華為 跨域虛擬專(zhuān)用網(wǎng)絡(luò)-OptionC1方案

點(diǎn)擊上方藍(lán)字“藝博東”關(guān)注我們

哈嘍，大家好！我是藝博東 ，是一個(gè)思科出身、專(zhuān)注于華為的網(wǎng)工；好了，話不多說(shuō)，我們直接進(jìn)入正題。

文章目錄

• 
  

• 一、拓?fù)?/p>

• 二、配置

• 三、跨域VP#-OptionC1方案的特點(diǎn)

由于特殊原因，所以把“N”字母替換為“#”符號(hào)

一、拓?fù)?/p>

二、配置

（1）AS內(nèi)LSP lable分發(fā)跟LDP相關(guān)
（2）ASBR之間發(fā)布PE路由器的BGP lable
（3）PE之間發(fā)布vp#v4路由的私網(wǎng)標(biāo)簽

1.底層配置

AR1

[Huawei]sysname AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.13.1 24
[AR1-GigabitEthernet0/0/0]int l0
[AR1-LoopBack0]ip address 1.1.1.1 32

AR2

[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.1.23.2 24
[AR2-GigabitEthernet0/0/0]int l0
[AR2-LoopBack0]ip address 2.2.2.2 32

AR3

[Huawei]sysname AR3
[AR3]int g0/0/0	
[AR3-GigabitEthernet0/0/0]ip address 10.1.13.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[AR3-GigabitEthernet0/0/1]int g0/0/2	
[AR3-GigabitEthernet0/0/2]ip address 10.1.34.3 24
[AR3-GigabitEthernet0/0/2]int l0
[AR3-LoopBack0]ip address  3.3.3.3 32
[AR3-LoopBack0]q
[AR3]rip 
[AR3-rip-1]v 2
[AR3-rip-1]network 10.0.0.0
[AR3-rip-1]network 3.0.0.0

AR4

[Huawei]sysname AR4
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 10.1.34.4 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip address 10.1.45.4 24
[AR4-GigabitEthernet0/0/1]int l0
[AR4-LoopBack0]ip address 4.4.4.4 32
[AR4-LoopBack0]q
[AR4]rip 
[AR4-rip-1]v 2
[AR4-rip-1]network 10.0.0.0 
[AR4-rip-1]network 4.0.0.0

AR5

[Huawei]sysname AR5
[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip address 10.1.45.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip address 10.1.56.5 24
[AR5-GigabitEthernet0/0/1]int l0
[AR5-LoopBack0]ip address 5.5.5.5 32
[AR5-LoopBack0]q
[AR5]rip
[AR5-rip-1]v 2
[AR5-rip-1]undo summary 
[AR5-rip-1]network 10.0.0.0
[AR5-rip-1]network 5.0.0.0
[AR5-rip-1]q
[AR5]int g0/0/1
[AR5-GigabitEthernet0/0/1]undo rip output 
[AR5-GigabitEthernet0/0/1]undo rip input

AR6、AR7、AR8、AR9、AR10底層配置類(lèi)似

2.MPLS

AR3

[AR3]mpls lsr-id 3.3.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]int g0/0/2
[AR3-GigabitEthernet0/0/2]mpls
[AR3-GigabitEthernet0/0/2]mpls ldp

AR4

[AR4]mpls lsr-id 4.4.4.4
[AR4]mpls 
[AR4-mpls]mpls ldp
[AR4-mpls-ldp]int g0/0/0
[AR4-GigabitEthernet0/0/0]mpls 
[AR4-GigabitEthernet0/0/0]mpls ldp
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]mpls 
[AR4-GigabitEthernet0/0/1]mpls ldp

AR5

[AR5]mpls lsr-id 5.5.5.5
[AR5]mpls 
[AR5-mpls]mpls ldp
[AR5-mpls-ldp]int g0/0/0
[AR5-GigabitEthernet0/0/0]mpls 
[AR5-GigabitEthernet0/0/0]mpls ldp
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]mpls

3.MP-IBGP、MP-EBGP、標(biāo)簽、VP#V4

AR3

[AR3]bgp 10
[AR3-bgp]peer 4.4.4.4 as-number 10
[AR3-bgp]peer 4.4.4.4 connect-interface LoopBack0
[AR3-bgp]peer 4.4.4.4 label-route-capability
[AR3-bgp]ipv4-family vpnv4
[AR3-bgp-af-vpnv4]peer 4.4.4.4 enable

AR4（ RR）

[AR4]bgp 10
[AR4-bgp]peer 3.3.3.3 as 10
[AR4-bgp]peer 3.3.3.3 connect-interface LoopBack  0
[AR4-bgp]peer 5.5.5.5 as 10
[AR4-bgp]peer 5.5.5.5 connect-interface LoopBack  0
[AR4-bgp]peer 7.7.7.7 as-number 20
[AR4-bgp]peer 7.7.7.7 ebgp-max-hop 66
[AR4-bgp]peer 7.7.7.7 connect-interface LoopBack0
[AR4-bgp]peer 3.3.3.3 reflect-client
[AR4-bgp]peer 3.3.3.3 label-route-capability
[AR4-bgp]peer 5.5.5.5 reflect-client
[AR4-bgp]peer 5.5.5.5 label-route-capability
[AR4-bgp]ipv4-family vpnv4
[AR4-bgp-af-vpnv4]undo policy vpn-target 
[AR4-bgp-af-vpnv4]peer 3.3.3.3 reflect-client  
[AR4-bgp-af-vpnv4]peer 3.3.3.3 enable 
[AR4-bgp-af-vpnv4]peer 7.7.7.7 enable
[AR4-bgp-af-vpnv4]peer 7.7.7.7 next-hop-invariable

AR5

[AR5]route-policy asbr permit node 10
[AR5-route-policy]apply mpls-label
[AR5-route-policy]q
[AR5]route-policy pe permit node 10
[AR5-route-policy]if-match mpls-label
[AR5-route-policy]apply mpls-label
[AR5-route-policy]q
[AR5]bgp 10
[AR5-bgp]peer 4.4.4.4 as 10
[AR5-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[AR5-bgp]peer 10.1.56.6 as-number 20
[AR5-bgp]peer 4.4.4.4 route-policy pe export
[AR5-bgp]peer 4.4.4.4 label-route-capability
[AR5-bgp]peer 10.1.56.6 route-policy asbr export
[AR5-bgp]peer 10.1.56.6 label-route-capability
[AR5-bgp]network 3.3.3.3 255.255.255.255 
[AR5-bgp]network 4.4.4.4 255.255.255.255 
[AR5-bgp]q

[AR4-rip-1]dis bgp peer

AR6、AR7、AR8、AR9、AR10的MP-IBGP、MPLS配置類(lèi)似

5.MPLS VP#業(yè)務(wù)接入

配置好公網(wǎng)，然后是公司BB訪問(wèn)公司DD；

AR3

[AR3]ip vpn-instance ybd2
[AR3-vpn-instance-ybd2]route-distinguisher 10:1
[AR3-vpn-instance-ybd2-af-ipv4]vpn-target 10:1 both 
[AR3-vpn-instance-ybd2-af-ipv4]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip binding vpn-instance ybd2
[AR3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[AR3-GigabitEthernet0/0/1]bgp 10	
[AR3-bgp]peer 10.1.23.2 as 1
[AR3-bgp]ipv4-family vpn-instance ybd2
[AR3-bgp-ybd2]peer 10.1.23.2 as 1
[AR3-bgp-ybd2]peer 10.1.23.2 substitute-as //做AS號(hào)的偽裝

AR2

[AR2]bgp 1
[AR2-bgp]peer 10.1.23.3 as 10
[AR2-bgp]network 2.2.2.2 32

[AR3-bgp]dis bgp vp#v4 all peer

[AR3]dis bgp vp#v4 all routing-table

AR8

[AR8]ip vpn-instance ybd10
[AR8-vpn-instance-ybd10]route-distinguisher 10:1
[AR8-vpn-instance-ybd10-af-ipv4]vpn-target 10:1 both 
[AR8-vpn-instance-ybd10-af-ipv4]int g0/0/2
[AR8-GigabitEthernet0/0/2]ip binding vpn-instance ybd10
[AR8-GigabitEthernet0/0/2]ip address 10.1.81.8 24
[AR8-GigabitEthernet0/0/2]bgp 20
[AR8-bgp]ipv4-family vpn-instance ybd10
[AR8-bgp-ybd10]peer 10.1.81.10 as 1
[AR8-bgp-ybd10]peer 10.1.81.10 substitute-as

AR10

[AR10]bgp 1
[AR10-bgp]peer 10.1.81.8 as 20
[AR10-bgp]network 10.10.10.10 32

[AR2]dis ip routing-table

6.MPLS VP#業(yè)務(wù)接入

公司AA訪問(wèn)公司CC；

AR3

[AR3]ip vpn-instance ybd66
[AR3-vpn-instance-ybd1]route-distinguisher 20:1 
[AR3-vpn-instance-ybd1-af-ipv4]vpn-target 20:1 both 
[AR3-vpn-instance-ybd1-af-ipv4]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip binding vpn-instance  ybd66
[AR3-GigabitEthernet0/0/0]ip address 10.1.13.3 24
[AR3-GigabitEthernet0/0/0]q
[AR3]ospf 1 router-id 3.3.3.3 vpn-instance ybd66
[AR3-ospf-1]a 0
[AR3-ospf-1-area-0.0.0.0]network 10.1.13.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]q
[AR3-ospf-1]import-route bgp
[AR3-ospf-1]bgp 10
[AR3-bgp]ip	
[AR3-bgp]ipv4-family vpn-instance ybd66
[AR3-bgp-ybd1]import-route ospf 1

AR1

[AR1]ospf 1 
[AR1-ospf-1]a 0
[AR1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0

AR8

[AR8]ip vpn-instance ybd99
[AR8-vpn-instance-ybd9]route-distinguisher 20:1
[AR8-vpn-instance-ybd9-af-ipv4]vpn-target 20:1 both 
[AR8-vpn-instance-ybd9-af-ipv4]int g0/0/1
[AR8-GigabitEthernet0/0/1]ip binding vpn-instance ybd99
[AR8-GigabitEthernet0/0/1]ip address 10.1.89.8 24
[AR8-GigabitEthernet0/0/1]q
[AR8]isis 1 vpn-instance ybd99
[AR8-isis-1]import-route bgp
[AR8-isis-1]network-entity 12.0001.0000.0000.0008.00
[AR8-isis-1]is-level level-2
[AR8-isis-1]int g0/0/1
[AR8-GigabitEthernet0/0/1]isis enable 1
[AR8-GigabitEthernet0/0/1]bgp 20
[AR8-bgp]ipv4-family vpn-instance ybd99
[AR8-bgp-ybd9]import-route  isis 1

AR9

[AR9]isis
[AR9-isis-1]network-entity 12.0001.0000.0000.0009.00
[AR9-isis-1]is-level level-2
[AR9-isis-1]int g0/0/0
[AR9-GigabitEthernet0/0/0]isis enable 1
[AR9]int l0
[AR9-LoopBack0]isis enable

[AR9]dis ip routing-table

公司 CC 9.9.9.9 訪問(wèn)公司 AA1.1.1.1

[AR1]ping -a 1.1.1.1 9.9.9.9

AR3的G0/0/2接口上進(jìn)行抓包

標(biāo)簽為三層標(biāo)簽。1025為L(zhǎng)DP標(biāo)簽，1027為公網(wǎng)標(biāo)簽，1028為私網(wǎng)標(biāo)簽。

公司 AA 到公司 CC 的路由傳遞

（1）AR1 上的 IPv4 路由傳遞到 AR3

[AR1]dis ip routing-table 9.9.9.9

封裝為：

查看9.9.9.9路由，下一跳是10.1.13.3；

然后根據(jù)AR3的接口下G0/0/0綁定的實(shí)例ybd66的路由表，去查相關(guān)路由。

（2）AR3 將其引入 VP#v4 路由表后，攜帶私網(wǎng)標(biāo)簽、RT、下一跳等單播傳遞給 AR8。

下一跳是 8.8.8.8

[AR3]dis bgp vp#v4 vp#-instance ybd66 routing-table 9.9.9.9

私網(wǎng)標(biāo)簽1028 打上標(biāo)簽封裝成：
然后查看公網(wǎng)標(biāo)簽

[AR3]dis mpls lsp

打上標(biāo)簽封裝成：
[AR3]dis ip routing-table 8.8.8.8

[AR3]dis mpls lsp

從G0/0/2接口發(fā)出。
打上標(biāo)簽封裝成：

5.5.5.5出標(biāo)簽是3，然后進(jìn)行彈出頂部標(biāo)簽，從G0/0/1接口發(fā)送出去。

封裝成：

[AR5]dis mpls lsp

封裝成：

[AR6]dis mpls lsp

從G0/0/1接口發(fā)送出去。

封裝成：

[AR7]dis mpls lsp

8.8.8.8出標(biāo)簽是3，然后進(jìn)行彈出頂部標(biāo)簽，從G0/0/1接口發(fā)送出去。
封裝成：

（3）AR8 匹配 RT 值后，剝離 RD 和私網(wǎng)標(biāo)簽引入實(shí)例 ybd99

[AR8]dis mpls lsp

封裝成：
[AR8]dis ip routing-table vp#-instance ybd99

下一跳是10.1.89.9

標(biāo)簽

R5分配的標(biāo)簽
3.3.3.3/32 1029/NULL -/-
4.4.4.4/32 1026/NULL -/-

R6收到的標(biāo)簽
4.4.4.4/32 NULL/1026 -/-
3.3.3.3/32 NULL/1029 -/-

收到再為其分配的標(biāo)簽
4.4.4.4/32 1027/1026 -/-
3.3.3.3/32 1028/1029 -/-

這兩個(gè)標(biāo)簽是為其分配的空口標(biāo)簽，即IPv4路由在R6上可以進(jìn)行標(biāo)簽傳輸
4.4.4.4/32 NULL/1026 -/-
3.3.3.3/32 NULL/1029 -/-

R7上作為RR，不修改標(biāo)簽，也不分配標(biāo)簽
4.4.4.4/32 NULL/1027 -/-
3.3.3.3/32 NULL/1028 -/-

R8收到的反射的標(biāo)簽路由
4.4.4.4/32 NULL/1027 -/-
3.3.3.3/32 NULL/1028 -/-

三、跨域VP#-OptionC1方案的特點(diǎn)

公網(wǎng)形成了一個(gè)架構(gòu)，后面如果有公司接入進(jìn)來(lái)的話，只需要在PE設(shè)備上配置接入VPN業(yè)務(wù)，公網(wǎng)不需要配置。

優(yōu)點(diǎn)： VP# 路由在入口 PE 和出口 PE 之間直接交換，不需要中間設(shè)備的保存和轉(zhuǎn)發(fā)。VP# 的路由信息出現(xiàn)在 PE 和 RR設(shè)備上，而 ASBR 只負(fù)責(zé)報(bào)文的轉(zhuǎn)發(fā)，使得中間域的設(shè)備可以不支持 MPLS VP# 業(yè)務(wù)，只需支持 MPLS 轉(zhuǎn)發(fā)，ASBR 設(shè)備不再成為性能瓶頸。因此跨域 VP#-OptionC更適合在跨越多個(gè) AS 時(shí)使用。更適合支持 MPLS VP# 的負(fù)載分擔(dān)。

缺點(diǎn)： 維護(hù)一條端到端的 PE 連接管理代價(jià)較大。

名言：
不要把最美好的時(shí)光都浪費(fèi)在睡覺(jué)上。

歡迎訪問(wèn)我的易百納技術(shù)社區(qū)文章《華為 跨域VP#-OptionC1方案》
https://www.ebaina.com/articles/140000005445

好了這期就到這里了，如果你喜歡這篇文章的話，請(qǐng)點(diǎn)贊評(píng)論分享收藏，如果你還能點(diǎn)擊關(guān)注，那真的是對(duì)我最大的鼓勵(lì)。謝謝大家，下期見(jiàn)！

往期推薦：

華為 跨域虛擬專(zhuān)用網(wǎng)絡(luò)-OptionC2方案

2021-02-22

華為 跨域虛擬專(zhuān)用網(wǎng)絡(luò)-OptionA

2021-01-19

華為 跨域虛擬專(zhuān)用網(wǎng)絡(luò)-OptionB

2021-01-22

關(guān)注 藝博東 公眾號(hào)，與你一起學(xué)習(xí)共同進(jìn)步。秀秀秀秀秀~

點(diǎn)贊在看養(yǎng)成習(xí)慣