首頁>其它>

配置VPNv6路由反射器

VPNv6路由反射器拓撲結構:

部署IPv6 VPN時,為了減少PE之間的MP-IBGP連接的數量,減輕PE的負擔,可選擇骨幹網相同AS內的P或PE設備作為路由反射器,反射VPN-IPv6路由,便於維護和管理。PE1、PE2、RR都在骨幹網AS100內。CE1和CE2屬於vpn1。要求選擇設備RR作為反射器,配置帶反射器的VPN。

拓撲圖:

VPNv6路由反射器配置方法:

1、PE與反射器RR之間建立MP-IBGP連接;PE之間不再建立MP-IBGP連接。

2、PE與CE之間建立EBGP連接。

3、公網隧道使用MPLS LSP,LSP沿途的設備和接口上都開啟MPLS LDP。

4、 RR需要保存所有來自PE1和PE2的VPN-IPv6路由信息,以通告給PE。因此,RR應接收所有的VPN-IPv6路由信息,不對它們進行VPN-Target過濾。

VPNv6路由反射器配置步驟:

1、配置各接口所屬VLAN,並配置VLANIF接口和Loopback接口IP地址

[~HUAWEI]sysname PE1

[~PE1]int loop 0

[*PE1-LoopBack0]ip add 1.1.1.1 32

[*PE1]vlan batch 10 30

[*PE1]int g1/0/0

[*PE1-GE1/0/0]port link-type trunk

[*PE1-GE1/0/0]port trunk allow-pass vlan 10

[*PE1]int g1/0/1

[*PE1-GE1/0/1]port link-type trunk

[*PE1-GE1/0/1]port trunk allow-pass vlan 30

[*PE1]int vlan 10

[*PE1-Vlanif10]ip add 10.1.12.1 24

RR配置

[~RR]int loop 0

[*RR-LoopBack0]ip add 2.2.2.2 32

[*RR]vlan batch 10 20

[*RR]int g1/0/0

[*RR-GE1/0/0]port link-type trunk

[*RR-GE1/0/0]port trunk allow-pass vlan 10

[*RR]int g1/0/1

[*RR-GE1/0/1]port link-type trunk

[*RR-GE1/0/1]port trunk allow-pass vlan 20

[*RR]int vlan 10

[*RR-Vlanif10]ip add 10.1.12.2 24

[*RR]int vlan 20

[*RR-Vlanif20]ip add 10.1.23.2 24

配置PE2

[~HUAWEI]sysname PE2

[~PE2]int loop 0

[*PE2-LoopBack0]ip add 3.3.3.3 32

[*PE2]vlan batch 20 40

[*PE2]int g1/0/0

[*PE2-GE1/0/0]port link-type trunk

[*PE2-GE1/0/0]port trunk allow-pass vlan 20

[*PE2]int g1/0/1

[*PE2-GE1/0/1]port link-type trunk

[*PE2-GE1/0/1]port trunk allow-pass vlan 40

[*PE2]int vlan 20

[*PE2-Vlanif20]ip add 10.1.23.3 24

配置CE1

[~HUAWEI]sysname CE1

[~CE1]vlan batch 30

[~CE1]int g1/0/0

[~CE1-GE1/0/0]port link-type trunk

[*CE1-GE1/0/0]port trunk allow-pass vlan 30

[*CE1]int vlan 30

[*CE1-Vlanif30]ipv6 enable

[*CE1-Vlanif30]ipv6 add 2001::4/64

配置CE2

[~HUAWEI]sysname CE2

[~CE2]vlan batch 40

[*CE2]int g1/0/0

[*CE2-GE1/0/0]port link-type trunk

[*CE2-GE1/0/0]port trunk allow-pass vlan 40

[*CE2]int vlan 40

[*CE2-Vlanif40]ipv6 enable

[*CE2-Vlanif40]ipv6 add 2002::5/64

2、 在MPLS骨幹網配置IGP,實現設備之間互通

[~PE1]ospf

[*PE1-ospf-1]area 0

[*PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[*PE1-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0

[~RR]ospf

[*RR-ospf-1]area 0

[*RR-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[*RR-ospf-1-area-0.0.0.0]net

[*RR-ospf-1-area-0.0.0.0]network 10.1.23.2 0.0.0.0

[*RR-ospf-1-area-0.0.0.0]net

[*RR-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0

[~PE2]ospf

[*PE2-ospf-1]area 0

[*PE2-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0

[*PE2-ospf-1-area-0.0.0.0]net 10.1.23.3 0.0.0.0

3、在MPLS骨幹網上建立LSP隧道

[~PE1]mpls lsr-id 1.1.1.1

[*PE1]mpls

[*PE1]mpls ldp

[*PE1]int vlan 10

[*PE1-Vlanif10]mpls

[*PE1-Vlanif10]mpls ldp

[~RR]mpls lsr-id 2.2.2.2

[*RR]mpls

[*RR]mpls ldp

[*RR]int vlan 10

[*RR-Vlanif10]mpls

[*RR-Vlanif10]mpls ldp

[*RR]int vlan 20

[*RR-Vlanif20]mpls

[*RR-Vlanif20]mpls ldp

[~PE2]mpls lsr-id 3.3.3.3

[*PE2]mpls

[*PE2]mpls ldp

[*PE2]int vlan 20

[*PE2-Vlanif20]mpls

[*PE2-Vlanif20]mpls ldp

4、在PE設備上配置IPv6 VPN實例

[~PE1]ip vpn-instance vpn1

[*PE1-vpn-instance-vpn1]ipv6-family

[*PE1-vpn-instance-vpn1-af-ipv6]route-distinguisher 100:1

[*PE1-vpn-instance-vpn1-af-ipv6]vpn-target 1:1 both

[*PE1]int vlan 30

[*PE1-Vlanif30]ipv6 enable

[~PE1-Vlanif30]ip binding vpn-instance vpn1

[*PE1-Vlanif30]ipv6 add 2001::1/64

[~PE2]ip vpn-instance vpn1

[*PE2-vpn-instance-vpn1]ipv6-family

[*PE2-vpn-instance-vpn1-af-ipv6]route-distinguisher 100:1

[*PE2-vpn-instance-vpn1-af-ipv6]vpn-target 1:1 both

[*PE2]int vlan 40

[*PE2-Vlanif40]ipv6 enable

[~PE2-Vlanif40]ip binding vpn-instance vpn1

[*PE2-Vlanif40]ipv6 add 2002::3/64

5、在PE與CE之間建立EBGP對等體關係,引入VPN路由

[~CE1]bgp 200

[*CE1-bgp]router-id 10.10.10.10

[*CE1-bgp]peer 2001::1 as-number 100

[*CE1-bgp]ipv6-family unicast

[*CE1-bgp-af-ipv6]peer 2001::1 enable

[*CE1-bgp-af-ipv6]import-route direct

[~PE1]bgp 100

[~PE1-bgp]router-id 1.1.1.1

[~PE1-bgp]ipv6-family vpn-instance vpn1

[~PE1-bgp-6-vpn1]peer 2001::4 as-number 200

[~PE1-bgp-6-vpn1]import-route direct

[~CE2]bgp 300

[*CE2-bgp]router-id 20.20.20.20

[*CE2-bgp]peer 2002::3 as-number 100

[*CE2-bgp]ipv6-family unicast

[*CE2-bgp-af-ipv6]peer 2002::3 enable

[*CE2-bgp-af-ipv6]import-route direct

[~PE2]bgp 100

[*PE2-bgp]router-id 3.3.3.3

[*PE2-bgp]ipv6-family vpn-instance vpn1

[*PE2-bgp-6-vpn1]peer 2002::5 as-number 300

[*PE2-bgp-6-vpn1]import-route direct

6、建立PE與反射器間的MP-IBGP對等體關係

[~PE1]bgp 100

[~PE1-bgp]peer 2.2.2.2 as-number 100

[*PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[*PE1-bgp]ipv6-family vpnv6

[*PE1-bgp-af-vpnv6]peer 2.2.2.2 enable

[~RR]bgp 100

[*RR-bgp]peer 1.1.1.1 as-number 100

[*RR-bgp]peer 1.1.1.1 connect-interface loop 0

[*RR-bgp]peer 3.3.3.3 as-number 100

[*RR-bgp]peer 3.3.3.3 connect-interface loop 0

[*RR-bgp]ipv6-family vpnv6

[*RR-bgp-af-vpnv6]peer 1.1.1.1 enable

[*RR-bgp-af-vpnv6]peer 3.3.3.3 enable

[~PE2]bgp 100

[~PE2-bgp]peer 2.2.2.2 as-number 100

[*PE2-bgp]peer 2.2.2.2 connect-interface loop 0

[*PE2-bgp]ipv6-family vpnv6

[*PE2-bgp-af-vpnv6]peer 2.2.2.2 enable

查看BGP對等關係

[~PE1]dis bgp vpnv6 all peer

BGP local router ID : 1.1.1.1

Local AS number : 100

Total number of peers : 2

Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/DownState PrefRcv

2.2.2.2 4 100 8 9 0 00:03:52 Established 0

Peer of IPv6-family for vpn instance :

VPN-Instance vpn1, Router ID 1.1.1.1:

Peer V AS MsgRcvd MsgSent OutQ Up/DownState PrefRcv

2001::4 4 2003433 0 00:25:51 Established 1

7、在RR上配置反射功能

[~RR]bgp 100

[~RR-bgp]ipv6-family vpnv6

[~RR-bgp-af-vpnv6]peer 1.1.1.1 reflect-client

[*RR-bgp-af-vpnv6]peer 3.3.3.3 reflect-client

[*RR-bgp-af-vpnv6]undo policy vpn-target

8、在CE1上測試到CE2

[~CE1]ping ipv 2002::5

PING 2002::5 : 56 data bytes, press CTRL_C to break

Reply from 2002::5

bytes=56 Sequence=1 hop limit=61 time=31 ms

Reply from 2002::5

bytes=56 Sequence=2 hop limit=61 time=28 ms

Reply from 2002::5

bytes=56 Sequence=3 hop limit=61 time=20 ms

Reply from 2002::5

bytes=56 Sequence=4 hop limit=61 time=28 ms

Reply from 2002::5

bytes=56 Sequence=5 hop limit=61 time=39 ms

在PE1上查看vpn路由表

[~PE1]dis ipv6 routing-table vpn-instance vpn1

Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole

route

------------------------------------------------------------------------------

Routing Table : vpn1

Destinations : 4 Routes : 4

Destination : 2001:: PrefixLength : 64

NextHop : 2001::1 Preference : 0

Cost : 0Protocol : Direct

RelayNextHop : :: TunnelID : 0x0

Interface: Vlanif30Flags : D

Destination : 2001::1 PrefixLength : 128

NextHop : ::1 Preference : 0

Cost : 0Protocol : Direct

RelayNextHop : :: TunnelID : 0x0

Interface: Vlanif30Flags : D

Destination : 2002:: PrefixLength : 64

NextHop : ::FFFF:3.3.3.3 Preference : 255

Cost : 0Protocol : IBGP

RelayNextHop : ::FFFF:10.1.12.2 TunnelID : 0x00000000

01004c4b43

Interface: Vlanif10Flags : RD

Destination : FE80:: PrefixLength : 10

NextHop : :: Preference : 0

Cost : 0Protocol : Direct

RelayNextHop : :: TunnelID : 0x0

Interface: NULL0Flags : DB

7
最新評論
  • 康明斯6bt發動機
  • 聽“黃帝內經”說“鬼話”