mpls vpn主备链路双出口配置案例

注意：必须要建立ospf伪连接sham-link，如果不建立，改了开销它默认也不会走mpls vpn链路

R1：

router id 1.1.1.1

ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity

ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity

mpls lsr-id 1.1.1.1
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0001.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
isis enable 1
ospf enable 2 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.14.1 255.255.255.0
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2
ip binding vpn-instance b
ip address 10.0.15.1 255.255.255.0

interface NULL0

interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1

interface LoopBack1
ip binding vpn-instance a
ip address 11.1.1.1 255.255.255.255 //用于建立ospf跨跳伪连接

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable

ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable

ipv4-family vpn-instance a
network 11.1.1.1 255.255.255.255
//这个必须得在这里发布要建立ospf伪连接的网段，在接口下发布没用
import-route ospf 1

ipv4-family vpn-instance b
peer 10.0.15.5 as-number 200

ospf 1 vpn-instance a
import-route bgp
area 0.0.0.0
sham-link 11.1.1.1 33.1.1.1 //用单播跨跳建立ospf伪连接

R2：

mpls lsr-id 2.2.2.2
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0002.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
isis enable 1
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
isis enable 1
ospf enable 1 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable

ipv4-family vpnv4
undo policy vpn-target
//关闭vpn实例路由过滤，如果本设备上有两边的vpn实力，则它不关也不会过滤。
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client

R3

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity

ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity

mpls lsr-id 3.3.3.3
mpls

mpls ldp

isis 1
network-entity 49.0001.0000.0000.0003.00

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
isis enable 1
ospf enable 2 area 0.0.0.0
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.36.3 255.255.255.0
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2
ip binding vpn-instance b
ip address 10.0.37.3 255.255.255.0

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1

interface LoopBack1
ip binding vpn-instance a
ip address 33.1.1.1 255.255.255.255

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable

ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable

ipv4-family vpn-instance a
network 33.1.1.1 255.255.255.255
import-route ospf 1

ipv4-family vpn-instance b
import-route static

ospf 1 vpn-instance a
import-route bgp
area 0.0.0.0
sham-link 33.1.1.1 11.1.1.1

ip route-static vpn-instance b 7.7.7.0 255.255.255.0 10.0.37.7

R4

router id 4.4.4.4

interface GigabitEthernet0/0/0
ip address 10.0.14.4 255.255.255.0
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/1
ip address 10.0.46.4 255.255.255.0
ospf cost 100 //改开销让优先走mpls 高速链路
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0

ospf 1
area 0.0.0.0

R5

interface GigabitEthernet0/0/0
ip address 10.0.15.5 255.255.255.0

interface NULL0

interface LoopBack0
ip address 5.5.5.5 255.255.255.0

bgp 200
peer 10.0.15.1 as-number 100

ipv4-family unicast
undo synchronization
network 5.5.5.0 255.255.255.0
peer 10.0.15.1 enable

R6：

router id 6.6.6.6

interface GigabitEthernet0/0/0
ip address 10.0.36.6 255.255.255.0
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/1
ip address 10.0.46.6 255.255.255.0
ospf cost 100

interface LoopBack0
ip address 6.6.6.6 255.255.255.255

ospf 1
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.46.6 0.0.0.0

R7

interface GigabitEthernet0/0/0
ip address 10.0.37.7 255.255.255.0

interface LoopBack0
ip address 7.7.7.7 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.37.3

扩展团体属性RT：
router id：<10.0.36.3 : 0> 用于描述VRF下ospf的进程ID

domain id：<0.0.0.0 : 0> 前四个0表示ospf路由域

OSPF RT <0.0.0.0 : 1 : 0> ：前面四个0表示从ospf哪个区域学到的，1表示ospf的lsdb类型，1 2 3 4 5 7，最后个0表示是ospf的type1路由，如果是1就代表是type2路由。