute bgp 100 metric 1013 subnets

 network 13.1.1.0 0.0.0.255 area 0

!        

router ospf 100

 router-id 3.3.3.3

 log-adjacency-changes

 area 0 authentication message-digest

 network 3.3.3.3 0.0.0.0 area 0

 network 171.16.1.0 0.0.0.7 area 0

 network 172.16.1.4 0.0.0.3 area 0

!

router bgp 100

 bgp router-id 3.3.3.3

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor nei-R1 peer-group

 neighbor nei-R1 remote-as 100

 neighbor nei-R1 password bgp100

 neighbor nei-R1 update-source Loopback0

 neighbor 1.1.1.1 peer-group nei-R1

 !

 address-family ipv4

  neighbor 1.1.1.1 activate

  no auto-summary

  no synchronization

 exit-address-family

 !

 address-family ***v4

  neighbor nei-R1 send-community extended

  neighbor 1.1.1.1 activate

 exit-address-family

 !

 address-family ipv4 vrf smcat_***03

  redistribute ospf 13 vrf smcat_***03 metric 1310

  no synchronization

 exit-address-family

 !

 address-family ipv4 vrf smcat_***02

  redistribute ospf 12 vrf smcat_***02 metric 1210

  no synchronization

 exit-address-family

 !

 address-family ipv4 vrf smcat_***01

  redistribute ospf 10 vrf smcat_***01 metric 1110

  no synchronization

  network 3.3.3.10 mask 255.255.255.255

 exit-address-family

!

mpls ldp router-id Loopback0

!

R5_CE1

!

hostname R5_CE1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$27vC$umGqRRRDIgJQlUFv5qnE.0

!

no aaa new-model

memory-size iomem 5

!

ip cef

no ip domain lookup

!

key chain ce-pe_auth

 key 10

   key-string pe-ce_ripv2

 key 20

   key-string pe-ce_eigrp

!

interface Loopback0

 ip address 5.5.5.5 255.255.255.255

!        

interface Loopback1

 ip address 10.1.1.1 255.255.255.0

 ip ospf network point-to-point

!

interface Loopback5

 ip address 10.50.1.1 255.255.255.0

!

interface Loopback6

 ip address 10.60.1.1 255.255.255.0

!

interface Loopback7

 ip address 10.70.1.1 255.255.255.0

!

interface Ethernet0/3.1

 encapsulation dot1Q 5

 ip address 191.168.1.1 255.255.255.252

!

interface Ethernet0/3.2

 encapsulation dot1Q 6

 ip address 191.168.1.5 255.255.255.252

!

interface Ethernet0/3.3

 encapsulation dot1Q 7

 ip address 191.168.1.9 255.255.255.252

!

interface Serial1/2

 ip address 192.168.1.9 255.255.255.252

 ip ospf cost 1600

 serial restart-delay 0

!

interface Serial1/3

 ip address 192.168.1.1 255.255.255.252

 serial restart-delay 0

!

router eigrp 15

 network 10.60.1.0 0.0.0.255

 network 191.168.1.4 0.0.0.3

 no auto-summary

 neighbor 191.168.1.6 Ethernet0/3.2

!        

router ospf 10

 router-id 5.5.5.5

 log-adjacency-changes

 area 0 authentication message-digest

 network 10.10.1.0 0.0.0.255 area 5

 network 192.168.1.0 0.0.0.3 area 0

 network 192.168.1.8 0.0.0.3 area 0

!

router rip

 version 2

 passive-interface default              //被动状态可以隔离广播和组播,不隔离单播

 network 10.0.0.0

 network 191.168.0.0

 neighbor 191.168.1.2                    //用单播穿透被动接口

 distribute-list prefix 50 out Ethernet0/3.1

 no auto-summary

!

router bgp 65001

 no synchronization

 bgp router-id 5.5.5.5

 bgp log-neighbor-changes

 redistribute connected metric 70 route-map dis_list     

//使用路由图方式重分发直连路由进bgp

 neighbor 1.1.1.7 remote-as 100

 neighbor 1.1.1.7 ebgp-multihop 255

 neighbor 1.1.1.7 update-source Loopback0

 no auto-summary

!

ip http server

no ip http secure-server

ip route 1.1.1.7 255.255.255.255 191.168.1.10

!

ip prefix-list 50 seq 5 permit 10.50.0.0/16 le 32

ip prefix-list 50 seq 10 deny 0.0.0.0/0 le 32

!

ip access-list extended dis_list

 permit ip 10.70.1.0 0.0.0.255 any

!

route-map dis_list permit 10            

//using a route-map and a extended name ACL for redistri

 match ip address dis_list

 set tag 7

!

二、操作vrf时常用的几个命令：

R1_PE1#sh ip vrf brief

R1_PE1#sh ip vrf det

R1_PE1#sh ip vrf det smcat_***05

R1_PE1#clear ip route vrf smcat_***05 *

R1_PE1#sh ip route vrf smcat_***05

R1_PE1#sh ip rip da vrf smcat_***05

R1_PE1#sh ip eigrp vrf smcat_***06 nei

R1_PE1#clear ip bgp *

R1_PE1#sh ip bgp ***v4 vrf smcat_***07

R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei

 

R1_PE1#sh ip route vrf smcat_***05              //过滤前
Routing Table: smcat_***05
Gateway of last resort is not set
     191.168.0.0/30 is subnetted, 3 subnets
R       191.168.1.4 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
C       191.168.1.0 is directly connected, Ethernet0/3.1
R       191.168.1.8 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
     10.0.0.0/24 is subnetted, 4 subnets
R       10.1.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R       10.60.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R       10.50.1.0 [120/1] via 191.168.1.1, 00:00:25, Ethernet0/3.1
R       10.70.1.0 [120/1] via 191.168.1.1, 00:00:52, Ethernet0/3.1
R1_PE1#

R1_PE1#sh ip route vrf smcat_***05      //过滤后
Routing Table: smcat_***05
Gateway of last resort is not set
     191.168.0.0/30 is subnetted, 1 subnets
C       191.168.1.0 is directly connected, Ethernet0/3.1
     10.0.0.0/24 is subnetted, 1 subnets
R       10.50.1.0 [120/1] via 191.168.1.1, 00:00:17, Ethernet0/3.1
R1_PE1#

R1_PE1#sh ip rip da vrf smcat_***05
10.0.0.0/8    auto-summary
10.50.1.0/24
    [1] via 191.168.1.1, 00:00:20, Ethernet0/3.1
191.168.0.0/16    auto-summary
191.168.1.0/30    directly connected, Ethernet0/3.1
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei
IP-EIGRP neighbors for process 15
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   191.168.2.1             Et0/3.2           11 00:00:49  319  1914  0  3
R1_PE1#
R1_PE1#sh ip eigrp vrf smcat_***06 nei det
IP-EIGRP neighbors for process 15
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   191.168.2.1             Et0/3.2           13 00:01:11  319  1914  0  3
   Static neighbor
   Version 12.4/1.2, Retrans: 0, Retries: 0
R1_PE1#

R1_PE1#sh ip bgp ***v4 vrf smcat_***07 su
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 38, main routing table version 38
1 network entries using 137 bytes of memory
1 path entries using 68 bytes of memory
10/8 BGP path/bestpath attribute entries using 1240 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
7 BGP extended community entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1741 total bytes of memory
BGP activity 19/6 prefixes, 19/6 paths, scan interval 15 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down State/PfxRcd
5.5.5.5         4 65001     6       5       38    0    0   00:01:47      1

R1_PE1#

R1_PE1#sh ip bgp ***v4 vrf smcat_***07 nei
BGP neighbor is 5.5.5.5,  vrf smcat_***07,  remote AS 65001, external link
  BGP version 4, remote router ID 5.5.5.5
  BGP state = Established, up for 00:01:51
  Last read 00:00:51, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received

                                                                   [待续]

关键字：