51CTO首页
AI.x社区
博客
学堂
精品班
软考社区
免费课
企业培训
鸿蒙开发者社区
WOT技术大会
IT证书
公众号矩阵
移动端
短视频免费课程课程排行直播课软考学堂
全部课程厂商认证IT技术24年11月软考PMP项目管理免费题库
在线学习
文章资源问答课堂专栏直播
51CTO
鸿蒙开发者社区
51CTO技术栈
51CTO官微
51CTO学堂
51CTO博客
CTO训练营
鸿蒙开发者社区订阅号
51CTO软考
51CTO学堂APP
51CTO学堂企业版APP
鸿蒙开发者社区视频号
51CTO软考题库
账号设置 退出

CCIE K4知识点:配置静态路由之MPLS VPN实验

作者:蓝梦野百合
企业动态
今天我给大家演示一下PE与CE之间如何通过静态路由来实现MPLS VPN。实验本身并不难,目的在于如何去理解实现的原理、方法与步骤。

大家好,今天我给大家演示一下PE与CE之间如何通过静态路由来实现MPLS VPN。实验本身并不难,目的在于如何去理解实现的原理、方法与步骤。

废话不说,我们开始进入主题。

拓扑:

 

 

说明:

1. 所有的路由器都起环回口:x.x.x.x/24

2. R1为公司总部,R7和R8分别为分公司。

3. R2-R4-R6建立IBGP,并且R4为RR

4. 要求在SP内部通过部署MPLS VPN,并且所有的CE和PE之间均为静态路由。使得分公司均能与总公司通信,但分公司之间无法通信。

扩展训练:

1. 要求总公司与分公司之间可以进行互访,而且分公司之间也可以进行互访,但必须通过总公司绕行来进行互访。

配置:

1. 底层预配:

说明:所有的串口都是通过FR相连的。 Router>en

Router#conf t

Router(config)#host CE-R1

CE-R1(config)#no ip do loo

CE-R1(config)#line co 0

CE-R1(config-line)#exec-t 0 0

CE-R1(config-line)#logging sy

CE-R1(config-line)#int s1/0

CE-R1(config-if)#en fr

CE-R1(config-if)#no arp fr

CE-R1(config-if)#no frame inv

CE-R1(config-if)#ip add 12.12.12.1 255.255.255.0

CE-R1(config-if)#frame map ip 12.12.12.2 102 b

CE-R1(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host PE-R2

PE-R2(config)#no ip do loo

PE-R2(config)#line con 0

PE-R2(config-line)#exec-t 0 0

PE-R2(config-line)#logging sy

PE-R2(config-line)#int loo0

PE-R2(config-if)#ip add 2.2.2.2 255.255.255.0

PE-R2(config-if)#int s1/0

PE-R2(config-if)#en fr

PE-R2(config-if)#no arp fr

PE-R2(config-if)#no frame inv

PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0

PE-R2(config-if)#frame map ip 12.12.12.1 201 b

PE-R2(config-if)#no shut

PE-R2(config-if)#int s1/1

PE-R2(config-if)#en fr

PE-R2(config-if)#no arp fr

PE-R2(config-if)#no frame inv

PE-R2(config-if)#ip add 23.23.23.2 255.255.255.0

PE-R2(config-if)#frame map ip 23.23.23.3 213 b

PE-R2(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host P-R3

P-R3(config)#no ip do loo

P-R3(config)#line co 0

P-R3(config-line)#exec-t 0 0

P-R3(config-line)#logging sy

P-R3(config-line)#int loo0

P-R3(config-if)#ip add 3.3.3.3 255.255.255.0

P-R3(config-if)#int s1/1

P-R3(config-if)#en fr

P-R3(config-if)#no arp fr

P-R3(config-if)#no frame inv

P-R3(config-if)#ip add 23.23.23.3 255.255.255.0

P-R3(config-if)#frame map ip 23.23.23.2 312 b

P-R3(config-if)#no shut

P-R3(config-if)#int s1/0

P-R3(config-if)#en fr

P-R3(config-if)#no arp fr

P-R3(config-if)#no frame inv

P-R3(config-if)#ip add 34.34.34.3 255.255.255.0

P-R3(config-if)#frame map ip 34.34.34.4 304 b

P-R3(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router (config)#host P-RR-R4

P-RR-R4(config)#no ip do loo

P-RR-R4(config)#line con 0

P-RR-R4(config-line)#exec-t 0 0

P-RR-R4(config-line)#logging sy

P-RR-R4(config-line)#int loo0

P-RR-R4(config-if)#ip add 4.4.4.4 255.255.255.0

P-RR-R4(config-if)#int s1/0

P-RR-R4(config-if)#en fr

P-RR-R4(config-if)#no arp fr

P-RR-R4(config-if)#no frame inv

P-RR-R4(config-if)#ip add 34.34.34.4 255.255.255.0

P-RR-R4(config-if)#frame map ip 34.34.34.3 403 b

P-RR-R4(config-if)#no shut

P-RR-R4(config-if)#int s1/1

P-RR-R4(config-if)#en fr

P-RR-R4(config-if)#no arp fr

P-RR-R4(config-if)#no frame inv

P-RR-R4(config-if)#ip add 45.45.45.4 255.255.255.0

P-RR-R4(config-if)#frame map ip 45.45.45.5 415 b

P-RR-R4(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host P-R5

P-R5(config)#no ip do loo

P-R5(config)#line con 0

P-R5(config-line)#exec-t 0 0

P-R5(config-line)#logging sy

P-R5(config-line)#int loo0

P-R5(config-if)#ip add 5.5.5.5 255.255.255.0

P-R5(config-if)#int s1/1

P-R5(config-if)#en fr

P-R5(config-if)#no arp fr

P-R5(config-if)#no frame inv

P-R5(config-if)#ip add 45.45.45.5 255.255.255.0

P-R5(config-if)#frame map ip 45.45.45.4 514 b

P-R5(config-if)#no shut

P-R5(config-if)#int s1/0

P-R5(config-if)#en fr

P-R5(config-if)#no arp fr

P-R5(config-if)#no frame inv

P-R5(config-if)#ip add 56.56.56.5 255.255.255.0

P-R5(config-if)#frame map ip 56.56.56.6 506 b

P-R5(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host PE-R6

PE-R6(config)#no ip do loo

PE-R6(config)#line con 0

PE-R6(config-line)#exec-t 0 0

PE-R6(config-line)#int loo0

PE-R6(config-if)#ip add 6.6.6.6 255.255.255.0

PE-R6(config-if)#int s1/0

PE-R6(config-if)#en fr

PE-R6(config-if)#no arp fr

PE-R6(config-if)#no frame inv

PE-R6(config-if)#ip add 56.56.56.6 255.255.255.0

PE-R6(config-if)#frame map ip 56.56.56.5 605 b

PE-R6(config-if)#no shut

PE-R6(config-if)#int s1/1

PE-R6(config-if)#en fr

PE-R6(config-if)#no arp f

PE-R6(config-if)#no frame inv

PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0

PE-R6(config-if)#frame map ip 67.67.67.

PE-R6(config-if)#no shut

PE-R6(config-if)#int f0/0

PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0

PE-R6(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host CE-R7

CE-R7(config)#no ip do loo

CE-R7(config)#line co 0

CE-R7(config-line)#exec-t 0 0

CE-R7(config-line)#logging sy

CE-R7(config-line)#int s1/1

CE-R7(config-if)#en fr

CE-R7(config-if)#no arp fr

CE-R7(config-if)#no frame inv

CE-R7(config-if)#ip add 67.67.67.7 255.255.255.0

CE-R7(config-if)#frame map ip 67.67.67.6 716 b

CE-R7(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router(config)#host CE-R8

CE-R8(config)#no ip do loo

CE-R8(config)#line con 0

CE-R8(config-line)#exec-t 0 0

CE-R8(config-line)#logging sy

CE-R8(config-line)#int loo0

CE-R8(config-if)#ip add 8.8.8.8 255.255.255.0

CE-R8(config-if)#int f0/0

CE-R8(config-if)#ip add 68.68.68.8 255.255.255.0

CE-R8(config-if)#no shut

2.测试底层的连通性 CE-R1#ping 12.12.12.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/33/48 ms

----------------------------------------------------------------------------------------------------------------------

PE-R2#ping 23.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.23.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/40 ms

----------------------------------------------------------------------------------------------------------------------

P-R3#ping 34.34.34.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 34.34.34.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/48 ms

----------------------------------------------------------------------------------------------------------------------

P-RR-R4#ping 45.45.45.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 45.45.45.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/44 ms

----------------------------------------------------------------------------------------------------------------------

P-R5#ping 56.56.56.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 56.56.56.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/44 ms

----------------------------------------------------------------------------------------------------------------------

PE-R6#ping 67.67.67.7

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 67.67.67.7, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/34/48 ms

----------------------------------------------------------------------------------------------------------------------

PE-R6#ping 68.68.68.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 68.68.68.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/44 ms

3. 配置SP骨干网内部IGP协议——OSPF,要求网络接口类型统一为point-to-point PE-R2(config)#router ospf 100

PE-R2(config-router)#router-id 2.2.2.2

PE-R2(config-router)#net 2.2.2.0 0.0.0.255 a 0

PE-R2(config-router)#net 23.23.23.0 0.0.0.255 a 0

PE-R2(config-router)#int s1/1

PE-R2(config-if)#ip ospf net point-to-p

PE-R2(config-if)#int loo0

PE-R2(config-if)#ip ospf network point-to-p

----------------------------------------------------------------------------------------------------------------------

P-R3(config)#router ospf 100

P-R3(config-router)#router-id 3.3.3.3

P-R3(config-router)#net 3.3.3.0 0.0.0.255 a 0

P-R3(config-router)#net 23.23.23.0 0.0.0.255 a 0

P-R3(config-router)#net 34.34.34.0 0.0.0.255 a 0

P-R3(config-router)#int s1/1

P-R3(config-if)#ip ospf net point-to-p

P-R3(config-router)#int s1/0

P-R3(config-if)#ip ospf net point-to-point

P-R3(config-if)#int loo0

P-R3(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#router ospf 100

P-RR-R4(config-router)#routere

P-RR-R4(config-router)#router

P-RR-R4(config-router)#router-id 4.4.4.4

P-RR-R4(config-router)#net 4.4.4.0 0.0.0.255 a 0

P-RR-R4(config-router)#net 34.34.34.0 0.0.0.255 a 0

P-RR-R4(config-router)#net 45.45.45.0 0.0.0.255 a 0

P-RR-R4(config-router)#int s1/0

P-RR-R4(config-if)#ip ospf net po

P-RR-R4(config-if)#ip ospf net point-to-p

P-RR-R4(config-if)#int s1/1

P-RR-R4(config-if)#ip ospf net point-to-p

P-RR-R4(config-if)#int loo0

P-RR-R4(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

P-R5(config)#router ospf 100

P-R5(config-router)#router-id 5.5.5.5

P-R5(config-router)#net 5.5.5.0 0.0.0.255 a 0

P-R5(config-router)#net 45.45.45.0 0.0.0.255 a 0

P-R5(config-router)#net 56.56.56.0 0.0.0.255 a 0

P-R5(config-router)#int s1/1

P-R5(config-if)#ip ospf net point-to-p

P-R5(config-if)#int s1/0

P-R5(config-if)#ip ospf net point-to-p

P-R5(config-if)#int loo0

P-R5(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router ospf 100

PE-R6(config-router)#router-id 6.6.6.6

PE-R6(config-router)#net 6.6.6.0 0.0.0.255 a 0

PE-R6(config-router)#net 56.56.56.0 0.0.0.255 a 0

PE-R6(config-router)#int s1/0

PE-R6(config-if)#ip ospf net point-to-p

PE-R6(config-if)#int loo0

PE-R6(config-if)#ip ospf network point-to-p

----------------------------------------------------------------------------------------------------------------------

测试连通性:

PE-R2#ping 6.6.6.6 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:

Packet sent with a source address of 2.2.2.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/72 ms

4. 在SP骨干网内部配置LDP,并保证标签能够正常转发 PE-R2(config)#mpls ldp router-id loo0

PE-R2(config)#mpls label range 200 299

PE-R2(config)#int s1/1

PE-R2(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-R3(config)#mpls ldp router-id loo0

P-R3(config)#mpls label range 300 399

P-R3(config)#int s1/1

P-R3(config-if)#mpls ip

P-R3(config-if)#int s1/0

P-R3(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#mpls ldp router loo0

P-RR-R4(config)#mpls label range 400 499

P-RR-R4(config)#int s1/1

P-RR-R4(config-if)#mpls ip

P-RR-R4(config-if)#int s1/0

P-RR-R4(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-R5(config)#mpls ldp router-id loo0

P-R5(config)#mpls label range 500 599

P-R5(config)#int s1/1

P-R5(config-if)#mpls ip

P-R5(config-if)#int s1/0

P-R5(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#mpls ldp router loo0

PE-R6(config)#mpls label range 600 699

PE-R6(config)#int s1/0

PE-R6(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

进行标签追踪

PE-R2#traceroute 6.6.6.6

Type escape sequence to abort.

Tracing the route to 6.6.6.6

1 23.23.23.3 [MPLS: Label 302 Exp 0] 84 msec 56 msec 80 msec

2 34.34.34.4 [MPLS: Label 403 Exp 0] 84 msec 76 msec 76 msec

3 45.45.45.5 [MPLS: Label 504 Exp 0] 80 msec 80 msec 72 msec

4 56.56.56.6 60 msec * 48 msec

5. 在R2-R4-R6之间运行MP IBGP,并将R4设置为RR PE-R2(config)#router bgp 100

PE-R2(config-router)#no au

PE-R2(config-router)#no sy

PE-R2(config-router)#bgp router-id 2.2.2.2

PE-R2(config-router)#no bgp default ipv4-unicast

PE-R2(config-router)#nei 4.4.4.4 remote-as 100

PE-R2(config-router)#nei 4.4.4.4 update-source loo0

PE-R2(config-router)#address-family vpnv4

PE-R2(config-router-af)#nei 4.4.4.4 activate

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#router bgp 100

P-RR-R4(config-router)#no au

P-RR-R4(config-router)#no sy

P-RR-R4(config-router)#bgp router-id 4.4.4.4

P-RR-R4(config-router)#no bgp default ipv4-unicast

P-RR-R4(config-router)#nei 2.2.2.2 remote-as 100

P-RR-R4(config-router)#nei 2.2.2.2 update-source loo0

P-RR-R4(config-router)#nei 6.6.6.6 remote-as 100

P-RR-R4(config-router)#nei 6.6.6.6 update-source loo0

P-RR-R4(config-router)#address-family vpnv4

P-RR-R4(config-router-af)#nei 2.2.2.2 activate

P-RR-R4(config-router-af)#nei 2.2.2.2 route-reflector-client

P-RR-R4(config-router-af)#nei 6.6.6.6 activate

P-RR-R4(config-router-af)#nei 6.6.6.6 route-reflector-client

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router bgp 100

PE-R6(config-router)#no au

PE-R6(config-router)#no sy

PE-R6(config-router)#bgp router 6.6.6.6

PE-R6(config-router)#no bgp default ipv4-unicast

PE-R6(config-router)#nei 4.4.4.4 remote-as 100

PE-R6(config-router)#nei 4.4.4.4 update-source loo0

PE-R6(config-router)#address-family vpnv4

PE-R6(config-router-af)#nei 4.4.4.4 activate

----------------------------------------------------------------------------------------------------------------------

验证VPNv4邻居是否建立起来

P-RR-R4#sh ip bgp vpnv4 all summary

BGP router identifier 4.4.4.4, local AS number 100

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2.2.2.2 4 100 20 21 1 0 0 00:15:42 0

6.6.6.6 4 100 12 12 1 0 0 00:08:37 0

6. 在CE上分别创建静态路由,这里我们采用默认路由方式。 CE-R1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2

----------------------------------------------------------------------------------------------------------------------

CE-R7(config)#ip route 0.0.0.0 0.0.0.0 67.67.67.6

----------------------------------------------------------------------------------------------------------------------

CE-R8(config)#ip route 0.0.0.0 0.0.0.0 68.68.68.6

7. 在PE-R2和PE-R6上创建vrf表项,要求总公司能与各个分公司进行互访,但分公司之间不能互访,这里我们通过指定RT值来实现。 PE-R2(config)#ip vrf A

PE-R2(config-vrf)#rd 1:1

PE-R2(config-vrf)#route-target import 62:62

PE-R2(config-vrf)#route-target export 26:26

PE-R2(config-vrf)#int s1/0

PE-R2(config-if)#ip vrf forwarding A

% Interface Serial1/0 IP address 12.12.12.2 removed due to enabling VRF A

PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#ip vrf A

PE-R6(config-vrf)#rd 7:7

PE-R6(config-vrf)#route-target import 26:26

PE-R6(config-vrf)#route-target export 62:62

PE-R6(config-vrf)#int s1/1

PE-R6(config-if)#ip vrf forwarding A

% Interface Serial1/1 IP address 67.67.67.6 removed due to enabling VRF A

PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0

PE-R6(config-if)#exit

PE-R6(config)#ip vrf B

PE-R6(config-vrf)#rd 8:8

PE-R6(config-vrf)#route-target import 26:26

PE-R6(config-vrf)#route-target export 62:62

PE-R6(config-vrf)#int f0/0

PE-R6(config-if)#ip vrf forwarding B

% Interface FastEthernet0/0 IP address 68.68.68.6 removed due to enabling VRF B

PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0

8. 在PE-R2和PE-R6上分别创建静态路由 PE-R2(config)#ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#ip route vrf A 7.7.7.0 255.255.255.0 67.67.67.7

PE-R6(config)#ip route vrf B 8.8.8.0 255.255.255.0 68.68.68.8

9. 在PE-R2和PE-R6上分别将创建的静态路由以及PE-CE之间的直连路由重分布到MP-BGP中。 PE-R2(config)#router bgp 100

PE-R2(config-router)#address-family ipv4 vrf A

PE-R2(config-router-af)#redistribute connected

PE-R2(config-router-af)#redistribute static

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router bgp 100

PE-R6(config-router)#address-family ipv4 vrf A

PE-R6(config-router-af)#redistribute connected

PE-R6(config-router-af)#redistribute static

PE-R6(config-router-af)#exit

PE-R6(config-router)#address-family ipv4 vrf B

PE-R6(config-router-af)#redistribute connected

10.验证 查看VPNv4表项

PE-R2#sh ip bgp vpnv4 all

BGP table version is 13, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2 (default for vrf A)

*> 1.1.1.0/24 12.12.12.1 0 32768 ?

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*> 12.12.12.0/24 0.0.0.0 0 32768 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 7:7

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 8:8

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

PE-R6#sh ip bgp vpnv4 all

BGP table version is 15, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

Route Distinguisher: 7:7 (default for vrf A)

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*> 7.7.7.0/24 67.67.67.7 0 32768 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

*> 67.67.67.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 8:8 (default for vrf B)

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*> 8.8.8.0/24 68.68.68.8 0 32768 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

*> 68.68.68.0/24 0.0.0.0 0 32768 ?

----------------------------------------------------------------------------------------------------------------------

查看vrf表项:

PE-R2#sh ip route vrf A

Routing Table: A

Gateway of last resort is not set

68.0.0.0/24 is subnetted, 1 subnets

B 68.68.68.0 [200/0] via 6.6.6.6, 00:03:02

1.0.0.0/24 is subnetted, 1 subnets

S 1.1.1.0 [1/0] via 12.12.12.1

67.0.0.0/24 is subnetted, 1 subnets

B 67.67.67.0 [200/0] via 6.6.6.6, 00:03:17

7.0.0.0/24 is subnetted, 1 subnets

B 7.7.7.0 [200/0] via 6.6.6.6, 00:03:17

8.0.0.0/24 is subnetted, 1 subnets

B 8.8.8.0 [200/0] via 6.6.6.6, 00:03:02

12.0.0.0/24 is subnetted, 1 subnets

C 12.12.12.0 is directly connected, Serial1/0

PE-R6#sh ip route vrf A

Routing Table: A

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:31

67.0.0.0/24 is subnetted, 1 subnets

C 67.67.67.0 is directly connected, Serial1/1

7.0.0.0/24 is subnetted, 1 subnets

S 7.7.7.0 [1/0] via 67.67.67.7

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:31

PE-R6#sh ip route vrf B

Routing Table: B

Gateway of last resort is not set

68.0.0.0/24 is subnetted, 1 subnets

C 68.68.68.0 is directly connected, FastEthernet0/0

1.0.0.0/24 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:35

8.0.0.0/24 is subnetted, 1 subnets

S 8.8.8.0 [1/0] via 68.68.68.8

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:35

11.在CE上进行测试 CE-R1#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/58/76 ms

CE-R1#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/95/140 ms

----------------------------------------------------------------------------------------------------------------------

CE-R7#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/58/76 ms

CE-R7#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

U.U.U

Success rate is 0 percent (0/5)

----------------------------------------------------------------------------------------------------------------------

CE-R8#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/67/76 ms

CE-R8#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

U.U.U

Success rate is 0 percent (0/5)

12. 优化LDP繁衍 优化前:

CE-R1#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 12.12.12.2 16 msec 28 msec 32 msec

2 23.23.23.3 48 msec 44 msec 60 msec

3 34.34.34.4 68 msec 44 msec 60 msec

4 45.45.45.5 52 msec 76 msec 44 msec

5 67.67.67.6 52 msec 44 msec 36 msec

6 67.67.67.7 60 msec * 48 msec

CE-R1#traceroute 8.8.8.8 source loo0

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 12.12.12.2 8 msec 8 msec 12 msec

2 23.23.23.3 56 msec 76 msec 72 msec

3 34.34.34.4 52 msec 56 msec 60 msec

4 45.45.45.5 44 msec 60 msec 44 msec

5 68.68.68.6 52 msec 44 msec 32 msec

6 68.68.68.8 56 msec * 52 msec

说明:此时在客户端可以看到SP骨干网内的路由器,这样将会对SP骨干网将会构成威胁,为此我们将对此情况进行优化,只保证在PE路由器上可以进行路由追踪。

----------------------------------------------------------------------------------------------------------------------

PE-R2(config)#no mpls ip propagate-ttl ?

forwarded Propagate IP TTL for forwarded traffic

local Propagate IP TTL for locally originated traffic

PE-R2(config)#no mpls ip propagate-ttl forwarded

PE-R6(config)#no mpls ip propagate-ttl forwarded

----------------------------------------------------------------------------------------------------------------------

再次在CE上进行测试:

CE-R1#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 12.12.12.2 64 msec 64 msec 28 msec

2 67.67.67.6 40 msec 56 msec 88 msec

3 67.67.67.7 56 msec * 68 msec

CE-R1#traceroute 8.8.8.8 source loo0

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 12.12.12.2 32 msec 44 msec 44 msec

2 68.68.68.6 48 msec 48 msec 44 msec

3 68.68.68.8 72 msec * 80 msec

----------------------------------------------------------------------------------------------------------------------

再次在PE上进行测试:

PE-R2#traceroute vrf A 7.7.7.7

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 23.23.23.3 [MPLS: Labels 304/608 Exp 0] 76 msec 116 msec 60 msec

2 34.34.34.4 [MPLS: Labels 404/608 Exp 0] 84 msec 44 msec 44 msec

3 45.45.45.5 [MPLS: Labels 500/608 Exp 0] 60 msec 16 msec 100 msec

4 67.67.67.6 [MPLS: Label 608 Exp 0] 32 msec 28 msec 36 msec

5 67.67.67.7 28 msec * 60 msec

PE-R2#traceroute vrf A 8.8.8.8

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 23.23.23.3 [MPLS: Labels 304/610 Exp 0] 88 msec 96 msec 92 msec

2 34.34.34.4 [MPLS: Labels 404/610 Exp 0] 56 msec 16 msec 40 msec

3 45.45.45.5 [MPLS: Labels 500/610 Exp 0] 36 msec 56 msec 28 msec

4 68.68.68.6 [MPLS: Label 610 Exp 0] 68 msec 40 msec 12 msec

5 68.68.68.8 68 msec * 44 msec

扩展训练:

要求总公司与分公司之间可以进行互访,而且分公司之间也可以进行互访,但必须通过总公司绕行来进行互访。

配置: 在PE-R2上将原有的静态路由删掉

PE-R2(config)#no ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

在PE-R2上手动创建一条默认路由

PE-R2(config)#ip route vrf A 0.0.0.0 0.0.0.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

在PE上将该默认路由重分发到MP-BGP中

PE-R2(config)#router bgp 100

PE-R2(config-router)#address-family ipv4 vrf A

PE-R2(config-router-af)#net 0.0.0.0 mask 0.0.0.0

----------------------------------------------------------------------------------------------------------------------

查看PE-R2的VPNv4路由表项

PE-R2#sh ip bgp vpnv4 all

BGP table version is 15, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2 (default for vrf A)

*> 0.0.0.0 12.12.12.1 0 32768 i

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*> 12.12.12.0/24 0.0.0.0 0 32768 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 7:7

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 8:8

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

----------------------------------------------------------------------------------------------------------------------

在PE-R6上查看各个vrf路由表项

Routing Table: A

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

67.0.0.0/24 is subnetted, 1 subnets

C 67.67.67.0 is directly connected, Serial1/1

7.0.0.0/24 is subnetted, 1 subnets

S 7.7.7.0 [1/0] via 67.67.67.7

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:33

B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:02

PE-R6#sh ip route vrf B

Routing Table: B

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

68.0.0.0/24 is subnetted, 1 subnets

C 68.68.68.0 is directly connected, FastEthernet0/0

8.0.0.0/24 is subnetted, 1 subnets

S 8.8.8.0 [1/0] via 68.68.68.8

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:38

B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:07

----------------------------------------------------------------------------------------------------------------------

在远端CE-R7和CE-R8上进行测试

CE-R7#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/63/72 ms

CE-R7#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/104 ms

CE-R8#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/70/84 ms

CE-R8#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/89/108 ms

----------------------------------------------------------------------------------------------------------------------

在R8上进行路由追踪

CE-R8#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 68.68.68.6 52 msec 28 msec 36 msec

2 12.12.12.2 44 msec 60 msec 60 msec

3 12.12.12.1 96 msec 84 msec 56 msec

4 12.12.12.2 44 msec 60 msec 56 msec

5 67.67.67.6 56 msec 76 msec 92 msec

6 67.67.67.7 96 msec * 84 msec

 

【编辑推荐】

  1. 思科携手安博推CCIE360人才培养计划
  2. 思科认证:3个CCIE对一个工程师的面试
  3. CCIE SP Operations实验考试大纲1
责任编辑:张攀 来源: 56cto
CCIE K4
相关推荐
CCNP配置实验CCNP-BGP/MPLS VPN配置
本文分步详细讲解了CCNP配置实验之CCNPBGPMPLSVPN配置实验,分为配置接口和IGP,定义VPN,配置PEPE的路由会话,配置PECE的路由会话,配置CE路由器几部分。

2009-09-02 16:24:44

CCNP配置实验MPLS
CCIE:在IS IS网络部署MPLS VPN
本文介绍了在ISIS网络部署MPLSVPN

2010-02-22 11:00:05

CCIE
怎样有效地记住CCIE知识点
学习CCIE的时候存在一个普遍的规律,那就是你懂得越多,那么你就忘记地越快。有两种办法能有效地让你比较长久记住所学的CCIE知识点。

2009-09-11 10:34:53

CCIE知识点CCIE
CCIE考试中的重点——MPLS VPN技术
MPLSVPN技术作为CCIE考试中的重点,在现实网络中有实际的用途这些技术能实际的落地吗MPLSVPN技术能提高自己在求职中的逼格吗

2019-07-23 07:11:54

MPLS VPN路由协议
Springboot核心知识点数据访问配置
SpringBoot还提供了一个名为DataSourceBuilder的实用工具生成器类,可用于创建一个标准数据源(如果它位于类路径上)。构建器可以根据类路径上的可用内容检测要使用的类。

2021-12-30 08:17:27

Springboot数据访问DataSourceB
MPLS IP VPN路由发布过程
在基本BGPMPLSIPVPN组网中,VPN路由信息的发布涉及CE和PE,P路由器只维护骨干网的路由,不需要了解任何VPN路由信息,如下我们给大家详细介绍一下MPLSIPVPN路由的发布过程。

2011-11-07 13:30:19

华为认证HCSE路由知识点罗列
华为认证HCSE路由知识点罗列如下,请大家参考:

2010-12-29 10:14:09

聊聊Java知识点反射
对于任意一个类,都能够知道这个类的所有属性和方法;对于任意一个对象,都能够调用它的任意方法和属性。

2021-01-18 10:33:53

Java反射模块
详细解说思科路由与交换知识点
路由和交换是网络世界中两个重要的概念。传统的交换发生在网络的第二层,即数据链路层,而路由则发生在第三层,网络层。在新的网络中,路由的智能和交换的性能被有机的结合起来,三层交换机和多层交换机在园区网络中大量使用。文章根据思科认证考之中的重要知识点对路由器和交换机进行了详细的说明。

2011-03-01 16:11:52

思科路由交换
Zabbix配置安装需要的知识点
在知道zabbix由2部分构成,zabbixserver与可选组件zabbixagent。我们就应该着手配置和安装Zabbix,这里我们来看点实际的内容!

2011-04-01 15:28:40

Zabbix配置安装
安防线缆的4知识点
本文从四个方面讲述了安防线缆的知识点。

2009-08-02 21:47:35

安防线缆
WINDOWS实现路由配置静态路由 图解
本文我们主要向大家介绍了WINDOWS实现路由中如何配置静态路由的步骤,希望通过以下的介绍,能够帮助到大家。

2011-04-01 13:55:58

路由路由器路由表
Oracle数据库知识点ROWNUM
ROWNUM是一个伪列,标识了select从一个表或一组连接(JOIN)的表中查询数据时,返回记录的顺序。Oracle在执行select查询时,会按照返回的row的顺序,依次为row分配一个序号:返回的第一条row的序号为1,第二条row的序号为2,以此类推。这个序号即为每条row的rownum。

2018-01-25 12:50:33

数据库OracleROWNUM
静态路由配置 路由环导致网络丢包(4
网络丢包是我们在使用ping(检测某个系统能否正常运行)对目站进行询问时,数据包由于各种原因在信道中丢失的现象。网络丢包的原因主要有物理线路故障、设备故障、病毒攻击、路由信息错误等,网络路径错误也会导致数据包不能到达目的主机,如主机的默认路由配置错误,主机发出的访问其他网络的数据包会被网关丢弃。

2011-04-15 10:37:24

路由器基础静态路由配置
静态路由一般适用于比较简单的网络环境,在这样的环境中,网络管理员易于清楚地了解网络的拓扑结构,便于设置正确的路由信息。另一方面,网络出于安全方面的考虑也可以采用静态路由。

2011-03-14 16:36:28

静态路由
HCNE知识点汇总
认证HCNE主要定位于中小型网络的规划、设计、配置与维护,包含网络基础、常见接口与电缆、以太网交换机、路由器原理、TCPIP协议、广域网协议、路由协议、DCCISDN、访问控制列表、备份中心、简单网络故障排除。

2010-08-17 14:56:00

HCNE认证
简述BGP知识点
BGP是路由域之间传递网络层可达性信息的路由协议。下面本文就来详细分析一下。

2011-04-15 12:25:21

BGP路由
传统路由方式改造成MPLS VPN的过程
在将传统的路由方式连接的广域网改造成为MPLSVPN的过程中,如何进行实现平稳的过渡呢?有的地方已经安装了PE设备,有的还没有,他们之间如何通讯?

2009-12-30 10:49:26

MPLS VPN
Spring知识点提炼
Spring使用的是基本的JavaBean来完成以前只可能由EJB完成的事情。然而,Spring的用途不仅仅限于服务器端的开发。从简单性、可测试性和松耦合性的角度而言,绝大部分Java应用都可以从Spring中受益。

2016-05-30 17:31:34

Spring框架
知识点 | 4个缓解Slack安全风险的技巧
就暴露的敏感数据而言,Slack违规将是一场噩梦。以下是如何锁定Slack工作区的方法。

2019-01-29 07:24:17

点赞
收藏

51CTO技术栈公众号

业务
速览
在线客服