IS-IS vs OSP
跨域MPLS VPN--
Oct
5
跨域的MPLS,这个采用OptionA的方式互联,OptionA是采用VRF-to-VRF的方式,简单的说就是AS之间的ASBR路由器把对方相互看做是CE端,既然是VRF-TO-VRF所以必须为每个VRF创建一个连接,如果有100个VRF就的在域间创建100个VRF的连接,因此该方式的可扩展性有一定的限制,该方式主要的优点是配置和管理简单,为了满足大量的VRF,通常我们采用子接口的形式来实现域间互通。这里是采用最简化的实现方式,剔除了P路由器,呵呵我的小本本不能运行太多的路由器啊,整个PE与CE,PE与PE之间采用OSPF作为IGP协议。具体配置如下:
R1-CE1配置
引用
R1-CE1#show run
Building configuration...
Current configuration : 1301 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-CE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial0/0
ip address 10.10.12.1 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
serial restart-delay 0
no arp frame-relay
frame-relay map ip 10.10.12.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router ospf 1 //CE端正常起OSPF
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
!
no ip http server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R1-CE1#
Building configuration...
Current configuration : 1301 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-CE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial0/0
ip address 10.10.12.1 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
serial restart-delay 0
no arp frame-relay
frame-relay map ip 10.10.12.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router ospf 1 //CE端正常起OSPF
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.10.12.1 0.0.0.0 area 0
!
no ip http server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R1-CE1#
R2-PE1配置
引用
R2-PE1#SHOW RUN
Building configuration...
Current configuration : 2238 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2-PE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf vpna //为CE创建一个VRF,RD为100:1,RT为100:1
rd 100:1
route-target export 100:1
route-target import 100:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip vrf forwarding vpna
ip address 22.22.22.22 255.255.255.0
!
interface Serial0/0
ip vrf forwarding vpna //将连接CE端的接口加入到VRF中 ip address 10.10.12.2 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
serial restart-delay 0
no arp frame-relay
frame-relay map ip 10.10.12.1 201 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
ip address 10.10.23.2 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
mpls ip
serial restart-delay 0
no arp frame-relay
frame-relay map ip 10.10.23.3 213 broadcast
no frame-relay inverse-arp
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router ospf 100 vrf vpna //为vpna创建一个OSPF100,目的是将CE路由引入到PE中 router-id 2.2.2.2
log-adjacency-changes
redistribute bgp 100 subnets //将MP-BGP学来的路由再发布进OSPF vpna 中
network 10.10.12.2 0.0.0.0 area 0
network 22.22.22.22 0.0.0.0 area 0
!
router ospf 1 //该OSPF进程是为了和R3-ASBR进行路由可达用的,内部IGP log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.10.23.2 0.0.0.0 area 0
!
router bgp 100 //起BGP 100,在AS100内与R3-ASBR建立IBGP邻居关系
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4 //在VPNV4下激活R3-ASBR的MP-IBGP关系
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf vpna //在vrf下将ospf 100 vrf vpna引入MP-BGP
redistribute ospf 100 vrf vpna
no synchronization
exit-address-family
!
no ip http server
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R2-PE1#
内文分页: [1] 相关日志
IP Sec和SSL VPN
Cisco ASA K8升级K9(DES-3DES/AES)
Creating Site-to-Site VPNs with Pre-Shared Keys
ASA Site-to-Site VPN基本配置
ASA WebVPN基本配置
IP Sec和SSL VPN
Cisco ASA K8升级K9(DES-3DES/AES)
Creating Site-to-Site VPNs with Pre-Shared Keys
ASA Site-to-Site VPN基本配置
ASA WebVPN基本配置
作者:Tony Liu(admin#myccie.net)
地址:http://myccie.net/read.php?52
版权所有。转载时必须链接形式注明作者和原始出处及本声明!
, Skin by
Appreciated!