在MPLS-VPN中  R1 R5分别为CE-1 CE-2  R2 R3  R4为MPLS核心网

一.配置分解

1.基本配置
R1 为CE-1 VPNA 客户
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point
!        
interface Serial1/0
 ip address 12.1.1.1 255.255.255.0
!
router ospf 2
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 0
 network 12.1.1.0 0.0.0.255 area 0
//我们在两个VPN客户之间运行动态路由协议OSPF 可以加快网络的收敛和网络安全可靠

R5为CE-2 VPNA 客户
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
 ip ospf network point-to-point
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 ip address 45.1.1.5 255.255.255.0
!
router ospf 2
 network 5.5.5.0 0.0.0.255 area 0
 network 45.1.1.0 0.0.0.255 area 0

R2 为PE-1 MPLS-VPN 核心网边缘接入设备
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface Serial1/0
 ip address 12.1.1.2 255.255.255.0
!
interface Serial1/1
 ip address 23.1.1.2 255.255.255.0
!
router ospf 1
 router-id 2.2.2.2
 network 2.2.2.0 0.0.0.255 area 0
 network 23.1.1.0 0.0.0.255 area 0

R4 为PE-2 MPLS-VPN 核心网边缘接入设备
nterface Loopback0
 ip address 4.4.4.4 255.255.255.0
!
interface Serial1/0
 ip address 34.1.1.4 255.255.255.0
!
interface Serial1/1
 ip address 45.1.1.4 255.255.255.0
router ospf 1
 router-id 4.4.4.4
 network 4.4.4.0 0.0.0.255 area 0
 network 34.1.1.0 0.0.0.255 area 0

R3 为P MPLS-VPN 核心设备
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
!        
interface Serial1/0
 ip address 34.1.1.3 255.255.255.0
!
interface Serial1/1
 ip address 23.1.1.3 255.255.255.0
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.0 0.0.0.255 area 0
 network 23.1.1.0 0.0.0.255 area 0
 network 34.1.1.0 0.0.0.255 area 0
//MPLS 核心运行OSPF协议,在MPLS IP 城区域网中,也可以采用IS-IS协议.因为IS-IS网络具有更好的可扩展性

 

2.MPLS网络配置
  因为R2-R3-R4为MPLS网络,所以要在他们上启用MPLS IP.并且只能在属于MPLS IP接口上启用MPLS IP
R2上配置
ip cef
int s1/1
mpls label protocol ldp
mpls ip  启用MPLS
//mpls label pro LDP | TDP | both
LDP 是国际标准,现在用的最广  TDP 是CISCO私有协议 BOTH 表示在MPLS网络可以支持两种协议

R3上配置
ip cef
int s1/1
mpls label protocol ldp
mpls ip
int s1/0
mpls label protocol ldp
mpls ip

R4上配置
int s1/0
mpls label protocol ldp
mpls ip

R3#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
18     Pop tag     2.2.2.0/24        4680       Se1/1      point2point 
19     Pop tag     4.4.4.0/24        5475       Se1/0      point2point
//P上基于label 转发,因为23.1.1.0/24 与34.1.1.0/24是直连的网络,所以不会打上label,如果是/32的位主机路由,这不会打上tag ,所在要在R2与R4 的环回口使用 ip os network point-to-point

R2#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
16     Pop tag     34.1.1.0/24       0          Se1/1      point2point 
17     Untagged    1.1.1.0/24[V]     2080       Se1/0      point2point 
18     Aggregate   12.1.1.0/24[V]    0                                 
19     Pop tag     3.3.3.0/24        0          Se1/1      point2point 
20     19          4.4.4.0/24        0          Se1/1      point2point 
//这是我们整个方案配置完后,R2上MPLS IP转发表,我们的FLIB 是根据FIB+LIB生成的.

配置完成后,我们可以看到MPLS 邻居
R2#sh mpls ldp nei
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
        TCP connection: 3.3.3.3.30806 - 2.2.2.2.646
        State: Oper; Msgs sent/rcvd: 93/92; Downstream
        Up time: 01:03:43
        LDP discovery sources:
          Serial1/1, Src IP addr: 23.1.1.3
        Addresses bound to peer LDP Ident:
          34.1.1.3        23.1.1.3        3.3.3.3
//从上可以看是基于TCP连接 本地端口646

3.配置PE-1与PE-2的BGP
R2上配置
router bgp 1
bgp router-id 2.2.2.2
nei 4.4.4.4 remot 1
nei 4.4.4.4 updata lo0
R4上配置
router bgp 1
 bgp router-id 4.4.4.4
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
//建立BGP对等体 采用环回口作为更新源

配置完成后,查看BGP邻居是否建立成功    
R2#sh ip bgp nei
BGP neighbor is 4.4.4.4,  remote AS 1, internal link
  BGP version 4, remote router ID 4.4.4.4
  BGP state = Established, up for 01:01:55
  Last read 00:00:04, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received

4.在BGP路由上,支持MP-BGP协议,因为BGP默认支持IPV4-uncast .我们让其支持VPNV4 地址
R2上配置
router bgp 1
no bgp default ipv4-unicast
address-family vpnv4
neighbor 4.4.4.4 activate
R4上配置
router bgp 1
no bgp default ipv4-unicast
address-family vpnv4
neighbor 2.2.2.2 activate

配置完成后,我们用show ip bgp nei 查看
R2#sh ip bgp nei
BGP neighbor is 4.4.4.4,  remote AS 1, internal link
  BGP version 4, remote router ID 4.4.4.4
  BGP state = Established, up for 01:01:55
  Last read 00:00:04, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    Address family VPNv4 Unicast: advertised and received
//从上面红色字体看出,能接受与发送VPNv4地址

 

5.在PE-1和PE-2上建立VPN的路由转发表,即ip vrf
R2和R4上配置
ip vrf vpna
 rd 1:100
 route-target export 1:100
 route-target import 1:100
//rd 是为来区分不同VPN客户之间使用相同私有地址时用到的. route-target export | import 是当两个
不同的VPN客户之间要通信时,将不同VPNA的转发表导出或导入.

R2 与R4的配置
router os 2 vrf vpna
net 12.1.1.0 255.255.255.0 a 0
router os 2 vrf vpna
net 45.1.1.0 255.255.255.0 a 0

将转发表应用到VPN用户接放端口上
R2 与 R4 分别是S1/0 S1/1
int s/0 s1/0
ip vrf forwarding vpna
需要接口重新配置IP 地址

 

6.将MP-BGP 与 ip vrf forwarding 路由表之间进行重分布,VRF信息是通过MP-BGP在MPLS 核心网上传输的
R2和R4上配置
router os 2 vrf vpna
 redistribute bgp 1 metric 10 subnets
router bgp 1
address-family ipv4 vrf vpna
redistribute ospf 2 metric 10

配置完成后,在R1与R5上用shwo ip route
R1#sh ip rou

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     5.0.0.0/24 is subnetted, 1 subnets
O IA    5.5.5.0 [110/74] via 12.1.1.2, 01:12:29, Serial1/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0
     45.0.0.0/24 is subnetted, 1 subnets
O IA    45.1.1.0 [110/74] via 12.1.1.2, 01:12:29, Serial1/0
//成功学到了对端VPNA的路由信息 
R2#sh ip rou vrf vpna

     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 12.1.1.1, 01:16:21, Serial1/0
     5.0.0.0/24 is subnetted, 1 subnets
B       5.5.5.0 [200/10] via 4.4.4.4, 01:09:23
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0
     45.0.0.0/24 is subnetted, 1 subnets
B       45.1.1.0 [200/0] via 4.4.4.4, 01:13:16
//可以看出VRF是通过BGP传输的

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 288/592/1476 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 288/572/1312 ms
//OK,两个VPN客户之间能PING 通

二.完整配置

R1#sh run
Building configuration...

Current configuration : 1020 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!        
interface Serial1/0
 ip address 12.1.1.1 255.255.255.0
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 2
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 0
 network 12.1.1.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server

gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

 

R2#sh run
Building configuration...

Current configuration : 1816 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
!

ip vrf vpna
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!        
ip cef
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
 ip ospf network point-to-point
!        
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface Serial1/0
 ip vrf forwarding vpna
 ip address 12.1.1.2 255.255.255.0
 serial restart-delay 0
!
interface Serial1/1
 ip address 23.1.1.2 255.255.255.0
 mpls label protocol ldp
 tag-switching ip
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 0
 network 23.1.1.0 0.0.0.255 area 0
!
router ospf 2 vrf vpna
 log-adjacency-changes
 redistribute bgp 1 metric 10 subnets
 network 12.1.1.0 0.0.0.255 area 0
!
router bgp 1
 bgp router-id 2.2.2.2
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 1
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
 neighbor 4.4.4.4 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family vpnv4
 neighbor 4.4.4.4 activate
 neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf vpna
 redistribute ospf 2
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
no ip http server
no ip http secure-server
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

 

R3#sh run
Building configuration...

Current configuration : 1170 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!        
interface Serial1/0
 ip address 34.1.1.3 255.255.255.0
 mpls label protocol ldp
 tag-switching ip
 serial restart-delay 0
!
interface Serial1/1
 ip address 23.1.1.3 255.255.255.0
 mpls label protocol ldp
 tag-switching ip
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.0 0.0.0.255 area 0
 network 23.1.1.0 0.0.0.255 area 0
 network 34.1.1.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!

gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

 

R4#sh run
Building configuration...

Current configuration : 1826 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
!
ip vrf vpna
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!        
ip cef
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
 ip ospf network point-to-point
!        
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface Serial1/0
 ip address 34.1.1.4 255.255.255.0
 mpls label protocol ldp
 tag-switching ip
 serial restart-delay 0
!
interface Serial1/1
 ip vrf forwarding vpna
 ip address 45.1.1.4 255.255.255.0
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.0 0.0.0.255 area 0
 network 34.1.1.0 0.0.0.255 area 0
!
router ospf 2 vrf vpna
 log-adjacency-changes
 redistribute bgp 1 metric 10 subnets
 network 45.1.1.0 0.0.0.255 area 0
!
router bgp 1
 bgp router-id 4.4.4.4
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
 neighbor 2.2.2.2 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family vpnv4
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf vpna
 redistribute ospf 2 metric 10
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
no ip http server
no ip http secure-server
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
end

 

R5(config-if)#end
R5#sh run
Building configuration...

*Jun 24 15:40:05.831: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1020 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5