mpls vpn主备链路双出口配置案例
注意:必须要建立ospf伪连接sham-link,如果不建立,改了开销它默认也不会走mpls vpn链路
R1:
router id 1.1.1.1
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity
mpls lsr-id 1.1.1.1
mpls
mpls ldp
isis 1
network-entity 49.0001.0000.0000.0001.00
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
isis enable 1
ospf enable 2 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.14.1 255.255.255.0
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2
ip binding vpn-instance b
ip address 10.0.15.1 255.255.255.0
interface NULL0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
interface LoopBack1
ip binding vpn-instance a
ip address 11.1.1.1 255.255.255.255 //用于建立ospf跨跳伪连接
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
ipv4-family vpn-instance a
network 11.1.1.1 255.255.255.255
//这个必须得在这里发布要建立ospf伪连接的网段,在接口下发布没用
import-route ospf 1
ipv4-family vpn-instance b
peer 10.0.15.5 as-number 200
ospf 1 vpn-instance a
import-route bgp
area 0.0.0.0
sham-link 11.1.1.1 33.1.1.1 //用单播跨跳建立ospf伪连接
R2:
mpls lsr-id 2.2.2.2
mpls
mpls ldp
isis 1
network-entity 49.0001.0000.0000.0002.00
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
isis enable 1
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
isis enable 1
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable
ipv4-family vpnv4
undo policy vpn-target
//关闭vpn实例路由过滤,如果本设备上有两边的vpn实力,则它不关也不会过滤。
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
R3
router id 3.3.3.3
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity
mpls lsr-id 3.3.3.3
mpls
mpls ldp
isis 1
network-entity 49.0001.0000.0000.0003.00
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
isis enable 1
ospf enable 2 area 0.0.0.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.36.3 255.255.255.0
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2
ip binding vpn-instance b
ip address 10.0.37.3 255.255.255.0
interface NULL0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
interface LoopBack1
ip binding vpn-instance a
ip address 33.1.1.1 255.255.255.255
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
ipv4-family vpn-instance a
network 33.1.1.1 255.255.255.255
import-route ospf 1
ipv4-family vpn-instance b
import-route static
ospf 1 vpn-instance a
import-route bgp
area 0.0.0.0
sham-link 33.1.1.1 11.1.1.1
ip route-static vpn-instance b 7.7.7.0 255.255.255.0 10.0.37.7
R4
router id 4.4.4.4
interface GigabitEthernet0/0/0
ip address 10.0.14.4 255.255.255.0
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1
ip address 10.0.46.4 255.255.255.0
ospf cost 100 //改开销让优先走mpls 高速链路
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0
ospf 1
area 0.0.0.0
R5
interface GigabitEthernet0/0/0
ip address 10.0.15.5 255.255.255.0
interface NULL0
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
bgp 200
peer 10.0.15.1 as-number 100
ipv4-family unicast
undo synchronization
network 5.5.5.0 255.255.255.0
peer 10.0.15.1 enable
R6:
router id 6.6.6.6
interface GigabitEthernet0/0/0
ip address 10.0.36.6 255.255.255.0
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1
ip address 10.0.46.6 255.255.255.0
ospf cost 100
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf 1
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.46.6 0.0.0.0
R7
interface GigabitEthernet0/0/0
ip address 10.0.37.7 255.255.255.0
interface LoopBack0
ip address 7.7.7.7 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.0.37.3
扩展团体属性RT:
router id:<10.0.36.3 : 0> 用于描述VRF下ospf的进程ID
domain id:<0.0.0.0 : 0> 前四个0表示ospf路由域
OSPF RT <0.0.0.0 : 1 : 0> :前面四个0表示从ospf哪个区域学到的,1表示ospf的lsdb类型,1 2 3 4 5 7,最后个0表示是ospf的type1路由,如果是1就代表是type2路由。
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!